Infopulse SCM 6.0 Release – Enhanced Capabilities, New Benefits
development team is excited to announce that the 6.0 release! Get it! Test it!
Use it the hard way! We know what we are
Every time we have the upgraded version released, we take effort to gather the most active users’ feedback. We invite them to collaborate and evaluate improved product performance. Their opinions go to the development backlog for further processing. We keep this way to stay in tight connection with the real customer’s needs.
In short, the
added and improved features are:
Analytics Data Grid. Enables volumes of information to be compressed in a concise view.
Report LibraryTemplates. More options for your reporting.
Task Manager. Track progress of threat and risk protection activities.
Dashboard widgets. Monitor the task performance status with an instant dashboard view.
Let us take a closer look at the upgrades and the benefits you gain.
Compliance Analytics Data Grid
data grid packs huge volumes of information into a smart and simple grid view.
Each grid has an amazing capacity of up to 200,000 rows. You have full freedom
to manipulate your data arrangement – all operations at your fingertips!
Hide, move, or sort columns
Filter or search data in-field or globally
Add groupings by fields
Run ad-hoc compliance analysis
Export data in XLS or SCV format to external systems
You can configure pre-defined template views and re-use them when needed. Export your findings for further use in reporting.
The SCM Task
Manager now has extended capability. Track performance of threat and risk tasks from
planning to reporting stage.
priorities, start/end dates
documents to tasks
tasks by a variety of attributes
tasks or add comments
Evaluate new widgets added to the dashboard options. Specifically designed to visualize task performance, they give you an instant view on the task progress. You can create an unlimited number of task widgets, for individual tasks or groups of tasks.
There is a lot more for you to discover! We keep the
customer needs in the focus as a number one priority.
Run audits, assess and manage risks, monitor compliance status, prepare to certifications and do much more with enhanced efficiency. Use the pre-integrated standards or go pro importing any customer-specific set of requirements or policy.
Report Library Templates
We added a bundle of new report templates for your convenience. Enjoy expanded reporting template options saving your time and effort. Make use of them as they come instantly or tailor to your needs. The increased flexibility allows users to generate reports according to their individual requirements.
Interested in getting more information or advice on SCM usage? Contact our SCM experts!
The scale of malware deployments, cyber-attacks, and frauds is overwhelming. It gives the impression that cybercriminals are always one step ahead of the technologies. It is often true. Many of them are at the peak of the technologies. That is enough for their success because many organizations are far from following common security practices.
How can you be confident in your systems and information safety? To find out the answer let us take a closer look at security most common issues.
Security Support in Compliance
Managing compliance with multiple standards manually is costly, resource consuming and low efficient.
Modern software solutions enable consolidating all compliance processes in one control center eliminating silos, overlapping and gaps. They provide a comprehensive assessment of both security status and associated risks. The most advanced platforms like Infopulse SCM offer dozens of features to streamline and simplify your compliance processes.
Imagine you have received all advice and guidance from the vendor, your compliance solution is finally in place. What can be your next move in enhancing the protection of your systems? Considering the complexity of security requirements and thousands of controls coming from security standards, using automated solutions to their full capacity requires a lot of in-house security expertise. This leads us to the next stage of improving your protection quality.
You have an opportunity to receive professional advice on any security issue on the go. The Infopulse security experts will carefully guide you through the SCM implementation stage. They show you how to use product features in the best way. Whatever it may be, compiling an inventory, risk analysis, system modeling – you will get the firsthand instructions based on the best security practices.
Cybersecurity is a complex of technologies and methodologies. Even the most advanced automated tools, however efficient and convenient, do only part of the job. They give you numbers, alerts, assessments, recommendations, etc. It is more about a view on protection status than the protection itself.
That is why, besides the SCM and security support, Infopulse offers a full range of Security Services. Created by security experts, they provide a holistic approach to cover all aspects of information security.
Security Assessment services help our clients identify and analyze all possible security threats and organizational weaknesses. Basing on industry best practices and customer’s requirements, our information security experts provide an individual assessment of the organization’s security vulnerabilities and risks.
Penetration testing gives a true picture of your system’s protection level. What could be more convincing than the simulation of a real cyber attack?
Penetration testing goes in line with the requirements of NIST SP 800-115, PTES, OWASP, EC-Council. It helps to assess the security of your information systems in several dimensions: networks, applications, personnel adherence, and embedded devices.
Continuous Cyber Reconnaissance
imagine how much sensitive information companies carelessly spill around in the
open sources. Cybercriminals can use it against your organization getting
insights into potential vulnerabilities.
Running open source intelligence reveals this harmful information and the related risks you might expose yourself to. Our security experts can further leverage the found vulnerabilities during a penetration test, red team exercise, and other specific techniques.
