qsec - isms and grc according to international standards ... · international standards (iso...
TRANSCRIPT
QSEC - ISMS and GRC according to international standards andmethods
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
2 © 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
„Best in Class is not a coincidence!“
Consulting ISMS & GRC softwareSectors
3
WMC GmbH – GRC & ISMS Software + Consulting
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
Our core issures Our references
QSEC multi-standard compliance managementaccording to international
standards
Project management
CO
NS
UL
TI
NG
Management consulting
Information security management
SO
FT
WA
RE
+
S
UP
PO
RT
Compliance management
IT-security
Risk management
Business impact Analysis (BIA)
Business continuity management
Data protection
Measure management
Reporting
More: PCI DSS; ISO 9001; ISO 20 000
4
Best practice with QSEC-Suite
Governance
StandardsLaws
Transparencyand Minimization
Guidelines Policies
QSECMaturity assessmentfor standards and laws
GuidedIT-GRCMeasures
sustainablecomplete
organisation-wide
Strategy
Technology
Processes People
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
RiskManagement
Compliance
5
QSEC – the USP‘s at a glance
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
Multi-norm compliance
Support of worldwide recognized standards including ISO 9001 (Quality Management), ISO 14001 (Environmental Management), ISO 20000 (IT Service
Management), ISO 22301 (BIA & BCM), ISO 27001/2 (Information Security Management), ISO 27005 (IT Risk Management) PCI DSS, SOX, Basel II, OHSAS
18001 (Occupational Health and Safety). Subject to individual requirements own contents or sector-specific standards can be integrated
Competitive edge
No other IT-GRC solution is as comprehensive in terms of best practices in the field of measure management
Comprehensivecontent in „all in one“
no moduls missing, QSEC comes complete
Interfaces
Via interfaces QSEC integrates into existing IT-landscape
Usability
Customers confirm high operational guidance (Wizard Technology) and a clear user interface
Quick implementation
QSEC is a flexible “out of the box” software that can be implemented on a tight schedule with accurate cost planning
6
QSEC – Advatages and Benefit
can be used for any authorized employee
high transparency about all activities and status within the Compliance and IT Risk Management
permanent information about all changes andimprovements
optimization of the IT investments with transparency of the business-critical processes (peak risks)
possible savings of about 30-50 % of the internal and external costs during the ISMS implementation /operation
reduction of efforts for certification / recertification
company-wide and unified traceability of compliance
Improved image and competitive advantage
Usability and easy to use (WEB- / wizard technology)
Flexibility and comprehensive configuration
Content fully integrates subject to the standard(norm/low)
Fully integrated IT Risk Management based on thebusiness prozesses and information
Integrated central database
Workflow and business prozess support according totasks and roles (experts and users)
Test cases, test assets,measure proposal, sample documents for each sectors fully integrated
Product support – permanent Updates
Achievement
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
Benefits
7
QSEC – "all in one compliance“
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
QSEC more results, faster
Easy Express Enterprise Edition GRC Edition BSI Edition
QSEC – our products Standard browser application Administration-Tool / User authorizationTechnology
International standards (ISO 27001/2/5; ISO 20000 etc.) Use patterns, measure proposal, risk catalog Samples for business processes, assets for some sectors
Content
Mailsystem, Active Directory, Ticket System etc. Individual data transfer (CSV, XML etc.)Interfaces
ISMS process (Compliance-, Risk assessment, BIA/BCM) Measure-, document and incident management
Processsupport
More than 65 reports with maturity degree report DashboardReporting
High user acceptance because of user friendlyness Permanent software support and continiuous improvement
process Well-defined steps with wizard-technology
Usability
8
QSEC – Integrated Management System
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
An expert system for every employee
Tech
nic
al
spec
sR
isk
Co
mp
lian
ceU
sab
ility
- Cost savings- Transparency- Efficiency
1. Usability – simply usage through Wizard technology
2. Low training expenditures
3. Configuration possibility – flexible and extensive
4. Automatized resubmission, system task
5. International standards (ISO, GDPR, ITIL)
6. Consistent procedure and leadership based on PDCA-method and extensive measures proposal
7. Risk management based on ISO 27005 (31000)
8. History of all relevant changing data
9. Distribution of responsibility and task sharing
10. WEB-usage – Browser based
11. Integration in the existing IT- infrastructure (AD, SAP, assetsystem)
12. Central data base, incl. data deposition
9 © 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
QSEC-Enterprise and GRC Edition – module overview
QSEC Enterprise Edition QSEC GRC Edition QSEC extensions
QSEC Versions: New since V6.1: additional module for data protection to join all relevant data protectioninformation for a compact overview and edit.
