Risk
2/28/2014
07:30 AM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

TraceSecurity Enhances TraceCSO To Simplify IT GRC Management

Customers will see improvements in key features, new functionality, and other enhanced performance metrics

San Francisco, CA – RSA Conference – February 25, 2014

TraceSecurity, the pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, continues its strategy of bringing simplicity to organizations faced with managing security threats, and the governance and compliance mandates that accompany them. In March, TraceCSO customers will see improvements in key features, new functionality and other enhanced performance metrics.

TraceSecurity development engineers have focused on four key areas in today's update. They include:

· Business object reporting – TraceCSO has added a layer of business object reporting on top of its risk assessment module, translating IT content into a form that is more easily consumable across business organizations. Assets are associated with business objects, delivering better categorization of risks and showcasing the potential damaging effects of identified risks in a context that communicates well with non-IT decision makers.

· Vendor questionnaires and surveys – This inline capability streamlines and automates the often onerous process of collecting security information from vendors. The feature ensures that results are consistent and can be reported in aggregate, eliminating errors and delivering added visibility into vendor relationships for decision makers.

· Remediation Planning – This enhancement is particularly well suited for small- and mid-sized organizations with limited IT personnel. The workflow feature, designed using industry standard, rules-based best practices, guides users through the decision-making process for every risk. Organizations can define the criteria by which a risk requires action, taking the necessary steps to manage visits within acceptable parameters.

· Partner efficiencies – TraceSecurity is making it easier for its MSSP partners and resellers to better serve their clients. Enhanced features allow partners to pre-set content for clients, making it easier to configure implementations and deliver a faster and more complete "out-of-the-box experience" for new customers.

"The goal of these new features is to take the risk out of risk management," said Josh Stone, director of product management at TraceSecurity. "We're working every day to simplify information security management for industries already challenged with high costs associated with IT infrastructures, a shortfall in security specialists, and rapidly changing regulatory mandates."

TraceSecurity has modified other aspects of the TraceCSO software suite to ensure continued ease-of-use and customer satisfaction. These include:

· Numerous screens were enhanced to increase performance and add configurable fields. This allows clients to tune the interface to achieve greater simplicity and enable optional, advanced features.

· TraceCSO supports both high-demand users and others seeking a more simplistic solution. Screens can now be customized to show only the fields necessary to support unique customer requirements.

· Today's TraceCSO is also significantly faster than earlier iterations, in some cases improving page loads by as much as 8 to10 times.

TraceCSO is the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization. TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks. Launched just over a year ago, TraceCSO has been implemented for some 250 clients, across industries including financial services, healthcare, education, legal, technology and government.

About TraceSecurity

TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,700 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, high-tech, insurance, government, education and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit www.tracesecurity.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.