ISO/IEC 27001:2013, or more commonly known as ISO 27001, is designed to protect information and its integrity in an organization of any size. The certification can be achieved by following Information Security Management System (ISMS) guideline and completing an official audit. While not mandatory, there are many benefits to getting ISO 27001 certified. For example, it can supplement other compliances and standards like HIPAA, PCI DSS, FFIEC, FISMA etc. Getting an ISO certification can also increase your business reputation as ISO standards are highly respected. Finally, ISMS has some great information security best practices that are valuable for business continuity and growth.
Teramind for ISO 27001 supports the operational requirements of many of the ISMS security guidelines. It helps organizations of any size conform with ongoing ISO standard requirements with its extensive user activity monitoring, data exfiltration protection, audit, reporting and forensics capabilities.
of malware is delivered by email. Infection is commonly done through scam and phishing attacks targeting vulnerable users. Source: Verizon.
is the average cost of a data breach to a U.S. company. Average data breach to companies worldwide is $3.86 million. Source: Norton.
of companies experienced one or more successful attacks that compromised data and/or IT infrastructure in 2017. Source: Ponemon.
of the people surveyed in 53 countries said that the most important benefit of ISO 27001 was improved information security. Source: IT Governance.
Teramind provides essential security monitoring capabilities to help you detect, investigate, and report on data breaches within your organization's information systems.
Leveraging advanced fingerprinting, OCR and tagging technology, Teramind identifies confidential and sensitive data in structured and unstructured information across organization data stores.
Teramind leverages its activity monitoring and data loss prevention capabilities to defend confidential and private information from unauthorized access, sharing, attack and misuse.
Teramind’s powerful behavior-based policy and rules engine casts a strong detection net over the entire organization, allowing for quick detection of insider threats and data breach incidents before it happens.
Real-time notification and immediate actions proactively defend against data exfiltration, malicious or accidental insider threats and data breaches. In case of an incident, pinpoint the exact cause and source of the incident with readily available audit and forensic data.
Detailed incident reports, alerts and session recordings help you meet the follow-up reviews and audit obligations to confirm and prove that your organization remains in compliance with the ISO 27001 standard.
|
Monitoring and measurementTeramind visually records every action that a user makes while on a machine for over 12 objects including screen, apps, websites, files, emails etc. But each object can be configured to take into consideration what needs to be monitored and measured and who have access to the monitored records. This allows for instant administrative viewing or retained as evidence to facilitate subsequent corrective actions. |
|
Logs of user activities, exceptions and security eventsAs required by ISMS, Teramind keeps immutable logs of user’s access, keeps track of all activates and rule violation plus what action was taken. The records are encrypted and stored for as long as required and can only be accessed by authorized personnel. |
|
Security rules and access control for users and third-party vendorsTeramind allows organization to create profiles for groups, departments and third- parties and then define what resource each profile can access. Further rules can be set up by behavior policies so that employee access to sensitive information is segregated by business requirements, or on a need to know basis. For example, you can setup a rule so that only Sales Department is allowed access to the CRM database. Rules can also be created to notify management of any observable privileged user activity, such as making changes to system configuration or accessing restricted data. |
|
Internal audit, incident management procedure and corrective actionsDetailed alerts for all users can be viewed including any security incidents and what actions were taken. Warning messages can be configured to inform the users about nonconformity and influence corrective behavior. Session recordings and history playback can be used to view user’s desktop for forensic investigation. |
|
Risk assessment and treatmentTeramind has a dedicated Risk dashboard where management can conduct organization-wide risk assessment. Risk can be profiled by employees, departments or by system objects. Reports can be derived by severity of risks or by how many times security violations occurred. Unique Risk Scores allows you to identify high-risk employees or policies so that plans can be developed for treating the risks. |
|
Information security awareness and trainingThe insights derived from the various reports and session recordings can be used to train employees. Etiquette rules can be created to train new employees about information security best practices. |
On-premise - control the Teramind implementation in its entirety, stay off-cloud if that’s your firm’s operational model, leverage LDAP groups and users to identify which users and groups to apply which policies and rules to.
Teramind Private Cloud - use your own secure, scalable private cloud implementation including AWS, Google Cloud, Azure and more.
Teramind Cloud - trust us the management of the Teramind deployment and infrastructure. Only install Teramind Agents on the machines you want to monitor and set up your users, policies and rules and let us take care of the rest.