It is with you from the beginning to the end of the security lifecycle including, Design, Implementation, Audit and Improvement.

Ultimate Security, manages your information security based on all 5 following approaches with flexibility in using different standards in each approach.

  • Control based covering ISO 27001
  • Process based covering ISM3
  • Risk based covering ISO
  • 27005Products’ manufacturer
  • security recommendations
  • covering Cisco ISE and MS
  • Base Line
  • Best Practices including TIA942

You can use Ultimate Security for:

  • Designing, Establishing, Maintaining and Improving, ISMS in your organization.
  • Assuring the compliance with standards such as ISO27001, ISO27002, ISO27003, ISO27004, ISO27005, ISO27010, ISO27031, ISO22301, ITIL, COBIT, ISM3, ISO9001, OWASP, NIST 800-30, ISO10013, ISO31000, ISO 27018, ISO 27019, BSI 100-1 bis -4, PCI DSS, BDSG, EU DSGVO, SSAE 16, BCBS 239, ISAE 3402, MaRisk-E, SREP, VDA ISA, IDW PS 330,
  • Performing Risk Analysis based on ISO 27005 and NIST800-30
  • Report generation, documentation, auditing and much more for ISO 27001 certification.

With a few clicks effort, Ultimate Security helps you:

  • To assemble a snapshot of the state of information security in your organization.
  • To document and visualize your current status.
  • To provide reports for the company’s management, auditors, process owners and compiling reference documents for the certification process.
  • To determine the progress within an IS project.
  • To provide all mandatory documents for different standards audit.
  • To implement regulations, policies and procedures in a structured and logical way.
  • To meet all types of obligations.

Other features of Ultimate Security are:

  • It keeps everything auditable with several versions.
  • All reports can be generated in a variety of formats for publishing or further editing. These include: PDF, HTML, DOC, XLS, ODT, ODS.
  • The integration of Ultimate Security with different vulnerability scanners advances vulnerability scans to a centrally controlled process for vulnerability management.
  • Using the Dynamic Object Model that can be adapted to own working methods, the support for maturity models as well as the import of interview partners from an Active Directory etc.
  • Constantly adjusted to meet changing requirements.
  • Collaborative work on controls, assets, audits etc.
  • Assignment of tasks to responsible representatives automatically.
  • Tracking of tasks.
  • Different level of users and adjustable access rights.
  • Central secured database and application server.
  • Offline capabilities for off-site work.
  • Flexible report modifications.
  • Simple integration in directory services like Active Directory.
  • Secure remote access with full VPN support.
  • Developed based on our solid, comprehensive and agile methodology.
  • Comprehensiveness and the possibility of implementing several information security and IT standards and best practices simultaneously.
  • Easily adaptable to the latest technological changes and standards.
  • 24×7 Technical support.
  • Available for Windows platforms.

This powerful tool manages the following items for you

For more information about the technical methodology used to develop this powerful tool please refer to

www.terminus-system.com/methodology-details

Organization Documentation

Including its:

  • History
  • Mission
  • Vision
  • Strategy
  • Goals
  • Services/Products
  • List of Processes
  • Internal & External Environment
  • Objectives
  • Organization Structure and Roles
  • Stakeholders
  • Obligations
  • Training Records

Asset Inventory

By:

  • Automatic inventory of network equipment
  • Automatic inventory of applications and operating systems
  • Connecting to other asset inventory applications to fetch data from them

Asset Evaluation

Including:

  • Evaluating goals.
  • Evaluating processes.
  • Determining the role of each asset in each process and achieving each goal.

Risk Assessment

Including:

  • Detecting Vulnerabilities of all Assets
  • Identification of all risks likelihood
  • Identification of all risks Impact
  • Identification of all risks Risk Number
  • Providing Risk Matrix

Information Security Objectives Definition

Automatic Security Objectives definition based on business objectives using the following indexes:

  • ISO27001:2013 Controls Level of Implementation
  • Information Security Management Maturity Level
  • Total Level of Risk

Security Organization Definition

  • Automatic Security organization development.

Risk Management

Including:

  • Implementation of configurations.
  • Providing RFP for the implementation of the proposed projects.
  • To justify the implementation of policies and guidelines for audiences.
  • Project Management documentation for proposed projects and solutions.

Information Security Procedures

  • Providing more than 30 Information Security Procedures.

Business Continuity Plan

Including:

  • Key Business Processes identification.
  • RTO and RPO calculation for each Key Process.
  • Defining incident Management Procedure.

RTP Implementation

Including:

  • Projects Management
  • Configuration Management

Internal Audit

Including:

  • An internal audit is performed to assess the quality and standardization of the implementation of standard controls. A special form is designed for this purpose. In order to complete this form, it is necessary to complete the internal audit form by observing the field and reviewing the documentation and interviewing with the same contacts as in the sixth step and for analyzing the gap based on the control model.

Scope Definition

Including:

  • Locations
  • Organizational structure
  • Assets
  • Technologies
  • Interested parties and their requirements
  • Obligations
  • Internal and External issues and their interfaces

Business Processes’s Documentation

Including:

  • Input
  • Sources
  • Output
  • Destinations

Network Architecture Documentation

Including:

  • Passive Connections
  • Racks Arrangements
  • Protocols
  • Users Information
  • Infrastructure Services
  • IP Addressing Scheme
  • VLAN information

Gap Analysis

Including:

  • Identifying the Gap between ISO27001:2013 controls when fully implemented and current status of them.
  • Identifying the Gap between Information Security Processes when fully implemented and current status of them and also level of Information Security Maturity.

Information Security Policy Development

  • Automatic Information Security Policy development.

Statement of Applicability

Including:

  • If it is Applicable or Not.
  • It’s status based on the CMMI model.
  • If Not Applicable, what the reason is.
  • The major Technical and System solutions to implement each control.
  • Steps should be taken to implement each control

Information Security Technical Policies

Including:

  • Subject-based security policies
  • System-based security policies

Training & Awareness Plan

  • Automatic Training & Awareness plan according to the tasks defined in the information security structure and the training background obtained in the recognition phase, the training program of each of the personnel is determined purposefully.

Implementation Management

Including:

  • Information exchange with stakeholders.
  • Prioritizing Risk Treatment Plan solutions.
  • Acceptance of remaining risks.
  • Determine the various responsibilities of implementation.
  • Determine the implementation schedule.
  • Estimates of implementation costs and funding.
  • Obtaining an implementation license

Implementation Effectiveness Assessment

Including:

  • Measuring the degree of improvement in the Level of Risk
  • Measuring the degree of improvement in the Controls Maturity
  • Measuring the degree of improvement in the Process Maturity

Improvement

  • After an internal audit and an assessment of effectiveness, if the intended security objectives are not met, the necessary corrective actions are defined to achieve these goals and are approved at the management review meeting. In accordance with the approvals of the management review and, if necessary, the technical documentation provided, in particular, the revision of the risk management plan, shall be carried out.