(archive)

Infopulse SCM 6.0 Release – Enhanced Capabilities, New Benefits

The SCM development team is excited to announce that the 6.0 release! Get it! Test it! Use it the hard way!  We know what we are proud of!

Every time we have the upgraded version released, we take effort to gather the most active users’ feedback. We invite them to collaborate and evaluate improved product performance. Their opinions go to the development backlog for further processing. We keep this way to stay in tight connection with the real customer’s needs.

In short, the added and improved features are:

  • Analytics Data Grid. Enables volumes of information to be compressed in a concise view.
  • Report Library Templates. More options for your reporting.
  • Task Manager. Track progress of threat and risk protection activities.
  • Dashboard widgets. Monitor the task performance status with an instant dashboard view.  

Let us take a closer look at the upgrades and the benefits you gain.

Compliance Analytics Data Grid

This innovative data grid packs huge volumes of information into a smart and simple grid view. Each grid has an amazing capacity of up to 200,000 rows. You have full freedom to manipulate your data arrangement – all operations at your fingertips!  

  • Hide, move, or sort columns
  • Filter or search data in-field or globally
  • Add groupings by fields
  • Aggregate data
  • Run ad-hoc compliance analysis
  • Export data in XLS or SCV format to external systems

You can configure pre-defined template views and re-use them when needed. Export your findings for further use in reporting.

Task Manager

The SCM Task Manager now has extended capability. Track performance of threat and risk tasks from planning to reporting stage.

  • Fix priorities, start/end dates
  • Attach documents to tasks
  • Assign responsible persons
  • Set up email notifications
  • Filter tasks by a variety of attributes
  • View/Edit tasks or add comments

Dashboard widgets

Evaluate new widgets added to the dashboard options. Specifically designed to visualize task performance, they give you an instant view on the task progress. You can create an unlimited number of task widgets, for individual tasks or groups of tasks.

There is a lot more for you to discover! We keep the customer needs in the focus as a number one priority.

Run audits, assess and manage risks, monitor compliance status, prepare to certifications and do much more with enhanced efficiency. Use the pre-integrated standards or go pro importing any customer-specific set of requirements or policy.

Report Library Templates

We added a bundle of new report templates for your convenience. Enjoy expanded reporting template options saving your time and effort. Make use of them as they come instantly or tailor to your needs. The increased flexibility allows users to generate reports according to their individual requirements.

Interested in getting more information or advice on SCM usage? Contact our SCM experts!

Read more

Assistance in Achieving Security Excellence

The scale of malware deployments, cyber-attacks, and frauds is overwhelming. It gives the impression that cybercriminals are always one step ahead of the technologies. It is often true. Many of them are at the peak of the technologies. That is enough for their success because many organizations are far from following common security practices.

How can you be confident in your systems and information safety? To find out the answer let us take a closer look at security most common issues.

Security Support in Compliance

Managing compliance with multiple standards manually is costly, resource consuming and low efficient.

Modern software solutions enable consolidating all compliance processes in one control center eliminating silos, overlapping and gaps. They provide a comprehensive assessment of both security status and associated risks. The most advanced platforms like Infopulse SCM offer dozens of features to streamline and simplify your compliance processes.

Security-Services_Standards Compliance Manager
Real-time Compliance, Risk and Management Visualisation

Imagine you have received all advice and guidance from the vendor, your compliance solution is finally in place. What can be your next move in enhancing the protection of your systems? Considering the complexity of security requirements and thousands of controls coming from security standards, using automated solutions to their full capacity requires a lot of in-house security expertise. This leads us to the next stage of improving your protection quality.

You have an opportunity to receive professional advice on any security issue on the go. The Infopulse security experts will carefully guide you through the SCM implementation stage. They show you how to use product features in the best way. Whatever it may be, compiling an inventory, risk analysis, system modeling – you will get the firsthand instructions based on the best security practices.

3600 Protection with Security Services

Cybersecurity is a complex of technologies and methodologies. Even the most advanced automated tools, however efficient and convenient, do only part of the job. They give you numbers, alerts, assessments, recommendations, etc. It is more about a view on protection status than the protection itself.

That is why, besides the SCM and security support, Infopulse offers a full range of Security Services. Created by security experts, they provide a holistic approach to cover all aspects of information security.

Security Assessment

Security Assessment services help our clients identify and analyze all possible security threats and organizational weaknesses. Basing on industry best practices and customer’s requirements, our information security experts provide an individual assessment of the organization’s security vulnerabilities and risks.

Security Assessment performance is in line with the requirements of ISO 27000 series, NIST SP 800 series, ISF SoGP, BSI IT-Grundschutz, and GDPR.

Penetration Testing

Penetration testing gives a true picture of your system’s protection level. What could be more convincing than the simulation of a real cyber attack?

Penetration testing goes in line with the requirements of NIST SP 800-115, PTES, OWASP, EC-Council. It helps to assess the security of your information systems in several dimensions: networks, applications, personnel adherence, and embedded devices.

