{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"ru":"Производитель","_type":"localeString","en":"Vendor"},"role-supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"products-popover":{"de":"die produkte","ru":"Продукты","_type":"localeString","en":"Products"},"introduction-popover":{"en":"introduction","ru":"внедрения","_type":"localeString"},"partners-popover":{"_type":"localeString","en":"partners","ru":"партнеры"},"update-profile-button":{"en":"Update profile","ru":"Обновить профиль","_type":"localeString"},"read-more-button":{"en":"Show more","ru":"Показать ещё","_type":"localeString"},"hide-button":{"ru":"Скрыть","_type":"localeString","en":"Hide"},"user-implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"categories":{"en":"Categories","ru":"Компетенции","_type":"localeString"},"description":{"en":"Description","ru":"Описание","_type":"localeString"},"role-user":{"ru":"Пользователь","_type":"localeString","en":"User"},"partnership-vendors":{"ru":"Партнерство с производителями","_type":"localeString","en":"Partnership with vendors"},"partnership-suppliers":{"en":"Partnership with suppliers","ru":"Партнерство с поставщиками","_type":"localeString"},"reference-bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 reference"},"partner-status":{"en":"Partner status","ru":"Статус партнёра","_type":"localeString"},"country":{"ru":"Страна","_type":"localeString","en":"Country"},"partner-types":{"ru":"Типы партнеров","_type":"localeString","en":"Partner types"},"branch-popover":{"ru":"область деятельности","_type":"localeString","en":"branch"},"employees-popover":{"en":"number of employees","ru":"количество сотрудников","_type":"localeString"},"partnership-programme":{"en":"Partnership program","ru":"Партнерская программа","_type":"localeString"},"partner-discounts":{"ru":"Партнерские скидки","_type":"localeString","en":"Partner discounts"},"registered-discounts":{"en":"Additional benefits for registering a deal","ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString"},"additional-advantages":{"_type":"localeString","en":"Additional Benefits","ru":"Дополнительные преимущества"},"additional-requirements":{"en":"Partner level requirements","ru":"Требования к уровню партнера","_type":"localeString"},"certifications":{"_type":"localeString","en":"Certification of technical specialists","ru":"Сертификация технических специалистов"},"sales-plan":{"en":"Annual Sales Plan","ru":"Годовой план продаж","_type":"localeString"},"partners-vendors":{"_type":"localeString","en":"Partners-vendors","ru":"Партнеры-производители"},"partners-suppliers":{"en":"Partners-suppliers","ru":"Партнеры-поставщики","_type":"localeString"},"all-countries":{"_type":"localeString","en":"All countries","ru":"Все страны"},"supplied-products":{"ru":"Поставляемые продукты","_type":"localeString","en":"Supplied products"},"vendored-products":{"ru":"Производимые продукты","_type":"localeString","en":"Produced products"},"vendor-implementations":{"ru":"Производимые внедрения","_type":"localeString","en":"Produced deployments"},"supplier-implementations":{"en":"Supplied deployments","ru":"Поставляемые внедрения","_type":"localeString"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"not-yet-converted":{"ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later."},"schedule-event":{"ru":"Pасписание событий","_type":"localeString","en":"Events schedule"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"register":{"en":"Register","ru":"Регистрация ","_type":"localeString"},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"auth-message":{"ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To view company events please log in or register on the sit."},"company-presentation":{"ru":"Презентация компании","_type":"localeString","en":"Company presentation"}},"header":{"help":{"_type":"localeString","en":"Help","de":"Hilfe","ru":"Помощь"},"how":{"en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString"},"login":{"en":"Log in","de":"Einloggen","ru":"Вход","_type":"localeString"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"ru":"FAQ","_type":"localeString","en":"FAQ","de":"FAQ"},"references":{"ru":"Мои запросы","_type":"localeString","en":"Requests","de":"References"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"_type":"localeString","en":"For suppliers","ru":"Поставщикам"},"blog":{"en":"Blog","ru":"Блог","_type":"localeString"},"agreements":{"_type":"localeString","en":"Deals","ru":"Сделки"},"my-account":{"_type":"localeString","en":"My account","ru":"Мой кабинет"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"ru":"Подтвердите удаление","_type":"localeString","en":"Are you sure you want to delete"},"search-placeholder":{"en":"Enter your search term","ru":"Введите поисковый запрос","_type":"localeString"},"my-profile":{"en":"My profile","ru":"Мои данные","_type":"localeString"},"about":{"en":"About Us","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"en":"Get reference from user","_type":"localeString"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"_type":"localeString","en":"Products"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"_type":"localeString","en":"Explore IT products by category"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"de":"Über die Firma","ru":"О компании","_type":"localeString","en":"My Company"},"about":{"de":"Über uns","ru":"О нас","_type":"localeString","en":"About us"},"infocenter":{"en":"Infocenter","de":"Infocenter","ru":"Инфоцентр","_type":"localeString"},"tariffs":{"_type":"localeString","en":"Subscriptions","de":"Tarife","ru":"Тарифы"},"contact":{"_type":"localeString","en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами"},"marketplace":{"de":"Marketplace","ru":"Marketplace","_type":"localeString","en":"Marketplace"},"products":{"ru":"Продукты","_type":"localeString","en":"Products","de":"Produkte"},"compare":{"de":"Wähle und vergleiche","ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare"},"calculate":{"de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost"},"get_bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt"},"salestools":{"_type":"localeString","en":"Salestools","de":"Salestools","ru":"Salestools"},"automatization":{"de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString","en":"Settlement Automation"},"roi_calcs":{"de":"ROI-Rechner","ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"matrix":{"de":"Vergleichsmatrix","ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix"},"b4r":{"_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference","ru":"Rebate 4 Reference"},"our_social":{"de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети","_type":"localeString","en":"Our social networks"},"subscribe":{"de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter"},"subscribe_info":{"_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews","ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"_type":"localeString","en":"Price calculator","ru":"Калькулятор цены"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"ru":"блог","_type":"localeString","en":"blog"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"en":"categories","ru":"категории","_type":"localeString"},"showForm":{"_type":"localeString","en":"Show form","ru":"Показать форму"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"en":"Email","ru":"Email","_type":"localeString"},"subscribe__name-label":{"_type":"localeString","en":"Name","ru":"Имя"},"subscribe__required-message":{"en":"This field is required","ru":"Это поле обязательное","_type":"localeString"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data","ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"_type":"localeString","en":"username@gmail.com","ru":"username@gmail.com"},"subscribe__name-placeholder":{"en":"Last, first name","ru":"Имя Фамилия","_type":"localeString"},"subscribe__success":{"en":"You are successfully subscribed! Check you mailbox.","ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString"},"subscribe__error":{"en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString"},"roi4presenter":{"de":"roi4presenter","ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"_type":"localeString","en":"Home","ru":"Главная"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"en":"Registration","ru":"Регистрация","_type":"localeString"},"b2b-platform":{"ru":"Портал для покупателей, поставщиков и производителей ИТ","_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers"}},"comment-form":{"title":{"en":"Leave comment","ru":"Оставить комментарий","_type":"localeString"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"ru":"Компания","_type":"localeString","en":"Company name"},"position":{"ru":"Должность","_type":"localeString","en":"Position"},"actual-cost":{"ru":"Фактическая стоимость","_type":"localeString","en":"Actual cost"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"_type":"localeString","en":"Send","ru":"Отправить"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"_type":"localeString","en":"Site under maintenance","ru":"На сайте проводятся технические работы"},"message":{"_type":"localeString","en":"Thank you for your understanding","ru":"Спасибо за ваше понимание"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"meta":[{"content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg","name":"og:image"},{"name":"og:type","content":"website"}],"translatable_meta":[{"name":"title","translations":{"ru":"Компания","_type":"localeString","en":"Company"}},{"name":"description","translations":{"ru":"Описание компании","_type":"localeString","en":"Company description"}},{"name":"keywords","translations":{"ru":"Ключевые слова для компании","_type":"localeString","en":"Company keywords"}}],"title":{"_type":"localeString","en":"ROI4CIO: Company","ru":"ROI4CIO: Компания"}}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"redhawk-network-security-llc":{"id":7009,"title":"Redhawk Network Security, LLC","logoURL":"https://old.roi4cio.com/uploads/roi/company/Redhawk_Network_Security__LLC.png","alias":"redhawk-network-security-llc","address":"","roles":[{"id":2,"type":"supplier"},{"id":3,"type":"vendor"}],"description":" <span style=\"font-weight: bold;\">Redhawk’s</span> Mission is to Facilitate and support well-defined, well-understood, and well-suited information security programs for dynamic enterprise. Company's vision is to continuously and consistently discover, design, and deploy a mutually shared vision of security. <br /><br />Experience at <span style=\"font-weight: bold;\">Redhawk </span>is more than expertise. It is eyes on, and hands in multiple technology environments, company support of continuing education, and multiple certifications in a wide range of security practices. Industry standards for security change with technology, market demands, and shifting perceptions of risk. <br /><br /><br />Source: https://www.linkedin.com/company/redhawk-network-security-llc/about/<br /><br />","companyTypes":["supplier","vendor"],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{"34":{"id":34,"title":"ITSM - IT Service Management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li> Lower costs for IT operations</li><li> Higher returns on IT investments</li><li> Minimal service outages</li><li> Ability to establish well-defined, repeatable, and manageable IT processes</li><li> Efficient analysis of IT problems to reduce repeat incidents</li><li> Improved efficiency of IT help desk teams</li><li> Well-defined roles and responsibilities</li><li> Clear expectations on service levels and service availability</li><li> Risk-free implementation of IT changes</li><li> Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the "needs" primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png","alias":"itsm-it-service-management"},"45":{"id":45,"title":"SIEM - Security Information and Event Management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png","alias":"siem-security-information-and-event-management"},"52":{"id":52,"title":"SaaS - software as a service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png","alias":"saas-software-as-a-service"},"79":{"id":79,"title":"VM - Vulnerability management","description":"Vulnerability management is the "cyclical practice of identifying, classifying, prioritizing, remediating and mitigating" software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png","alias":"vm-vulnerability-management"},"204":{"id":204,"title":"Managed Detection and Response","description":" MDR, which stands for Managed Detection & Response, is an all-encompassing threat detection system, which arose from the need for small/medium-sized organizations who lack resources to be able to monitor their network systems in-house. It provides a cost-effective alternative to SIEM (Security Information and Event Management).\r\nEveryday, the capabilities of attackers get more sophisticated and the volume of alerts becomes overwhelming and unmanageable. In-house teams might struggle to analyze and log data, which makes it harder than ever to determine if these threats are harmful. MDR can put a stop to attacks before they even happen. MDR technology monitors your systems and detects any unusual behavior, whilst our expert team responds to the threats detected within your business.\r\nMDR offers real-time threat intelligence, and is able to analyse behaviour which can be missed by traditional endpoint security technology. MDR also provides rapid identification of known threats, which in turn minimises overall attacks. Having remote incident investigation will minimise damage to your business, and will allow you to get back to work in no time. It’s important to note that using MDR services will allow third party access to your company's data. You need to consider working with a provider who understands and respects your data policy.","materialsDescription":" <span style=\"font-weight: bold;\">What is Managed Detection and Response?</span>\r\nManaged Detection and Response (MDR) is a managed cybersecurity service that provides intrusion detection of malware and malicious activity in your network, and assists in rapid incident response to eliminate those threats with succinct remediation actions. MDR typically combines a technology solution with outsourced security analysts that extend your technologies and team.\r\n<span style=\"font-weight: bold;\">Isn’t that What MSSPs or Managed SIEMs Do?</span>\r\nNo. Managed Security Service Providers (MSSPs) monitor network security controls and may send alerts when anomalies are identified. MSSPs typically do not investigate the anomalies to eliminate false positives, nor do they respond to real threats. This means that abnormalities in network usage are forwarded to your IT personnel who must then dig through the data to determine if there is a real threat and what to do about it.\r\n<span style=\"font-weight: bold;\">Doesn’t My Firewall Protect My Network?</span>\r\nFirewalls and other preventive forms of cybersecurity are very important and effective at preventing basic cyberattacks. However, over the past decade, it has become clear that preventive cybersecurity technologies are not enough to secure an organization’s network. Further, they are yet another source of alerts, log messages, and events that contribute to the “alert fatigue” being universally suffered today. Recent major hacks such as the Marriot Hack of 2018, the Anthem Hack of 2015, and the Target Hack of 2013 demonstrate how easily cybercriminals can breach networks at enterprise organizations to steal millions of credit card numbers, medical records, and other forms of PII/PHI.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/Endpoint_Detection_and_Response.png","alias":"managed-detection-and-response"},"445":{"id":445,"title":"Penetration Testing","description":" A <span style=\"font-weight: bold; \">penetration test</span>, colloquially known as a pen test, <span style=\"font-weight: bold; \">pentest </span>or <span style=\"font-weight: bold; \">ethical hacking</span>, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system.