| How
information is gathered
ECM™ allows users to create an
encrypted session into their profile to answer questions
specific to their respective department or business unit
within an organization. Security profiles are configured
to allow various levels of access to data based on classification
and privilege level of the end user.
One of the ways the system saves time is by reducing the
amount of effort required to complete the interview process
by utilizing a relational database function that facilitates
populating all fields within the DSS from predefined occupational
spreadsheets. Access controls allow managers to review
questionnaires for completeness prior to final submission.
Test conditions can be executed against all network assets,
applications and polices using the broadest suite of tools
on the market today. Methods for measuring these include:
-
Network based assessments
-
Host based assessments
-
Application based
assessments
-
Security policy
assessments
-
Business policy
assessments
-
Compliance and certification
assessments
Interoperability
In addition to incorporating its own
scanning products, ECM™ also interoperates with
legacy asset management solutions, application scanning
solutions, host based scanning products, and network based
scanning products. By leveraging what the customer has
already acquired, ECM™ reduces the cost of technology
ownership.
Policy Assessments
Policy assessments are a tedious task
requiring experienced consultants and compliance managers
with years of industry experience in vulnerability assessments
and regulatory compliance. With ECM’s policy assessment
engine you plug in your existing policies, answer required
questions and receive complete datasheets on out of compliance
issues or industry updates. Not only does ECM identify
out of compliance remediation plans it also provides actual
policies. There is also a policy enforcement module available.
Automated Reporting &
Customization
Reporting with ECM™ is performed
by identifying and prioritizing all out of compliance
conditions. Once identified these conditions are prioritized
based on a ranking system created by each business unit
leader or stakeholder. By allowing the manager to identify
and rank business processes and information asset associations,
vulnerabilities and out of compliance conditions receive
the most accurate ranking according to the organization.
Where standards take precedence, these findings can supercede
organizational rankings depending on the type of report
requested from the system.
With a customizable configuration wizard, privileged users
can create and update industry standards, questions, consequences,
and even modify policies in real-time. With over 10, 000
questions amongst three databases within the DSS, users
can be assured they have the most comprehensive assessment
solutions on the market today.
The Screenshot below is a capture of ECM’s customizable
dashboard that allows the user to select from a multitude
of environments and determine what test conditions should
be run against those environments.
|