Fast adoption of cloud technologies along with massive virtualization exposes their users to specific threats. Our experts ensure the full protection of your data, infrastructure or applications in the cloud. We provide expert advice and all cloud-related services to enable and protect your business.
Identity and access control provides another layer of protection at the user level.
Information protection ensures that only authorized people get access to communications and documents.
Threat protection fights advanced threats and provides tools for fast recovery when attacked.
Security management arms you with tools to control all compliance and security processes.
IT Infrastructure Protection
This service provides end-to-end protection of your on-premise, cloud or hybrid environment, and data stores. The Infopulse certified experts with real-world hands-on experience will assist you in protecting your IT infrastructure from cyber-threats.
Monitoring your network perimeter and network servers’ configuration Infopulse creates your Risk Treatment Plan to mitigate security risks.
Security Operations Center (SOC)
Infopulse provides both SOC-as-a-Service and SOC-as-a-Solution depending on your needs. 24/7 operating SOC allows instant identifying cyber attacks and taking preventive actions. That means less damage and faster recovery.
You will get
real-time control over security events and assistance of an experienced
Security Incident Response Team.
Secure Software Development
It is about a specific approach to software development operations based on the idea of “security by design”. The SCM platform enables developers and security professionals to organize the development process around security best practices. It integrates related requirements of several standards. In particular, these are ISO 27K series, IT Grundschutz, ASPICE.
The Infopulse specialists will guide you through the Secure Software Development process. The service includes threat modeling and risk analysis, security architecture design, source code review, security testing, etc. And we use worldwide standards and proven best practices, such as ISO 15408 & CC Protection profiles, OWASP, NIST SP 800-64, NIST SP 800-115, and CIS recommendations.
As a Final Remark
knowledge base and techniques keep evolving along with the emerging technologies
of the data-driven world. There is no final and utmost protection for all times,
unless you have nothing to protect. Millions of cyber-attacks worldwide daily
challenge security of the information systems. It is a battlefield where no one
can feel safe for a long while.
considering all the opportunities, it makes sense to explore your vulnerability
landscape. The best option for it would be penetration testing. It will clearly
show where you stand in terms of security and what service you might need.
The ISO 27001:2013 as compared to its 2005 version contains a series of new security controls within eleven groups. This amendment was inevitable due to dramatic changes that occurred in the technologies and business environment during the last decade.
The implementation of industrial standards like ISO 27001 is a formidable task. There is no easy solution. Companies put great effort and resources engaging implementation guides, expert advice, software toolkits, and automated solutions.
Knowing where you are
implementation process is behind. Sweat and tears, tons of paperwork, heavy
miles of running up and down between the office rooms. What comes next? What
should we know before initiating the certification process?
After your organization has invested time and effort into implementing its security system, the next step is to find out how you are going in it. The BSI Group offers a detailed checklist to make the self-assessment on the readiness of your organization to ISO 27001 certification.
The checklist covers 19 areas with several items in each area totaling to about one hundred questions. Completing the questionnaire provides the information required for analysis.
The organization and its content
Needs and expectations of interested parties
Scope of the ISMS
Leadership and management commitment
Information security policy
Roles and responsibilities
Risks and opportunities of ISMS implementation
Information security risk treatment
Information security objectives and planning
ISMS resources and competence
Awareness and communication
Operational planning and control
Monitoring, measurement, and evaluation
Corrective action and continual improvement
The last area
related to security controls in the BSI list is the most extensive one
containing 43 questions. There is a good reason behind it. The security
controls are the core of every ISMS.
Taking time to
tick the boxes on the list, believe you finally have some solid picture. Well,
it is still far from the answer where you are. You need a method to calculate
the score and interpret it into a conclusion. That means you are to analyze the
gathered data to identify your position in the compliance process.
There is a tough choice to figure it out oneself, engage expensive consultants or rely upon automated security solutions, which have such a feature onboard. The first option takes time. It requires expertise in the information security area and entails a certain risk of mistake. Security expert services are not cheap but are the most reliable. Today, there are software solutions on the market worth considering.
What do we eventually expect from it?
in the standard is not an ultimate goal but a tool to achieve greater results.
Being certified in ISO 27001 paves a road to several outstanding objectives:
Organization enhanced potential
on the market
Assurance to the organization’s
partners and customers of its and their data security
The increased bottom line in an
organization’s revenue due to lower risk
Improved processes due to compliance
with the industry best practices and regulations
Positive impact on an organization’s
stakeholders, clients, and employees
And a lot more
Software solutions can be an optimal approach. They are created by security experts and usually include bundles of supporting services. Infopulse SCM provides complete support on the way of ISMS implementation, from identifying objectives to automated periodic audits of your organization’s compliance status as per ISO 27001 or any other standards.
