SlideShare a Scribd company logo

SecureGRC - Cloud based SaaS

Aegify Inc.
Aegify Inc.

SecureGRC™ is a world-leading solution for all enterprises, including small and medium businesses. SecureGRC™ includes all security and IT-GRC functions required to be compliant with easy to adopt compliance management framework with ready to use frameworks, leading edge context based inference engines, most advanced alert processing and easy to use logging and monitoring solution.

TechnologyBusiness
1 of 6
Download to read offline
SecureGRCTM - Cloud based SaaS Key Features  Single repository for regulations and standards Page | 1  Centralized repository for compliance related organizational data  Electronic workflow to speed up communications between various entries  Automated compliance related data gathering from technology sources  Allow for gathering of data from non technology sources such as people  Map compliance data to regulations and standards  Automate the determination of compliance status based on collected technology and non technology related compliance data  Allow for generation of reports, export data for use with other systems within an organization  Provide management dashboards for compliance status with the ability to drill down across departments, geographies etc.  Allow for creation of custom compliance frameworks or modify existing ones  Provide reminders to people for addressing compliance related tasks in an optimal manner  Manage exceptions and activities related to compliance  Provide an exhaustive audit trail for all compliance related actions through the whole process Compliance logging and secure storage Logging and storing audit logs is mandated by most regulations for review. While many logging vendors exist today they are expensive, appliance based and do not provide a comprehensive work flow that integrates TM compliance framework. SecureGRC changes the way logging requirement is simplified and unified from cost, scalability, and integrated compliance framework perspective.  Firewalls and VPNs  IDS/IPS  Vulnerability Scanners  Unix hosts  Windows hosts  Mainframe hosts  IT applications  ERP systems  Databases  Cloud Service products  IT infrastructure products TM SecureGRC
 Proprietary systems  Integrated Case Management TM SecureGRC is equipped with compliance case management framework which gives end to end visibility to security and compliance cases for the organizations which another example of true integration of Security and IT-GRC management. Page | 2 Audit Management What is Audit Management? Audit management is the overall process of managing the overall audit process. It enables organizations to reduce dependence on paper, perform the functions faster and with fewer resources and provides a trackable audit trail for these functions. Audit Manager TM SecureGRC Audit Management feature provides an integrated solution to managing the functions, documents, and tasks associated with audits (IT, Security or Financial) of any organization. In addition, it TM provides access to the core elements from the SecureGRC platform such as Workflow, Document Management, Audit Work paper repository, Fine-grained access control through a secure Web based interface Key Features  Single and Centralized repository for all work papers  Version control for all work papers  Link work papers to controls  Schedule audits  Assign personnel to audits  Audit trail  Ability to track audit failures  Dashboards and reports Vendor Compliance Management TM SecureGRC Vendor Management solution enables you to manage an effective vendor management process: risk-based vendor selection, centralized document management and remediation management. What is Vendor Management? Vendor Management is the process financial institutions worldwide use to understand the risks they assume due to their business relationships with their third-party vendors especially regarding their data sharing or outsourcing relationships. Vendor Management is a standard practice today and has matured to an extent where some leading financial industry groups such as BITS have standardized the process significantly through their Standard Information Gathering (SIG) and Agreed Upon Procedures (AUP) standards. The usage of these standards or their derivatives helps organizations understand the risk associated with their vendors and then incorporate appropriate risk mitigation techniques and measures to mitigate the risk. TM SecureGRC
Key Features  Automate monitoring of controls such as management of sensitive data and technical controls.  Enable vendor managers to manage risk.  Assess vendor risk using various assessment types and a library of questions based on best-practice standards. Page | 3  Derive risk and compliance ratings by type of vendor from assessment results.  Measure vendor compliance to policies and procedures.  Track and address areas of non-compliance identified in the vendor assessment process. Merchant Compliance Management SecureGRC's merchant compliance management helps banks and financial institutes to ensure their merchants comply with the regulations applicable to their business. What is Merchant Management? According to VISA, Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security Standard (DSS) requirements And according to MasterCard, MasterCard fundamentally views our member Acquirers as owning the acquiring payment channel. Given this perspective, MasterCard works to administer the SDP Program through our Acquirers, working with merchants to further secure the transaction infrastructure. Please note that acquirers themselves do not need to go through the SDP compliance process but they must manage the SDP process for their merchants. Merchant Management is the process that enables card acquirers to ensure that their merchants are compliant with the PCI Data Security Standard and thereby satisfy the demands of the various card brands. SecureGRC’s merchant management enables organizations (banks, acquirers, service providers etc. ) to manage the compliance of their merchants with the PCI DSS. Merchant management automates many of the manual tasks associated with the merchant compliance process. When organizations are dealing with thousands of merchants, the process of managing compliance could consume an enormous amount of resources, time and money. CMM enables organizations to reduce all of these by providing a single interface to all compliance processes through a universally accessible web based interface. Key Features  Automate monitoring of controls such as management of sensitive data and technical controls.  Enable vendor managers to manage risk.  Assess vendor risk using various assessment types and a library of questions based on best-practice standards.  Derive risk and compliance ratings by type of vendor from assessment results.  Measure vendor compliance to policies and procedures.  Track and address areas of non-compliance identified in the vendor assessment process TM SecureGRC