\r\nStandard penetration test is performed to identify both weaknesses (also referred to as <span style=\"font-weight: bold; \">vulnerabilities</span>), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed. \r\nThe main objective of system penetration testing is to identify security weaknesses. Vulnerability testing can also be used to test an organization's security policy, its adherence to compliance requirements, its employees' security awareness and the organization's ability to identify and respond to security incidents.\r\nTypically,<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">professional penetration testing</span>provides information about security weaknesses that are identified or exploited through pen testing is aggregated and provided to the organization's IT and network system managers, enabling them to make strategic decisions and prioritize remediation efforts. \r\nA wide variety of <span style=\"font-weight: bold; \">software security testing tools </span>are available to assist with penetration testing, including free-of-charge, free software, and commercial software. Penetration tools scan code in order to identity malicious code in applications that could result in a security breach. Pen testing tools examine data encryption techniques and can identify hard-coded values, such as usernames and passwords, to verify security vulnerabilities in the system.\r\n Important aspect of any penetration testing program is defining the scope within which the pen testers must operate. Usually, the scope defines what systems, locations, techniques and tools can be used in a penetration test. Limiting the scope of the penetration test helps focus team members - and defenders - on the systems over which the organization has control.\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Here are several of the main vulnerability penetration testing approaches:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Targeted testing</span> is performed by the organization's IT team and the penetration testing team working together. It's sometimes referred to as a "lights turned on" approach because everyone can see the test being carried out.</li><li><span style=\"font-weight: bold;\">External testing</span> targets a company's externally visible servers or devices including domain name servers, email servers, web servers or firewalls. The<span style=\"font-size:11pt; font-family:Arial; font-style:normal; \">objective of penetration testing</span>is to find out if an outside attacker can get in and how far they can get in once they've gained access.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Internal testing</span> mimics an inside attack behind the firewall by an authorized user with standard access privileges. This kind of test is useful for estimating how much damage a disgruntled employee could cause.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Blind testing simulates</span> the actions and procedures of a real attacker by severely limiting the information given to the person or team performing the test beforehand. Typically, the pen testers may only be given the name of the company.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Double-blind testing</span> takes the blind test and carries it a step further. In this type of pen test, only one or two people within the organization might be aware a test is being conducted. Double-blind tests can be useful for testing an organization's security monitoring and incident identification as well as its response procedures.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Black box</span> testing is basically the same as blind testing, but the tester receives no information before the test takes place. Rather, the pen testers must find their own way into the system.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">White box</span> testing provides the penetration testers information about the target network before they start their work. This information can include such details as IP addresses, network infrastructure schematics and the protocols used plus the source code.</li></ul>","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: normal;\">What Is Penetration Testing?</span></h1>\r\nThere is a considerable amount of confusion in the industry regarding the differences between vulnerability assessment and penetration testing tool,as the two phrases are commonly interchanged. However, their meaning and implications are very different. A <span style=\"font-weight: bold; \">vulnerability assessment </span>simply identifies and reports noted vulnerabilities, whereas a pentest attempts to exploit the vulnerabilities to determine whether unauthorized access or other malicious activity is possible.<span style=\"font-weight: bold; \"> Penetration testing</span> typically includes network penetration testing and web application security testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What is a pentesting tool ?</span></h1>\r\n<p class=\"align-left\">Penetration tools are used as part testing to automate certain tasks, improve testing efficiency and discover issues that might be difficult to find using manual analysis techniques alone. Two common penetration testing tools are <span style=\"font-weight: bold; \">static analysis </span>tools and <span style=\"font-weight: bold; \">dynamic analysis</span> tools. Tools for attack include software designed to produce <span style=\"font-weight: bold; \">brute-force attacks</span> or <span style=\"font-weight: bold; \">SQL injections</span>. There is also hardware specifically designed for pen testing, such as small inconspicuous boxes that can be plugged into a computer on the network to provide the hacker with remote access to that network. In addition, an ethical hacker may use social engineering techniques to find vulnerabilities. For example, sending phishing emails to company employees, or even disguising themselves as delivery people to gain physical access to the building.</p>\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">What are the benefits of penetration testing?</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Manage the Risk Properly. </span>For many organizations, one of the most popular benefits of pen testing services is that they will give you a baseline to work upon to cure the risk in a structured and optimal way. It will show you the list of vulnerabilities in the target environment and the risks associated with it.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Increase Business Continuity.</span> Business continuity is the prime concern for any successful organization. A break in the business continuity can happen for many reasons. Lack of security loopholes is one of them. Insecure systems suffer more breaches in their availability than the secured ones. Today attackers are hired by other organizations to stop the continuity of business by exploiting the vulnerabilities to gain the access and to produce a denial of service condition which usually crashes the vulnerable service and breaks the server availability.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protect Clients, Partners, and Third Parties.</span> A security breach can affect not only the target organization but also their associated clients, partners and third parties working with it. However, if company schedules a penetration test regularly and takes necessary actions towards security, it will help professionals build trust and confidence in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to Evaluate Security Investment. </span> The pen test results will give us an independent view of the effectiveness of existing security processes, ensuring that configuration management practices have been followed correctly. This is an ideal opportunity to review the efficiency of the current security investment. What needs to be improved and what is working and what is not working and how much investment needed to build the more secure environment in the organization.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Help Protect Public Relationships and Guard the reputation of your company.</span>A good public relationship and company reputation are built up after taking many years struggle and hard work and with a huge amount of investment. This can be suddenly changed due to a single security breach.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Protection from Financial Damage.</span> A simple breach of the security system may cause millions of dollars of damage. Penetration testing can protect your organization from such damages.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Helps to tests cyber-defense capability.</span> During a penetration test, the target company’s security team should be able to detect multiple attacks and respond accordingly on time. Furthermore, if an intrusion is detected, the security and forensic teams should start investigations, and the penetration testers should be blocked and their tools removed. The effectiveness of your protection devices like IDS, IPS or WAF can also be tested during a penetration test.<span style=\"font-weight: bold;\"></span></li><li><span style=\"font-weight: bold;\">Client-side Attacks. </span>Pen tests are an effective way of ensuring that successful highly targeted client-side attacks against key members of your staff. Security should be treated with a holistic approach. Companies only assessing the security of their servers run the risk of being targeted with client-side attacks exploiting vulnerabilities in software like web browsers, pdf readers, etc. It is important to ensure that the patch management processes are working properly updating the operating system and third-party applications.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Penetration_Testing.png","alias":"penetration-testing"},"467":{"id":467,"title":"Network Forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents".\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>"Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>"Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png","alias":"network-forensics"},"727":{"id":727,"title":"IT Security Audit","description":" A <span style=\"font-weight: bold; \">computer security audit</span> is a manual or systematic measurable technical assessment of a system or application. Manual assessments include interviewing staff, performing security vulnerability scans, reviewing application and operating system access controls, and analyzing physical access to the systems. Automated assessments, or CAAT's, include system generated audit reports or using software to monitor and report changes to files and settings on a system. Systems can include personal computers, servers, mainframes, network routers, switches.\r\nAt its root, an <span style=\"font-weight: bold; \">IT security audit</span> includes two different assessments. The manual assessment occurs when an internal or external IT security audit companies interview employees, reviews access controls, analyzes physical access to hardware, and performs vulnerability scans. \r\nAudit, performed by IT security audit services or IT security audit software, analyzes individual technical infrastructure components at a detailed level, ensuring that each is functioning in a manner that reinforces appropriate information security. The stakes are made higher with a number of regulatory compliance requirements mandating that IT audits be included in organizational due diligence efforts. These reviews should occur, at a minimum, annually. Some organizations, however, prefer to do them more frequently.\r\nOrganizations should also review system-generated reports. Automated assessments not only incorporate that data, but also respond to software monitoring reports and changes to server and file settings.\r\nSecurity audits, vulnerability assessments, and penetration testing are the <span style=\"font-weight: bold; \">three main types of security diagnostics. </span>Each of the three takes a different approach and may be best suited for a particular purpose. \r\n<span style=\"font-weight: bold; \">Security audits</span> measure an information system's performance against a list of criteria. \r\nA <span style=\"font-weight: bold; \">vulnerability assessment,</span> on the other hand, involves a comprehensive study of an entire information system, seeking potential security weaknesses. \r\n<span style=\"font-weight: bold; \">Penetration testing</span> is a covert operation, in which a security expert tries a number of attacks to ascertain whether or not a system could withstand the same types of attacks from a malicious hacker. In penetration testing, the feigned attack can include anything a real attacker might try, such as social engineering. Each of the approaches has inherent strengths, and using two or more of them in conjunction may be the most effective approach of all.\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> <span style=\"font-weight: bold;\">What is a security audit?</span></h1>\r\nA Security Audit is a process or event where the IT security policy or standards are used as a basis to determine the overall state of existing protection and to verify whether existing protection is being performed properly. It aims to determine whether the current environment is securely protected in accordance with the defined IT security policy.<br />Before performing a security assessment or audit, the organization should define the scope of the security audit, and the budget and duration allowed for the assessment/audit.\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold;\">How often should a security audit be performed?</span></h1>\r\nA security audit only provides a snapshot of the vulnerabilities in a system at a particular point in time. As technology and the business environment changes, periodic and ongoing reviews will inevitably be required. Depending on the criticality of the business, a security audit might be conducted yearly, or every two years.\r\n<h1 class=\"align-center\"><span style=\"font-weight: bold;\">Who should perform a security audit?</span></h1>\r\nA security audit is a complex task requiring skilled and experienced personnel; it must be planned carefully. To perform the audit an independent and trusted third party is recommended. This third party can be another group of in-house staff or an external audit team, dependent on the skills of the internal staff and the criticality/sensitivity of the information being audited.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_IT_Security_Audit.png","alias":"it-security-audit"},"791":{"id":791,"title":"Vulnerability Scanner","description":" A <span style=\"font-weight: bold;\">vulnerability scanner</span> is a computer program designed to assess computers, network vulnerability or applications for known weaknesses. In plain words, these scanners are used to discover the weaknesses of a given system. They are utilized in the identification and detection of vulnerabilities arising from mis-configurations or flawed programming within a network-based asset such as a firewall, router, web server, application server, etc. They are typically available as SaaS (Software as a service); provided over the internet and delivered as a web application. \r\nMost vulnerability scanners will also attempt to log in to systems using default or other credentials in order to build a more detailed picture of the system. After building up an inventory, the vulnerability scanner checks each item in the inventory against one or more databases of known vulnerabilities to see if any items are subject to any of these vulnerabilities. The result of such scan is a systems vulnerability analysis, highlighting any that have known vulnerabilities that may need threat and vulnerability management.