Integrates risk management of internal digital tools associated with digital products and services — such as cloud, mobile, social and big data — and third-party technologies. Examples include artificial intelligence (AI) and machine learning (ML), operational technology (OT) and the Internet of Things (IoT).

Further increase team efficiency by connecting your existing software and unstructured data to the solution, and by adopting other cross-functional integrated risk management modules to help coordinate actions across departments in charge of other risks and avoid redundancies.

Increase team efficiency by up to 30% and get a real-time view of your Cybersecurity risks.

Situation

  • A fragmented view of risks.
  • Obligations, risks, opportunities and an ever-increasing workload with teams and budgets growing relatively slower than obligations.
  • Manual and repetitive tasks are still very present.
  • Operational staff with little autonomy.
  • Frequent use of spreadsheets and specialized software operating in silos, unsuitable for consolidation constraints and information updates.

Impact

  • Risks are sometimes poorly identified and prioritized.
  • Teams are overworked.
  • Redundant actions.
  • Too much time spent on low value-added tasks, risks of errors and omissions in essential obligations.

Solution

The Cybersecurity Risk module helps your Organization address digital risks by:

  • Coordinating local, national, international and extraterritorial legal obligations and normative standards with each other.
  • Empowering operational staff to allow cybersecurity teams to only manage exceptions and have more time for analysis, recommendations and follow-up.
  • Coordinating teams and information systems and making the most of existing and untapped information (structured and unstructured data).
  • Automating time-consuming manual processes.

To achieve this, in addition to the powerful features common to the entire Smart Global Governance solution

Governance. Training and awareness plan.
Framework Manager. Dashboards and reports.
Planning. Automated gap analysis.
Dynamic risk mapping. Documentation, Central Source of Evidence.
Reliable audit trail. Monitoring, messaging, alerts, notifications.
Continuous monitoring. Collaborative remediation (tasks, exceptions, insurance, …)  
Policy management. Translations.
Integration of existing information and data into the solution.

Collaborative evaluation.

    • Forms
    • Questionnaires
    • Automated collection of structured internal data
    • Automated collection of unstructured internal data (optional)

In addition, you benefit from ready-to-use reference frameworks to address the specificities of this risk and of your Organization

You can start working from your existing frameworks and gradually add new ones. The Smart Global Governance solution identifies gaps between your existing compliance program and your new obligations to provide you with the incremental requirements you need to implement.

US Federal Data Security Laws US State Data Security Laws
COPPA CA SB 1386
DFARS 252.204-70xx MA 201 CMR 17.00
FACTA  NY DFS 23 NYCRR500
FAR 52.204-21 OR 646A
FDA 21 CFR 11  
FINRA  
 GLBA  
HIPAA  
NERC CIP  
NISPOM  
SOX  

US Regulations

  • Defense Federal Acquisition Regulations (DFARS) – NIST 800-171
  • Federal Acquisition Regulations (FAR)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Risk Management Framework (RMF) for DoD Information Technology (IT)
  • National Industrial Safety Program Operating Manual (NISPOM)
  • New York State Department of Financial Services (NY DFS) 23 NYCRR 500

Contractual cybersecurity and privacy requirements

  • Payment Card Industry Data Security Standard (PCI DSS)
  • Financial Industry Regulatory Authority (FINRA)
  • System and Organization Controls (SOCs)
  • Generally Accepted Privacy Principles (GAPP)

Industry Best Practices in Cybersecurity

 

Center for Internet Security (CIS) Critical Security Controls (CSC) NIST 800-122 : Guide to Protecting the Privacy of Personally Identifiable Information (PII)
Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) NIST 800-160 : Systems Security Engineering : Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) NIST 800-161 : Supply Chain Risk Management Practices for Federal Organizations and Information Systems
ISO 15288 : Systems and software engineering — Systems lifecycle processes NIST 800-171 : Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
ISO 27001 and ISO 27002 : Information technology — Security techniques — Code of practice for cybersecurity controls NIST IR 7298 : Glossary of Key Cybersecurity Terms
NIST 800-37 : Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach NIST IR 8062 : Introduction to Privacy Engineering and Risk Management in Federal Systems
NIST 800-39 : Managing Cybersecurity Risk : Organization, Mission and Information System View Open Web Application Security Project (OWASP)
NIST 800-53 : Security and Privacy Controls for Federal Organizations and Information Systems The 10 Most Critical Risks to OWASP Web Application Security
NIST 800-64 : Security Considerations in System Development Lifecycle Draft OWASP Application Security Verification Standard (ASVS)

To be able to go faster with our modules and add-on applications

  • Automatically connect unstructured and structured data to the solution’s modules for continuous monitoring with Smart Forensic and Data Discovery (Try our 3 months trial for free) to, for example, automatically control gaps between your control plan and reality.
  • Make your teams aware of digital risks challenges to increase their efficiency with the Smart Global e-learning Academy.
  • Manage third-party risk with the dedicated module.
  • Anonymize your data with Smart.Anonymizer.