Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/27/2009
05:23 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Modulo Integrates Modulo Risk Manager With Comprehensive Security And Compliance Solution

Solution is designed to address cyber, physical and operational security requirements for SCADA system

MONTCLAIR, N.J., Feb. 26 " Modulo (www.modulo.com), leading provider of IT Governance, Risk and Compliance (IT GRC) solutions, announced that award-winning Modulo Risk Manager has been integrated to the industry first Comprehensive Security And Compliance Solution (CSACSTM) developed by Berkana Resources and CIDG Corp. The solution is designed to address cyber, physical and operational security requirements for SCADA systems which are responsible to control critical processes such as maintaining power, water and oil supply, among others.

The partnership combines the research and experience of Berkana Resources Corporation and CIDG Corp in the Industrial Security area, with the flexibility and customization abilities of Modulo Risk Manager. The tool provides a platform to analyze and manage the data collected from assessments. It can then automate risk calculations, correlate the data to organizational functions and business ives, help prepare and manage mitigation strategies, manage work flow with task assignment and tracking, consolidate policies and procedures into an organizational knowledgebase, and measure compliance against industry and internal standards and requirements such API 1164, BS 25999, FISMA, ISA99, ISO 27001, ISO 27002, NERC, NIST, TSA.

"By allowing us to incorporate industry specific standards, guidelines, best practices and our client's own corporate policies and procedures into Modulo Risk Manager, we can perform a comprehensive risk and compliance assessment targeted at a specific SCADA client's requirements in the Oil & Gas, Water and Electric Utility Markets", said Jeff Whitney, at Berkana Resource. "Even though industrial standards are highly specialized and just beginning to emerge in the market, Risk Manager's customization and adaptability have given us a framework and rich toolset with which to support our services.", said Clint Bondugen, Lead Industrial Security and Compliance analyst at CIDG Corp.

"We are very proud of this partnership which puts our product at the service of the protection of our national security and critical systems and facilities", said Ronald Radcliff, Modulo's Vice President of Sales. "Modulo Risk Manager is supported by a comprehensive knowledge base consisting of over 300 robust checklists, more than 12,000 controls and in excess of 5,000 automated collectors. In addition, the software provides comprehensive support for all the key regulations, standards and frameworks companies are faced with in order to help facilitate their compliance obligation management efforts. These features make it ideal for meeting Governance, Risk and Compliance needs in a range of industries from healthcare to financial services and, now, SCADA systems".

About Modulo Risk Manager: Award-winning Modulo Risk ManagerTM provides organizations with the tools they need to automate the processes required for assessing and eliminating security vulnerabilities and attaining regulatory compliance (PCI DSS, SOX, ISO 27002, ISO 27001, COBIT, and more). The software allows organization to identify controls that should be implemented and obtain detailed recommendations based on best practices.

About Berkana Resources Corporation: Berkana provides SCADA Systems Security, Integration and Consulting services to clients in the Oil & Gas, Water and Utility Markets. Our seasoned staff of engineers, integrators and project managers provide these services to clients implementing, upgrading, maintaining and securing SCADA systems.

About CIDG Corporation: CIDG is a highly trained team of specialized experts with a single goal... to secure your SCADA, Process Control and Critical Environments. From physical and operational security, to cyber security, to legal and regulatory compliance, CIDG offers you the most comprehensive compliance and risk management services available in the industry.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.