\r\n<span style=\"font-weight: bold;\">How vulnerability scanning works</span>. Vulnerability scanning finds systems and software that have known security vulnerabilities, but this information is only useful to IT security teams when it is used as the first part of a four-part vulnerability management process. <span style=\"font-weight: bold;\">Vulnerability management process involves:</span>\r\n<ul><li>Identification of vulnerabilities</li><li>Evaluation of the risk posed by any vulnerabilities identified</li><li>Treatment of any identified vulnerabilities</li><li>Reporting on vulnerabilities and how they have been handled</li></ul>\r\n<br /><span style=\"font-weight: bold;\">Types of vulnerability scans. </span>Not all vulnerability scans are alike, and to ensure compliance with certain regulations (such as those set by the PCI Security Standards Council) it is necessary to carry out two distinct types of vulnerability scans: an internal and an external vulnerability scan. \r\n<span style=\"font-weight: bold;\">External vulnerability scan.</span> As the name suggests, an external vulnerability scan is carried out from outside an organization's network, and its principal purpose is to detect vulnerabilities in the perimeter defenses such as open ports in the network firewall or specialized web application firewall. An external vulnerability scan can help organizations fix security issues that could enable hackers to gain access to the organization's network.\r\n<span style=\"font-weight: bold;\">Internal vulnerability scan. </span>By contrast, an internal vulnerability scan is carried out from inside an organization's perimeter defenses. Its purpose is to detect vulnerabilities that could be exploited by hackers who successfully penetrate the perimeter defenses, or equally by "insider threats" such as contractors or disgruntled employees who have legitimate access to parts of the network.\r\n<span style=\"font-weight: bold;\">Unauthenticated and authenticated vulnerability scans.</span> A similar but not always identical variation of internal and external vulnerability scans is the concept of unauthenticated and authenticated vulnerability scans. Unauthenticated scans, like external scans, search for weaknesses in the network perimeter, while authenticated scans provide vulnerability scanners with various privileged credentials, allowing them to probe the inside of the network for weak passwords, configuration issues, and misconfigured databases or applications.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What is Vulnerability Assessment?</h1>\r\nVulnerability Assessment is also known as Vulnerability Testing, is a vulnerability scanning software performed to evaluate the security risks in the software system in order to reduce the probability of a threat. Vulnerability Analysis depends upon two mechanisms namely Vulnerability Assessment and Penetration Testing (VAPT).\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">Types of a vulnerability scanner:</span></p>\r\n<span style=\"font-weight: bold;\">Host Based. </span>Identifies the issues in the host or the system. The process is carried out by using host-based scanners and diagnose the vulnerabilities. The host-based tools will load a mediator software onto the target system; it will trace the event and report it to the security analyst.\r\n<span style=\"font-weight: bold;\">Network-Based.</span> It will detect the open port, and identify the unknown services running on these ports. Then it will disclose possible vulnerabilities associated with these services. This process is done by using Network-based Scanners.\r\n<span style=\"font-weight: bold;\">Database-Based.</span> It will identify the security exposure in the database systems using tools and techniques to prevent from SQL Injections. (SQL Injections: - Injecting SQL statements into the database by the malicious users, which can read the sensitive data's from a database and can update the data in the Database.)\r\n<h1 class=\"align-center\">How vulnerability scanners works?</h1>\r\nVulnerability scanning is an inspection of the potential points of exploit on a computer or network to identify security holes.\r\nA security scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. A scan may be performed by an organization’s IT department or a security service provide, possibly as a condition imposed by some authority. Vulnerability scans are also used by attackers looking for points of entry.\r\nA vulnerability scanner runs from the end point of the person inspecting the attack surface in question. The software compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. The scanner software attempts to exploit each vulnerability that is discovered.\r\nRunning a vulnerability scan can pose its own risks as it is inherently intrusive on the target machine’s running code. As a result, the scan can cause issues such as errors and reboots, reducing productivity.\r\n<h1 class=\"align-center\">How to choose the best vulnerability scanning tool?</h1>\r\nWhen researching vulnerability scanners, it's important to find out how they're rated for accuracy (the most important metric) as well as reliability, scalability and reporting. If accuracy is lacking, you'll end up running two different scanners, hoping that one picks up vulnerabilities that the other misses. This adds cost and effort to the scanning process. \r\n<span style=\"font-weight: bold;\">Software-Based Vulnerability Scanners.</span> These types of scanning products generally include configuration auditing, target profiling, penetration testing and detailed vulnerability analysis. They integrate with Windows products, such as Microsoft System Center, to provide intelligent patch management; some work with mobile device managers. They can scan not only physical network devices, servers and workstations, but extend to virtual machines, BYOD mobile devices and databases.\r\n<span style=\"font-weight: bold;\">Cloud-Based Vulnerability Scanners: </span>Continuous, On-Demand Monitoring. A newer type of vulnerability finder is delivered on-demand as Software as a Service (SaaS). Like software-based scanners, on-demand scanners incorporate links for downloading vendor patches and updates for identified vulnerabilities, reducing remediation effort. These services also include scanning thresholds to prevent overloading devices during the scanning process, which can cause devices to crash.\r\n<h1 class=\"align-center\">What is mobile application security scanner?</h1>\r\nMobile application security testing can help ensure there aren’t any loopholes in the software that may cause data loss. The sets of tests are meant to attack the app to identify possible threats and vulnerabilities that would allow external persons or systems to access private information stored on the mobile device. \r\nMobile application vulnerability scanner can help to ensure that applications are free from the flaws and weaknesses that hackers use to gain access to sensitive information. From backdoors, malicious code and other threats, these flaws may be present both in commercial and open source applications as well as software developed in-house.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Vulnerability_Scanner.png","alias":"vulnerability-scanner"},"793":{"id":793,"title":"Web Application Vulnerability Scanner","description":" A <span style=\"font-weight: bold; \">web application vulnerability scanner,</span> also known as a <span style=\"font-weight: bold; \">web application security scanner,</span> is an automated security tool. It scans web applications for malware, vulnerabilities, and logical flaws. Web application scanner use black box tests, as these tests do not require access to the source code but instead launch external attacks to test for security vulnerabilities. These simulated attacks can detect path traversal, cross-site scripting(XSS), and command injection.\r\nWeb app scanners are categorized as <span style=\"font-weight: bold; \">Dynamic Application Security Testing (DAST) tools.</span> DAST tools provide insight into how your web applications behave while they are in production, enabling your business to address potential vulnerabilities before a hacker uses them to stage an attack. As your web applications evolve, DAST solutions continue to scan them so that your business can promptly identify and remediate emerging issues before they develop into serious risks.\r\nWeb app vulnerability scanner first crawls the entire website, analyzing in-depth each file it finds, and displaying the entire website structure. After this discovery stage, it performs an automatic audit for common security vulnerabilities by launching a series of Web attacks. Web application scanners check for vulnerabilities on the Web server, proxy server, Web application server and even on other Web services. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.\r\nA web application vulnerability assessment is very different than a general vulnerability assessment where security focus on networks and hosts. App vulnerability scanner scans ports, connect to services, and use other techniques to gather information revealing the patch levels, configurations, and potential exposures of our infrastructure.\r\nAutomated web application scanning tools help the user making sure the whole website is properly crawled, and that no input or parameter is left unchecked. Automated web vulnerability scanners also help in finding a high percentage of the technical vulnerabilities, and give you a very good overview of the website’s structure, and security status. \r\nThe best way to identify web application security threats is to perform web application vulnerability assessment. The importance of these threats could leave your organization exposed if they are not properly identified and mitigated. Therefore, implementing a web app security scanner solution should be of paramount importance for your organizations security plans in the future. \r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Why Web Application Vulnerability Scanning is important?</h1>\r\nWeb applications are the technological base of modern companies. That’s why more and more businesses are betting on the development of this type of digital platforms. They stand out because they allow to automate processes, simplify tasks, be more efficient and offer a better service to the customer.<br /><br />The objective of web applications is that the user completes a task, be it buying, making a bank transaction, accessing e-mail, editing photos, texts, among many other things. In fact, they are very useful for an endless number of services, hence their popularity. Their disadvantages are few, but there is one that requires special attention: vulnerabilities.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Main web application security risks</span></p>\r\nA web vulnerability scanner tools will help you keep your services protected. However, it is important to be aware of the major security risks that exist so that both developers and security professionals are always alert and can find the most appropriate solutions in a timely manner.\r\n<ul><li><span style=\"font-weight: bold; \">Injection</span></li></ul>\r\nThis is a vulnerability that affects the application databases. They occur when unreliable data is sent to an interpreter by means of a command or query. The attacker may inject malicious code to disrupt the normal operation of the application by making it access the data without authorization or execute involuntary commands.\r\n<ul><li><span style=\"font-weight: bold; \">Authentication failures</span></li></ul>\r\nIf a vulnerability scan in web applications finds a failure, it may be due to loss of authentication. This is a critical vulnerability, as it allows the attacker to impersonate another user. This can compromise important data such as usernames, passwords, session tokens, and more.\r\n<ul><li><span style=\"font-weight: bold; \">Sensitive data exposure</span></li></ul>\r\nA serious risk is the exposure of sensitive data especially financial information such as credit cards or account numbers, personal data such as place of residence, or health-related information. If an attacker scans for this type of vulnerability, he or she may modify or steal this data and use it fraudulently. Therefore, it is essential to use a web app scanning tools to find vulnerabilities in web applications.<br /><br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Web_Application_Vulnerability_Scanner.png","alias":"web-application-vulnerability-scanner"},"834":{"id":834,"title":"IoT - Internet of Things Security","description":" IoT security is the technology area concerned with safeguarding connected devices and networks in the internet of things (IoT).\r\nIoT involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects, animals and/or people. Each "thing" is provided a unique identifier and the ability to automatically transfer data over a network. Allowing devices to connect to the internet opens them up to a number of serious vulnerabilities if they are not properly protected.\r\nIoT security has become the subject of scrutiny after a number of high-profile incidents where a common IoT device was used to infiltrate and attack the larger network. Implementing security measures is critical to ensuring the safety of networks with IoT devices connected to them.\r\nIoT security hacks can happen in any industry, from smart home to a manufacturing plant to a connected car. The severity of impact depends greatly on the individual system, the data collected and/or the information it contains.\r\nAn attack disabling the brakes of a connected car, for example, or on a connected health device, such as an insulin pump hacked to administer too much medication to a patient, can be life-threatening. Likewise, an attack on a refrigeration system housing medicine that is monitored by an IoT system can ruin the viability of a medicine if temperatures fluctuate. Similarly, an attack on critical infrastructure -- an oil well, energy grid or water supply -- can be disastrous.\r\nSo, a robust IoT security portfolio must allow protecting devices from all types of vulnerabilities while deploying the security level that best matches application needs. Cryptography technologies are used to combat communication attacks. Security services are offered for protecting against lifecycle attacks. Isolation measures can be implemented to fend off software attacks. And, finally, IoT security should include tamper mitigation and side-channel attack mitigation technologies for fighting physical attacks of the chip.","materialsDescription":" <span style=\"font-weight: bold;\">What are the key requirements of IoT Security?</span>\r\nThe key requirements for any IoT security solution are:\r\n<ul><li>Device and data security, including authentication of devices and confidentiality and integrity of data</li><li>Implementing and running security operations at IoT scale</li><li>Meeting compliance requirements and requests</li><li>Meeting performance requirements as per the use case</li></ul>\r\n<span style=\"font-weight: bold;\">What do connected devices require to participate in the IoT Securely?</span>\r\nTo securely participate in the IoT, each connected device needs a unique identification – even before it has an IP address. This digital credential establishes the root of trust for the device’s entire lifecycle, from initial design to deployment to retirement.\r\n<span style=\"font-weight: bold;\">Why is device authentication necessary for the IoT?</span>\r\nStrong IoT device authentication is required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can be authenticated when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behavior, administrators can simply revoke its privileges.\r\n<span style=\"font-weight: bold;\">Why is secure manufacturing necessary for IoT devices?