building an effective grc process with trustedagent grc

Company SensitiveThis document is the property of Trusted Integration, Inc.

It should not be duplicated or distributed to any third-party entity

1

Building an Effective GRC Process with TrustedAgent GRC

InfoSec Learning Center

April 10, 2013

What Keeps CROs up at Night?

Chief Risk Officers (CROs) are responsible for identifying, analyzing, and mitigating internal and external events could adversely affect the company.

Are we meeting the mandate regulatory requirements? What are the financial and business impacts to my organization for

noncompliance? How do we achieve and sustain ongoing compliance? What visibility do we have to risks within the organization? How healthy is the governance or security posture for my organization? Are we providing the required communication and awareness of the

governance and directions to our employees to keep pace with changing environments and achieving our business objectives?

What are the gaps of my enterprise and how they are impacting my business objectives?

Do we have the tools and the talents to manage our compliance needs?

2



Building Blocks for Governance, Risk Management and Compliance

Governance: Define and communicate corporate

governance, policies, and standards including standards unique to the organization.

Enhance implementation by leveraging existing governance and standards such as HIPAA/HITECH, ISO, COBIT, SOX, FISMA, DIACAP, FedRAMP, etc.

Risk Management: Conduct enterprise risk management

(ERM) to centrally identify, remediate and mitigate risks or noncompliance that may impact the business objectives of the organization.

Compliance: Manage and oversee management and

regulatory reporting, continuous monitoring, and change management to standards and policies.

3



G R C

Why Organizations Utilize GRC?

Enable better govern and standardize regulatory, information security policies and procedures across technical, operational, and human assets.

Ensure secure and effective internal information security processes and those processes established with vendors and business partners.

Standardize and manage deviations in regulatory and organizational security compliance.

Quantify and better manage security risks, vulnerabilities and their remediation efforts.

Measure residual risks and impacts, and project outcomes from risk-based activities.

Monitor and continuously improve the security profile of the enterprise.

4



Governance5



Risk Management

Identify risk and noncompliance against governing policies and standards.

Manage risks identified from automated and external/internal manual sources including vulnerability and configuration assessments, and internal and third-party regulatory audits.

Remediate findings using a comprehensive framework that manage the activities and responsible assignees through the life cycle of the findings.

Mitigate recurrences through periodic implementation and validation of key controls.

Elevate and improve the organization’s awareness, compliance and risk posture over time.

6



Compliance

Manage regulatory and management reporting including standard-mandate and ad hoc reporting.

Create and maintain governance-specific reports and security authorization packages. Policies and Plans Security Plans System Authorization

Provide a single view access to the data and the metrics governing the organization with transparency and control.

Leverage comprehensive framework to maintain continuous monitoring to address: Vulnerability and configuration changes Asset changes Periodic audits and assessments Regulatory changes

7



AUDITS & ASSESSMENTS

VULNERABILITY &

CONFIGURATION MANAGEMENT

ASSET CHANGES

REGULATORY & STANDARD CHANGES

Governance and Security Standards8



NEI, COBIT, ISO, PCI DSS and many more...

TrustedAgent GRC Platform

Since 2001, TrustedAgent GRC platform has been the premier government-GRC (gGRC) solution for the government agencies.

gGRC differs from other traditional GRC solution in that gGRC:1. Handles detail-driven requirements and responses.2. Manages complex requirements relating to content and format. 3. Is customizable for various organization formats, specific contents and requirements.4. Supports any number of deliverables including those unique to the organization.

TrustedAgent GRC provides the flexibility and customization to support complex requirements of government agencies and the required simplicity for commercial entities.

TrustedAgent GRC enables organization to: Manage organizational structures, inventory, people, IT assets and relationships through their life

cycles. Identify, assess, and mitigate risks and vulnerabilities. Provide oversight with comprehensive dashboard and management reporting. Monitor and improve ongoing security and risk posture. Automate alerts and processes for IT security authorization, risk management, and compliance

audits. Manage regulatory and organizational security requirements, policies, and documentation

templates.

9



Key Benefits of TrustedAgent

Provide an enterprise solution that integrates, standardizes, and enhances the existing GRC processes of an organization.

Standardize management of security risks, privacy, and regulatory compliance across the enterprise.

Reduce security risks that negatively impact customer dissatisfaction, revenues, stock price volatility, and brand recognition.

Reduce resources, time, and costs associated with compliance and oversight processes.

Proactively assess and continuously improve the organization security posture.

10



About TrustedAgent GRC

TrustedAgent Governance, Risk and Compliance (GRC) provides organizations with a central technology platform to manage the organization’s security assessment, authorization, and continuous monitoring for risk and compliance management across the enterprise using several standards including FedRAMP, ISO 27001, HIPAA/HITECH, PCI DSS, COBIT, NERC, and FISMA.

TrustedAgent GRC collects and aggregates results from other ancillary tools such as asset management, configuration management, vulnerability management, and other information security tools and processes for analysis and understanding of the enterprise risk profile, conducting compliance and remediation, and management reporting.

TrustedAgent GRC provides a structured, consistent, and time-saving approach to organize and implement GRC processes for organizations, implements and maintains compliance and regulatory deliverables, accelerates the process of securing authorization and compliance to governing standards, and sustains ongoing compliance including change management and continuous monitoring to meet the challenges of governance for commercial enterprises and government agencies.

11



About Trusted Integration

Since 2001, Trusted Integration has been a leader in providing Governance, Risk and Compliance management solutions for government and commercial organizations specializing superior-quality, cost-saving Information risk management solutions in the Federal Government Compliance (FISMA, DIACAP, and FedRAMP). In addition, Trusted Integration also provides compliance solutions supporting payment card industry data security standards (PCI-DSS), health care HIPAA/HITECH, energy sector (NERC, NEI) and information technology governance including COBIT and ISO 27001.

For more information, visit us at www.trustedintegration.com.

Trusted Integration, Inc.525 Wythe StreetAlexandria, VA 22314(703) [email protected]

12



building an effective grc process with trustedagent grc

Technology

thirdparty entity

security risks

security standards

thirdparty regulatoryaudits

risk managementand compliance

security profile

security posture

assessments policies