Defensys has updated the Platform for automation of information security management SGRC. Developer has reviewed the categorization process of сritical assets and taken into consideration new legislation regarding personal data processing.
In the 5.2 version of Defensys SGRC the list of criteria and values for assessing the category of critical assets has been updated. Due to this users now can determine the asset value more precisely and timely notify the regulatory authorities about the categorization.
Personal data processing procedure was also modified by the developer. The Platform enables users both to create and maintain up-to-date lists of information systems, business processes and responsible employees and to consider other assets involved in personal data processing. Users can automate routine tasks, such as notifications regarding personal data changes, damage reevaluation in case of law violations and changes in the composition of technical devices within the company infrastructure.
One more important update to the Platform is the extension of pre-installed methods supplied in the SGRC, which allow users to enter data on current tactics and techniques, as well as define security threat scenarios to form threat models as a part of a risk assessment approach.
The ability to perform supplementary controls over audit process and results by fixing the hash-sum of attached evidences was added to the “Audit” unit.
Defensys introduced a new major version of cyberthreat information analysis platform, the Defensys TIP 3.0. The updated platform has a number of significant functional improvements. In particular, users now can apply more qualitative data for threat analysis because of a new source – the MITRE ATT&CK knowledge base. The feature of the IoC rating customization is also available now.
In the Defensys TIP v. 3.0 the developer expanded the volume of cyber intelligence data by integrating the platform with a new source – the knowledge base MITRE ATT&CK. You can get information about malware, threat actors and their techniques directly from the platform interface in the Threats section. Entity cards contain all the information from the knowledge base: entity descriptions, related tactics, synonyms of groupings, sub-techniques, links to web resources that present cases where hackers use certain techniques, as well as recommendations for detecting them.
In addition, the relationships graph displays data on the relationship of all entities from the new source with the IoCs and with each other. This is an additional analysis tool and allows you to track which techniques are used by different groups of hackers and what kind of malware is applied.
Risk management is an equally important component of SGRC. Willingness to implement it in itself indicates a certain level of maturity in an organization. If audits answer the question “what is happening to CS now?”, risk management helps answer the question “What will happen to the organization’s CS in the future?” and also try to change that future.
Risk management is a proactive response to potential problems in the cyber security system. Of course, this process can be translated by regulators through regulatory documents requirements but it can be very difficult to approach. The reason for this is the following two factors, which are not described in detail in almost any risk assessment regulation:
– Risk assessment methodology.
– Threats catalogs.
The term “risk assessment methodology” in this article refers to a list of risk parameters and how they are calculated.
There are three key points in the creation and description of assessment methodology, without which the process is not possible:
– What is considered to be the risk level – a key parameter, on the basis of which risks will be prioritized?