</span>\r\nIoT devices produced through unsecured manufacturing processes provide criminals opportunities to change production runs to introduce unauthorized code or produce additional units that are subsequently sold on the black market.\r\nOne way to secure manufacturing processes is to use hardware security modules (HSMs) and supporting security software to inject cryptographic keys and digital certificates and to control the number of units built and the code incorporated into each.\r\n<span style=\"font-weight: bold;\">Why is code signing necessary for IoT devices?</span>\r\nTo protect businesses, brands, partners, and users from software that has been infected by malware, software developers have adopted code signing. In the IoT, code signing in the software release process ensures the integrity of IoT device software and firmware updates and defends against the risks associated with code tampering or code that deviates from organizational policies.\r\nIn public key cryptography, code signing is a specific use of certificate-based digital signatures that enables an organization to verify the identity of the software publisher and certify the software has not been changed since it was published.\r\n<span style=\"font-weight: bold;\">What is IoT PKI?</span>\r\nToday there are more things (devices) online than there are people on the planet! Devices are the number one users of the Internet and need digital identities for secure operation. As enterprises seek to transform their business models to stay competitive, rapid adoption of IoT technologies is creating increasing demand for Public Key Infrastructures (PKIs) to provide digital certificates for the growing number of devices and the software and firmware they run.\r\nSafe IoT deployments require not only trusting the devices to be authentic and to be who they say they are, but also trusting that the data they collect is real and not altered. If one cannot trust the IoT devices and the data, there is no point in collecting, running analytics, and executing decisions based on the information collected.\r\nSecure adoption of IoT requires:\r\n<ul><li>Enabling mutual authentication between connected devices and applications</li><li>Maintaining the integrity and confidentiality of the data collected by devices</li><li>Ensuring the legitimacy and integrity of the software downloaded to devices</li><li>Preserving the privacy of sensitive data in light of stricter security regulations</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/iot.png","alias":"iot-internet-of-things-security"},"836":{"id":836,"title":"DRP - Digital Risk Protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png","alias":"drp-digital-risk-protection"},"840":{"id":840,"title":"ICS/SCADA Cyber Security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png","alias":"icsscada-cyber-security"}},"branches":"Information Technology","companySizes":"1 to 50 Employees","companyUrl":"https://www.redhawksecurity.com/","countryCodes":["CAN","USA"],"certifications":[],"isSeller":true,"isSupplier":true,"isVendor":true,"presenterCodeLng":"","seo":{"title":"Redhawk Network Security, LLC","keywords":"","description":" <span style=\"font-weight: bold;\">Redhawk’s</span> Mission is to Facilitate and support well-defined, well-understood, and well-suited information security programs for dynamic enterprise. Company's vision is to continuously and consistently discover, design, ","og:title":"Redhawk Network Security, LLC","og:description":" <span style=\"font-weight: bold;\">Redhawk’s</span> Mission is to Facilitate and support well-defined, well-understood, and well-suited information security programs for dynamic enterprise. Company's vision is to continuously and consistently discover, design, ","og:image":"https://old.roi4cio.com/uploads/roi/company/Redhawk_Network_Security__LLC.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[],"vendoredProducts":[{"id":4621,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Redhawk_Network_Security__LLC.png","logo":true,"scheme":false,"title":"RedHawk Managed SIEM","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"redhawk-managed-siem","companyTitle":"Redhawk Network Security, LLC","companyTypes":["supplier","vendor"],"companyId":7009,"companyAlias":"redhawk-network-security-llc","description":"A staggering 27 percent of IT professionals receive more than one million threat alerts daily, according to a recent survey by Imperva. \r\nWith malware multiplying, an increase in phishing schemes, and cyber criminals taking organizations hostage, the need to be watchful and vigilant is more important than ever. \r\nA technology such as Security Information and Event Management (SIEM) can help you monitor your intrusion points 24x7x365 and combat cyberthreats.But the problem most organizations face is implementing, managing, and monitoring yet another technology. \r\nThey find the process of managing a SIEM daunting, much like trying to find a needle in a haystack. That’s where Redhawk fits in. A correctly-tuned SIEM can help find the needle and also reduce the number of resources required to manage your security program. \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">For resource-constrained companies, Redhawk’s Managed SIEM Solution provides maximum security benefits with minimal associated costs.</span></span>\r\nIncreasingly sophisticated threats and changing attack methods now require a different approach. \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Redhawk Network Security provides a dynamic Managed SIEM Solution, powered by AlienVault®, to meet your needs. Thee can help you implement a SIEM solution and manage it every step of the way, including the “tuning” period, where we tune the SIEM alerting to your specific environment. </span></span>\r\nThink of SIEM as keeping a watchful eye on all of your data points, looking for suspicious activity, with quick visibility and fast response times so that you are flagged right away. \r\nBy monitoring your network traffic and threat points, a SIEM can aggregate all of your logs into one source to detect and flag any type of compromise or suspicious activity, such as malware or multiple failed logins.\r\nRedhawk Network Security have the expertise and capabilities to provide the advanced security services you require to stay secure and minimize risks to your organization and the information you manage.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Fully-managed, end-to-end SIEM solution, including the initial set-up, and tuning to your environment to ensure reliable and accurate security monitoring:</span></span>\r\n<ul><li>Redhawk installs and set ups the SIEM solution and tune it to your specific environment.</li><li>Team continually tune the service, answering every alarm, making adjustments along the way. </li><li>24x7x365 Monitoring and Incident Response.</li><li>Threat mitigation and remediation expertise. </li><li>Periodic reports on your schedule in the format you choose</li><li>You have access to up-to-date threat intelligence with access to the AlienVault® Open Threat Exchange® (OTX)</li><li>This is certified compliant with PCI DSS, HIPAA, and SOC 2</li><li>Threat detection across all environments: AWS, Azure, on-premises, and cloud applications such as Office 365 and G Suite</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">All of the Security Essentials in One Platform</span></p>\r\nRedhawk can help you eliminate the complexity and costs of managing multiple, disparate points with a unified platform that delivers all the security essentials required for effective threat detection, incident response, and compliance management. \r\nThis includes:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Asset Discovery</span></span>\r\nVisibility into who and what is connected to the network at all times \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Vulnerability Assessment</span></span>\r\nAutomated asset scanning to identify vulnerabilities and exposure\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Intrusion Detection</span></span>\r\nCentralized threat detection across all environments\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Behavioral Monitoring</span></span>\r\nIdentification of suspicious behavior and network anomalies \r\n<span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">SIEM and Log Management</span></span>\r\nCorrelation and analysis of security event data from across the network \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Compliance Management</span></span>\r\nContinuous monitoring, compliant log storage, and built-in reporting \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Intelligence</span></span>\r\nReal-time, validated intelligence on the latest threats and attack methods<br /><br />","shortDescription":"A dynamic Managed SIEM Solution, powered by AlienVault to meet your needs. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"RedHawk Managed SIEM","keywords":"","description":"A staggering 27 percent of IT professionals receive more than one million threat alerts daily, according to a recent survey by Imperva. \r\nWith malware multiplying, an increase in phishing schemes, and cyber criminals taking organizations hostage, the need to b","og:title":"RedHawk Managed SIEM","og:description":"A staggering 27 percent of IT professionals receive more than one million threat alerts daily, according to a recent survey by Imperva. \r\nWith malware multiplying, an increase in phishing schemes, and cyber criminals taking organizations hostage, the need to b","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Redhawk_Network_Security__LLC.png"},"eventUrl":"","translationId":4622,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li> Lower costs for IT operations</li><li> Higher returns on IT investments</li><li> Minimal service outages</li><li> Ability to establish well-defined, repeatable, and manageable IT processes</li><li> Efficient analysis of IT problems to reduce repeat incidents</li><li> Improved efficiency of IT help desk teams</li><li> Well-defined roles and responsibilities</li><li> Clear expectations on service levels and service availability</li><li> Risk-free implementation of IT changes</li><li> Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the "needs" primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents".\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>"Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>"Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"},{"id":399,"title":"Requirements Visualization, Definition, and Management","alias":"requirements-visualization-definition-and-management","description":" Requirements management is the process of documenting, analyzing, tracing, prioritizing and agreeing on requirements and then controlling change and communicating to relevant stakeholders. It is a continuous process throughout a project. A requirement is a capability to which a project outcome (product or service) should conform.\r\nThe purpose of requirements management is to ensure that an organization documents, verifies, and meets the needs and expectations of its customers and internal or external stakeholders. Requirements management begins with the analysis and elicitation of the objectives and constraints of the organization. Requirements management further includes supporting planning for requirements, integrating requirements and the organization for working with them (attributes for requirements), as well as relationships with other information delivering against requirements, and changes for these.\r\nThe traceability thus established is used in managing requirements to report back fulfilment of company and stakeholder interests in terms of compliance, completeness, coverage, and consistency. Traceabilities also support change management as part of requirements management in understanding the impacts of changes through requirements or other related elements (e.g., functional impacts through relations to functional architecture), and facilitating introducing these changes.\r\nRequirements management involves communication between the project team members and stakeholders, and adjustment to requirements changes throughout the course of the project. To prevent one class of requirements from overriding another, constant communication among members of the development team is critical. For example, in software development for internal applications, the business has such strong needs that it may ignore user requirements, or believe that in creating use cases, the user requirements are being taken care of.\r\nRequirements traceability is concerned with documenting the life of a requirement. It should be possible to trace back to the origin of each requirement and every change made to the requirement should therefore be documented in order to achieve traceability. Even the use of the requirement after the implemented features have been deployed and used should be traceable.\r\nRequirements come from different sources, like the business person ordering the product, the marketing manager and the actual user. These people all have different requirements for the product. Using requirements traceability, an implemented feature can be traced back to the person or group that wanted it during the requirements elicitation. This can, for example, be used during the development process to prioritize the requirement, determining how valuable the requirement is to a specific user. It can also be used after the deployment when user studies show that a feature is not used, to see why it was required in the first place.","materialsDescription":"<span style=\"font-weight: bold; \">Requirements activities</span>\r\nAt each stage in a development process, there are key requirements management activities and methods. To illustrate, consider a standard five-phase development process with Investigation, Feasibility, Design, Construction, and Test, and Release stages.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Investigation</span></span>\r\nIn Investigation, the first three classes of requirements are gathered from the users, from the business, and from the development team. In each area, similar questions are asked; what are the goals, what are the constraints, what are the current tools or processes in place, and so on. Only when these requirements are well understood can functional requirements be developed.\r\nIn the common case, requirements cannot be fully defined at the beginning of the project. Some requirements will change, either because they simply weren’t extracted, or because internal or external forces at work affect the project in mid-cycle.\r\nThe deliverable from the Investigation stage is a requirements document that has been approved by all members of the team. Later, in the thick of development, this document will be critical in preventing scope creep or unnecessary changes. As the system develops, each new feature opens a world of new possibilities, so the requirements specification anchors the team to the original vision and permits a controlled discussion of scope change.\r\nWhile many organizations still use only documents to manage requirements, others manage their requirements baselines using software tools. These tools allow requirements to be managed in a database, and usually have functions to automate traceability (e.g., by allowing electronic links to be created between parent and child requirements, or between test cases and requirements), electronic baseline creation, version control, and change management. Usually, such tools contain an export function that allows a specification document to be created by exporting the requirements data into a standard document application.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Feasibility</span></span>\r\nIn the Feasibility stage, the costs of the requirements are determined. For user requirements, the current cost of work is compared to the future projected costs once the new system is in place. Questions such as these are asked: “What are data entry errors costing us now?” Or “What is the cost of scrap due to operator error with the current interface?” Actually, the need for the new tool is often recognized as these questions come to the attention of financial people in the organization.