Ultimate Security is a very advanced tool for managing information security in any enterprise with any size and supports you in your daily work as a CISO or IT Security Officer.
It is with you from the beginning to the end of the security lifecycle including, Design, Implementation, Audit and Improvement.
Ultimate Security, manages your information security based on all 5 following approaches with flexibility in using different standards in each approach.
You can use Ultimate Security for:
With a few clicks effort, Ultimate Security helps you:
- To assemble a snapshot of the state of information security in your organization.
- To document and visualize your current status.
- To provide reports for the company’s management, auditors, process owners and compiling reference documents for the certification process.
- To determine the progress within an IS project.
- To provide all mandatory documents for different standards audit.
- To implement regulations, policies and procedures in a structured and logical way.
- To meet all types of obligations.
Other features of Ultimate Security are:
- It keeps everything auditable with several versions.
- All reports can be generated in a variety of formats for publishing or further editing. These include: PDF, HTML, DOC, XLS, ODT, ODS.
- The integration of Ultimate Security with different vulnerability scanners advances vulnerability scans to a centrally controlled process for vulnerability management.
- Using the Dynamic Object Model that can be adapted to own working methods, the support for maturity models as well as the import of interview partners from an Active Directory etc.
- Constantly adjusted to meet changing requirements.
- Collaborative work on controls, assets, audits etc.
- Assignment of tasks to responsible representatives automatically.
- Tracking of tasks.
- Different level of users and adjustable access rights.
- Central secured database and application server.
- Offline capabilities for off-site work.
- Flexible report modifications.
- Simple integration in directory services like Active Directory.
- Secure remote access with full VPN support.
- Developed based on our solid, comprehensive and agile methodology.
- Comprehensiveness and the possibility of implementing several information security and IT standards and best practices simultaneously.
- Easily adaptable to the latest technological changes and standards.
- 24×7 Technical support.
- Available for Windows platforms.
This powerful tool manages the following items for you
For more information about the technical methodology used to develop this powerful tool please refer to www.terminus-system.com/methodology-details
- List of Processes
- Internal & External Environment
- Organization Structure and Roles
- Training Records
- Automatic inventory of network equipment
- Automatic inventory of applications and operating systems
- Connecting to other asset inventory applications to fetch data from them
- Evaluating goals.
- Evaluating processes.
- Determining the role of each asset in each process and achieving each goal.
- Detecting Vulnerabilities of all Assets
- Identification of all risks likelihood
- Identification of all risks Impact
- Identification of all risks Risk Number
- Providing Risk Matrix
Information Security Objectives Definition
Automatic Security Objectives definition based on business objectives using the following indexes:
- ISO27001:2013 Controls Level of Implementation
- Information Security Management Maturity Level
- Total Level of Risk
Security Organization Definition
- Automatic Security organization development.
- Implementation of configurations.
- Providing RFP for the implementation of the proposed projects.
- To justify the implementation of policies and guidelines for audiences.
- Project Management documentation for proposed projects and solutions.
Information Security Procedures
- Providing more than 30 Information Security Procedures.
Business Continuity Plan
- Key Business Processes identification.
- RTO and RPO calculation for each Key Process.
- Defining incident Management Procedure.
- Projects Management
- Configuration Management
An internal audit is performed to assess the quality and standardization of the implementation of standard controls. A special form is designed for this purpose. In order to complete this form, it is necessary to complete the internal audit form by observing the field and reviewing the documentation and interviewing with the same contacts as in the sixth step and for analyzing the gap based on the control model.
- Organizational structure
- Interested parties and their requirements
- Internal and External issues and their interfaces
Business Processes's Documentation
Network Architecture Documentation
- Passive Connections
- Racks Arrangements
- Users Information
- Infrastructure Services
- IP Addressing Scheme
- VLAN information
- Identifying the Gap between ISO27001:2013 controls when fully implemented and current status of them.
- Identifying the Gap between Information Security Processes when fully implemented and current status of them and also level of Information Security Maturity.
Information Security Policy Development
- Automatic Information Security Policy development.
Statement of Applicability
- If it is Applicable or Not.
- It’s status based on the CMMI model.
- If Not Applicable, what the reason is.
- The major Technical and System solutions to implement each control.
- Steps should be taken to implement each control
Information Security Technical Policies
- Subject-based security policies
- System-based security policies
Training & Awareness Plan
Automatic Training & Awareness plan according to the tasks defined in the information security structure and the training background obtained in the recognition phase, the training program of each of the personnel is determined purposefully.
- Information exchange with stakeholders.
- Prioritizing Risk Treatment Plan solutions.
- Acceptance of remaining risks.
- Determine the various responsibilities of implementation.
- Determine the implementation schedule.
- Estimates of implementation costs and funding.
- Obtaining an implementation license
Implementation Effectiveness Assessment
- Measuring the degree of improvement in the Level of Risk
- Measuring the degree of improvement in the Controls Maturity
- Measuring the degree of improvement in the Process Maturity
After an internal audit and an assessment of effectiveness, if the intended security objectives are not met, the necessary corrective actions are defined to achieve these goals and are approved at the management review meeting. In accordance with the approvals of the management review and, if necessary, the technical documentation provided, in particular, the revision of the risk management plan, shall be carried out.