Single-user edition. A STREAM database configured with PCI DSS v2.0 content for use with the free single-user version of Acuity's GRC software solution, STREAM Integrated Risk Manager (Version 2.0)
With STREAM you can reduce your information security compliance and risk management costs, reduce incidents and optimise your security investments.
Monitor and report on compliance with information security standards. STREAM can be quickly and easily configured with any information security control standard* or multiple sets of standards. e.g.
- ISO 27001
- The ISF Standard of Good Practice (SoGP)
- Payment Card Industry Data Security Standard (PCI-DSS)
- Cloud Security Alliance Cloud Controls Matrix
- CIS Security Configuration Benchmarks
- UK Government Security Policy Framework, Information Assurance Maturity Model (IAMM) and Baseline Security Standards
- NIST Computer Security Standards
- ISO 27799 (Health Information)
- Your own proprietary security standards.
Performance Metrics for Key Controls
Define, record and monitor key metrics for quantifiable data on security performance, such as:
- % components compliant with baseline security standards
- % critical security vulnerabilities remediated within X hours
- % staff with up-to-date security awareness
Metrics data can be entered manually or via automated updates from feeder applications, such as business systems and security monitoring solutions.
Log and assess security risks onto risk registers. Specify mitigating actions and review residual risk status against risk appetite on management dashboards. Drill-down to investigate risks in more detail and report on risk across each part of the business model.
Track risk status in relation to security performance metrics and compliance with key controls. See ‘at a glance’ whether risks to business processes, systems, applications and projects are above or below risk appetite. Aggregate up to group, regional or Enterprise views.
Record and track the status of security incidents and near misses. Report on the severity and frequency of incidents by category and historical trends. Link incidents to assets, risks and control non-compliances.
* Subject, where required, to licensing agreements with intellectual property owners