Business Continuity
BCMBusiness Continuity
BIAMaster Data Administration
Core Server, Common platform, Permissions
QSEC interfaces:Mail system, Asset Management (z. B. SAP, Spider),
AD, Ticket system (z. B. SAP, helpLine)Catalog Tool (KEP)
AdministrationsTool
Wizards (Process-Workflow) Information Assets
Task-Manager
DashboardCompliance Security-Incidents
ReportingRisk Measures DocumentsGeneral Data
Protection RegulationGDPR
10
QSEC - Wizard Technology
Simple, self-explanatory operator guidiance
Low training costs
Description and explanation of process steps
Guided working
Useable without expert know how
No unintentional quit of working process
Start via Link possible
Example: process steps for the interview wizard
ISO interview with a process owner in a business area
Requirements
Wizards Interview Wizard Interview transfer Wizard Compliance Wizard Measure Rating Wizard Risk Assessment Wizard Security Level Wizard
Interview
InterviewStart/introcudtion choose interview prepare interview interview partner name interview business prozess information
21 3 4 5 6 7
asset group
8
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
Interview
11
QSEC - Wizards
Process-oriented, efficient working
1. 2.
3.
4. 5.
6.
7.
IS-Status
Risk-Status
Security Level
2.
Expert
Businessowner
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
12
QSEC – Multi-standard system
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
All standards can be managed in QSEC, existing standard catalogs (as of 06/2017)
Quality Management DIN EN ISO 9001:2015-11 (DE/EN)
Environmental Management DIN EN ISO 14001:2015-11 (DE/EN)
Payment Card Industry PCI DSS 3.2 (EN)
IT-Service Management ISO 20000-1:2005 Chapter 3-10 (EN)
IT Baseline Protection Bausteinkataloge (DE)
ISMS DIN ISO/IEC 27001:D2015-03 (DE/EN)
IS controls for the energy utility industry DIN ISO/IEC TR 27019:2015-03 (DE/EN)
27001 / 27019 in one catalogDIN ISO/IEC 27001:D2015-03 +TR 27019:2015-03
IT Baseline Protection Catalog IT-Sicherheitskatalog 2015 (DE)
Occupational safety OSHAS 18001:2007 inkl. 18002:2008
Cloud security ISO/IEC 27017:2015 (EN)
Personal data/Public Cloud ISO/IEC 27018:2014-08 (DE/EN)
Federal Data Protection Act BDSG (DE)
EU General Data Protection Regulation EU GDPR 2015
Business Continuity Management DIN EN ISO 22301:2014-12 (EN)
VDA - ISMS VDA Version 2.13 (DE/EN)
Energy Management DIN EN ISO 50001:2011-12 (DE)
Medical devices – Quality management DIN EN ISO 13485:2012-11 (DE)
Medical devices – Quality managementDIN EN ISO 13485:2016-08 (DE) (in preparation)
Anti-bribery Management Systems DIN ISO 37001:2016-02 (DE/EN)
13
QSEC creates transparency – valid data via reporting and dashboard
Integraded reports
Standard reports management report work report measure reports risk status report compliance / maturity degrees
(SOA) special reports
budget report security incident report information governance report
Individual reports on demandDashboard
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
14
QSEC-Suite – Technical Specs
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
QSEC-Suite a web browser based application:
QSEC-Suite - the save and toolbased way to a comprehensive IT GRC / Information Security Management System (ISMS) according to ISO/IEC 2700x
Client Web-Server Database
Web-Browser
SSL
No installation
No maintenance
Microsoft Windows Server 2016R2 and predecessors
Microsoft IIS
ASP.NET 4.6
Microsoft SQL Server 2016R2 and predecessors
Interfaces to
further systems
Programming by Microsoft Visual Studio 2010
Current Version: 6.0
15
QSEC integrates into the existing IT landscape via interfaces
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper
asset groupcriticalitybusiness prosesses
confidentlialityavailibilityintegrity
asset groupvulnerability
measures
Mail advice
User authorization
business prosesses
security incidents
QSEC-Suite
IntegratedManagement
System
Active Directory (AD)
Mail SystemIncident
ManagementSAP / helpLine
Asset ManagementSAP / Spider
VulnerabilityManagement
e.g. Qualys
Prozess ManagementAris / Adonis
Operational risks eventRisk Management SIEM
Questions? Don´t hesitate to contact us!
Visit our website and ask for a QSEC live presentation or just give us a call!
Your contact partner for questions:
Mr. Dierick SchröderAccount Management / SalesPhone.: 040/650 336-17E-Mail: [email protected]
Wüpper Management Consulting GmbH on the Internet:http://wmc-direkt.de/en/grc-isms-software/online-demo/
© 2017 WMC GmbH / short presentation QSEC – Suiten / Werner Wüpper