\r\nBusiness costs would include, “What department has the budget for this?” “What is the expected rate of return on the new product in the marketplace?” “What’s the internal rate of return in reducing the costs of training and support if we make a new, easier-to-use system?”\r\nTechnical costs are related to software development costs and hardware costs. “Do we have the right people to create the tool?” “Do we need new equipment to support expanded software roles?” This last question is an important type. The team must inquire into whether the newest automated tools will add sufficient processing power to shift some of the burdens from the user to the system in order to save people time.\r\nThe question also points out a fundamental point about requirements management. A human and a tool form a system, and this realization is especially important if the tool is a computer or a new application on a computer. The human mind excels in parallel processing and interpretation of trends with insufficient data. The CPU excels in serial processing and accurate mathematical computation. The overarching goal of the requirements management effort for a software project would thus be to make sure the work being automated gets assigned to the proper processor. For instance, “Don’t make the human remember where she is in the interface. Make the interface report the human’s location in the system at all times.” Or “Don’t make the human enter the same data in two screens. Make the system store the data and fill in the second screen as needed.”\r\nThe deliverable from the Feasibility stage is the budget and schedule for the project.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Design</span></span>\r\nAssuming that costs are accurately determined and benefits to be gained are sufficiently large, the project can proceed to the Design stage. In Design, the main requirements management activity is comparing the results of the design against the requirements document to make sure that work is staying in scope.\r\nAgain, flexibility is paramount to success. Here’s a classic story of scope change in mid-stream that actually worked well. Ford auto designers in the early ‘80s were expecting gasoline prices to hit $3.18 per gallon by the end of the decade. Midway through the design of the Ford Taurus, prices had centered to around $1.50 a gallon. The design team decided they could build a larger, more comfortable, and more powerful car if the gas prices stayed low, so they redesigned the car. The Taurus launch set nationwide sales records when the new car came out, primarily because it was so roomy and comfortable to drive.\r\nIn most cases, however, departing from the original requirements to that degree does not work. So the requirements document becomes a critical tool that helps the team make decisions about design changes.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Construction and test</span></span>\r\nIn the construction and testing stage, the main activity of requirements management is to make sure that work and cost stay within schedule and budget, and that the emerging tool does, in fact, meet requirements. A main tool used in this stage is prototype construction and iterative testing. For a software application, the user interface can be created on paper and tested with potential users while the framework of the software is being built. The results of these tests are recorded in a user interface design guide and handed off to the design team when they are ready to develop the interface. This saves time and makes their jobs much easier.\r\nVerification: This effort verifies that the requirement has been implemented correctly. There are 4 methods of verification: analysis, inspection, testing, and demonstration. Numerical software execution results or through-put on a network test, for example, provides analytical evidence that the requirement has been met. Inspection of vendor documentation or spec sheets also verifies requirements. Actually testing or demonstrating the software in a lab environment also verifies the requirements: a test type of verification will occur when test equipment not normally part of the lab (or system under test) is used. Comprehensive test procedures which outline the steps and their expected results clearly identify what is to be seen as a result of performing the step. After the step or set of steps is completed the last step's expected result will call out what has been seen and then identify what requirements or requirements have been verified (identified by number). The requirement number, title, and verbiage are tied together in another location in the test document.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Requirements change management</span></span>\r\nHardly would any software development project be completed without some changes being asked of the project. The changes can stem from changes in the environment in which the finished product is envisaged to be used, business changes, regulation changes, errors in the original definition of requirements, limitations in technology, changes in the security environment and so on. The activities of requirements change management include receiving the change requests from the stakeholders, recording the received change requests, analyzing and determining the desirability and process of implementation, implementation of the change request, quality assurance for the implementation and closing the change request. Then the data of change requests be compiled, analyzed and appropriate metrics are derived and dovetailed into the organizational knowledge repository.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Release</span></span>\r\nRequirements management does not end with product release. From that point on, the data coming in about the application’s acceptability is gathered and fed into the Investigation phase of the next generation or release. Thus the process begins again.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Requirements_Visualization.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[{"id":4621,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Redhawk_Network_Security__LLC.png","logo":true,"scheme":false,"title":"RedHawk Managed SIEM","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"redhawk-managed-siem","companyTitle":"Redhawk Network Security, LLC","companyTypes":["supplier","vendor"],"companyId":7009,"companyAlias":"redhawk-network-security-llc","description":"A staggering 27 percent of IT professionals receive more than one million threat alerts daily, according to a recent survey by Imperva. \r\nWith malware multiplying, an increase in phishing schemes, and cyber criminals taking organizations hostage, the need to be watchful and vigilant is more important than ever. \r\nA technology such as Security Information and Event Management (SIEM) can help you monitor your intrusion points 24x7x365 and combat cyberthreats.But the problem most organizations face is implementing, managing, and monitoring yet another technology. \r\nThey find the process of managing a SIEM daunting, much like trying to find a needle in a haystack. That’s where Redhawk fits in. A correctly-tuned SIEM can help find the needle and also reduce the number of resources required to manage your security program. \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">For resource-constrained companies, Redhawk’s Managed SIEM Solution provides maximum security benefits with minimal associated costs.</span></span>\r\nIncreasingly sophisticated threats and changing attack methods now require a different approach. \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Redhawk Network Security provides a dynamic Managed SIEM Solution, powered by AlienVault®, to meet your needs. Thee can help you implement a SIEM solution and manage it every step of the way, including the “tuning” period, where we tune the SIEM alerting to your specific environment. </span></span>\r\nThink of SIEM as keeping a watchful eye on all of your data points, looking for suspicious activity, with quick visibility and fast response times so that you are flagged right away. \r\nBy monitoring your network traffic and threat points, a SIEM can aggregate all of your logs into one source to detect and flag any type of compromise or suspicious activity, such as malware or multiple failed logins.\r\nRedhawk Network Security have the expertise and capabilities to provide the advanced security services you require to stay secure and minimize risks to your organization and the information you manage.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Fully-managed, end-to-end SIEM solution, including the initial set-up, and tuning to your environment to ensure reliable and accurate security monitoring:</span></span>\r\n<ul><li>Redhawk installs and set ups the SIEM solution and tune it to your specific environment.</li><li>Team continually tune the service, answering every alarm, making adjustments along the way. </li><li>24x7x365 Monitoring and Incident Response.</li><li>Threat mitigation and remediation expertise. </li><li>Periodic reports on your schedule in the format you choose</li><li>You have access to up-to-date threat intelligence with access to the AlienVault® Open Threat Exchange® (OTX)</li><li>This is certified compliant with PCI DSS, HIPAA, and SOC 2</li><li>Threat detection across all environments: AWS, Azure, on-premises, and cloud applications such as Office 365 and G Suite</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold;\">All of the Security Essentials in One Platform</span></p>\r\nRedhawk can help you eliminate the complexity and costs of managing multiple, disparate points with a unified platform that delivers all the security essentials required for effective threat detection, incident response, and compliance management. \r\nThis includes:\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Asset Discovery</span></span>\r\nVisibility into who and what is connected to the network at all times \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Vulnerability Assessment</span></span>\r\nAutomated asset scanning to identify vulnerabilities and exposure\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Intrusion Detection</span></span>\r\nCentralized threat detection across all environments\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Behavioral Monitoring</span></span>\r\nIdentification of suspicious behavior and network anomalies \r\n<span style=\"font-weight: bold;\"><span style=\"font-style: italic;\">SIEM and Log Management</span></span>\r\nCorrelation and analysis of security event data from across the network \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Compliance Management</span></span>\r\nContinuous monitoring, compliant log storage, and built-in reporting \r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Intelligence</span></span>\r\nReal-time, validated intelligence on the latest threats and attack methods<br /><br />","shortDescription":"A dynamic Managed SIEM Solution, powered by AlienVault to meet your needs. ","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":10,"sellingCount":11,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"RedHawk Managed SIEM","keywords":"","description":"A staggering 27 percent of IT professionals receive more than one million threat alerts daily, according to a recent survey by Imperva. \r\nWith malware multiplying, an increase in phishing schemes, and cyber criminals taking organizations hostage, the need to b","og:title":"RedHawk Managed SIEM","og:description":"A staggering 27 percent of IT professionals receive more than one million threat alerts daily, according to a recent survey by Imperva. \r\nWith malware multiplying, an increase in phishing schemes, and cyber criminals taking organizations hostage, the need to b","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Redhawk_Network_Security__LLC.png"},"eventUrl":"","translationId":4622,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":34,"title":"ITSM - IT Service Management","alias":"itsm-it-service-management","description":"<span style=\"font-weight: bold; \">IT service management (ITSM)</span> is the process of designing, delivering, managing, and improving the IT services an organization provides to its end users. ITSM is focused on aligning IT processes and services with business objectives to help an organization grow.\r\nITSM positions IT services as the key means of delivering and obtaining value, where an internal or external IT service provider works with business customers, at the same time taking responsibility for the associated costs and risks. ITSM works across the whole lifecycle of a service, from the original strategy, through design, transition and into live operation.\r\nTo ensure sustainable quality of IT services, ITSM establishes a set of practices, or processes, constituting a service management system. There are industrial, national and international standards for IT service management solutions, setting up requirements and good practices for the management system. \r\nITSM system is based on a set of principles, such as focusing on value and continual improvement. It is not just a set of processes – it is a cultural mindset to ensure that the desired outcome for the business is achieved. \r\n<span style=\"font-weight: bold; \">ITIL (IT Infrastructure Library)</span> is a framework of best practices and recommendations for managing an organization's IT operations and services. IT service management processes, when built based on the ITIL framework, pave the way for better IT service operations management and improved business. To summarize, ITIL is a set of guidelines for effective IT service management best practices. ITIL has evolved beyond the delivery of services to providing end-to-end value delivery. The focus is now on the co-creation of value through service relationships. \r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">ITSM processes typically include five stages, all based on the ITIL framework:</span></p>\r\n<span style=\"font-weight: bold; \">ITSM strategy.</span> This stage forms the foundation or the framework of an organization's ITSM process building. It involves defining the services that the organization will offer, strategically planning processes, and recognizing and developing the required assets to keep processes moving. \r\n<span style=\"font-weight: bold; \">Service design.</span> This stage's main aim is planning and designing the IT services the organization offers to meet business demands. It involves creating and designing new services as well as assessing current services and making relevant improvements.\r\n<span style=\"font-weight: bold; \">Service transition.</span> Once the designs for IT services and their processes have been finalized, it's important to build them and test them out to ensure that processes flow. IT teams need to ensure that the designs don't disrupt services in any way, especially when existing IT service processes are upgraded or redesigned. This calls for change management, evaluation, and risk management. \r\n<span style=\"font-weight: bold; \">Service operation. </span>This phase involves implementing the tried and tested new or modified designs in a live environment. While in this stage, the processes have already been tested and the issues fixed, but new processes are bound to have hiccups—especially when customers start using the services. \r\n<span style=\"font-weight: bold;\">Continual service improvement (CSI).</span> Implementing IT processes successfully shouldn't be the final stage in any organization. There's always room for improvement and new development based on issues that pop up, customer needs and demands, and user feedback.