Risk
2/28/2014
07:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

TraceSecurity Enhances TraceCSO To Simplify IT GRC Management

Customers will see improvements in key features, new functionality, and other enhanced performance metrics

San Francisco, CA – RSA Conference – February 25, 2014

TraceSecurity, the pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, continues its strategy of bringing simplicity to organizations faced with managing security threats, and the governance and compliance mandates that accompany them. In March, TraceCSO customers will see improvements in key features, new functionality and other enhanced performance metrics.

TraceSecurity development engineers have focused on four key areas in today's update. They include:

· Business object reporting – TraceCSO has added a layer of business object reporting on top of its risk assessment module, translating IT content into a form that is more easily consumable across business organizations. Assets are associated with business objects, delivering better categorization of risks and showcasing the potential damaging effects of identified risks in a context that communicates well with non-IT decision makers.

· Vendor questionnaires and surveys – This inline capability streamlines and automates the often onerous process of collecting security information from vendors. The feature ensures that results are consistent and can be reported in aggregate, eliminating errors and delivering added visibility into vendor relationships for decision makers.

· Remediation Planning – This enhancement is particularly well suited for small- and mid-sized organizations with limited IT personnel. The workflow feature, designed using industry standard, rules-based best practices, guides users through the decision-making process for every risk. Organizations can define the criteria by which a risk requires action, taking the necessary steps to manage visits within acceptable parameters.

· Partner efficiencies – TraceSecurity is making it easier for its MSSP partners and resellers to better serve their clients. Enhanced features allow partners to pre-set content for clients, making it easier to configure implementations and deliver a faster and more complete "out-of-the-box experience" for new customers.

"The goal of these new features is to take the risk out of risk management," said Josh Stone, director of product management at TraceSecurity. "We're working every day to simplify information security management for industries already challenged with high costs associated with IT infrastructures, a shortfall in security specialists, and rapidly changing regulatory mandates."

TraceSecurity has modified other aspects of the TraceCSO software suite to ensure continued ease-of-use and customer satisfaction. These include:

· Numerous screens were enhanced to increase performance and add configurable fields. This allows clients to tune the interface to achieve greater simplicity and enable optional, advanced features.

· TraceCSO supports both high-demand users and others seeking a more simplistic solution. Screens can now be customized to show only the fields necessary to support unique customer requirements.

· Today's TraceCSO is also significantly faster than earlier iterations, in some cases improving page loads by as much as 8 to10 times.

TraceCSO is the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization. TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks. Launched just over a year ago, TraceCSO has been implemented for some 250 clients, across industries including financial services, healthcare, education, legal, technology and government.

About TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,700 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, high-tech, insurance, government, education and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit www.tracesecurity.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7178
Published: 2014-11-28
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

CVE-2014-7850
Published: 2014-11-28
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

CVE-2014-8423
Published: 2014-11-28
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.

CVE-2014-8424
Published: 2014-11-28
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.

CVE-2014-8425
Published: 2014-11-28
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?