Define and manage your organization’s security architecture and processes
iServer Solves Problems for Security Architects
iServer is a market leading platform for defining and managing your organization’s security architecture and processes. iServer is meant to help you get through the most difficult tasks quickly and effectively so you can create real value for your organization.
When we set out to create iServer, or goal was to make the most powerful security architecture platform available. To achieve this, we were careful to identify the problems that architects are regularly confronted with, then we built an extensive range of valuable security architecture features to address them within our solution. Please find below some of the most frequent issues that users resolve with iServer.
How do the security processes and controls relate to business requirements?
Security architecture is very often perceived simply as a technology problem. This can lead to a host of problems. For instance, by it being ignored when large, important decisions are taken, the whole enterprise may be put at risk. iServer features extensive capabilities in order to assist you with communicating the real importance of security architecture to the enterprise. By making use of iServer Hierarchy Views, users can identify how process and controls are linked to business requirements. Thus, your audience will get a better understanding of the enterprise wide relevance of security architecture.
How does an organizational unit relate to security objectives?
Many architects are asked to provide a rationale for a business unit’s input towards achieving a certain security objective. Our platform’s Views capabilities allow you to identify precisely how a certain actor or unit is involved in ensuring objectives are met. Based on that information you can create reports that aid decision making and planning.
How do I answer key business questions without going into technical details?
Within iServer we provide a range of diagrams in order to support you better respond to challenges. For instance, it can be quite challenging to respond to a task without getting too technical, something most of your audiences will object to. The ‘Physical Security Model’ diagram addresses the complexity of the application architectures by focusing on the logical level, rather than physical. This means certain applications are grouped together and therefore risks can be related to a group of applications reducing the overall complexity.
How do I communicate a large amount of security information at a glance?
In order to get the buy-in from your audience, you’ll need more than just to have correct, or even useful information. Many professionals struggle to connect with their audience during a presentation because valuable their insights though may be, they are difficult to assimilate. The solution is to have beautiful, best in class graphics to accompany your sermon. That will go a long way towards getting your ideas across, irrespective of the audience’s background, which will lend your words considerably more weight.
How do I ensure my security architecture is compliant with widely accepted standards?
An enterprise’s security is a serious subject. Considering the potential reputational and financial losses that security breaches can amount to nowadays, iServer offers a number of models to guide you towards building the most solid architecture possible. For example, we provide an ISO 27002 Control Model, which you can use if your organization seeks to achieve compliance with the ISO 27002 Standard, the best known in the ISO 27000 family of standards and widely endorsed in the industry. Or, you might decide to use the SABSA Framework.
The iServer repository provides a central location where the SABSA (Sherwood Applied Business Security Architecture) security framework and methodology can be applied to manage the development and implementation of a robust security architecture. SABSA in iServer covers every architecture domain (business, data, application, and technology) and every abstraction layer (contextual, conceptual, logical, physical, and implementation). Using the SABSA Trust Framework helps to ensure that the organisztion is complying or identifying areas that require improvement. All this support is very valuable for organizations that must ensure a high level of compliance with numerous regulatory and legal requirements relating to the security of information.
How can I share security-related information with the business at large?
It’s vital for actors in disparate and far away locations to be able to act in a concerted manner. It is simple to generate security artifacts such as the Security Risk Catalog, Business Risk Model, Security Organization Model in iServer, but what really makes it stand out is how easy it is to share this information. The platfrom’s communication modules – HTML Publisher and Portal – make these deliverables quickly available to all relevant stakeholders.
How do I track the progress and maturity of my security architecture?
iServer’s information security dashboard provides a way to track the progress over time across the security architecture and processes. iServer’s IT Portfolio Management capabilities enable the organization to have an integrated reporting, analysis and decision making capability for security-related activities. Live security information can be viewed to support IT investment decisions across all domains, and performance can be measured against specific strategic objectives. iServer consolidates and centralizes enterprise security information within a central repository, increasing accuracy and ensuring templates are updated.