Policy Management What is Policy Management? Policy management is the overall process of managing the plethora of policies, procedures, guidelines and other documents that are part of the governance framework and function in any organization. SecureGRCTM Policy Manager Page | 4 TM SecureGRC Policy Manager provides an integrated solution to managing all the policies, procedures, guidelines, or standards that are the basis of the governance framework at any organization. Policy Manager allows organizations to consolidate all their policies, store them in a central repository, measure the compliance with these policies, and view various statistics from a central dashboard. TM Policy Manager provides access to the core elements from the SecureGRC platform such as Workflow, Document Management, Policy Inventory, Fine-grained access control through a secure Web based interface. Key Features  Single and centralized repository for all policies  Version control for all policies and procedures  Monitor acceptance of policies  Out of the box policy and procedure templates  Ability to link policy and procedures to controls  Dashboards and reports  Remediation tracking Asset and Vulnerability Management What is Asset and Vulnerability Management? Asset management involves discovering, identifying and classifying assets such as servers, desktops, laptops etc that are part of any organization. Due to the fact that most digital information that forms the basis for any Governance Risk Management and Compliance (GRC) process of any organization resides on assets, it is imperative that organizations manage their assets. Vulnerability Management consists of the ability to discover the vulnerabilities associated with assets and provide the data and insight necessary to manage the vulnerabilities through the use of direct fixes or application of compensating controls. TM SecureGRC Asset and Vulnerability Manager provides an integrated solution to managing the functions, data and tasks associated with assets and related vulnerabilities. Asset and Vulnerability Manager uses the core elements from the CC-GRC platform such as Workflow, Document Management, Controls and Asset repository, Fine-grained access control through a secure Web based interface. Key Features  Accurate asset discovery  Single and Centralized repository for all assets and vulnerabilities  Ability to link Assets to controls  Schedule audits TM SecureGRC
 Scan for vulnerabilities remotely  Map assets and vulnerabilities to regulations  Remediation tracking  Dashboards and reports Page | 5 Compliance Scanning What is Compliance Scanning? SecureGRC's compliance scanning is a unique feature that allows scanning of data concerned with PCI compliance in various data stores. Compliance Scanner allows QSAs/Auditors and consultants to streamline and automate the process of evaluating PCI compliance during onsite engagements. Results from leading vulnerability scanners and application scanners, along with cardholder data search features are processed by the Compliance Scanner to pre-populate approximately half the controls of PCI DSS. Features of Compliance Scanner for QSAs include,  Easy interview wizard to walk QSAs through the entire process.  Automated search for cardholder data within servers and databases.  Automated mapping of application/network vulnerabilities (from leading security scanners) to “cardholder” assets and servers.  Automated firewall rule set analysis and mapping of faulty rule sets to PCI requirements.  Generation of Report on Compliance with more than half controls pre-populated with accurate data on cardholder systems, their vulnerabilities and misconfigured firewall rule sets. Key Features  TM SecureGRC Compliance Scanner helps QSAs save a significant amount of time and resources to perform PCI assessments.  It also improves consistency of assessments across people and time and can help demonstrate the quality needed by the PCI Council. Data Discovery What is Data Discovery? Finding credit card data is one of the key and initial steps needed for compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). The standard clearly prohibits storage of card holder data in an unencrypted manner. TM SecureGRC Data Discovery addresses this key need and was one of the first comprehensive scanners that not only searches for credit card data on file systems, but also in most commercial and open source databases. Data Discovery rapidly helps define the scope of a PCI assessment or certification and helps concentrate the efforts of the assessment. It usually is an eye-opener for many organizations who are surprised by the unintended proliferation of credit card data within organizations once CDD scans their environment. Those discoveries help organizations control the storage of the data or implement means to encrypt the data. TM SecureGRC
Key Features  Find unencrypted credit card data in ANY type of file - Word Documents, Excel Spreadsheets, PDFs, Access databases. CDD is not constrained by file types, rather it allows you to search the whole hard disk for credit card data  Find credit card data in network shares Page | 6  Find credit card data across the WHOLE network from one location. CDD needs Microsoft Active Directory (AD) or Domain level credentials and using those credentials, you can search for card data on desktops, laptops, servers etc all from one location.  Convenience of searching from one place, no need to go to each desktop/laptop to search for data  Find credit card data in most popular commercial and open source databases such as Oracle, SQL Server, and MySQL etc.  Extremely fast and uses very few resources - network or CPU resources To buy SecureGRCTM or to find out how to integrate NetWitness NextGen with enterprise SecureGRCTM integrated IT-GRC and security framework click here TM SecureGRC