Continuous Cyber Reconnaissance

You cannot imagine how much sensitive information companies carelessly spill around in the open sources. Cybercriminals can use it against your organization getting insights into potential vulnerabilities.

Running open source intelligence reveals this harmful information and the related risks you might expose yourself to. Our security experts can further leverage the found vulnerabilities during a penetration test, red team exercise, and other specific techniques.

Cloud Protection

Fast adoption of cloud technologies along with massive virtualization exposes their users to specific threats. Our experts ensure the full protection of your data, infrastructure or applications in the cloud. We provide expert advice and all cloud-related services to enable and protect your business.

  • Identity and access control provides another layer of protection at the user level.
  • Information protection ensures that only authorized people get access to communications and documents.
  • Threat protection fights advanced threats and provides tools for fast recovery when attacked.
  • Security management arms you with tools to control all compliance and security processes. 

IT Infrastructure Protection

This service provides end-to-end protection of your on-premise, cloud or hybrid environment, and data stores. The Infopulse certified experts with real-world hands-on experience will assist you in protecting your IT infrastructure from cyber-threats.

Monitoring your network perimeter and network servers’ configuration Infopulse creates your Risk Treatment Plan to mitigate security risks.

IT Infrastructure Protection

Security Operations Center (SOC)

Infopulse provides both SOC-as-a-Service and SOC-as-a-Solution depending on your needs. 24/7 operating SOC allows instant identifying cyber attacks and taking preventive actions. That means less damage and faster recovery.

You will get real-time control over security events and assistance of an experienced Security Incident Response Team.

Secure Software Development

It is about a specific approach to software development operations based on the idea of “security by design”. The SCM platform enables developers and security professionals to organize the development process around security best practices. It integrates related requirements of several standards. In particular, these are ISO 27K series, IT Grundschutz, ASPICE.

The Infopulse specialists will guide you through the Secure Software Development process. The service includes threat modeling and risk analysis, security architecture design, source code review, security testing, etc. And we use worldwide standards and proven best practices, such as ISO 15408 & CC Protection profiles, OWASP, NIST SP 800-64, NIST SP 800-115, and CIS recommendations.

Secure Software Development Lifecycle

As a Final Remark

Security knowledge base and techniques keep evolving along with the emerging technologies of the data-driven world. There is no final and utmost protection for all times, unless you have nothing to protect. Millions of cyber-attacks worldwide daily challenge security of the information systems. It is a battlefield where no one can feel safe for a long while.

Anyway, before considering all the opportunities, it makes sense to explore your vulnerability landscape. The best option for it would be penetration testing. It will clearly show where you stand in terms of security and what service you might need.

Read more

ISO 27001 – Are you ready for a Check?

The ISO 27001:2013 as compared to its 2005 version contains a series of new security controls within eleven groups. This amendment was inevitable due to dramatic changes that occurred in the technologies and business environment during the last decade.

The implementation of industrial standards like ISO 27001 is a formidable task. There is no easy solution. Companies put great effort and resources engaging implementation guides, expert advice, software toolkits, and automated solutions.

Knowing where you are

Finally, the implementation process is behind. Sweat and tears, tons of paperwork, heavy miles of running up and down between the office rooms. What comes next? What should we know before initiating the certification process?

After your organization has invested time and effort into implementing its security system, the next step is to find out how you are going in it. The BSI Group offers a detailed checklist to make the self-assessment on the readiness of your organization to ISO 27001 certification.

The checklist covers 19 areas with several items in each area totaling to about one hundred questions. Completing the questionnaire provides the information required for analysis.

  • The organization and its content
  • Needs and expectations of interested parties
  • Scope of the ISMS
  • Leadership and management commitment
  • Information security policy
  • Roles and responsibilities
  • Risks and opportunities of ISMS implementation
  • Information security risk treatment
  • Information security objectives and planning
  • ISMS resources and competence
  • Awareness and communication
  • Documented information
  • Operational planning and control
  • Monitoring, measurement, and evaluation
  • Internal audit
  • Management review
  • Corrective action and continual improvement
  • Security controls

The last area related to security controls in the BSI list is the most extensive one containing 43 questions. There is a good reason behind it. The security controls are the core of every ISMS.

Taking time to tick the boxes on the list, believe you finally have some solid picture. Well, it is still far from the answer where you are. You need a method to calculate the score and interpret it into a conclusion. That means you are to analyze the gathered data to identify your position in the compliance process.

There is a tough choice to figure it out oneself, engage expensive consultants or rely upon automated security solutions, which have such a feature onboard. The first option takes time. It requires expertise in the information security area and entails a certain risk of mistake. Security expert services are not cheap but are the most reliable. Today, there are software solutions on the market worth considering.

What do we eventually expect from it?

