Published on April 5, 2014
Security as a Service: Enterprise Compliance Management Solution (ECMS) by TalaTek LLC
• TalaTek provides cost-effective, in-depth solutions to your compliance issues by managing your risk – We guide agencies and businesses in the management and automation of their compliance requirements enabling them to meet their security needs. • TalaTek’s ‘Security as a Service’ (SaaS) model transforms the customary documentation exercise into a value-add process – We make it our job to be up-to-date on complicated industry standards and regulations in order to help you meet them. We are your committed security resources. • TalaTek pioneered efforts to change how the Security Authorization & Accreditation (SA&A) is performed in the federal government – We successfully implemented a solution that changed a stove-piped documentation effort to an enterprise risk management process meeting NIST standards • TalaTek provides you with total control and visibility into the compliance and security process – Risk measurements for all system assets are consolidated on one, central database offering a dashboard that highlights risks, security trends, and status of mitigation plans • TalaTek gives management an at-a-glance view of their risk across the entire organization – Our solution also provides on-demand reports and integrates with OMB’s CyberScope reporting requirements. 2 TALATEK ECMS Solution Overview | Why TalaTek
3 The Problem The current Security Authorization & Accreditation process ‘as implemented’ is an open ended process that is missing some key components: 1. Visibility and control over the process 2. Ability to research trends and impact of security weaknesses and/or investments in security 3. Risk measurement metrics by which to assess the threats against critical assets/data 4. Continuous monitoring of risk TALATEK ECMS Solution Overview |
4 The Solution TALATEK ECMS Solution Overview |
5 What is ECMS TalaTek Enterprise Compliance Management Solution (ECMS) is currently implemented at the Pension Benefits Guaranty Corporation (PBGC), where TalaTek is a prime contractor supporting the Continuous Monitoring program for the PBGC Paying Agent services. The TalaTek ECMS is a managed service that includes: • Risk management and compliance services through a Governance, Risk Management and Compliance (GRC) application • The GRC application is hosted for our clients and managed by TalaTek TALATEK ECMS Solution Overview | ECMS can be installed at the customer’s private data center or in a private cloud at a hosting facility. We use ECMS as our methodology to deliver quality risk management services for our clients. We believe that our customers shouldn't have to choose between compliance and security, we provide both using people, process and technology.
ECMS - An Enterprise Solution TALATEK ECMS Solution Overview | Lack of awareness of risks is a key challenge to information risk management. Our solution provides an organization-wide approach to continuous monitoring of information and information system security. Consolidating compliance input from the various sources Measuring control effectiveness Providing actionable data measurements for all enterprise systems Enterprise-Wide Security Compliance Status and Management Workstations Network Devices Web Servers Email Servers Mobility System B System C System A 6
How ECMS Solves the Problem • Improving the risk model for the organization based on the risk analysis •Inherited controls impact on the system • POA&M tracking and prioritization • Residual Risk measurements that correspond to the impact and likelihood of a given risk • Affect of implemented security tools/processes • Determine need for additional measures Risk Trend Analysis Qualitative and Quantitative Control Measures Continuous Monitoring Prioritization of Risk and Remediation Measures Our solution improves the security process by providing a focus on Risk Management and Continuous Monitoring in accordance with NIST requirements: 7 TALATEK ECMS Solution Overview |
Agency (Overall) 0.658 DC_1 (0.612) DC_2 (0.724) DC_3 (0.724) System1 0.617 System2 (0.723) System3 ( 0.748) System4 (0.32) 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 Risk Per System ResidualRiskValues Risk Measurements Across Agency Systems Trend Analysis- Residual Risk Calculations Calculation of residual risk for all non-compliant controls per measured system. Agency risk: measures risk at the top tier of the agency, based on cumulative risk of all systems Data Center risk: measures risk as a cumulative value of all hosted systems TALATEK ECMS Solution Overview |10
Continuous Monitoring NIST 800-137 Continuous Monitoring Continuous monitoring of security and risk is a challenging task in light of the constant organizational change with system additions, upgrades and decommissions, changes to operating environments, and the ever increasing quantity and sophistication of security threats. Process management capabilities of the CMS solution, allow TalaTek to: Map to Risk Tolerance Adapt to ongoing needs Actively involve management TALATEK ECMS Solution Overview |12
Common Controls Provider Implementation of common controls raises challenges in compliance management, such as the need for: • Simple means for risk measurements • Clear responsibility of control implementation • Accountability for mitigation strategies With the Talatek solution, metrics are developed for system-level data to make it meaningful in the context of mission/business or organizational risk management. TALATEK ECMS Solution Overview |15
A moderate system - 250+ controls and enhancements based on NIST 800-53 Rev 4.0 Challenges for an agency with several systems: • Manage the thousands of controls consistently • Ensure a uniform process • Make sense of the data collected Managing Thousands of Controls TALATEK ECMS Solution Overview | TalaTek’s solution provides a central database for searches, metrics, trend analysis, and reporting. 16
Security Categorizati on 800-60 FIPS 199 Privacy Impact Assessment System Security Plan Risk Assessment Other Deliverables For each system undergoing the compliance process there are a set of deliverables that need to be created, maintained and updated on a continuous basis. Talatek solution allows us to create centralized templates that are used consistently across all systems. Any updates can be done once and used uniformly by all users. Compliance Deliverables 17 TALATEK ECMS Solution Overview |
18 Risk Management Security Categorization Questionnaire NIST 800-60 Privacy Impact Assessment Questionnaire Security Authorization & Accreditation (SA&A) Documents Repository POA&M Management Continuous Monitoring FISMA Reporting Resource Management- Reminders and Escalations TalaTek ECMS Summary TALATEK ECMS Solution Overview |
About TalaTek Specialties: Risk Management, Compliance and Security Services Women-Owned Small Business (WOSB) founded in 2006 2010 GISLA* awards (ISC2) finalist Sustained annual growth and excellent client references Expertise in ITIL, NIST, HIPAA and ISO 27001 Headquarters in Oakton, Virginia, with multiple Federal and commercial customers TalaTek, LLC email@example.com TALATEK ECMS Solution Overview | *Government Information Security Leadership Awards (GISLA) 19
October Webinar slides
Photos from Lodi Public LIbrary NJ of successful community partnership programs th...
This was presented at the Mauritius UNESCO Conference 2014 to celebrate the Inden...
The field of behavioral economics is revolutionizing the policy and business world...
Compliance & Risk Management; TalaTek Gap ... The TalaTek Enterprise Compliance Management ... solution for supporting the enterprise’s ...
The TalaTek Enterprise Compliance Management (ECMS) Solution; ... to an enterprise risk management ... management. TalaTek provides both compliance and ...
EoScene provides enterprise compliance management ... TalaTek Enterprise Compliance Management ... Benefits Of Enterprise Compliance Management Solution.
... in Enterprise Risk Management. TalaTek focuses on innovation within the Security and regulatory compliance ... Compliance Management Solution ...
... data in the enterprise, compliance to enterprise data ... TalaTek Enterprise Compliance Management ... Enterprise Compliance Management Solution.
... in Enterprise Risk Management. TalaTek ... risk management, security and compliance. TalaTek’s ... Compliance Management Solution ...
... United States Department of Homeland Security Hewlett-Packard Enterprise. 2014 - Aug ... Architect / Engineer, Talatek LLC. ... Aaron Eaves Senior ...
101 IT Security Interview Questions ... security operations in the enterprise? 16. What is incident management? ... achieves regulatory compliance?