Integrates risk management of internal digital tools associated with digital products and services — such as cloud, mobile, social and big data — and third-party technologies. Examples include artificial intelligence (AI) and machine learning (ML), operational technology (OT) and the Internet of Things (IoT).
Further increase team efficiency by connecting your existing software and unstructured data to the solution, and by adopting other cross-functional integrated risk management modules to help coordinate actions across departments in charge of other risks and avoid redundancies.
Increase team efficiency by up to 30% and get a real-time view of your IT Security risks.
Situation
- A fragmented view of risks.
- Obligations, risks, opportunities and an ever-increasing workload with teams and budgets growing relatively slower than obligations.
- Manual and repetitive tasks are still very present.
- Operational staff with little autonomy.
- Frequent use of spreadsheets and specialized software operating in silos, unsuitable for consolidation constraints and information updates.
Impact
- Risks are sometimes poorly identified and prioritized.
- Teams are overworked.
- Redundant actions.
- Too much time spent on low value-added tasks, risks of errors and omissions in essential obligations.
Solution
The IT Security Risk module helps your Organization address digital risks by:
- Coordinating local, national, international and extraterritorial legal obligations and normative standards with each other.
- Empowering operational staff to allow IT Security teams to only manage exceptions and have more time for analysis, recommendations and follow-up.
- Coordinating teams and information systems and making the most of existing and untapped information (structured and unstructured data).
- Automating time-consuming manual processes.
To achieve this, in addition to the powerful features common to the entire Smart Global Governance solution
| Governance. | Training and awareness plan. |
| Framework Manager. | Dashboards and reports. |
| Planning. | Automated gap analysis. |
| Dynamic risk mapping. | Documentation, Central Source of Evidence. |
| Reliable audit trail. | Monitoring, messaging, alerts, notifications. |
| Continuous monitoring. | Collaborative remediation (tasks, exceptions, insurance, …) |
| Policy management. | Translations. |
| Integration of existing information and data into the solution. | Collaborative evaluation.
|
In addition, you benefit from ready-to-use reference frameworks to address the specificities of this risk and of your Organization
You can start working from your existing frameworks and gradually add new ones. The Smart Global Governance solution identifies gaps between your existing compliance program and your new obligations to provide you with the incremental requirements you need to implement.
| US Federal Data Security Laws | US State Data Security Laws |
| COPPA | CA SB 1386 |
| DFARS 252.204-70xx | MA 201 CMR 17.00 |
| FACTA | NY DFS 23 NYCRR500 |
| FAR 52.204-21 | OR 646A |
| FDA 21 CFR 11 | |
| FINRA | |
| GLBA | |
| HIPAA | |
| NERC CIP | |
| NISPOM | |
| SOX |
US Regulations
- Defense Federal Acquisition Regulations (DFARS) – NIST 800-171
- Federal Acquisition Regulations (FAR)
- Federal Risk and Authorization Management Program (FedRAMP)
- Risk Management Framework (RMF) for DoD Information Technology (IT)
- National Industrial Safety Program Operating Manual (NISPOM)
- New York State Department of Financial Services (NY DFS) 23 NYCRR 500
Contractual IT security and privacy requirements
- Payment Card Industry Data Security Standard (PCI DSS)
- Financial Industry Regulatory Authority (FINRA)
- System and Organization Controls (SOCs)
- Generally Accepted Privacy Principles (GAPP)
Industry Best Practices in IT Security
| Center for Internet Security (CIS) Critical Security Controls (CSC) | NIST 800-122 : Guide to Protecting the Privacy of Personally Identifiable Information (PII) |
| Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) | NIST 800-160 : Systems Security Engineering : Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems |
| Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) | NIST 800-161 : Supply Chain Risk Management Practices for Federal Organizations and Information Systems |
| ISO 15288 : Systems and software engineering — Systems lifecycle processes | NIST 800-171 : Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations |
| ISO 27001 and ISO 27002 : Information technology — Security techniques — Code of practice for cybersecurity controls | NIST IR 7298 : Glossary of Key Cybersecurity Terms |
| NIST 800-39 : Managing IT Security Risk : Organization, Mission and Information System View | NIST IR 8062 : Introduction to Privacy Engineering and Risk Management in Federal Systems |
| NIST 800-53 : Security and Privacy Controls for Federal Organizations and Information Systems | Open Web Application Security Project (OWASP) |
| NIST 800-64 : Security Considerations in System Development Lifecycle | The 10 Most Critical Risks to OWASP Web Application Security |
| NIST 800-37 : Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach | Draft OWASP Application Security Verification Standard (ASVS) |
To be able to go faster with our modules and add-on applications
- Automatically connect unstructured and structured data to the solution’s modules for continuous monitoring with Smart Forensic and Data Discovery (Try our 3 months trial for free) to, for example, automatically control gaps between your control plan and reality.
- Make your teams aware of digital risks challenges to increase their efficiency with the Smart Global e-learning Academy.
- Manage third-party risk with the dedicated module.
- Anonymize your data with Smart.Anonymizer.
