1 / 28

Company Overview, Products and Sample Reports

Company Overview, Products and Sample Reports. January 2007. Corporate Background • Founded in Nov. 2006 - Headquartered in Lilburn, GA - Sales and Marketing office in Buford, GA • Unique compliance solution - Addresses GLBA, HIPAA, FISMA and PCI markets

Lucy
Download Presentation

Company Overview, Products and Sample Reports

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Company Overview, Products and Sample Reports January 2007 www.acr2.org

  2. Corporate Background • Founded in Nov. 2006 - Headquartered in Lilburn, GA - Sales and Marketing office in Buford, GA • Unique compliance solution - Addresses GLBA, HIPAA, FISMA and PCI markets - Traceable and Compliant with NIST protocols - Risk scores automatically updated using network data, new safeguards, Intrusion and Anti-virus data www.acr2.org

  3. Introducing …. ACR2Basic - Risk Assessment Available in 2 versions January 2007: • ACR2Basic - Business Edition reports encrypted and auditable • ACR2Basic - MSP Edition reports headers can be modified And in Q1 2007.. • ACR2Basic - Enterprise Edition For managing multiple locations Ships with 10 site licenses www.acr2.org

  4. The Compliance Process www.acr2.org

  5. Automated Compliance Reporting • Information Security involves reducing the risk of loss or theft of protected information • Perfect Information Security would require infinite resources • Compliance involves providing enough security to meet the “standard of care” • Compliance is perfectly possible – and required! www.acr2.org

  6. Automated Compliance Reporting • How does an organization determine a “reasonably foreseeable” risk? • Or a “material change”? • “reasonably foreseeable risks” under Federal law are defined by the National Institutes of Standards and Technology (NIST) • The NIST standards are freely available… www.acr2.org

  7. They are also complex and extensive www.acr2.org

  8. Automated Compliance Reporting • There is a better way. • 79% of Americans use Turbo-Tax™ to deal with IRS regulations, which are long and complex • ACR2 is a Turbo-Tax™ style simplification of the NIST protocols to deal with information security regulations, which are also long and complex www.acr2.org

  9. www.acr2.org

  10. Automated Compliance Reporting • Risk Score - is determined by multiplying the probability of event by the impact of the event • Risk Scores range from 1 to 100, with 50-100 High, 10-50 Medium and scores <10 considered Low. • For risks labeled High, corrective action must be taken "as soon as possible" (NIST 800-30). www.acr2.org

  11. Automated Compliance Reporting • For Medium Risks, correction must be within a "reasonable amount of time", while Low risks may be merely observed. • How do organizations achieve acceptably Low Risk? • NIST definition of “Low Risk” means that “controls are in place to prevent…the vulnerability from being exercised” •What controls are needed to achieve acceptably “Low Risk?” www.acr2.org

  12. Special Publication 800-53 Recommended Security Controls for Federal Information Systems Ron Ross, Stu Katzke, Arnold Johnson Marianne Swanson, Gary Stoneburner, George Rogers, Annabelle Lee www.acr2.org

  13. NIST 800-53 includes citations of these additional protocols www.acr2.org

  14. Automated Compliance Reporting is Much Easier • To Initiate the “Turbo-Tax™” approach to compliance, just browse to: www.acr2solutions.com www.acr2.org

  15. www.acr2.org

  16. www.acr2.org

  17. Using the ACR2 Basic Reports The first three ACR2 reports are The Safeguards Status Report – a summary of the current system status vs NIST standards The Automated Baseline Report – 30 threat source/vulnerability pairs scored from 1-100 The Risk Assessment Chart – same data as the Baseline, scored as red/yellow/green www.acr2.org

  18. www.acr2.org

  19. Using the ACR2 Basic Reports - cont. Detailed information on each safeguard is available from the NIST www.acr2.org

  20. www.acr2.org

  21. www.acr2.org

  22. www.acr2.org

  23. Using the ACR2 Basic Reports - cont. • the Deficiency Report lists the missing or underperforming safeguards relative to each risk. • This allows creation of a remediation plan that addresses the high risk elements first, as required by the NIST protocols • Each of the 30 risks is assessed separately www.acr2.org

  24. www.acr2.org

  25. www.acr2.org

  26. ACR 2 reduces over 90 NIST protocols to a simple “Turbo-Tax™” style question and answer format. The ACR 2 reports can be updated on demand whenever new data becomes available www.acr2.org

  27. One Compliance Option is to Read, Understand and Apply the NIST Protocols www.acr2.org

  28. The Better Option is to Use Automated Compliance Reporting How Much is Your Time Worth? www.acr2.org

More Related