\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Benefits of efficient ITSM processes</h1>\r\nIrrespective of the size of business, every organization is involved in IT service management in some way. ITSM ensures that incidents, service requests, problems, changes, and IT assets—in addition to other aspects of IT services—are managed in a streamlined way.\r\nIT teams in your organization can employ various workflows and best practices in ITSM, as outlined in ITIL. Effective IT service management can have positive effects on an IT organization's overall function.\r\nHere are the 10 key benefits of ITSM:\r\n<ul><li> Lower costs for IT operations</li><li> Higher returns on IT investments</li><li> Minimal service outages</li><li> Ability to establish well-defined, repeatable, and manageable IT processes</li><li> Efficient analysis of IT problems to reduce repeat incidents</li><li> Improved efficiency of IT help desk teams</li><li> Well-defined roles and responsibilities</li><li> Clear expectations on service levels and service availability</li><li> Risk-free implementation of IT changes</li><li> Better transparency into IT processes and services</li></ul>\r\n<h1 class=\"align-center\">How to choose an ITSM tool?</h1>\r\nWith a competent IT service management goal in mind, it's important to invest in a service desk solution that caters to your business needs. It goes without saying, with more than 150 service desk tools to choose from, selecting the right one is easier said than done. Here are a few things to keep in mind when choosing an ITSM products:\r\n<span style=\"font-weight: bold; \">Identify key processes and their dependencies. </span>Based on business goals, decide which key ITSM processes need to be implemented and chart out the integrations that need to be established to achieve those goals. \r\n<span style=\"font-weight: bold; \">Consult with ITSM experts.</span> Participate in business expos, webinars, demos, etc., and educate yourself about the various options that are available in the market. Reports from expert analysts such as Gartner and Forrester are particularly useful as they include reviews of almost every solution, ranked based on multiple criteria.\r\n<span style=\"font-weight: bold; \">Choose a deployment option.</span> Every business has a different IT infrastructure model. Selecting an on-premises or software as a service (SaaS IT service management) tool depends on whether your business prefers to host its applications and data on its own servers or use a public or private cloud.\r\n<span style=\"font-weight: bold; \">Plan ahead for the future.</span> Although it's important to consider the "needs" primarily, you shouldn't rule out the secondary or luxury capabilities. If the ITSM tool doesn't have the potential to adapt to your needs as your organization grows, it can pull you back from progressing. Draw a clear picture of where your business is headed and choose an service ITSM that is flexible and technology-driven.\r\n<span style=\"font-weight: bold;\">Don't stop with the capabilities of the ITSM tool.</span> It might be tempting to assess an ITSM tool based on its capabilities and features but it's important to evaluate the vendor of the tool. A good IT support team, and a vendor that is endorsed for their customer-vendor relationship can take your IT services far. Check Gartner's magic quadrant and other analyst reports, along with product and support reviews to ensure that the said tool provides good customer support.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_ITSM.png"},{"id":840,"title":"ICS/SCADA Cyber Security","alias":"icsscada-cyber-security","description":"SCADA security is the practice of protecting supervisory control and data acquisition (SCADA) networks, a common framework of control systems used in industrial operations. These networks are responsible for providing automated control and remote human management of essential commodities and services such as water, natural gas, electricity and transportation to millions of people. They can also be used to improve the efficiencies and quality in other less essential (but some would say very important!) real-world processes such as snowmaking for ski resorts and beer brewing. SCADA is one of the most common types of industrial control systems (ICS).\r\nThese networks, just like any other network, are under threat from cyber-attacks that could bring down any part of the nation's critical infrastructure quickly and with dire consequences if the right security is not in place. Capital expenditure is another key concern; SCADA systems can cost an organization from tens of thousands to millions of dollars. For these reasons, it is essential that organizations implement robust SCADA security measures to protect their infrastructure and the millions of people that would be affected by the disruption caused by an external attack or internal error.\r\nSCADA security has evolved dramatically in recent years. Before computers, the only way to monitor a SCADA network was to deploy several people to each station to report back on the state of each system. In busier stations, technicians were stationed permanently to manually operate the network and communicate over telephone wires.\r\nIt wasn't until the introduction of the local area network (LAN) and improvements in system miniaturization that we started to see advances in SCADA development such as the distributed SCADA network. Next came networked systems that were able to communicate over a wide area network (WAN) and connect many more components together.\r\nFrom local companies to federal governments, every business or organization that works with SCADA systems are vulnerable to SCADA security threats. These threats can have wide-reaching effects on both the economy and the community. Specific threats to SCADA networks include the following:\r\n<span style=\"font-weight: bold;\">Hackers.</span> Individuals or groups with malicious intent could bring a SCADA network to its knees. By gaining access to key SCADA components, hackers could unleash chaos on an organization that can range from a disruption in services to cyber warfare.\r\n<span style=\"font-weight: bold;\">Malware.</span> Malware, including viruses, spyware and ransomware can pose a risk to SCADA systems. While malware may not be able to specifically target the network itself, it can still pose a threat to the key infrastructure that helps to manage the SCADA network. This includes mobile SCADA applications that are used to monitor and manage SCADA systems.\r\n<span style=\"font-weight: bold;\">Terrorists.</span> Where hackers are usually motivated by sordid gain, terrorists are driven by the desire to cause as much mayhem and damage as possible.\r\n<span style=\"font-weight: bold;\">Employees.</span> Insider threats can be just as damaging as external threats. From human error to a disgruntled employee or contractor, it is essential that SCADA security addresses these risks.\r\nManaging today's SCADA networks can be a challenge without the right security precautions in place. Many networks are still without the necessary detection and monitoring systems and this leaves them vulnerable to attack. Because SCADA network attacks exploit both cyber and physical vulnerabilities, it is critical to align cybersecurity measures accordingly.","materialsDescription":"<span style=\"font-weight: bold;\">What is the difference between ICS/SCADA cybersecurity and information security?</span>\r\nAutomated process control systems (SCADA) have a lot of differences from “traditional” corporate information systems: from the destination, specific data transfer protocols and equipment used and ending with the environment in which they operate. In corporate networks and systems, as a rule, the main protected resource is information that is processed, transmitted and stored in automated systems, and the main goal is to ensure its confidentiality. In ICS, the protected resource, first of all, is the technological process itself, and the main goal is to ensure its continuity (accessibility of all nodes) and integrity (including information transmitted between the nodes of the ICS). Moreover, the field of potential risks and threats to ICS, in comparison with corporate systems, expands with risks of potential damage to life and health of personnel and the public, damage to the environment and infrastructure. That is why it is incorrect to talk about “information security” in relation to ICS/SCADA. In English sources, the term “cybersecurity” is used for this, a direct translation of which (cybersecurity) is increasingly found in our market in relation to the protection of process control systems.\r\n<span style=\"font-weight: bold;\">Is it really necessary?</span>\r\nIt is necessary. There are a number of myths about process control systems, for example: “process control systems are completely isolated from the outside world”, “process control systems are too specific for someone to crack”, “process control systems are reliably protected by the developer”, or even “No one will ever try us, hacking us is not interesting. ” All this is no longer true. Many modern distributed process control systems have one or another connection with the corporate network, even if the system owners are unaware of this. Communication with the outside world greatly simplifies the task of the attacker, but does not remain the only possible option. Automated process control software and data transfer protocols are, as a rule, very, very insecure against cyber threats. This is evidenced by numerous articles and reports of experts involved in the study of the protection of industrial control systems and penetration tests. The PHDays III section on hacking automated process control systems impressed even ardent skeptics. Well, and, of course, the argument “they have NOT attacked us, therefore they will not” - can hardly be considered seriously. Everyone has heard about Stuxnet, which dispelled almost all the myths about the safety of ICS at once.\r\n<span style=\"font-weight: bold;\">Who needs this?</span>\r\nWith the phrase ICS/SCADA, most imagine huge plants, automated CNC machines or something similar. However, the application of process control systems is not limited to these objects - in the modern age of automation, process control systems are used everywhere: from large production facilities, the oil and gas industry, transport management to smart home systems. And, by the way, with the protection of the latter, as a rule, everything can be much worse, because the developer silently and imperceptibly shifts responsibility to the shoulders of the user.\r\nOf course, some of the objects with automated process control systems are more interesting for attackers, others less. But, given the ever-growing number of vulnerabilities discovered and published in the ICS, the spread of "exclusive" (written for specific protocols and ICS software) malware, considering your system safe "by default" is unreasonable.\r\n<span style=\"font-weight: bold;\">Are ICS and SCADA the same thing?</span>\r\nNo. SCADA systems (supervisory control and data acquisition, supervisory control and data collection) are part of the control system. Usually, a SCADA system means centralized control and management systems with the participation of a person as a whole system or a complex of industrial control systems. SCADA is the central link between people (human-machine interfaces) and PLC levels (programmable logic controller) or RTU (remote terminal unit).\r\n<span style=\"font-weight: bold;\">What is ICS/SCADA cybersecurity?</span>\r\nIn fact, ICS cybersecurity is a process similar to “information security” in a number of properties, but very different in details. And the devil, as you know, lies in them. ICS/SCADA also has similar information security-related processes: asset inventory, risk analysis and assessment, threat analysis, security management, change management, incident response, continuity, etc. But these processes themselves are different.<br />The cyber security of ICSs has the same basic target qualities - confidentiality, integrity and accessibility, but the significance and point of application for them are completely different. It should be remembered that in ICS/SCADA we, first of all, protect the technological process. Beyond this - from the risks of damage to human health and life and the environment.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SCADA_Cyber_Security.png"},{"id":836,"title":"DRP - Digital Risk Protection","alias":"drp-digital-risk-protection","description":"Digital risks exist on social media and web channels, outside most organization's line of visibility. Organizations struggle to monitor these external, unregulated channels for risks targeting their business, their employees or their customers.\r\nCategories of risk include cyber (insider threat, phishing, malware, data loss), revenue (customer scams, piracy, counterfeit goods) brand (impersonations, slander) and physical (physical threats, natural disasters).\r\nDue to the explosive growth of digital risks, organizations need a flexible, automated approach that can monitor digital channels for organization-specific risks, trigger alerts and remediate malicious posts, profiles, content or apps.\r\nDigital risk protection (DRP) is the process of protecting social media and digital channels from security threats and business risks such as social engineering, external fraud, data loss, insider threat and reputation-based attacks. DRP reduces risks that emerge from digital transformation, protecting against the unwanted exposure of a company’s data, brand, and attack surface and providing actionable insight on threats from the open, deep, and dark web.<br /><br />","materialsDescription":"<span style=\"font-weight: bold;\">What is a digital risk?</span>\r\nDigital risks can take many forms. Most fundamentally, what makes a risk digital? Digital risk is any risk that plays out in one form or another online, outside of an organization’s IT infrastructure and beyond the security perimeter. This can be a cyber risk, like a phishing link or ransomware via LinkedIn, but can also include traditional risks with a digital component, such as credit card money flipping scams on Instagram.\r\n<span style=\"font-weight: bold;\">What are the features of Digital Risk Protection?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">The features are:</span></span>\r\n<ul><li>Protecting yourself from digital risk by building a watchtower, not a wall. A new Forrester report identifies two objectives for any digital risk protection effort: identifying risks and resolving them.</li><li>Digital risk comes in many forms, like unauthorized data disclosure, threat coordination from cybercriminals, risks inherent in the technology you use and in your third-party associates and even from your own employees.</li><li>The best solutions should automate the collection of data and draw from many sources; should have the capabilities to map, monitor, and mitigate digital risk and should be flexible enough to be applied in multiple use cases — factors that many threat intelligence solutions excel in.</li></ul>\r\n<span style=\"font-weight: bold;\">What elements constitute a digital risk?</span>\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Unauthorized Data Disclosure</span></span>\r\nThis includes the theft or leakage of any kind of sensitive data, like the personal financial information of a retail organization’s customers or the source code for a technology company’s proprietary products.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Threat Coordination Activity</span></span>\r\nMarketplaces and criminal forums on the dark web or even just on the open web are potent sources of risk. Here, a vulnerability identified by one group or individual who can’t act on it can reach the hands of someone who can. This includes the distribution of exploits in both targeted and untargeted campaigns.