Recommended

ap_casemgmt_whitepaper
ap_casemgmt_whitepaperap_casemgmt_whitepaper
ap_casemgmt_whitepaperMartijn Schilperoort
 
Nuxeo CMF, a framework for case centric applications
Nuxeo CMF, a framework for case centric applicationsNuxeo CMF, a framework for case centric applications
Nuxeo CMF, a framework for case centric applicationsNuxeo
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
 
Cover letter LinkedIn
Cover letter LinkedInCover letter LinkedIn
Cover letter LinkedInSakhi Murtaza
 
Infrastructure for cloud_computing
Infrastructure for cloud_computingInfrastructure for cloud_computing
Infrastructure for cloud_computingJULIO GONZALEZ SANZ
 
Armedia nci content gov_alfresco_20120124_v1.0
Armedia nci content gov_alfresco_20120124_v1.0Armedia nci content gov_alfresco_20120124_v1.0
Armedia nci content gov_alfresco_20120124_v1.0Armedia LLC
 
SecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSSecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSxmeteorite
 
XMPro ACM for Adaptive Case Management
XMPro ACM for Adaptive Case ManagementXMPro ACM for Adaptive Case Management
XMPro ACM for Adaptive Case ManagementXMPRO
 

Recommended

ap_casemgmt_whitepaper
ap_casemgmt_whitepaperap_casemgmt_whitepaper
ap_casemgmt_whitepaperMartijn Schilperoort
 
Nuxeo CMF, a framework for case centric applications
Nuxeo CMF, a framework for case centric applicationsNuxeo CMF, a framework for case centric applications
Nuxeo CMF, a framework for case centric applicationsNuxeo
 
Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Social, political and technological considerations for national identity mana...
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
 
Cover letter LinkedIn
Cover letter LinkedInCover letter LinkedIn
Cover letter LinkedInSakhi Murtaza
 
