Simply Sophisticated Information Security and Compliance

2

Simple SophisticationWelcome to Your New Strategic Advantage

As technology evolves at an accelerating rate, risk-based information security concerns must be top-of-mind by not only IT staff but also executive management. Your ability to manage and leverage information security is key to protecting your sensitive data and ensuring you meet and exceed your industry-specific regulatory requirements.

TraceCSO is designed to give your organization the visibility into and accountability for its risk and compliance profile and is the first and only solution to simplify the complexities inherent in on-going risk management

programs. TraceCSO makes critical customer data and compliance requirements more visible, more accessible, more manageable, and more valuable than ever before, so you can automate and ensure your data is secure in a rapidly changing market environment. This comprehensive solution is the culmination of a decade of technology refinement and operational experience. It’s extensive flexibility, advanced architecture and business-solutions approach gives you all of the sophisticated capabilities necessary to help you serve your customers and grow your organization.

TraceCSO is designed to give your organization the visibility into and accountability for its risk and compliance profile

3traceCSO.com I

Gain full visibility into your risk posture

To protect your data, you need a complete picture of what’s going on within your risk profile. TraceCSO empowers you to monitor all activity across your information security program, giving you the end-to-end insight at any moment in time. The vast majority of current market solutions force you to cope with disparate, fragmented and otherwise incomplete data, which inhibits your ability to develop a clear and complete view of your risk.

Reduce redundancy, automate tasks and streamline compliance

The improved control that TraceCSO provides will streamline your information security and compliance operations. With enhanced access and end-to-end integration, you will dramatically reduce redundant tasks commonly created by disparate systems, automate tasks to increase productivity and streamline regulatory compliance.

Simplify and better manage an on-going information security program

TraceCSO has a user-friendly interface and its intuitive initial setup provides built-in and step-by-step guides that allow virtually anyone in your IT department to implement and manage a complete risk-based information security program. Subject matter expertise is embedded into TraceCSO’s robust wizards, helping to reduce the need for expert in-house IT security staff.

Automate compliance with regulatory requirements

TraceCSO provides the necessary tools to automatically comply with a shifting regulatory environment. Now you can fulfill your commitments to regulatory mandates more efficiently with a solution that:

• Supportshundredsofauthoritiesandover25,000citations and regulations through the Unified Compliance Framework (UCF)

• Mapstheorganization’sindustry-specificrequirementsback to standard TraceControls

• Allowstheorganizationtoimplementabest-practicesrisk-based information security program

• Organicallyleadstocompliancebydefault

TraceSecurity is much more than a vendor; we are your strategic partner, and will work closely with you to ensure TraceCSO meets your organization’s needs. As part of the TraceCSO solution, we provide implementation services and access tor our expert security analysts. In addition to providing you with a comprehensive information security and compliance solution, we alsodelivertheexpertconsultingandprofessionalservicesthathelpyouoptimizeyoursecuritybudget.Mostimportantly,we are committed to your success – not as a casual gesture, but as a matter of corporate policy.

Are you ready to:

Risk management is simple, when TraceCSO is your Cloud Security Officer and TraceSecurity is your trusted partner

4

TraceCSO simplifiesrisk management and compliance while maintaining sophisticated capabilities

TraceCSO delivers the kind of risk management functionality that has long been available only to the enterprise. No solution in its price class provides a single tool that integrates the end-to-end functionality needed to manage a complete and on-going risk-based information security program. With TraceCSO, you can counteract emerging threats and streamline your compliance process – with a simple, affordable and cloud-based security solution that can be managed with minimal on-staff IT security personnel.

Deliver all of the necessary tools in a single, robust solution

TraceCSO was built from the ground-up to fully integrate risk, process, policy, vulnerability, training, vendor, audit and compliance management – a true end-to-end solution that requires no additional third-party software. This integration allows controls established during the risk assessment to automatically link to every functional area within TraceCSO. The robust system is augmented by a comprehensive portfolio of professional services that will empower you to minimize your risks while optimizing your information security and compliance resources.

• Risk – The risk assessment is the cornerstone for setting up and managing an on-going risk-based information security program. It is the first step to identify your organization’s assets, threats and controls, and then mitigate and manage those risks with the “right” controls.

• Process – Business processes are electronically tracked and managed through a ticketing system that enables oversight accountability and automates control implementation, audit and compliance reviews.

• Policy – TraceCSO distributes, tracks and guides the generation of policies, procedures, guidelines, checklists and standards for any control in the system through baseline content that is customizable to your business environment.

• Vulnerability – Authenticated scanning identifies network vulnerabilities and configuration scanning allows the documentation of your organization’s

technical compliance controls to be automated. Scans can be set with unlimited frequency.

• Training – A built-in learning management tool that provides existing courseware and integrates training with controls – allowing a organization to track and confirm when assigned parties have completed required training necessary to meet control implementation specifications.

• Vendor – Allows the organization to manage its vendor due diligence process, report on and understand the risk associated with each of its vendor relationships, know which risks each vendor helps to mitigate and to gain the oversight needed to confirm vendors are properly managing their assignments.

• Audit – Allows internal or external auditors to verify control implementation, enter observations and upload supporting documentation. Because the audit is integrated with other functional areas of TraceCSO, the audit is automatically prepopulated with data from all areas of the software eliminating the need for an auditor to manually verify controls.

• Compliance – Automatically prepopulates data from each of the functional areas of the software and leaves very little manual work to be completed in the compliance review process.

• Reporting – Sophisticated dashboards provide visibility and allow users to create everything from routine reports to sophisticated board reports and ad hoc requests – all in real-time and customized to their unique needs.