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Supply Chain Issues</span></span>\r\nBusiness partners, third-party suppliers, and other vendors who interact directly with your organization but are not necessarily following the same security practices can open the door to increased risk.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Employee Risk</span></span>\r\nEven the most secure and unbreakable lock can still easily be opened if you just have the right key. Through social engineering efforts, identity or access management and manipulation, or malicious insider attacks coming from disgruntled employees, even the most robust cybersecurity program can be quickly subverted.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Technology Risks</span></span>\r\nThis broad category includes all of the risks you must consider across the different technologies your organization might rely on to get your work done, keep it running smoothly, and tell people about it.\r\n<ul><li><span style=\"font-weight: bold;\">Physical Infrastructure:</span> Countless industrial processes are now partly or completely automated, relying on SCADA, DCS, or PLC systems to run smoothly — and opening them up to cyber- attacks (like the STUXNET attack that derailed an entire country’s nuclear program).</li><li><span style=\"font-weight: bold;\">IT Infrastructure:</span> Maybe the most commonsensical source of digital risk, this includes all of the potential vulnerabilities in your software and hardware. The proliferation of the internet of things devices poses a growing and sometimes underappreciated risk here.</li><li><span style=\"font-weight: bold;\">Public-Facing Presence:</span> All of the points where you interact with your customers and other public entities, whether through social media, email campaigns, or other marketing strategies, represent potential sources of risk.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Digital_Risk_Protection.png"},{"id":467,"title":"Network Forensics","alias":"network-forensics","description":" Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.\r\nNetwork forensics generally has two uses. The first, relating to security, involves monitoring a network for anomalous traffic and identifying intrusions. An attacker might be able to erase all log files on a compromised host; network-based evidence might therefore be the only evidence available for forensic analysis. The second form relates to law enforcement. In this case analysis of captured network traffic can include tasks such as reassembling transferred files, searching for keywords and parsing human communication such as emails or chat sessions.\r\nTwo systems are commonly used to collect network data; a brute force "catch it as you can" and a more intelligent "stop look listen" method.\r\nNetwork forensics is a comparatively new field of forensic science. The growing popularity of the Internet in homes means that computing has become network-centric and data is now available outside of disk-based digital evidence. Network forensics can be performed as a standalone investigation or alongside a computer forensics analysis (where it is often used to reveal links between digital devices or reconstruct how a crime was committed).\r\nMarcus Ranum is credited with defining Network forensics as "the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents".\r\nCompared to computer forensics, where evidence is usually preserved on disk, network data is more volatile and unpredictable. Investigators often only have material to examine if packet filters, firewalls, and intrusion detection systems were set up to anticipate breaches of security.\r\nSystems used to collect network data for forensics use usually come in two forms:\r\n<ul><li>"Catch-it-as-you-can" – This is where all packets passing through a certain traffic point are captured and written to storage with analysis being done subsequently in batch mode. This approach requires large amounts of storage.</li><li>"Stop, look and listen" – This is where each packet is analyzed in a rudimentary way in memory and only certain information saved for future analysis. This approach requires a faster processor to keep up with incoming traffic.</li></ul>","materialsDescription":" <span style=\"font-weight: bold;\">Why is network forensics important?</span>\r\nNetwork forensics is important because so many common attacks entail some type of misuse of network resources.\r\n<span style=\"font-weight: bold;\">What are the different ways in which the network can be attacked?</span>\r\nAttacks typically target availability confidentiality and integrity. Loss of any one of these items constitutes a security breach.\r\n<span style=\"font-weight: bold;\">Where is the best place to search for information?</span>\r\nInformation can be found by either doing a live analysis of the network, analyzing IDS information, or examining logs that can be found in routers and servers.\r\n<span style=\"font-weight: bold;\">How does a forensic analyst know how deeply to look for information?</span>\r\nSome amount of information can be derived from looking at the skill level of the attacker. Attackers with little skill are much less likely to use advanced hiding techniques.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Network_Forensics.png"},{"id":45,"title":"SIEM - Security Information and Event Management","alias":"siem-security-information-and-event-management","description":"<span style=\"font-weight: bold; \">Security information and event management (SIEM)</span> is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system. \r\n The underlying principles of every SIEM system is to aggregate relevant data from multiple sources, identify deviations from the norm and take appropriate action. At the most basic level, a SIEM system can be rules-based or employ a statistical correlation engine to establish relationships between event log entries. Advanced SIEM products have evolved to include user and entity behavior analytics (UEBA) and security orchestration and automated response (SOAR). \r\nThe acronyms SEM, SIM and SIEM have sometimes been used interchangeably, but generally refer to the different primary focus of products:\r\n<ul><li><span style=\"font-weight: bold;\">Log management:</span> Focus on simple collection and storage of log messages and audit trails.</li><li><span style=\"font-weight: bold;\">Security information management (SIM):</span> Long-term storage as well as analysis and reporting of log data.</li><li><span style=\"font-weight: bold;\">Security event manager (SEM):</span> Real-time monitoring, correlation of events, notifications and console views.</li><li><span style=\"font-weight: bold;\">Security information event management (SIEM):</span> Combines SIM and SEM and provides real-time analysis of security alerts generated by network hardware and applications.</li><li><span style=\"font-weight: bold;\">Managed Security Service (MSS) or Managed Security Service Provider (MSSP):</span> The most common managed services appear to evolve around connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery.</li><li><span style=\"font-weight: bold;\">Security as a service (SECaaS):</span> These security services often include authentication, anti-virus, anti-malware/spyware, intrusion detection, Penetration testing and security event management, among others.</li></ul>\r\nToday, most of SIEM technology works by deploying multiple collection agents in a hierarchical manner to gather security-related events from end-user devices, servers, network equipment, as well as specialized security equipment like firewalls, antivirus or intrusion prevention systems. The collectors forward events to a centralized management console where security analysts sift through the noise, connecting the dots and prioritizing security incidents.\r\nSome of the most important features to review when evaluating Security Information and Event Management software are:\r\n<ol><li><span style=\"font-weight: bold; \">Integration with other controls:</span> Can the system give commands to other enterprise security controls to prevent or stop attacks in progress?</li><li><span style=\"font-weight: bold; \">Artificial intelligence:</span> Can the system improve its own accuracy by through machine and deep learning?</li><li><span style=\"font-weight: bold; \">Threat intelligence feeds:</span> Can the system support threat intelligence feeds of the organization's choosing or is it mandated to use a particular feed?</li><li><span style=\"font-weight: bold; \">Robust compliance reporting:</span> Does the system include built-in reports for common compliance needs and the provide the organization with the ability to customize or create new compliance reports?</li><li><span style=\"font-weight: bold; \">Forensics capabilities:</span> Can the system capture additional information about security events by recording the headers and contents of packets of interest? </li></ol>\r\n\r\n\r\n","materialsDescription":"<h1 class=\"align-center\"> Why is SIEM Important?</h1>\r\nSIEM has become a core security component of modern organizations. The main reason is that every user or tracker leaves behind a virtual trail in a network’s log data. SIEM software is designed to use this log data in order to generate insight into past attacks and events. A SIEM solution not only identifies that an attack has happened, but allows you to see how and why it happened as well.\r\nAs organizations update and upscale to increasingly complex IT infrastructures, SIEM has become even more important in recent years. Contrary to popular belief, firewalls and antivirus packages are not enough to protect a network in its entirety. Zero-day attacks can still penetrate a system’s defenses even with these security measures in place.\r\nSIEM addresses this problem by detecting attack activity and assessing it against past behavior on the network. A security event monitoring has the ability to distinguish between legitimate use and a malicious attack. This helps to increase a system’s incident protection and avoid damage to systems and virtual property.\r\nThe use of SIEM also helps companies to comply with a variety of industry cyber management regulations. Log management is the industry standard method of auditing activity on an IT network. SIEM management provides the best way to meet this regulatory requirement and provide transparency over logs in order to generate clear insights and improvements.\r\n<h1 class=\"align-center\">Evaluation criteria for security information and event management software:</h1>\r\n<ul><li>Threat identification: Raw log form vs. descriptive.</li><li>Threat tracking: Ability to track through the various events, from source to destination.</li><li>Policy enforcement: Ability to enforce defined polices.</li><li>Application analysis: Ability to analyze application at Layer 7 if necessary.</li><li>Business relevance of events: Ability to assign business risk to events and have weighted threat levels.</li><li>Measuring changes and improvements: Ability to track configuration changes to devices.</li><li>Asset-based information: Ability to gather information on devices on the network.</li><li>Anomalous behavior (server): Ability to trend and see changes in how it communicates to others.</li><li>Anomalous behavior (network): Ability to trend and see how communications pass throughout the network.</li><li>Anomalous behavior (application): Ability to trend and see changes in how it communicates to others.</li><li>User monitoring: User activity, logging in, applications usage, etc.</li></ul>\r\n\r\n","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_SIEM.png"},{"id":59,"title":"SCADA - Supervisory Control And Data Acquisition","alias":"scada-supervisory-control-and-data-acquisition","description":"<span style=\"font-weight: bold; \">SCADA</span> stands for <span style=\"font-weight: bold; \">Supervisory Control and Data Acquisition</span>, a term which describes the basic functions of a SCADA system. Companies use SCADA systems to control equipment across their sites and to collect and record data about their operations. SCADA is not a specific technology, but a type of application. Any application that gets operating data about a system in order to control and optimise that system is a SCADA application. That application may be a petrochemical distillation process, a water filtration system, a pipeline compressor, or just about anything else.\r\nSCADA solutions typically come in a combination of software and hardware elements, such as programmable logic controllers (PLCs) and remote terminal units (RTUs). Data acquisition in SCADA starts with PLCs and RTUs, which communicate with plant floor equipment such as factory machinery and sensors. Data gathered from the equipment is then sent to the next level, such as a control room, where operators can supervise the PLC and RTU controls using human-machine interfaces (HMIs). HMIs are an important element of SCADA systems. They are the screens that operators use to communicate with the SCADA system.\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">The major components of a SCADA technology include:</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Master Terminal Unit (MTU).</span> It comprises a computer, PLC and a network server that helps MTU to communicate with the RTUs. MTU begins communication, collects and saves data, helps to interface with operators and to communicate data to other systems.</li><li><span style=\"font-weight: bold;\">Remote Terminal Unit (RTU).</span> RTU is used to collect information from these sensors and further sends the data to MTU. RTUs have the storage capacity facility. So, it stores the data and transmits the data when MTU sends the corresponding command.</li><li><span style=\"font-weight: bold;\">Communication Network (defined by its network topology).</span> In general, network means connection. When you tell a SCADA communication network, it is defined as a link between RTU in the field to MTU in the central location. The bidirectional wired or wireless communication channel is used for the networking purpose. Various other communication mediums like fiber optic cables, twisted pair cables, etc. are also used.</li></ul>\r\n<p class=\"align-center\"><span style=\"font-weight: bold; \">Objectives of Supervisory Control and Data Acquisition system</span></p>\r\n<ul><li><span style=\"font-weight: bold;\">Monitor:</span> SCADA control system continuously monitors the physical parameters</li><li><span style=\"font-weight: bold;\">Measure:</span> It measures the parameter for processing</li><li><span style=\"font-weight: bold;\">Data Acquisition:</span> It acquires data from RTU, data loggers, etc</li><li><span style=\"font-weight: bold;\">Data Communication:</span> It helps to communicate and transmit a large amount of data between MTU and RTU units</li><li><span style=\"font-weight: bold;\">Controlling:</span> Online real-time monitoring and controlling of the process</li><li><span style=\"font-weight: bold;\">Automation:</span> It helps for automatic transmission and functionality</li></ul>\r\n\r\n","materialsDescription":"<h1 class=\"align-center\">Who Uses SCADA?</h1>\r\nSCADA systems are used by industrial organizations and companies in the public and private sectors to control and maintain efficiency, distribute data for smarter decisions, and communicate system issues to help mitigate downtime. Supervisory control systems work well in many different types of enterprises because they can range from simple configurations to large, complex installations. They are the backbone of many modern industries, including:\r\n<ul><li>Energy</li><li>Food and beverage</li><li>Manufacturing</li><li>Oil and gas</li><li>Power</li><li>Recycling</li><li>Transportation</li><li>Water and waste water</li><li>And many more</li></ul>\r\nVirtually anywhere you look in today's world, there is some type of SCADA monitoring system running behind the scenes: maintaining the refrigeration systems at the local supermarket, ensuring production and safety at a refinery, achieving quality standards at a waste water treatment plant, or even tracking your energy use at home, to give a few examples. Effective SCADA systems can result in significant savings of time and money. Numerous case studies have been published highlighting the benefits and savings of using a modern SCADA software.