Information Security

With STREAM you can reduce your information security compliance and risk management costs, reduce incidents and optimise your security investments.

Compliance Management
Monitor and report on compliance with information security standards.  STREAM can be quickly and easily configured with any information security control standard* or multiple sets of standards. e.g.

  • ISO 27001
  • The ISF Standard of Good Practice (SoGP)
  • Payment Card Industry Data Security Standard (PCI-DSS)
  • COBIT
  • Cloud Security Alliance Cloud Controls Matrix
  • CIS Security Configuration Benchmarks
  • UK Government Security Policy Framework, Information Assurance Maturity Model (IAMM) and Baseline Security Standards
  • NIST Computer Security Standards
  • ISO 27799 (Health Information)
  • HIPAA
  • Your own proprietary security standards.

Performance Metrics for Key Controls
Define, record and monitor key metrics for quantifiable data on security performance, such as:

  • % components compliant with baseline security standards
  • % critical security vulnerabilities remediated within X hours
  • % staff with up-to-date security awareness

Metrics data can be entered manually or via automated updates from feeder applications, such as business systems and security monitoring solutions.

Risk Management
Log and assess security risks onto risk registers.  Specify mitigating actions and review residual risk status against risk appetite on management dashboards.  Drill-down to investigate risks in more detail and report on risk across each part of the business model.

Track risk status in relation to security performance metrics and compliance with key controls.  See ‘at a glance’ whether risks to business processes, systems, applications and projects are above or below risk appetite.  Aggregate up to group, regional or Enterprise views.

Incident Management
Record and track the status of security incidents and near misses.  Report on the severity and frequency of incidents by category and historical trends.   Link incidents to assets, risks and control non-compliances.

* Subject, where required, to licensing agreements with intellectual property owners