Risk
2/28/2014
07:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

TraceSecurity Enhances TraceCSO To Simplify IT GRC Management

Customers will see improvements in key features, new functionality, and other enhanced performance metrics

San Francisco, CA – RSA Conference – February 25, 2014

TraceSecurity, the pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, continues its strategy of bringing simplicity to organizations faced with managing security threats, and the governance and compliance mandates that accompany them. In March, TraceCSO customers will see improvements in key features, new functionality and other enhanced performance metrics.

TraceSecurity development engineers have focused on four key areas in today's update. They include:

· Business object reporting – TraceCSO has added a layer of business object reporting on top of its risk assessment module, translating IT content into a form that is more easily consumable across business organizations. Assets are associated with business objects, delivering better categorization of risks and showcasing the potential damaging effects of identified risks in a context that communicates well with non-IT decision makers.

· Vendor questionnaires and surveys – This inline capability streamlines and automates the often onerous process of collecting security information from vendors. The feature ensures that results are consistent and can be reported in aggregate, eliminating errors and delivering added visibility into vendor relationships for decision makers.

· Remediation Planning – This enhancement is particularly well suited for small- and mid-sized organizations with limited IT personnel. The workflow feature, designed using industry standard, rules-based best practices, guides users through the decision-making process for every risk. Organizations can define the criteria by which a risk requires action, taking the necessary steps to manage visits within acceptable parameters.

· Partner efficiencies – TraceSecurity is making it easier for its MSSP partners and resellers to better serve their clients. Enhanced features allow partners to pre-set content for clients, making it easier to configure implementations and deliver a faster and more complete "out-of-the-box experience" for new customers.

"The goal of these new features is to take the risk out of risk management," said Josh Stone, director of product management at TraceSecurity. "We're working every day to simplify information security management for industries already challenged with high costs associated with IT infrastructures, a shortfall in security specialists, and rapidly changing regulatory mandates."

TraceSecurity has modified other aspects of the TraceCSO software suite to ensure continued ease-of-use and customer satisfaction. These include:

· Numerous screens were enhanced to increase performance and add configurable fields. This allows clients to tune the interface to achieve greater simplicity and enable optional, advanced features.

· TraceCSO supports both high-demand users and others seeking a more simplistic solution. Screens can now be customized to show only the fields necessary to support unique customer requirements.

· Today's TraceCSO is also significantly faster than earlier iterations, in some cases improving page loads by as much as 8 to10 times.

TraceCSO is the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization. TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks. Launched just over a year ago, TraceCSO has been implemented for some 250 clients, across industries including financial services, healthcare, education, legal, technology and government.

About TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,700 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, high-tech, insurance, government, education and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit www.tracesecurity.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

CVE-2014-9197
Published: 2015-01-27
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

CVE-2014-9198
Published: 2015-01-27
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVE-2014-9646
Published: 2015-01-27
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.