Information Security Compliance and Auditing Software
Information Security Work Bench (I-SAW) is a state-of-the-art information gathering, analytical and reporting solution intended to improve the productivity and work quality of consultants, auditors, and analysts performing information security program assessments. I-SAW presents an innovative methodical approach to assessing an organization’s information security threats, vulnerabilities, and controls within a highly structured knowledge-centric ecosystem.

The solution is compliant with the information security practices prescribed by ISO 27000 and other recognized international standard boards and industry associations. I-SAW supports assessments in the commercial and public sectors and multi-client and multi-project work environments.

I-SAW, a database solution, is designed to obtain, examine, and manage the control points necessary to understand the condition of an organization’s information security program assess its infrastructure and governance exposures and assist in improving the overall information security control environment. The solution’s user-friendly architecture allows users to stay focused on the assessment approach and mechanics instead of the supporting technology.

I-SAW understands that every client organization have their own unique business and technology environment and needs. Thus I-SAW was designed to easily adapt to client requirements and ensure that their assessment structure and environment can evolve, change as their business and security needs evolve, change and grow.

The system provides a reporting engine that produces an array of structured and customized reports and charts that assess the state of the current security environment, constructs a risk assessment on mission-critical threats and vulnerabilities, produces an executive report highlighting the project’s key findings, conclusions and recommendations, and generates be spoke information security policies.

Once implemented throughout the enterprise, senior management will have the ability to see at a glance its total company-wide information security compliance and level of risk and exposure inherent to each organizational entity.

The I-SAW Methodology (as described in Section 10) is used exclusively in support of information security assessments conducted with the I-SAW Tool. The methodology is a consistent and adaptable framework that consists of a multi-stage roadmap structure that easily transformed into a project management plan.

I-SAW is a simple and practical tool that companies may use in a variety of assessment solutions ranging from information security to a broad range of compliance and audit assessments. Configuration options include a stand-alone solution, a client-server with networking capability and a Web Services facility.

The system’s design supports the proposition that an effective security assessment is the outcome of a synergistic bottom-up and top-down evaluation of an organization’s security strategies, people, technology, policies and procedures. The system provides the capability to assess the archetypal security elements that typically embrace a corporate information security program. They include:

• Information Security Policy
  
• Organizational Security
  
• Access Control
  
• Physical & Environmental Security
  
• Personal Security
  
• Asset Classification & Control
  
• Communications & Operations
  
• System Development & Maintenance
  
• Business Continuity Management
  
• Compliance