[Blog] Consent: Tips to Survive in the GDPR Jungles
We all have to confess this sin: sometimes we trick people into consent under the blurred context. It happens in our family matters or business relationships. There is no special evil about it. We need to get what we want with the least effort or resistance.
This attitude can be a trap when organizations seek people’s assent to process their personal information. The new European legislation empowers individuals with complete control over it. Formal consent becomes a double-edged knife.
Legal Grounds for Personal Data Processing
What can be wrong, you may ask, in getting consents at every opportunity? It means we meet the requirements, don’t we? Consent seems a very simple get-it-and-forget-it solution. Yet, companies using consent should not delude themselves with this idea. It is no way simple, nor free from pitfalls. In fact, it puts a heavier burden on your shoulders.
Well, are there any other options?
Of course, there are. The right approach is always asking yourself which legal
ground is your best choice.
The EU regulation defines six legal grounds for lawful personal data processing:
Organizations must rely upon at
least one of the above grounds to legitimize data processing. Consent should be the last choice if other instruments
are available. Engaging consent puts extra pressure on organizations. In
contrast to it, data subjects receive a series of crucial rights.
What Makes Consent Valid
Recently popular ways of getting implied consent do not do the job now. Pre-ticked boxes, text hidden between the lines or user inactivity do not prove a valid consent. Now, people must have an opportunity to express their free will in such a way that there could not be any doubt in it.
The idea of freely
given consent is deeper than it appears at first glance. ‘Free’ suggests a genuine,
uninfluenced decision. Imagine the controller to be a public authority or an employer.
They have a certain power to influence an individual’s decision. This situation
tells of the imbalance of power.
Another frequent inconsistency lies in conditionality. Businesses tie their offers
with the requirement of giving consent for personal data processing. It often
occurs in an automated way with the use of online forms. Squeezing consent as a
pre-condition for receiving service or contract performance is a common case
today. Be aware that this stunt invalidates consent because the law does not
regard it as truly free.
Keep in mind that the control over personal data is completely in the hands of their givers. Make sure you apply no pressure, direct or indirect, to drive individuals into it. Do not hide anything ‘between the lines’ in the text of agreements. Provide data subjects with a true choice. The consequences can be devastating. Imagine the data subjects decided to challenge it in the court. This impact will further grow as long as people become more aware of their rights.
The next attribute of valid consent is being specific. The purpose of data processing must be specified and limited.
You can imagine a person provoked by a poorly specified purpose. They might not
agree to its vague scope if the purpose were specific enough.
Further, the data subjects must be properly informed before receiving consent. It is your obligation, not a choice. Controllers must provide them with all legally required information including the data subject rights.
Consent is not a One-for-All-Solution
You cannot resort to a consent
option without proper substantiation. There are several purposes specified in
the regulation for requesting consent. Using any of them, you must be ready to
provide further explanation.
One more crucial attribute of
consent is that it must be unambiguous.
This means that it cannot be implied or derived from any framework provisions.
Consent must come in the manner ensuring that the data subject has a full
understanding of this act.
The most crucial feature of consent is that organizations must be ready to
consent withdrawal. They will have to stop personal data processing as soon as
the data subject requests it. If the data subject withdraws consent, data
controllers cannot change the legal ground for it.
We do not always need consent as a legal ground for personal data processing. There are five other options. Consent may not turn out to be the easiest or most appropriate method. Always consider the alternative. In practice, managing personal data is a tough task for every organization. It is time to think of automated solutions.
This time it is about Infopulse‘s participation in the Cybersecurity Leader Award 2019 held on June 04, 2019 in Frankfurt, Germany within the framework of Information Security World (ISW), an annual Cybersecurity Conference and Exhibition. Competing we learn, get insights and exchange the ideas on how we can make this world safer.
Cybersecurity Leader Award (CLA) is the competition for excellence in information security in business and public sector. Information security is becoming a challenge for any organization in the context of digital transformation and the development of new technologies. Global connectivity and the Internet of Things are milestones in a technological and social evolution that places entirely new demands on the security of data and its exchange.
In order to cope with the different starting situations and requirements
of potential competitors, the competition is carried out in several categories:
Large companies, Medium companies, Innovative companies, and Holistic. All IT
users who have implemented projects, initiatives or strategies in the field of
information security are eligible to participate.
At this remarkable event, Infopulse is proud to display its Standards Compliance Manager (SCM), an innovative solution for automated compliance and risk management, as well as present a wide variety of cybersecurity services.