| I-SAW |
|
| Information Security
Work Bench (I-SAW) is a state-of-the-art
information gathering, analytical
and reporting solution intended to
improve the productivity and work
quality of consultants, auditors,
and analysts performing information
security program assessments. I-SAW
presents an innovative methodical
approach to assessing an organization’s
information security threats, vulnerabilities,
and controls within a highly structured
knowledge-centric ecosystem. |
|
| The solution is
compliant with the information security
practices prescribed by ISO 17799
and other recognized international
standard boards and industry associations.
I-SAW supports assessments in the
commercial and public sectors and
multi-client and multi-project work
environments. |
|
| I-SAW, a database
solution, is designed to obtain,
examine, and manage the control points
necessary to understand the condition
of an organization’s information
security program assess its infrastructure
and governance exposures and assist
in improving the overall information
security control environment. The
solution’s user-friendly architecture
allows users to stay focused on the
assessment approach and mechanics
instead of the supporting technology. |
|
| I-SAW understands
that every client organization have
their own unique business and technology
environment and needs. Thus I-SAW
was designed to easily adapt to client
requirements and ensure that their
assessment structure and environment
can evolve, change as their business
and security needs evolve, change
and grow. |
|
| The system provides
a reporting engine that produces
an array of structured and customized
reports and charts that assess the
state of the current security environment,
constructs a risk assessment on mission-critical
threats and vulnerabilities, produces
an executive report highlighting
the project’s key findings, conclusions
and recommendations, and generates
be spoke information security policies. |
|
| Once implemented
throughout the enterprise, senior
management will have the ability
to see at a glance its total company-wide
information security compliance and
level of risk and exposure inherent
to each organizational entity. |
|
| The I-SAW Methodology
(as described in Section 10) is used
exclusively in support of information
security assessments conducted with
the I-SAW Tool. The methodology is
a consistent and adaptable framework
that consists of a multi-stage roadmap
structure that easily transformed
into a project management plan. |
|
| I-SAW is a simple
and practical tool that companies
may use in a variety of assessment
solutions ranging from information
security to a broad range of compliance
and audit assessments. Configuration
options include a stand-alone solution,
a client-server with networking capability
and a Web Services facility. |
|
| The system’s design
supports the proposition that an
effective security assessment is
the outcome of a synergistic bottom-up
and top-down evaluation of an organization’s
security strategies, people, technology,
policies and procedures. The system
provides the capability to assess
the archetypal security elements
that typically embrace a corporate
information security program. They
include: |
|
 |
Information
Security Policy |
|
Organizational
Security |
|
Access Control |
|
Physical & Environmental
Security |
|
Personal
Security |
|
Asset Classification & Control |
|
Communications & Operations |
|
System Development & Maintenance |
|
Business
Continuity Management |
|
Compliance |
|
|
| |
|
| |