5traceCSO.com I

Best understand your risk and know which controls optimally mitigate them

TraceCSO has a proprietary approach to its risk assessment and scoring that allows an organization to measure and report mitigation effectiveness, set benchmarks and analyze trends. When an organization knows its Risk Score, it can make better risk-based decisions and optimize its information security budget.

Dashboards enable organizations to quickly access its Risk Scores and, as a result, prioritize risk reduction efforts.

Leverage a holistic view

The ability of management and security staff to have an integrated view across all functional areas of the software eliminates data silos that inhibit holistic understanding of the organizations risk and compliance profile. Real-time, role-based access and user-defined settings limit or enhance user visibility and reporting to their assigned activities and responsibilities.

• Businessmanagersandexecutives

• Third-partyauditorsorvendors

• Employeeanddivisionalassignments

A robust ticketing system distributes work across the organization and allows accountability and oversight for the implementation and adherence

to processes, policy and training.

Better manage your information for decision support and improved productivity

Users can create reports that are customized to both the individual and organization’s needs. A powerful toolkit gives users the ability to sort information stored in TraceCSO and retrieve this information in a secure, understandable, and descriptive format. It provides the maximum use of your information by giving you the tools to:

• Getstreamlinedaccesstoreal-timeresults

• Seeinformationinterpretedinanfamiliar, easy-to-understand format

• Createcustomreports

• Definedeliveryofreportsbaseontheuser’suniquerequirements

• Delivercompliancereportsinregulator-requiredformats

TraceCSO dashboards are flexible – allowing users to drill down and filter for custom bottom-up or top-down visibility and reporting.

6

Flexible architecture that provides strategic agility and staying power

Experience,insightandimaginationareamongthemostvaluable commodities in any competitive environment. TraceCSO provides the kind of intellectual power that enables you to stay focused on your core competencies, so that your organization is prepared to deal with new technology adoption while continuing to mitigate risk and regulatory compliance pressures.

Let us worry about designing, implementing and monitoring the technology and infrastructure that supports and delivers your information security program. Understanding both your current and future needs and being committed to fulfilling and exceeding those needs makes TraceSecurity the ideal choice as your information security partner.

• The Cloud Provides Anytime, Anywhere Access TraceCSO is delivered via the cloud for quick

implementation and anytime, anywhere access that allows your organization to quickly capitalize on current and future technology and industry updates. The result is a powerful, scalable and stable platform that enables timely software enhancement delivery to help you meet the dynamic business needs of your organization.

• A Global Database of Regulations and Citations TraceCSO was built from the ground-up to leverage the

Unified Compliance Framework (UCF), a global and harmonized database of hundreds of authorities and over25,000citationsandregulations.Updatedonaquarterly basis, your organization will always stay up-to-date with the latest regulatory mandates specific to your industry.

• Active Directory Integration IntegrationwithActiveDirectoryhelpsanorganization

streamline and centrally manage its training and policy rollout through a secure connection between the organization and TraceSecurity. This connection allows a record of your local users to populate TraceCSO and integrates content between the functional areas of the software, such as policies, training and processes. The real-time synchronization enables employees to have immediate access to TraceCSO using their existing network login and passwords.

• Third-Party Interface TraceCSO is built to integrate third party solutions. If you

want to maintain current technology point solutions and investments, such as your vulnerability scanner, we make it simple for you to do so and we will address your unique requirements.

Our security experts work tirelessly to create new ways to improve and simplify information security and compliance – so that you are equipped to meet each new market need. From relationship management and technical support to our broad range of professional services, your TraceSecurity solution will always be backed by the finest talent in the industry. This critical human component, above all, sets us apart and distinguishes us a true strategic provider and trusted advisor, not just a vendor.

• Customer Support – Staffed by expert security analysts to provide you with the help you need when you need it.

• Implementation Services – Carefully planned and executed system implementation based on best practices for executive overview sessions, software utilization overview, coordination with third-party vendors, and more.

• Professional Services – Services available are broad and range from social engineering, penetration testing and risk assessments to information security audits, security awareness training and vulnerability assessments.

How Does TraceCSO deliver simple sophistication? With a vision that combines intelligent architecture, flexible deployment and expert support

Focused attention from the most seasoned professionals in the industry

7traceCSO.com I

With our strength in risk management, information security and compliance, TraceSecurity continuously refines how people, processes and technology work together – to deliver innovative solutions to the market. Our bold, forward-looking approach is designed for your future and ours. With the sweeping scope of our vision and depth of our commitment to you, we can help you with your risk-based information security and compliance success.

Our mission is to be much more than a vendor

Commitment to customer service and satisfaction is a stock claim of most technology companies. But at TraceSecurity, this commitment is firmly embedded as a core corporate policy and is fully embraced and practiced at every level or our organization. For customers like you, it is about building a true relationship. The value of this long-held business philosophy is reflected in our consistently high customer-satisfaction and retention rates, as well as the strong growth we share with our customers.

Our vision and innovation will keep you a step ahead

We’ll also be there with exciting new solutions that are yet to be defined. With a focus on innovation, we keep a keen eye on the horizon, where new technologies will intersect with new market opportunities. We continuously and boldly invest in the future – with aggressive product development and new strategic relationships. You will not be caught off-guard by future developments, because we are shaping the future with you in mind.

TraceSecurity is shaping the future – with you, and for you

Discover how simple information security and compliance can be

TraceSecurity offers the technology, vision and commitment to assure you a more certain path to risk-based information security management and compliance success. To learn more about TraceCSO and the advantages of a TraceSecurity strategic relationship, contact us at 1-800-610-5276, or visit www.tracecso.com

traceCSO.com I tracesecurity.com

phone:1-800-610-5276email: tracecso@tracesecurity.com

© 2012TraceSecurity.Allrightsreserved.The TraceSecurity and TraceCSO logos are registered trademarks of TraceSecurity.