Professional Documents
Culture Documents
according to
international standards an
methods
1
2014 WMC GmbH
Compliance Management
Compliance Management
Information Security
QSEC multi-standard
compliance management
according to international
standards!
IT Security
IT Risk Management
Data Security
IT Risk Management
Data Security
Reporting
QSEC partner
WMC
PKA
2
2014 WMC GmbH
= Governance
= Risk Management
= Compliance
define,
steer,
check,
maintain and
Improve constandtly
3
2014 WMC GmbH
Challenge:
Risks control is a factor of the iteraction of human beeings, organization and technics!
24,148 Apps
heruntergeladen vom
Apple AppStore
mobility
user behavior
Actual:
510,000 comments on
facbook
168 million
emails sent
applications
Method:
social media
60
IN
SEconds
Countless access on
business data
ISO / IEC or DIN/ISO norms are international accepted standards for the implementation of
Information Security, Risk and Compliance Management Systems
Dilemma:
complex
Solution:
costly in
terms of
time and
staff
expensive
intransparent
risky
often
incomplete
often only
technical
4
2014 WMC GmbH
Management
+ The cost of non-compliance can
not be ignored!
+ Know the legal liability risks and
minimize!
+ Define management processes
and control!
+ Protect the values of the
company!
+ Improve the company image and
protect the future!
Summary
5
2014 WMC GmbH
Act
Plan
Check
Do
6
2014 WMC GmbH
ISMS
Technical process
Risk
Assessment of IS-risks
Treatment of IS-risks
IT management process
Document
Document management
Compliance
Legally-, contractual-,
organizational requirements
sensitization processs
Audit/Review
Information classification
process
Asset inventorying /
classification process
Monitoring process
Consulting
7
2014 WMC GmbH
Best Practice
Programming/
Technology
Consulting
8
2014 WMC GmbH
9
2014 WMC GmbH
With QSEC:
Without QSEC:
Business
Information
no classification of information
Applications
Infrastructure
QSEC
10
2014 WMC GmbH
Quick implementation
QSEC is a flexible out of the box software
that can be implemented on a tight schedule
with accurate cost planning
Usability
Customers confirm high operational guidance
and a clear user interface
Multi-norm compliance
Support of worldwide recognized standards including ISO
9001 (Quality Management), ISO 14001 (Environmental
Management), ISO 20000 (IT Service Management), ISO
22301 (BIA & BCM), ISO 27001/2 (Information Security
Management), ISO 27005 (IT Risk Management) PCI DSS,
SOX, Basel II, OHSAS 18001 (Occupational Health and
Safety). Subject to individual requirements own contents
or sector-specific standards can be integrated
Variable
license model
Competitive edge
No other IT-GRC solution is as comprehensive
in terms of best practices in the field of
measure management
Best Practice
In QSEC implemented methods and
processes for ISMS, Risk, BIA, BCM
are based on international proven
best practice standards
Interfaces
Via optional interfaces
data from mail systems,
Active Directory, asset
management systems (e.g.
Spider) and ticket systems
(e.g. helpline) can be
integrated into QSEC
QSEC
Content
QSEC provides norms including
measure catalog, risk management
with threats and vulnerability
catalog, as well as measure
proposal
11
2014 WMC GmbH
Technology
Easy Express
Enterprise Edition
GRC Edition
Content
Interfaces
Process support
Reporting
Usability
QSEC
12
2014 WMC GmbH
comprehensively
sustainable
cost saving
Coverage of company
value
threats
+
vulnerabilities
AG-Wert >
5
8
56
7
4
3
6
2
6
0
43
45
6
7
8
7
4
6
4
1
4
3
3
6
9
8
7
5
3
2
3
4
6
8
8
7
6
2
3
3
5
6
45
4
3
2
3
4
6
4
Risk reduction
Image improvement /
competitive advantage
asset groups
Scope: location Hamburg
Cost Optimization
QSEC
Compliance
Risk
SecurityIncidents
Measure
Master data
Administration
Administration
Tool
Document
Report
Dashboard
Business Continuity
Business Continuity
BIA
BCM
QSEC interfaces:
Mail system, Asset Management (e. g.. SAP, Spider),
AD, Ticket system (z. B. SAP, helpLine)
QSEC Versions
QSEC Enterprise Edition
QSEC extensions
14
2014 WMC GmbH
Asset
Management
SAP / Spider
Vulnerability
Management
e.g. Qualys
Mail System
asset group
criticality
business processes
confidentiality
availability
integrity
asset group
vulnerability
measures
mail advice
user authorization
QSEC-Suite
business processes
ISMS / BDSG
Integrated
Management
System
security incidents
Active Directory
(AD)
Prozess
Management
Aris / Adonis
Incident
Management
SAP / helpLine
Risk Management
event
operational risks
QSEC
SIEM
15
2014 WMC GmbH
assessment
7,0
6,0
5,0
4,0
3,0
2,0
1,0
compliance
measure status
160
140
120
100
80
60
40
20
0
it green
available reports:
it yellow
it red
total number of
0,0
A5
A6
A7
A8
A9
A10
A11
A12
A13
A14
IT security level
<7
10
11
12
13%
23%
13%
7%
15%
10%
19%
A15
Status 2010 Q4
Status 2011 Q1
Status 2012 Q1
Status of
Groklage
Wpperfhrt
Mller
Ulrich
Weidemann
Schulz
Kehr
Meyer
Rat
Schmidt
sortet by red
red
standard reports
management report
work report
SOA
Actions
Risk
maturity degree
individual reports on demand
yellow
green
20
40
60
80
QSEC
100
16
2014 WMC GmbH
number 8
6
of
4
roles
1
0
number of employees
0
Compliance Management
Risk Management
BIA/BCM
Security Incident
Management
Measure Management
Document Management
16
Scope1
Scope2
Scope3
Scope4
Zurck
KPI
17
2014GmbH
WMC 2014
GmbH
C WMC
QSEC-Suite technics
QSEC a web browser based application:
Compliance
Web-Server
Client
Data base
Audit
Incident
Risiko
Dokument
Manahmen
Administration
Stammdaten
(in Planung)
Reporting
Dashboard
BIA
BCM
QSEC Schnittstellen:
Mailsystem, Asset Management (z. B. SAP, Spider),
AD, Ticketsystem (z. B. SAP, helpLine)
Administrations
Tool
Web-Browser
SSL
No installation
No maintenance
Microsoft
Windows Server
2003/2008R2/2012R2
Microsoft IIS
ASP.NET 4.0
Microsoft
SQL Server 2008/
2008R2
Interfaces
to further systems
Anforderungen
Methoden
Compliance
Normen &
Gesetze
ISO
27001
ISO
27005
Informationssicherheit
Risikomanagement
Security
Manager
Compliance
Manager
Administrator
Analysen
Datenschutz-beauftragter
Bewertungen
Vorgaben
Auditor
Aufsichtsrat
Chancen
Risiken
CIO
Risk Manager
Werkschutz
Revision
Manahmen
Vorstand / GF
Genehmigungen
Reifegrad
Key User
Wirksamkeitsverbesserung
Prozessowner
Sicherheitsverbesser
ung
Risikomanagement
Haftungsreduzierung
Ergebnisse
Mitarbeiter
Compliancemanagement
Prozesse
18
2014 WMC GmbH
Version 4.2
19