Infrastructure for cloud_computing
Infrastructure for cloud_computingInfrastructure for cloud_computing
Infrastructure for cloud_computingJULIO GONZALEZ SANZ
 
Armedia nci content gov_alfresco_20120124_v1.0
Armedia nci content gov_alfresco_20120124_v1.0Armedia nci content gov_alfresco_20120124_v1.0
Armedia nci content gov_alfresco_20120124_v1.0Armedia LLC
 
SecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSSecureGRC - Cloud based SaaS
SecureGRC - Cloud based SaaSxmeteorite
 
XMPro ACM for Adaptive Case Management
XMPro ACM for Adaptive Case ManagementXMPro ACM for Adaptive Case Management
XMPro ACM for Adaptive Case ManagementXMPRO
 
Armedia Case Management with Alfresco ECM
Armedia Case Management with Alfresco ECMArmedia Case Management with Alfresco ECM
Armedia Case Management with Alfresco ECMArmedia LLC
 
Grottarossa:Why?
Grottarossa:Why?Grottarossa:Why?
Grottarossa:Why?Maurizio Farina
 
Introduction to case management - Roeland Loggen vs1.1
Introduction to case management - Roeland Loggen vs1.1Introduction to case management - Roeland Loggen vs1.1
Introduction to case management - Roeland Loggen vs1.1rloggen
 
Nigeria national iccm implementation framework
Nigeria national iccm implementation frameworkNigeria national iccm implementation framework
Nigeria national iccm implementation frameworktomowo George
 
Composing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsComposing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsLeon Smiers
 
Amplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor
 
Nuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo
 
Nuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo
 
Managing the Cloud with Open Source Tools
Managing the Cloud with Open Source ToolsManaging the Cloud with Open Source Tools
Managing the Cloud with Open Source ToolsNakul Ezhuthupally
 
Open Source Tool Chains for Cloud Computing
Open Source Tool Chains for Cloud ComputingOpen Source Tool Chains for Cloud Computing
Open Source Tool Chains for Cloud ComputingMark Hinkle
 
Electronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalElectronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalLaud Randy Amofah
 
Dream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemDream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemSalesforce Engineering
 
Odoo - Open Source CMS: A performance comparision
Odoo - Open Source CMS: A performance comparisionOdoo - Open Source CMS: A performance comparision
Odoo - Open Source CMS: A performance comparisionOdoo
 
2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results2015 Future of Open Source Survey Results
2015 Future of Open Source Survey ResultsBlack Duck by Synopsys
 
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, Paris
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, ParisNuxeo Open Source ECM, OW2con 11, Nov 24-25, Paris
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, ParisOW2
 
Design Your Career 2018
Design Your Career 2018Design Your Career 2018
Design Your Career 2018Slides That Rock
 
Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityAegify Inc.
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedAegify Inc.
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityAegify Inc.
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 

More Related Content

Viewers also liked

Armedia Case Management with Alfresco ECM
Armedia Case Management with Alfresco ECMArmedia Case Management with Alfresco ECM
Armedia Case Management with Alfresco ECMArmedia LLC
 
Introduction to case management - Roeland Loggen vs1.1
Introduction to case management - Roeland Loggen vs1.1Introduction to case management - Roeland Loggen vs1.1
Introduction to case management - Roeland Loggen vs1.1rloggen
 
Nigeria national iccm implementation framework
Nigeria national iccm implementation frameworkNigeria national iccm implementation framework
Nigeria national iccm implementation frameworktomowo George
 
Composing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsComposing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsLeon Smiers
 
Amplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor
 
Nuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo
 
Nuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo
 
Managing the Cloud with Open Source Tools
Managing the Cloud with Open Source ToolsManaging the Cloud with Open Source Tools
Managing the Cloud with Open Source ToolsNakul Ezhuthupally
 
Open Source Tool Chains for Cloud Computing
Open Source Tool Chains for Cloud ComputingOpen Source Tool Chains for Cloud Computing
Open Source Tool Chains for Cloud ComputingMark Hinkle
 
Electronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalElectronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalLaud Randy Amofah
 
Dream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemDream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemSalesforce Engineering
 
Odoo - Open Source CMS: A performance comparision
Odoo - Open Source CMS: A performance comparisionOdoo - Open Source CMS: A performance comparision
Odoo - Open Source CMS: A performance comparisionOdoo
 
2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results2015 Future of Open Source Survey Results
2015 Future of Open Source Survey ResultsBlack Duck by Synopsys
 
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, Paris
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, ParisNuxeo Open Source ECM, OW2con 11, Nov 24-25, Paris
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, ParisOW2
 

Viewers also liked (16)

Armedia Case Management with Alfresco ECM
Armedia Case Management with Alfresco ECMArmedia Case Management with Alfresco ECM
Armedia Case Management with Alfresco ECM
 
Grottarossa:Why?
Grottarossa:Why?Grottarossa:Why?
Grottarossa:Why?
 
Introduction to case management - Roeland Loggen vs1.1
Introduction to case management - Roeland Loggen vs1.1Introduction to case management - Roeland Loggen vs1.1
Introduction to case management - Roeland Loggen vs1.1
 
Nigeria national iccm implementation framework
Nigeria national iccm implementation frameworkNigeria national iccm implementation framework
Nigeria national iccm implementation framework
 
Composing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise productsComposing a case management solution with SaaS, PaaS, On-premise products
Composing a case management solution with SaaS, PaaS, On-premise products
 
Amplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management FrameworkAmplexor - The K2 Case Management Framework
Amplexor - The K2 Case Management Framework
 
Nuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management FrameworkNuxeo World Session: Case Management Framework
Nuxeo World Session: Case Management Framework
 
Nuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical OverviewNuxeo ECM Platform - Technical Overview
Nuxeo ECM Platform - Technical Overview
 
Managing the Cloud with Open Source Tools
Managing the Cloud with Open Source ToolsManaging the Cloud with Open Source Tools
Managing the Cloud with Open Source Tools
 
Open Source Tool Chains for Cloud Computing
Open Source Tool Chains for Cloud ComputingOpen Source Tool Chains for Cloud Computing
Open Source Tool Chains for Cloud Computing
 
Electronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposalElectronic Case Management System(eCMS) proposal
Electronic Case Management System(eCMS) proposal
 
Dream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management SystemDream of the (blue) Effective Case Management System
Dream of the (blue) Effective Case Management System
 
Odoo - Open Source CMS: A performance comparision
Odoo - Open Source CMS: A performance comparisionOdoo - Open Source CMS: A performance comparision
Odoo - Open Source CMS: A performance comparision
 
2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results2015 Future of Open Source Survey Results
2015 Future of Open Source Survey Results
 
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, Paris
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, ParisNuxeo Open Source ECM, OW2con 11, Nov 24-25, Paris
Nuxeo Open Source ECM, OW2con 11, Nov 24-25, Paris
 
Design Your Career 2018
Design Your Career 2018Design Your Career 2018
Design Your Career 2018
 

More from Aegify Inc.

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Aegify Inc.
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityAegify Inc.
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013Aegify Inc.
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedAegify Inc.
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityAegify Inc.
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the CloudAegify Inc.
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyAegify Inc.
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non complianceAegify Inc.
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAegify Inc.
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChannelAegify Inc.
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security SolutionsAegify Inc.
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHAegify Inc.
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryAegify Inc.
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsAegify Inc.
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaasAegify Inc.
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness DecoderAegify Inc.
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCAegify Inc.
 

