MooD International Ltd - Smarter Decisions

Countering the enterprise security threat

HP and MooD deliver a solution that provides a single approach to security across the business

HP Secure Boardroom is the HP Enterprise Security Services tool built by MooD International to enhance information security governance and reporting across organisations. A close partnership with HP Enterprise Security Services (formerly Vistorm) has allowed us to operate within the complex and highly technical information security market. Secure Boardroom is an ‘out of the box’ solution which delivers relevant management information for complete security programme control to senior leaders. Further effort can be applied to this solution, to customise and enhance the software in order to meet any bespoke account specific requirements.

The solution recognises the challenges faced by organisations when confronted with deploying a single governance strategy through a federated / distributed business. Historically the collection of the data required to report on achievement against Key Performance Indicators and Service Level Agreements would have required a team of individuals devoted to the sole task. Secure Boardroom drives down costs by consolidating disparate data sources and significantly reducing the effort required in both measuring and managing performance.

“By deploying Secure Boardroom the customer is able to drive consistent language, terminology and governance practices across the business, while remaining sensitive to the individual challenges of each business area.”

In order to facilitate effective governance there is a need for each account to understand and be able to describe the complex operating environment. Once understood, this environment needs to be measured. If the environment can be described and measured, then management of that environment becomes much more effective.

Overview

Secure Boardroom is all about driving business and organisational outcomes. It captures key governance information and provides a single web based view across the organisation. The true value of Secure Boardroom is that it delivers both a comprehensive view of the overall security programme and the ability to drill down into the detail of specific security controls and functions.

Secure Boardroom ‘out of the box’ provides a single point of reference to support the governance of your information security environment.

Where legacy toolsets exist, Secure Boardroom looks to integrate with those products. Simple modifications can be made to deliver automated extraction of governance information into the secure portal. As a consequence, Secure Boardroom does not rely on a ‘standard toolset’ in order to be deployed successfully.

Secure Boardroom brings all aspects of information security programme level governance together into one secure portal. This facilitates accurate real-time decision making, delivering a focus upon the key areas of risk to your business.

Secure Boardroom Functional Control Views

Home Screen – The Home screen provides a programme level view of information security governance, it is further divided into six sections, each relating to a discrete control function. From this screen the user can navigate directly to granular data or to a summary screen for that particular control.

Finance – The Finance control view tracks the security budget. An aggregated view is provided, which is also broken down into discrete categories. This facilitates management oversight of organisational pipeline of spend (projects waiting for authorisation) and the associated ‘in flight’ projects.

Plan – The Plan control view displays projects that are currently at the authorisation stage, preceding the ‘Change’ phase. This visibility ensures that projects are subject to formal governance; being tracked through stage gates, with an adequate budget and detail of spend to date, to facilitate successful delivery. The flexibility of the platform ensures that projects can be easily added, modified and deleted at any time.

“Secure Boardroom drives down costs by consolidating disparate data sources and significantly reducing the effort required in both measuring and managing performance.”

Transform – The Transform control view provides visibility of the projects that have been given authorisation to proceed at stage gates and that are currently in progress. Secure Boardroom delivers the ability to track the progress of security projects against delivery milestones throughout the project lifecycle.

Risk – The Risk control view facilitates the profiling and documenting of individual risks aggregated into a corporate view. Risks are measured in accordance with impact and probability. Using the traditional risk categories of red, amber and green, risks are displayed via heat map ensuring that management attention is focused on the greatest risks to the business.

Manage – The Manage control view identifies and tracks organisational compliance against regimes such as ISO27001. Compliance achievement is clearly visible, with a red, amber or green status demonstrating progress against each control. Auditable actions are captured, monitored and displayed to deliver effective governance.

Assure – The Assure control view centres upon the operational aspects of information security governance. Third party supplier performance is monitored and displayed, along with information detailing security incidents and services.

The example listed above is only indicative of the type of functionality provided by Secure Boardroom and serves only as a starting template – each organisation may have a solution tailored to their specific needs and challenges.

McAfee ePolicy Orchestrator Interface

Secure Boardroom has an interface with the McAfee ePolicy Orchestrator (ePO) software, which manages security across endpoints, networks and data, and integrates third-party solutions. This interface delivers end-to-end visibility across the environment, merged with comprehensive governance and reporting. This combination of functionality enables the customer’s organisation to respond quickly and to spend less. Creating a seamless integration with McAfee software has be a high priority for enterprises during the previous period and this functionality has been deployed in a business search engine company running on the increasingly popular Apple iPad. This allows senior managers to have key statistics and up to date performance metrics at their fingertips whenever they are required.