Certification in the standard is not an ultimate goal but a tool to achieve greater results. Being certified in ISO 27001 paves a road to several outstanding objectives:

  • Organization enhanced potential on the market
  • Assurance to the organization’s partners and customers of its and their data security
  • The increased bottom line in an organization’s revenue due to lower risk
  • Improved processes due to compliance with the industry best practices and regulations
  • Positive impact on an organization’s stakeholders, clients, and employees
  • And a lot more

Software solutions can be an optimal approach. They are created by security experts and usually include bundles of supporting services. Infopulse SCM provides complete support on the way of ISMS implementation, from identifying objectives to automated periodic audits of your organization’s compliance status as per ISO 27001 or any other standards.

Read more

[Blog] Consent: Tips to Survive in the GDPR Jungles

We all have to confess this sin: sometimes we trick people into consent under the blurred context. It happens in our family matters or business relationships. There is no special evil about it. We need to get what we want with the least effort or resistance.

This attitude can be a trap when organizations seek people’s assent to process their personal information. The new European legislation empowers individuals with complete control over it. Formal consent becomes a double-edged knife.

Legal Grounds for Personal Data Processing

What can be wrong, you may ask, in getting consents at every opportunity? It means we meet the requirements, don’t we? Consent seems a very simple get-it-and-forget-it solution. Yet, companies using consent should not delude themselves with this idea. It is no way simple, nor free from pitfalls. In fact, it puts a heavier burden on your shoulders.

Well, are there any other options? Of course, there are. The right approach is always asking yourself which legal ground is your best choice.

The EU regulation defines six legal grounds for lawful personal data processing:

  • Legitimate interests;
  • Public interest;
  • Vital interest;
  • Legal obligations;
  • Contractual necessity;
  • Consent.

Organizations must rely upon at least one of the above grounds to legitimize data processing. Consent should be the last choice if other instruments are available. Engaging consent puts extra pressure on organizations. In contrast to it, data subjects receive a series of crucial rights.

What Makes Consent Valid

Recently popular ways of getting implied consent do not do the job now. Pre-ticked boxes, text hidden between the lines or user inactivity do not prove a valid consent. Now, people must have an opportunity to express their free will in such a way that there could not be any doubt in it.

The idea of freely given consent is deeper than it appears at first glance. ‘Free’ suggests a genuine, uninfluenced decision. Imagine the controller to be a public authority or an employer. They have a certain power to influence an individual’s decision. This situation tells of the imbalance of power.

Another frequent inconsistency lies in conditionality. Businesses tie their offers with the requirement of giving consent for personal data processing. It often occurs in an automated way with the use of online forms. Squeezing consent as a pre-condition for receiving service or contract performance is a common case today. Be aware that this stunt invalidates consent because the law does not regard it as truly free.

Keep in mind that the control over personal data is completely in the hands of their givers. Make sure you apply no pressure, direct or indirect, to drive individuals into it. Do not hide anything ‘between the lines’ in the text of agreements. Provide data subjects with a true choice. The consequences can be devastating. Imagine the data subjects decided to challenge it in the court. This impact will further grow as long as people become more aware of their rights.

The next attribute of valid consent is being specific. The purpose of data processing must be specified and limited. You can imagine a person provoked by a poorly specified purpose. They might not agree to its vague scope if the purpose were specific enough.

Further, the data subjects must be properly informed before receiving consent. It is your obligation, not a choice. Controllers must provide them with all legally required information including the data subject rights.

Consent is not a One-for-All-Solution

You cannot resort to a consent option without proper substantiation. There are several purposes specified in the regulation for requesting consent. Using any of them, you must be ready to provide further explanation.

One more crucial attribute of consent is that it must be unambiguous. This means that it cannot be implied or derived from any framework provisions. Consent must come in the manner ensuring that the data subject has a full understanding of this act.

The most crucial feature of consent is that organizations must be ready to consent withdrawal. They will have to stop personal data processing as soon as the data subject requests it. If the data subject withdraws consent, data controllers cannot change the legal ground for it.

We do not always need consent as a legal ground for personal data processing. There are five other options. Consent may not turn out to be the easiest or most appropriate method. Always consider the alternative. In practice, managing personal data is a tough task for every organization. It is time to think of automated solutions.

Read more

[News] Competing for Secure World

This time it is about Infopulse‘s participation in the Cybersecurity Leader Award 2019 held on June 04, 2019 in Frankfurt, Germany within the framework of Information Security World (ISW), an annual Cybersecurity Conference and Exhibition. Competing we learn, get insights and exchange the ideas on how we can make this world safer.

Cybersecurity Leader Award (CLA) is the competition for excellence in information security in business and public sector. Information security is becoming a challenge for any organization in the context of digital transformation and the development of new technologies. Global connectivity and the Internet of Things are milestones in a technological and social evolution that places entirely new demands on the security of data and its exchange.

In order to cope with the different starting situations and requirements of potential competitors, the competition is carried out in several categories: Large companies, Medium companies, Innovative companies, and Holistic. All IT users who have implemented projects, initiatives or strategies in the field of information security are eligible to participate.

At this remarkable event, Infopulse is proud to display its Standards Compliance Manager (SCM), an innovative solution for automated compliance and risk management, as well as present a wide variety of cybersecurity services.

Read more