iGRC Consortium real time ISMS using Assuria sensors
Assuria was a lead member of the iGRC Consortium, which in March 2010 won a £1.7m R&D project to develop an innovative model for integrated Governance, Risk and Compliance (iGRC) from the Government-funded Technology Strategy Board and the South East England Development Agency (SEEDA).
Other iGRC Consortium members were Information Governance Limited (Infogov), Nexor Limited, HP Enterprise Services, Cranfield University, Lougborough University and Birkbeck College.
The consortium was formed to respond to the Technology Strategy Board’s 2009 Information Infrastructure Protection funding competition. The programme brings together already highly developed GRC and related technologies into one sustainable integrated, dynamic governance, risk and compliance platform for network security information infrastructure protection.
Assuria led the sensors aspects of the programme. Managing Director, Nick Connor said - "The iGRC project is very exciting and challenging. Crucially, the Technology Strategy Board and SEEDA have enabled UK IT Security SMEs to sharpen the security edge of network infrastructure management. The iGRC project will substantially enhance the agility and dynamacy of control, and risk avoidance of network security."
Objectives of the iGRC consortium were to build an enterprise-wide system for enhanced resilience of secure information infrastructure
It helps to address concerns around:
• loss of reputation, information, data and IPR;
• risks to impairment of information network performance;
• prevention and rapid correction of unwanted events and incidents;
• ability to apply controls and risk mitigators to professionals and systems;
• referencing of controls to required regulation.
iGRC is an integrated capability for the management of the complexity, risk and resilience of secure information infrastructure. It is a web-based governance risk and compliance capability, integrated with leading network sensors via a GRC interoperability protocol to enable real-time identification and response to a range of information security threats.
This exciting programme enables multiple sensor feeds, and management/technical policy linkage within and across network security supply chains, with global security standards and recent technology advances, including secure messaging and certificate management.
Assuria provides Assuria Auditor and Assuria Log Manager products which provide key IT Systems information to Proteus, Infogov's Information Security Management System (ISMS), the Enterprise web-based software which manages the complexity, risk and resilience of secure information infrastructure.
The iGRC service comprises:
• Discovery healthchecks
• Best practice maturity assessments through gap analysis
• Alignment of controls and risks
• Alignment of network sensors
• Network management re-organisation and change
• Installation of an iGRC, its support and refresh…
…in line with the discoveries, findings and adaptations determined by its information security management subject matter experts, scientists and technologists.
To find out more, please contact iGRC@assuria.com