More from Aegify Inc. (17)

Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines Importance of Following HITECH Compliance Guidelines
Importance of Following HITECH Compliance Guidelines
 
The UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support CybersecurityThe UCF® Announces UCFinterchange to Support Cybersecurity
The UCF® Announces UCFinterchange to Support Cybersecurity
 
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
eGestalt Technologies Named Winner of 2013 TiE50 “Top Startup” at TiEcon 2013
 
Webinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus DemystifiedWebinar on HIPAA Omnibus Demystified
Webinar on HIPAA Omnibus Demystified
 
eGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks securityeGestalt presents at RSA 2013, where the world talks security
eGestalt presents at RSA 2013, where the world talks security
 
Security Posture Management Enters the Cloud
Security Posture Management Enters the CloudSecurity Posture Management Enters the Cloud
Security Posture Management Enters the Cloud
 
eGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with AegifyeGestalt Announces Next Generation Security Posture Management with Aegify
eGestalt Announces Next Generation Security Posture Management with Aegify
 
Implications of hipaa non compliance
Implications of hipaa non complianceImplications of hipaa non compliance
Implications of hipaa non compliance
 
Address Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and ButsAddress Threat Management - No Ifs and Buts
Address Threat Management - No Ifs and Buts
 
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM ChanneleGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
eGestalt Named a 2012 ‘Emerging Vendor’by CRN and UBM Channel
 
IT Compliance and Security Solutions
IT Compliance and Security SolutionsIT Compliance and Security Solutions
IT Compliance and Security Solutions
 
SecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECHSecureGRC SB™ HIPAA and HITECH
SecureGRC SB™ HIPAA and HITECH
 
Webinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industryWebinar on HIPAA/HITECH compliance services for healthcare industry
Webinar on HIPAA/HITECH compliance services for healthcare industry
 
Importance of Healthcare Compliance Solutions
Importance of Healthcare Compliance SolutionsImportance of Healthcare Compliance Solutions
Importance of Healthcare Compliance Solutions
 
Key featuresofcloudbasedsaas
Key featuresofcloudbasedsaasKey featuresofcloudbasedsaas
Key featuresofcloudbasedsaas
 
NetWitness Decoder
NetWitness DecoderNetWitness Decoder
NetWitness Decoder
 
SecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRCSecureGRC: Unification of Security Monitoring and IT-GRC
SecureGRC: Unification of Security Monitoring and IT-GRC
 

Recently uploaded

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxRemote DBA Services
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 

