Configuresoft Charters The Center for Policy & Compliance; Team of Experts Clarify and Support Requirements Around Policy Development & Compliance.COLORADO SPRINGS, Colo. -- Configuresoft, the industry leader in configuration management, today unveiled its Center for Policy & Compliance. The Center is comprised of a team of security and policy experts, IT auditors and early contributors to the Federal mandates and industry best practices. While Configuresoft's goal includes helping administrators better understand and evaluate the security of their network, the driving factor behind the Center is to help the market gain a better understanding of the tools that can help plan and implement automated strategies that effectively address regulatory and policy compliance issues. "Back in the late-1990s, we saw a need for security vendors to take a more proactive approach on reporting on hacker activity and malicious code development. So, the leaders of the time--like AXENT's SWAT Team, and ISS' 'XForce' really made a contribution to the level of awareness the general market gained in the area of security," said Drew Williams, vice president of Corporate Development at Configuresoft. "It's now time for the vendor leaders of this generation to use the same processes to address the growing focus on compliance-related concerns." Organizations are racing to protect their information and IT assets in real-time from a bombardment of new security threats and vulnerabilities, while at the same time comply with a landslide of new regulations such as Sarbanes-Oxley, HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, , and many more worldwide. This demands a laser-like focus on computing system settings and if they are in compliance with corporate policy or external standards and regulations. Without this knowledge, enterprises risk loss of productivity, resources and assets, caused by the latest computer exploits or internal misuse. "We searched and evaluated several technologies to assist us with FDA FDA abbr. Food and Drug Administration FDA, n.pr See Food and Drug Administration. FDA, n.pr the abbreviation for the Food and Drug Administration. 21 CFR CFR See: Cost and Freight 11 and Sarbanes-Oxley requirements. After we reviewed Configuresoft's ECM (1) (Enterprise Change Management) See version control and configuration management. (2) (Error Correcting Mode) A Group 3 fax capability that can test for errors within a row of pixels and request retransmission. configuration templates, it was obvious that the Company had extensively researched these laws. Configuresoft eliminated much of the research and fact-finding work that we would have had to do," said Moe Barbarawi, director, infrastructure & field support, Cyberonics. "Customers struggle to map their businesses with common mandates and standards. They don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. where to begin or how to establish goals because the language in these mandates is ambiguous. This presents risks as the deadlines are quickly approaching," said Chris Farrow, director of Configuresoft's Center for Policy & Compliance. "Configuresoft's Center for Policy & Compliance will deliver products and services to help organizations institute benchmarks for how systems should be configured, deployed and managed, then measure compliance against those standards, including those established by industry organizations. The Center will take the legwork leg·work n. Informal Work, such as collecting information or doing research in preparation for a project, that involves much walking or traveling about. out of translating what organizations need to do and offer step-by-step strategies based on their requirements and business needs." The Center's two main programs include content research and delivery of productized knowledge via sets of compliance templates, reports and dashboards. Areas of focus include but are not limited to regulatory items, such as Sarbanes-Oxley (SOX), FISMA FISMA Federal Information Security Management Act of 2002 FISMA Federal Information System Management Act , HIPAA, GLBA GLBA Gramm-Leach-Bliley Act of 1999 (Financial Modernization Act of 1999) GLBA Gay and Lesbian Business Association GLBA Great Lakes Booksellers Association GLBA Glacier Bay National Park and Preserve , Basel II, and industry best practices/standards, such as NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. , CIS Cis (sĭs), same as Kish (1.) (1) (CompuServe Information Service) See CompuServe. (2) (Card Information S , SANS, ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. . The Center's first deliverable will be a turnkey solution for SOX compliance. It will include access control, audit control and access change monitoring. This will ensure a company's automated strategy for SOX compliance will consistently meet the mandate. Plans for a second package covering FISMA compliance is underway for later this month. "Management vendors have long been aware that you need to know what you are managing before you can manage it," said Audrey Rasmussen, vice president of Enterprise Management Associates. "Understanding the key measures of compliance allows companies to focus its people and resources on what is really important for compliance. This kind of information has largely been unavailable in the compliance space outside of auditing practitioners working hand-in-hand with system integrators. The Center for Policy and Compliance brings actionable compliance intelligence based on real world experience into the public realm to help companies meet public mandates." About Chris Farrow, director, Configuresoft's Center for Policy & Compliance With more than 15 years of experience in systems engineering and security, Mr. Farrow has assisted many Fortune 1000 companies to secure their infrastructures. His background crosses several industries including the U.S. military, health care, manufacturing, investment banking and software development. Prior to his current position at Configuresoft, he has held positions as product manager and systems engineer for such vendors as NetIQ, Intrusion.com and BindView Corporation. Chris has been an industry resource on the topics of intrusion detection, network security management and vulnerability assessment technologies, and has spoken at a number of industry trades shows such as the Gartner IT-Expo, NetConnect, InfoSec and ISACA (Information Systems Audit and Control Association, Rolling Meadows, IL, www.isaca.org) A membership association dedicated to information systems auditing and security. Founded as the EDP Auditors Association in 1969, ISACA provides certification in auditing and security (see CISA and CISM). . Mr. Farrow participates as a SANS local mentor in Colorado Springs, CO and holds GSEC GSEC GIAC Security Essentials Certification (computer security certification designation) GSEC Geophysical Survey and Exploration Contract GSEC Generalized Switch-And-Examine Combining , CISSP (Certified Information Systems Security Professional) The award for successful completion of an examination in computer security administered by the International Information Systems Security Certification Consortium (ISC)2. , MCSE See Microsoft certification. MCSE - Microsoft Certified System Engineer and CNE (Certified NetWare Engineer) See Novell certification. certifications. About Enterprise Configuration Manager Configuresoft's flagship product, ECM, automates the management of configuration settings for Windows-based servers and clients, and enforces security and IT standards. Going beyond patch management, ECM enforces security policies without human intervention by automatically resetting configurations to their pre-defined standard when they are inadvertently changed. Within the space of configuration management and policy remediation, ECM enables the most detailed monitoring available and automatically mitigates any deltas that were assessed--ensuring "Dynamic Compliance Controls" throughout the Microsoft(R) Windows(R) environment. Designed by working auditors, Configuresoft's policy templates will offer a comprehensive series of automated checks and controls to correlate with the COSO/CobiT Framework at a granular level. About Configuresoft Configuresoft is the industry leader in highly scalable, enterprise configuration management, security patch management and policy compliance technology, serving eight of the "Global 25" corporations. Based in Colorado Springs, Colorado The City of Colorado Springs is the second most populous city (after Denver) in the state of Colorado and the 48th most populous city in the United States.[4] The city is the county seat of El Paso County. , the Company's products offer large-scale computing environments the ability to collect and analyze the most detailed information available about system application settings, events and operational trends, to a centralized point of management and control. As the only configuration management company to offer both system- and device-level, "end-to-end" controls, Configuresoft provides the tools to keep mission-critical systems properly configured, while ensuring compliance with stringent regulatory mandates, such as Sarbanes-Oxley, HIPAA, GLBA and FISMA, operational standards and evolving process methodologies. To contact Configuresoft, call 719.447.4600, visit us on the Web at www.configuresoft.com or write to info@configuresoft.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion