F.A.Q.’s about CyberSecurity Resource Planning, and Intelligent CyberSecurity Platform
What is CRP?
CRP is ClearArmor’s CyberSecurity Resource Planning solution, which is similar in concept to an organization’s Enterprise Resource Planning (ERP) solution. CRP allows an organization create a CyberSecurity risk management strategy that aligns with industry standards and best practices, including the NIST CyberSecurity Framework and the Center for Internet Security, and maps to other industry CyberSecurity standards, including ISO, HIPAA, PCI, FERPA, and NERC. The CRP process also helps your organization document compliance with regulatory and legal obligations.
What is the ICSP?
The Intelligent CyberSecurity Platform, or ICSP, is the technology backbone which powers ClearArmor’s CRP solution. The ICSP is a set of powerful tools, processes, and information that enable organizations to deploy and govern their CyberSecurity risk management strategy and automates many functions related to the governance of the strategy, including technology, services, and human resources. The ICSP manages workflow, controls cost, and enables risk assessment. It also monitors the organization’s execution of the strategy. In short, it gives your organization the tools and information it needs to effectively implement Cyber Governance.
Why does my Organization Need Cyber Resource Planning and the ICSP?
Recent high-profile breaches, the ever-increasing sophistication of attackers, and the changing regulatory and legal environment are causing sophisticated business leaders to realize that responsibility for CyberSecurity needs to move from the IT department to the Board Room. But for some business leaders, the thought of trying to quickly master an ever-expanding set of buzz words, acronyms, and technologies while still performing their existing duties is daunting. The CRP process lets your organization implement Cyber Governance by providing easy-to-use tools, processes, and information that allow technical and non-technical people throughout the organization to better understand the organization’s CyberSecurity risk management strategy and their role in it. When the inevitable data breach occurs, the ICSP can also provide trusted information which documents the organization’s CyberSecurity risk management strategy and execution of the strategy, which can show shareholders, investors, customers, regulators, and even hostile lawyers that the organization was not negligent in its approach to CyberSecurity.
What is the CRP Implementation Process?
The ClearArmor CRP implementation process begins with a thorough, business-oriented definition of your organization. While this occurs, an army of enhanced, virtual software robots (“bots”) are deployed throughout your network. These bots scour the network to identify the real and virtual devices on it, including workstations, servers, routers, switches, printers, and more, regardless of the operating system they are running. They can comb through the identified devices, collecting detailed information about device configuration, installed software, and known device vulnerabilities. The identified devices are then mapped against the various parts of the organization’s business and against different standards, including the NIST CyberSecurity Framework. A comprehensive CyberSecurity risk management strategy is then defined based on this mapping. The ICSP’s bots monitor and report back on the organization’s progress in implementing the strategy, allowing the business leaders to take action as necessary to keep things on the right track.
Is the ICSP Implemented on Premises on in the Cloud?
It depends on the features you want to use and your IT infrastructure. If you prefer the ease and $0 capital expense of cloud-based implementations, the core portions of the ICSP can be deployed in the cloud, managed by ClearArmor. If you have the staff and prefer to manage a cloud-based deployment yourself, we can accommodate that, as well. And if your organization already maintains its own data-center, we can deploy the ICSP core there as well. The ICSP does need some software to be deployed within your environment, regardless of where the ICSP core is installed. To achieve the full benefits of the ICSP’s deep scanning capabilities, our bots need to be deployed on the devices in your system.
How are the ClearArmor CRP Process and the ICSP Different from CyberSecurity and Cyber Governance Tools?
Most CyberSecurity tools are hyper-technical and focus on solving specific problems. Most Cyber Governance tools take a human-centric approach to Cyber Governance, collecting data using questionnaires and spreadsheets without tying the information back to the organization and its business. ClearArmor’s CRP process and the ICSP unify CyberSecurity and Cyber Governance in a single solution that allows the technical aspects of CyberSecurity to be governed, documented, and discussed in a business-oriented manner.
Who Benefits from Adoption of CRP?
CRP provides benefits across the organization, including its business leadership, technical leadership, lawyers, and line employees.
How do Business Leaders (CEO’s, Directors, etc.) Benefit from CRP and the ICSP?
Laws and regulations around the world are constantly changing, and they are increasingly putting the responsibility for CyberSecurity squarely on the organization’s senior management, including the Directors and CEO. While the day-to-day management of CyberSecurity can be delegated to others, the business leaders are increasingly held accountable when a data breach occurs. The ICSP automates the collection and dissemination of information throughout the organization, reducing the opportunities for human error and improving trust. Organizations do not trust unaudited, human-generated data in business-critical areas such as accounting and finance, and organizations should not accept unaudited, human-generated data in CyberSecurity. CRP provides a framework through which the organization’s business and technical leadership can more effectively and efficiently communicate about CyberSecurity issues. As the organization’s CyberSecurity approach matures, the default information displayed to various employees and the organization’s business leadership can change, allowing everyone to easily stay informed about important issues.
How do Technical Leaders (CISO, CIO, etc.) Benefit from CRP and the ICSP?
One of the biggest challenges many technical leaders face is communicating CyberSecurity information to their organization’s senior management and Board of Directors. CRP allows your organization to create a customized, business-oriented framework which allows the technical and business leaders to more easily communicate about CyberSecurity issues. In short, everyone is using the same vocabulary, working from the same, trusted data, and all parts of the organization buy in to the CyberSecurity risk management strategy. The ICSP also gives technical leaders the data to show that the inevitable data breach was the result of a sophisticated attacker, rather than an oversight. But the ICSP is more than just a big-picture tool. The ICSP comes standard with capabilities that address the Center for Internet Security’s (CIS) top 5 CyberSecurity controls. According to CIS and the Australian Government Department of Defense, these capabilities can prevent 85% of targeted cyber intrusions. Our innovative dashboards and reports also make it easy for you to communicate about current threats and other CyberSecurity issues with your organization’s employees and business leaders. And it doesn’t stop there – we are constantly innovating and adding new features.
How do Lawyers (General Counsel, Outside Counsel, etc.) Benefit from CRP and the ICSP?
Data breaches are inevitable. Over 80% of recent breaches were not found by the affected organizations; the notifications came from third-parties. 58% of those were reported by regulatory bodies. How will your organization respond when the regulators call? Don’t rely on after-the fact, forensic analyses of potentially tampered data to try to prove it has done things right. CRP and the ClearArmor ICSP give your organization the data it needs to prove it has created a thoughtful, comprehensive CyberSecurity risk management strategy and is diligently implementing that strategy.