 |
|||
 |
|||
 |
Live Demo |  |
Contact Sales |
|
|||
 |
Fact Sheet | ||
 |
Presentation | ||
 |
Guided Tour | ||
 |
|||
| Services | |||||
|
|||||
|
BS7799 & ISO 27001:2005 are based on the PDCA principals, which requires documentation for Assets, Risks, Threats,
vulnerability and risk treatment plans. Normally the Management Representatives (MR) use worksheets like EXCEL for
creating various worksheets but managing these worksheets become virtually impossible when the number of assets
increase. Assettrack is a software which helps in accumulating and managing the information & documentation required
for the these standard in a professional way.
Following sections would take you through some basic concepts associated with Risk Assessment and Management. If
you are an expert on these processed then you can click on Live Demo for an actual demonstration.
Risk Assessment tool for ISMS In this information age, Information is a basic building block for every organization. Last
decade has witnessed the dramatic changes in the storage technology and today everything is moving from paper to
digital formats. Today Email is a d-facto standard for corporate communication. Transmission of information, storage of
information etc. are few more aspects of modern information.
In today’s competitive business environment, such information is under threat from many sources. These sources can be
internal, external, accidental or malicious. The threats are increasing day by day due the technological advances in the
storage, transmission, retrieval of information.
This calls for establishing a comprehensive Security Policy within the organization, which ensure the confidentiality,
integrity and availability of vital corporate and customer information with due security.
ISMS Information Security Management system is a systematic approach to managing sensitive company information so
that it remains secure. It covers all aspects of information from people, processes to IT systems. Now there is an
international standard available ISO/IEC 27001:2005. The BS7799 is also an important standard for information security.
The standard can be applied through a process approach. The process should be build based upon then understanding
an organization information security requirements, establishing controls to manage information risks, monitoring and
reviewing the performance effectiveness and on a continual improvement. The standard adopts the Plan-Do-Check-Act
PDCA model, which is applied to structure all ISMS processes.
During the process of implementing ISMS there is a need for creating a Risk treatment plan and also it is necessary to do
a proper risk analysis.
Assettrack is a comprehensive solution which helps in managing the process of risk treatment and risk analysis using a
web enabled software.
Assettrack is a server centric software, which means it is loaded on the server and can be accessed from various
nodes across the enterprise. It offers an FTP transfer to the server which is very helpful in uploading the information on
the server.
Since Assettrack can be used across an Enterprise and hence it supports handling of multiple locations within an
enterprise. There can be multiple users for Assettrack and user can be assigned various locations to users. The
confidentiality of the information can be maintained because the users can access the information only from a specific
location.
Assettrack support two main entities namely Documents for ISMS and Assets.
Document Management:
There are many documents which need to be created for the ISMS process. These are the policies, Control documents,
SOA, Organization structure, information classification etc. It offers a facility for creating a repository of these
documents and also a facility for maintaining the version control for the revisions uploaded.
To manage the assets it offers following options …
Catagorization of asset information.
different buildings, floors etc. Asset Track allows to maintain various locations. Since it is possible
to restrict the access of certain locations to specific users, the required control can be
established.
can have as many branches as required. So e.g. There can be level called Computers & Printers
under which one can have specific information as Laser Printers, DeskJet Printers etc.
separate rights so that they would get access to information pertaining to them.
An Asset repository can be created by Uploading asset information for every asset. Each asset is assigned a unique ID
and then the other relevant details like the Description, Custodian, Purchase details etc. can be uploaded. One can also
maintain the important dates like the AMC Warning date, Insurance warning date etc. It is also possible to upload the any
relevant information in soft copy format. Photograph of the asset can also be uploaded along with the other details.
Many of the assets are purchased in bulk and hence a bulk upload facility is also provided here by which multiple assets
can be uploaded.
Barcode Generation
Identification and labeling of Assets is an important activity, which can be accomplished through generating the
barcodes. It is also possible to use the RFID for the same activity.
Risk Assessment & Treatment
This is the core functionality of Asset track and it is very easy to create a risk treatment plan using Assettrack. It fist asks
to define the Asset Values, Severity and Probability in an abstract fation.
Asset value: Assettrack will allow to define asset values. These can be based on a common scale hence irrespective
of the actual price of the asset, an abstract value on a scale of 1 to 5 or 1 to 10 is assigned to the asset.
Severity factor: This is important from a Business Impact Analysis point of view. Here also there are some abstract
values assigned which rationalizes the process.
Probability / Likelihood: This is the possibility of that risk occurring which again is rationalized by the study.
Vulnerability Repository
Assettrack allows to define various Threats and various Vulnerabilities associated with those Threats. This is done by
creating a repository of Vulunerabilities. Each vulnerability can be assigned a default value for Severity & Probability.
Whenever an asset is uploaded it would also ask for assigning various Threats associated with that asset.
The Risk Value would be calculated based on Asset Value x Severity x Probability.
There are various methods available for identifying the Assets with Risk factors more than a threshold. The risk treatment
plan be entered and it can shown as how the Risk Value is reduced due to the same.
Incidence Reporting
Any incidence significant from the point of view of Information Security can be registered by various users. There are
methods available for entering the incidence analysis. It also allows to adding new risks due to the incidence and
subsequent risk treatment actions.
This option allows managing the movement of assets on a permanent basis as well as temporary Issue & Return of
assets.
List Management:
One can generate the list of assets following certain criteria. Eg. Assets from a particular location with Insurance date
due on a specific date.
Report Generation:
Following are some of the reports generated through Asset Track.
Date wise Asset Report Location wise Asset Report Category wise Asset Report Agencies In-Transit Asset Report Inward Movement Report Outward Movement Report AMC/Warranty Report Calibration/Inspection Report I
nsurance Report I
ncidence Register Report Lists Boolean Report Statistical Report Risk Treatment Report Before/After Treatment Report of Asset