Information Security | Research:

An increasingly common question is "How do I implement ISO 31000 with your Governance, Risk and Compliance (GRC) platform?" This white paper introduces in broad strokes the purpose and approach of ISO 31000.

Businesses today have a multitude of security tools and technologies spread across the enterprise. As a result, most IT organizations must work with a security posture cobbled together from so many individual solutions that it is impossible to get a unified view at any given point in time. Given the amount of data generated by security tools, vulnerability tools, policy violations, highly privileged access reviews, and more, organizations need a structured way to understand their security posture.

As organizations increasingly participate in a collaborative economy, sharing documents becomes ever more crucial. Documents travel farther and wider than ever before due to expanding corporate ecosystems and increasingly virtualized business networks encompassing more partners, joint ventures, and collaborative projects.

The Protegrity Data Security Platform design is based on a hub and spoke deployment architecture. The Enterprise Security Administrator (ESA) enables the authorized Security Officer to determine and set a unique enterprise wide Data Security Policy, and is the management tool (console) for the central control over policy, keys, and reporting.

In 2009, the FBI began investigating a breach of confidential records from the State of Virginia's Prescription Monitoring Program. Hackers had allegedly broken into the system, stolen 8.3 million patient records and were demanding a $10 million ransom to return the data. 1 Earlier that year, the U.S. Federal Aviation Administration had reported a similar incident wherein one of its systems had been hacked into, compromising the personal information of 45,000 employees.

In the complimentary new white paper titled "Securing Mobile Devices," ISACA, a leading global association for enterprise governance of information technology (IT), noted that the use of wireless networks, typically less secure than wired networks, leaves information at greater risk for interception.

Traditional IPS and firewalls fall short of providing effective threat containment and can expose the enterprise to unacceptable levels of risk. As the majority of threats now originate from inside the organization rather than outside, security needs to be everywhere, rather than just at select perimeter locations.