IT Security Compliance regulations and guidelines (GLBA, FFIEC, FDIC, OCC, OTS) require an organization to conduct independent 3rd-party testing of the Information Security Program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).
An Information Security Program must include safeguards designed to protect against both technical and human vulnerabilities.
Because the security program incorporates more than just the network, Best Practice guidelines suggest testing should include more than a simple network vulnerability scan. The recommended Best Practices methodology is a Security Assessment that incorporates testing of both technical and human vulnerabilities people related to the information security program.
Our Comprehensive Security Assessment was designed specifically to meet the regulatory requirements and address the needs of organizations of all sizes. The assessment provides a thorough examination of your networks to determine the adequacy of existing security controls and to identify security deficiencies.
The assessment process is managed through TraceSecurity Compliance Manager (5.0), a web-based portal designed to provide convenient access to a variety of tools used to continuously assess the three core components of an information security program: People, Processes, and Technology.
TraceSecurity also offers a Security Assessment designed for organizations in need of a quality vulnerability assessment, but performed remotely.
Some of the services included in each Comprehensive Security Assessment are:
- Internal and External port scan
- Internal and External network vulnerability scan
- Policy Awareness Review through a Employee Interviews
- In-depth Regulatory and/or Best Practice Review
- Network Topology Review
- TraceSecurity Compliance Manager (TSCM)
- System Setup and Implementation
- Internal Network Vulnerability Review
- False Positive Reduction of Scan Data through Manual 3rd-Party Review
- Validation of False Positive Review through Manual 3rd-Party Analysis
- Advanced Manual Vulnerability Analysis to Determine Vulnerability Severity
- Security Countermeasure Review (Anitvirus, firewall, etc)
- TSCM “Basic Training”
- Identify Wireless Access Points, including Rogue
- Physical Security Review
- Dumpster Diving at Main Facility
- Offsite Consultation and Remediation Strategy
Access to TSCM for the Service Term of the contract with the following benefits:
- On-demand Generation of Comprehensive Reports
- TraceAssess: Unlimited Client-Executed Scans with 3rd-Party Remote False Positive Validation
- TraceComply: Regulatory Compliance and Security Assessment Evaluation Metrics through Self-Assessment
- TracePolicy: Automated Policy Development Software and Policy Management
- TraceTrain: Automated Training Development Software and Training Management; Including Access to Security Awareness Training Content
- Automatic TSCM product updates as available
The CSA results are provided in an extensive report containing:
- Project Overview
- Comprehensive Security Assessment Methodology
- Executive Summary
- Prioritized Internal & External Network Risks and Recommendations
- Regulatory Compliance Analysis
- Information Security Policy Analysis
- Executive Level PowerPoint of Assessment
- Differential Reporting
- Appendix
Overview of TraceSecurity Compliance Manager (5.0)
TSCM enables the organization to use a repeatable process for each successive security assessment, providing a foundation for establishing an ongoing self assessment program.
With TraceSecurity Compliance Manager, customers can schedule and perform vulnerability assessments on-demand which allow for testing on a daily, weekly, monthly, or quarterly basis. Each assessment will be reviewed by a TraceSecurity analyst for false-positives and a comprehensive report will be delivered via TSCM within 2 business days from the date of the vulnerability assessment.
Below are the available modules that can be included in TraceSecurity Compliance Manager.
| TCSM Module | Benefits |
| TSCM Dashboard | The Dashboard provides a snapshot view into vulnerability status, policy acceptance, compliance statistics, etc. |
| TraceAssess |
Allows the organization to conduct unlimited, on-demand network vulnerability scanning. MORE DETAILS |
| TraceComply | Facilitate an ongoing review of its compliance with relevant industry security requirements. MORE DETAILS |
| TracePolicy | Reduces cost and effort in creating/distributing policies and reporting on acceptance of those policies. MORE DETAILS |
| TraceTrain | Allows the creation of internal training of employees on policies, security and other topics. MORE DETAILS |
| TraceReport | Provides on-demand board, management, auditor, and technical reporting for all TSCM modules. |
To learn more about TraceSecurity Compliance Manager, click here.
 Download "The Key to Continuous Compliance",
which explains the value of having qualified experts properly identify
and evaluate information risk through a comprehensive risk assessment. Download this free white paper now |
 |
 |
 |
 |
 |
 |
Career Center | Privacy Policy | Contact Us | info@tracesecurity.com | Toll Free: (877) 275-3009
Copyright © 2012 TraceSecurity, Inc. All rights reserved.