Recently uploaded (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

SecureGRC - Cloud based SaaS

  • 1. SecureGRCTM - Cloud based SaaS Key Features  Single repository for regulations and standards Page | 1  Centralized repository for compliance related organizational data  Electronic workflow to speed up communications between various entries  Automated compliance related data gathering from technology sources  Allow for gathering of data from non technology sources such as people  Map compliance data to regulations and standards  Automate the determination of compliance status based on collected technology and non technology related compliance data  Allow for generation of reports, export data for use with other systems within an organization  Provide management dashboards for compliance status with the ability to drill down across departments, geographies etc.  Allow for creation of custom compliance frameworks or modify existing ones  Provide reminders to people for addressing compliance related tasks in an optimal manner  Manage exceptions and activities related to compliance  Provide an exhaustive audit trail for all compliance related actions through the whole process Compliance logging and secure storage Logging and storing audit logs is mandated by most regulations for review. While many logging vendors exist today they are expensive, appliance based and do not provide a comprehensive work flow that integrates TM compliance framework. SecureGRC changes the way logging requirement is simplified and unified from cost, scalability, and integrated compliance framework perspective.  Firewalls and VPNs  IDS/IPS  Vulnerability Scanners  Unix hosts  Windows hosts  Mainframe hosts  IT applications  ERP systems  Databases  Cloud Service products  IT infrastructure products TM SecureGRC
  • 2. Proprietary systems  Integrated Case Management TM SecureGRC is equipped with compliance case management framework which gives end to end visibility to security and compliance cases for the organizations which another example of true integration of Security and IT-GRC management. Page | 2 Audit Management What is Audit Management? Audit management is the overall process of managing the overall audit process. It enables organizations to reduce dependence on paper, perform the functions faster and with fewer resources and provides a trackable audit trail for these functions. Audit Manager TM SecureGRC Audit Management feature provides an integrated solution to managing the functions, documents, and tasks associated with audits (IT, Security or Financial) of any organization. In addition, it TM provides access to the core elements from the SecureGRC platform such as Workflow, Document Management, Audit Work paper repository, Fine-grained access control through a secure Web based interface Key Features  Single and Centralized repository for all work papers  Version control for all work papers  Link work papers to controls  Schedule audits  Assign personnel to audits  Audit trail  Ability to track audit failures  Dashboards and reports Vendor Compliance Management TM SecureGRC Vendor Management solution enables you to manage an effective vendor management process: risk-based vendor selection, centralized document management and remediation management. What is Vendor Management? Vendor Management is the process financial institutions worldwide use to understand the risks they assume due to their business relationships with their third-party vendors especially regarding their data sharing or outsourcing relationships. Vendor Management is a standard practice today and has matured to an extent where some leading financial industry groups such as BITS have standardized the process significantly through their Standard Information Gathering (SIG) and Agreed Upon Procedures (AUP) standards. The usage of these standards or their derivatives helps organizations understand the risk associated with their vendors and then incorporate appropriate risk mitigation techniques and measures to mitigate the risk. TM SecureGRC
  • 3. Key Features  Automate monitoring of controls such as management of sensitive data and technical controls.  Enable vendor managers to manage risk.  Assess vendor risk using various assessment types and a library of questions based on best-practice standards. Page | 3  Derive risk and compliance ratings by type of vendor from assessment results.  Measure vendor compliance to policies and procedures.  Track and address areas of non-compliance identified in the vendor assessment process. Merchant Compliance Management SecureGRC's merchant compliance management helps banks and financial institutes to ensure their merchants comply with the regulations applicable to their business. What is Merchant Management? According to VISA, Acquirers are responsible for ensuring that all of their merchants comply with the PCI Data Security Standard (DSS) requirements And according to MasterCard, MasterCard fundamentally views our member Acquirers as owning the acquiring payment channel. Given this perspective, MasterCard works to administer the SDP Program through our Acquirers, working with merchants to further secure the transaction infrastructure. Please note that acquirers themselves do not need to go through the SDP compliance process but they must manage the SDP process for their merchants. Merchant Management is the process that enables card acquirers to ensure that their merchants are compliant with the PCI Data Security Standard and thereby satisfy the demands of the various card brands. SecureGRC’s merchant management enables organizations (banks, acquirers, service providers etc. ) to manage the compliance of their merchants with the PCI DSS. Merchant management automates many of the manual tasks associated with the merchant compliance process. When organizations are dealing with thousands of merchants, the process of managing compliance could consume an enormous amount of resources, time and money. CMM enables organizations to reduce all of these by providing a single interface to all compliance processes through a universally accessible web based interface. Key Features  Automate monitoring of controls such as management of sensitive data and technical controls.  Enable vendor managers to manage risk.  Assess vendor risk using various assessment types and a library of questions based on best-practice standards.  Derive risk and compliance ratings by type of vendor from assessment results.  Measure vendor compliance to policies and procedures.  Track and address areas of non-compliance identified in the vendor assessment process TM SecureGRC
