Teramind for ISO 27001

Information security and data loss prevention on a unified platform

ISO/IEC 27001:2013, or more commonly known as ISO 27001, is designed to protect information and its integrity in an organization of any size. The certification can be achieved by following Information Security Management System (ISMS) guideline and completing an official audit. While not mandatory, there are many benefits to getting ISO 27001 certified. For example, it can supplement other compliances and standards like HIPAA, PCI DSS, FFIEC, FISMA etc. Getting an ISO certification can also increase your business reputation as ISO standards are highly respected. Finally, ISMS has some great information security best practices that are valuable for business continuity and growth.

Teramind for ISO 27001 supports the operational requirements of many of the ISMS security guidelines. It helps organizations of any size conform with ongoing ISO standard requirements with its extensive user activity monitoring, data exfiltration protection, audit, reporting and forensics capabilities.

Teramind ISO 27001 value diagram

Cyber threats and data breaches are at an all time high:

92%

of malware is delivered by email. Infection is commonly done through scam and phishing attacks targeting vulnerable users. Source: Verizon.

$7.91M

is the average cost of a data breach to a U.S. company. Average data breach to companies worldwide is $3.86 million. Source: Norton.

54%

of companies experienced one or more successful attacks that compromised data and/or IT infrastructure in 2017. Source: Ponemon.

98%

of the people surveyed in 53 countries said that the most important benefit of ISO 27001 was improved information security. Source: IT Governance.

Effectively Detect, Investigate, and Report on Data Breaches

Teramind provides essential security monitoring capabilities to help you detect, investigate, and report on data breaches within your organization's information systems.

Identify

Leveraging advanced fingerprinting, OCR and tagging technology, Teramind identifies confidential and sensitive data in structured and unstructured information across organization data stores.

Protect

Teramind leverages its activity monitoring and data loss prevention capabilities to defend confidential and private information from unauthorized access, sharing, attack and misuse.

Detect

Teramind’s powerful behavior-based policy and rules engine casts a strong detection net over the entire organization, allowing for quick detection of insider threats and data breach incidents before it happens.

Respond

Real-time notification and immediate actions proactively defend against data exfiltration, malicious or accidental insider threats and data breaches. In case of an incident, pinpoint the exact cause and source of the incident with readily available audit and forensic data.

Report

Detailed incident reports, alerts and session recordings help you meet the follow-up reviews and audit obligations to confirm and prove that your organization remains in compliance with the ISO 27001 standard.

Teramind for ISO 27001 delivers solid information security benefits:

Monitoring and measurement

Teramind visually records every action that a user makes while on a machine for over 12 objects including screen, apps, websites, files, emails etc. But each object can be configured to take into consideration what needs to be monitored and measured and who have access to the monitored records. This allows for instant administrative viewing or retained as evidence to facilitate subsequent corrective actions.

Logs of user activities, exceptions and security events

As required by ISMS, Teramind keeps immutable logs of user’s access, keeps track of all activates and rule violation plus what action was taken. The records are encrypted and stored for as long as required and can only be accessed by authorized personnel.

Security rules and access control for users and third-party vendors

Teramind allows organization to create profiles for groups, departments and third- parties and then define what resource each profile can access. Further rules can be set up by behavior policies so that employee access to sensitive information is segregated by business requirements, or on a need to know basis. For example, you can setup a rule so that only Sales Department is allowed access to the CRM database. Rules can also be created to notify management of any observable privileged user activity, such as making changes to system configuration or accessing restricted data.

Internal audit, incident management procedure and corrective actions

Detailed alerts for all users can be viewed including any security incidents and what actions were taken. Warning messages can be configured to inform the users about nonconformity and influence corrective behavior. Session recordings and history playback can be used to view user’s desktop for forensic investigation.

Risk assessment and treatment

Teramind has a dedicated Risk dashboard where management can conduct organization-wide risk assessment. Risk can be profiled by employees, departments or by system objects. Reports can be derived by severity of risks or by how many times security violations occurred. Unique Risk Scores allows you to identify high-risk employees or policies so that plans can be developed for treating the risks.

Information security awareness and training

The insights derived from the various reports and session recordings can be used to train employees. Etiquette rules can be created to train new employees about information security best practices.

Flexible Deployment Options

On-premise - control the Teramind implementation in its entirety, stay off-cloud if that’s your firm’s operational model, leverage LDAP groups and users to identify which users and groups to apply which policies and rules to.

Teramind Private Cloud - use your own secure, scalable private cloud implementation including AWS, Google Cloud, Azure and more.

Teramind Cloud - trust us the management of the Teramind deployment and infrastructure. Only install Teramind Agents on the machines you want to monitor and set up your users, policies and rules and let us take care of the rest.

Interested? Try it! take a guided tour