\r\n<h1 class=\"align-center\">Benefits of using SCADA software</h1>\r\nUsing modern SCADA software provides numerous benefits to businesses, and helps companies make the most of those benefits. Some of these advantages include:\r\n<span style=\"font-weight: bold; \">Easier engineering:</span> An advanced supervisory control application such provides easy-to-locate tools, wizards, graphic templates and other pre-configured elements, so engineers can create automation projects and set parameters quickly, even if they don't have programming experience. In addition, you can also easily maintain and expand existing applications as needed. The ability to automate the engineering process allows users, particularly system integrators and original equipment manufacturers (OEM), to set up complex projects much more efficiently and accurately.\r\n<span style=\"font-weight: bold; \">Improved data management:</span> A high-quality SCADA system makes it easier to collect, manage, access and analyze your operational data. It can enable automatic data recording and provide a central location for data storage. Additionally, it can transfer data to other systems such as MES and ERP as needed. \r\n<span style=\"font-weight: bold; \">Greater visibility:</span> One of the main advantages of using SCADA software is the improvement in visibility into your operations. It provides you with real-time information about your operations and enables you to conveniently view that information via an HMI. SCADA monitoring can also help in generating reports and analyzing data.\r\n<span style=\"font-weight: bold; \">Enhanced efficiency:</span> A SCADA system allows you to streamline processes through automated actions and user-friendly tools. The data that SCADA provides allows you to uncover opportunities for improving the efficiency of the operations, which can be used to make long-term changes to processes or even respond to real-time changes in conditions.\r\n<span style=\"font-weight: bold; \">Increased usability:</span> SCADA systems enable workers to control equipment more quickly, easily and safely through an HMI. Rather than having to control each piece of machinery manually, workers can manage them remotely and often control many pieces of equipment from a single location. Managers, even those who are not currently on the floor, also gain this capability.\r\n<span style=\"font-weight: bold; \">Reduced downtime:</span> A SCADA system can detect faults at an early stage and push instant alerts to the responsible personnel. Powered by predictive analytics, a SCADA system can also inform you of a potential issue of the machinery before it fails and causes larger problems. These features can help improve the overall equipment effectiveness (OEE) and reduce the amount of time and cost on troubleshooting and maintenance.\r\n<span style=\"font-weight: bold;\">Easy integration:</span> Connectivity to existing machine environments is key to removing data silos and maximizing productivity. \r\n<span style=\"font-weight: bold;\">Unified platform:</span>All of your data is also available in one platform, which helps you to get a clear overview of your operations and take full advantage of your data. All users also get real-time updates locally or remotely, ensuring everyone on your team is on the same page.<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SCADA__-_Supervisory_Control_And_Data_Acquisition.png"},{"id":399,"title":"Requirements Visualization, Definition, and Management","alias":"requirements-visualization-definition-and-management","description":" Requirements management is the process of documenting, analyzing, tracing, prioritizing and agreeing on requirements and then controlling change and communicating to relevant stakeholders. It is a continuous process throughout a project. A requirement is a capability to which a project outcome (product or service) should conform.\r\nThe purpose of requirements management is to ensure that an organization documents, verifies, and meets the needs and expectations of its customers and internal or external stakeholders. Requirements management begins with the analysis and elicitation of the objectives and constraints of the organization. Requirements management further includes supporting planning for requirements, integrating requirements and the organization for working with them (attributes for requirements), as well as relationships with other information delivering against requirements, and changes for these.\r\nThe traceability thus established is used in managing requirements to report back fulfilment of company and stakeholder interests in terms of compliance, completeness, coverage, and consistency. Traceabilities also support change management as part of requirements management in understanding the impacts of changes through requirements or other related elements (e.g., functional impacts through relations to functional architecture), and facilitating introducing these changes.\r\nRequirements management involves communication between the project team members and stakeholders, and adjustment to requirements changes throughout the course of the project. To prevent one class of requirements from overriding another, constant communication among members of the development team is critical. For example, in software development for internal applications, the business has such strong needs that it may ignore user requirements, or believe that in creating use cases, the user requirements are being taken care of.\r\nRequirements traceability is concerned with documenting the life of a requirement. It should be possible to trace back to the origin of each requirement and every change made to the requirement should therefore be documented in order to achieve traceability. Even the use of the requirement after the implemented features have been deployed and used should be traceable.\r\nRequirements come from different sources, like the business person ordering the product, the marketing manager and the actual user. These people all have different requirements for the product. Using requirements traceability, an implemented feature can be traced back to the person or group that wanted it during the requirements elicitation. This can, for example, be used during the development process to prioritize the requirement, determining how valuable the requirement is to a specific user. It can also be used after the deployment when user studies show that a feature is not used, to see why it was required in the first place.","materialsDescription":"<span style=\"font-weight: bold; \">Requirements activities</span>\r\nAt each stage in a development process, there are key requirements management activities and methods. To illustrate, consider a standard five-phase development process with Investigation, Feasibility, Design, Construction, and Test, and Release stages.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Investigation</span></span>\r\nIn Investigation, the first three classes of requirements are gathered from the users, from the business, and from the development team. In each area, similar questions are asked; what are the goals, what are the constraints, what are the current tools or processes in place, and so on. Only when these requirements are well understood can functional requirements be developed.\r\nIn the common case, requirements cannot be fully defined at the beginning of the project. Some requirements will change, either because they simply weren’t extracted, or because internal or external forces at work affect the project in mid-cycle.\r\nThe deliverable from the Investigation stage is a requirements document that has been approved by all members of the team. Later, in the thick of development, this document will be critical in preventing scope creep or unnecessary changes. As the system develops, each new feature opens a world of new possibilities, so the requirements specification anchors the team to the original vision and permits a controlled discussion of scope change.\r\nWhile many organizations still use only documents to manage requirements, others manage their requirements baselines using software tools. These tools allow requirements to be managed in a database, and usually have functions to automate traceability (e.g., by allowing electronic links to be created between parent and child requirements, or between test cases and requirements), electronic baseline creation, version control, and change management. Usually, such tools contain an export function that allows a specification document to be created by exporting the requirements data into a standard document application.\r\n<span style=\"font-style: italic; \"><span style=\"font-weight: bold; \">Feasibility</span></span>\r\nIn the Feasibility stage, the costs of the requirements are determined. For user requirements, the current cost of work is compared to the future projected costs once the new system is in place. Questions such as these are asked: “What are data entry errors costing us now?” Or “What is the cost of scrap due to operator error with the current interface?” Actually, the need for the new tool is often recognized as these questions come to the attention of financial people in the organization.\r\nBusiness costs would include, “What department has the budget for this?” “What is the expected rate of return on the new product in the marketplace?” “What’s the internal rate of return in reducing the costs of training and support if we make a new, easier-to-use system?”\r\nTechnical costs are related to software development costs and hardware costs. “Do we have the right people to create the tool?” “Do we need new equipment to support expanded software roles?” This last question is an important type. The team must inquire into whether the newest automated tools will add sufficient processing power to shift some of the burdens from the user to the system in order to save people time.\r\nThe question also points out a fundamental point about requirements management. A human and a tool form a system, and this realization is especially important if the tool is a computer or a new application on a computer. The human mind excels in parallel processing and interpretation of trends with insufficient data. The CPU excels in serial processing and accurate mathematical computation. The overarching goal of the requirements management effort for a software project would thus be to make sure the work being automated gets assigned to the proper processor. For instance, “Don’t make the human remember where she is in the interface. Make the interface report the human’s location in the system at all times.” Or “Don’t make the human enter the same data in two screens. Make the system store the data and fill in the second screen as needed.”\r\nThe deliverable from the Feasibility stage is the budget and schedule for the project.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Design</span></span>\r\nAssuming that costs are accurately determined and benefits to be gained are sufficiently large, the project can proceed to the Design stage. In Design, the main requirements management activity is comparing the results of the design against the requirements document to make sure that work is staying in scope.\r\nAgain, flexibility is paramount to success. Here’s a classic story of scope change in mid-stream that actually worked well. Ford auto designers in the early ‘80s were expecting gasoline prices to hit $3.18 per gallon by the end of the decade. Midway through the design of the Ford Taurus, prices had centered to around $1.50 a gallon. The design team decided they could build a larger, more comfortable, and more powerful car if the gas prices stayed low, so they redesigned the car. The Taurus launch set nationwide sales records when the new car came out, primarily because it was so roomy and comfortable to drive.\r\nIn most cases, however, departing from the original requirements to that degree does not work. So the requirements document becomes a critical tool that helps the team make decisions about design changes.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Construction and test</span></span>\r\nIn the construction and testing stage, the main activity of requirements management is to make sure that work and cost stay within schedule and budget, and that the emerging tool does, in fact, meet requirements. A main tool used in this stage is prototype construction and iterative testing. For a software application, the user interface can be created on paper and tested with potential users while the framework of the software is being built. The results of these tests are recorded in a user interface design guide and handed off to the design team when they are ready to develop the interface. This saves time and makes their jobs much easier.\r\nVerification: This effort verifies that the requirement has been implemented correctly. There are 4 methods of verification: analysis, inspection, testing, and demonstration. Numerical software execution results or through-put on a network test, for example, provides analytical evidence that the requirement has been met. Inspection of vendor documentation or spec sheets also verifies requirements. Actually testing or demonstrating the software in a lab environment also verifies the requirements: a test type of verification will occur when test equipment not normally part of the lab (or system under test) is used. Comprehensive test procedures which outline the steps and their expected results clearly identify what is to be seen as a result of performing the step. After the step or set of steps is completed the last step's expected result will call out what has been seen and then identify what requirements or requirements have been verified (identified by number). The requirement number, title, and verbiage are tied together in another location in the test document.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Requirements change management</span></span>\r\nHardly would any software development project be completed without some changes being asked of the project. The changes can stem from changes in the environment in which the finished product is envisaged to be used, business changes, regulation changes, errors in the original definition of requirements, limitations in technology, changes in the security environment and so on. The activities of requirements change management include receiving the change requests from the stakeholders, recording the received change requests, analyzing and determining the desirability and process of implementation, implementation of the change request, quality assurance for the implementation and closing the change request. Then the data of change requests be compiled, analyzed and appropriate metrics are derived and dovetailed into the organizational knowledge repository.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Release</span></span>\r\nRequirements management does not end with product release. From that point on, the data coming in about the application’s acceptability is gathered and fed into the Investigation phase of the next generation or release. Thus the process begins again.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Requirements_Visualization.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"partnershipProgramme":null}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}