Designing the right processes, organization, and templates during the initial set-up of an Information Security Management System (ISMS) are challenges many organizations face. Rolling out an ISMS in a large organization is a completely different story: aspects like automating frequent manual steps, usability, easy reporting or access permissions to sensitive information become crucial for the ISMS’ success.
The NTT ISMS Control Assessment app-pack was introduced as part of the RSA Exchange Release R11 to enable organizations to achieve a streamlined classification and control assessment methodology when implementing and operating their ISMS. This app-pack allows organizations to leverage the first two steps in a flexible three step approach for the implementation and roll-out of an ISMS that has been successful among many of NTT’s clients. The methodology is derived from ISO 27005 and NIST Special Publication 800-30, as well as NTT’s many years of consulting experience assisting clients with their ISMS implementation process.The three steps of the methodology include:
Use a built-in questionnaire or derive classification from assets, such as business processes or information assets, when master data applications are integrated.
- Control Assessment
Results from previous cycles are pre-filled and controls automatically selected based on three filter stages to ensure there are only controls for relevant assets in the assessment. This reduces the effort needed for assessment in the process.
- Risk Assessment
Threat events are automatically selected, results from previous cycles are pre-filled, and risks automatically calculated based on the results from the Classification and Control Assessment steps to derive a well-founded prioritization of measures.
NTT has developed two app-packs to provide RSA Archer customers with this methodology, including:
- NTT ISMS Control Assessment app-pack
- Includes the Classification and Control Assessment steps.
- Prerequisite for the NTT ISMS Risk Assessment app-pack and currently available on the RSA Exchange.
- NTT ISMS Risk Assessment app-pack
- Includes the Risk Assessment step.
- Currently in development and is a planned offering for a future RSA Exchange release.
With the NTT ISMS Control Assessment app-pack, RSA Archer customers can:
- Evaluate the maximum impact resulting from a breach of a security objective (confidentiality, integrity, availability) based on a questionnaire or by inheriting from one or multiple assets
- Assess compliance with relevant controls (filtered by asset category, classification and zone)
- Define and track remediation plans
- Assess assets with a streamlined process as part of the organization’s ISMS
- Gain insight into compliance violations of internal or external policies
- Improve overall compliance and security
- Track measures using RSA Archer Issues Management
The NTT ISMS Control Assessment app-pack includes several useful features, including:
- Workflow process graphics
- Tooltips to efficiently provide all the necessary information to the user
- Multi-language user interface, including content like controls and threat events
- Automatically saved inline edit grids
Interested in learning more about the NTT ISMS Control Assessment app-pack?
Register and join us for a Free Friday Tech Huddle on Friday, February 28, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.
Lead Consultant, GRC Tools - NTT Ltd.
Lars Rudolff works for NTT Ltd. as lead consultant for GRC Tools. Mr. Rudolff is responsible for the technical and strategic orientation of the GRC Implementation practice. He has experience in the area of GRC tools in general since 2005 and with RSA Archer since 2011. He has led implementation projects for many customers including the introduction of one of the largest RSA Archer environments in Europe at a German car manufacturer.
In addition, Mr. Rudolff accompanies the NTT’s Operations team for RSA Archer, which provides operational services for existing RSA Archer customers. This includes, among other things, 2nd and 3rd level support activities as well as maintenance services such as system upgrades or minor modifications of an existing implementation. He is also responsible for developing monitoring and automation tools for the RSA Archer platform.