  • 4. Policy Management What is Policy Management? Policy management is the overall process of managing the plethora of policies, procedures, guidelines and other documents that are part of the governance framework and function in any organization. SecureGRCTM Policy Manager Page | 4 TM SecureGRC Policy Manager provides an integrated solution to managing all the policies, procedures, guidelines, or standards that are the basis of the governance framework at any organization. Policy Manager allows organizations to consolidate all their policies, store them in a central repository, measure the compliance with these policies, and view various statistics from a central dashboard. TM Policy Manager provides access to the core elements from the SecureGRC platform such as Workflow, Document Management, Policy Inventory, Fine-grained access control through a secure Web based interface. Key Features  Single and centralized repository for all policies  Version control for all policies and procedures  Monitor acceptance of policies  Out of the box policy and procedure templates  Ability to link policy and procedures to controls  Dashboards and reports  Remediation tracking Asset and Vulnerability Management What is Asset and Vulnerability Management? Asset management involves discovering, identifying and classifying assets such as servers, desktops, laptops etc that are part of any organization. Due to the fact that most digital information that forms the basis for any Governance Risk Management and Compliance (GRC) process of any organization resides on assets, it is imperative that organizations manage their assets. Vulnerability Management consists of the ability to discover the vulnerabilities associated with assets and provide the data and insight necessary to manage the vulnerabilities through the use of direct fixes or application of compensating controls. TM SecureGRC Asset and Vulnerability Manager provides an integrated solution to managing the functions, data and tasks associated with assets and related vulnerabilities. Asset and Vulnerability Manager uses the core elements from the CC-GRC platform such as Workflow, Document Management, Controls and Asset repository, Fine-grained access control through a secure Web based interface. Key Features  Accurate asset discovery  Single and Centralized repository for all assets and vulnerabilities  Ability to link Assets to controls  Schedule audits TM SecureGRC
  • 5. Scan for vulnerabilities remotely  Map assets and vulnerabilities to regulations  Remediation tracking  Dashboards and reports Page | 5 Compliance Scanning What is Compliance Scanning? SecureGRC's compliance scanning is a unique feature that allows scanning of data concerned with PCI compliance in various data stores. Compliance Scanner allows QSAs/Auditors and consultants to streamline and automate the process of evaluating PCI compliance during onsite engagements. Results from leading vulnerability scanners and application scanners, along with cardholder data search features are processed by the Compliance Scanner to pre-populate approximately half the controls of PCI DSS. Features of Compliance Scanner for QSAs include,  Easy interview wizard to walk QSAs through the entire process.  Automated search for cardholder data within servers and databases.  Automated mapping of application/network vulnerabilities (from leading security scanners) to “cardholder” assets and servers.  Automated firewall rule set analysis and mapping of faulty rule sets to PCI requirements.  Generation of Report on Compliance with more than half controls pre-populated with accurate data on cardholder systems, their vulnerabilities and misconfigured firewall rule sets. Key Features  TM SecureGRC Compliance Scanner helps QSAs save a significant amount of time and resources to perform PCI assessments.  It also improves consistency of assessments across people and time and can help demonstrate the quality needed by the PCI Council. Data Discovery What is Data Discovery? Finding credit card data is one of the key and initial steps needed for compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). The standard clearly prohibits storage of card holder data in an unencrypted manner. TM SecureGRC Data Discovery addresses this key need and was one of the first comprehensive scanners that not only searches for credit card data on file systems, but also in most commercial and open source databases. Data Discovery rapidly helps define the scope of a PCI assessment or certification and helps concentrate the efforts of the assessment. It usually is an eye-opener for many organizations who are surprised by the unintended proliferation of credit card data within organizations once CDD scans their environment. Those discoveries help organizations control the storage of the data or implement means to encrypt the data. TM SecureGRC
  • 6. Key Features  Find unencrypted credit card data in ANY type of file - Word Documents, Excel Spreadsheets, PDFs, Access databases. CDD is not constrained by file types, rather it allows you to search the whole hard disk for credit card data  Find credit card data in network shares Page | 6  Find credit card data across the WHOLE network from one location. CDD needs Microsoft Active Directory (AD) or Domain level credentials and using those credentials, you can search for card data on desktops, laptops, servers etc all from one location.  Convenience of searching from one place, no need to go to each desktop/laptop to search for data  Find credit card data in most popular commercial and open source databases such as Oracle, SQL Server, and MySQL etc.  Extremely fast and uses very few resources - network or CPU resources To buy SecureGRCTM or to find out how to integrate NetWitness NextGen with enterprise SecureGRCTM integrated IT-GRC and security framework click here TM SecureGRC