The iGRC project is very exciting and challenging. Crucially, the Technology Strategy Board and SEEDA have enabled UK IT Security SMEs to sharpen the security edge of network infrastructure management. The iGRC project will substantially enhance the agility and dynamacy of control, and risk avoidance of network security.
(PRWEB) March 25, 2010
The novelty of the iGRC Consortium’s project involves developing an open standard to enable the integration of governance, risk and compliance technology with complementary network sensor technologies to produce an integrated model for the management of the complexity, risk and resilience of secure information infrastructure.
The iGRC concept has been supported by the Security Innovation and Technology Consortium (SITC) and the Centre for the Protection of National Infrastructure (CPNI) who jointly funded a consultation and demonstration event to develop and refine the initial concept. The iGRC Consortium bids for Technology Strategy Board and SEEDA R&D funding were developed with the active support of SITC through its GRC Special Interest Group.
The iGRC Consortium is led by Information Governance Limited and includes HP Enterprise Services (previously EDS), Assuria and Nexor, and the Universities of Cranfield, Loughborough and London (Birkbeck College). The project will develop and demonstrate the integration of Information Governance’s Proteus EnterpriseTM GRC management product with Assuria, Nexor and other network sensor technologies.
Consortium Chairman and Programme Director, Martin Bedford said "This exciting programme will do much to elevate the Consortium members in the information infrastructure protection market place as we build on work already done to produce a truly compelling platform for sustainable network security management".
The programme brings together already highly developed GRC and related technologies into one sustainable integrated, dynamic governance, risk and compliance platform for network security information infrastructure protection.
Assuria leads the sensors aspects of the programme. Managing Director, Nick Connor said - "The iGRC project is very exciting and challenging. Crucially, the Technology Strategy Board and SEEDA have enabled UK IT Security SMEs to sharpen the security edge of network infrastructure management. The iGRC project will substantially enhance the agility and dynamacy of control, and risk avoidance of network security."
Colin Robbins, CTO at Nexor said - "Nexor is committed to the development and adoption of a standard approach to the dissemination of GRC information. It is an important step that will provide our customers with a greater situational awareness and risk mitigation capability”.
The Consortium considered a dynamic and integrated approach to governance, risk and compliance practices in information infrastructure management, process and technology necessary because of:
- the speed and frequency of new regulatory requirements
- a need to enhance, enforce and reinforce codes of conduct
- complex operations having limited ability for consolidated reporting
- manual processes needing to be automated to avoid non-compliance
- knowledge gaps in agile risk and compliance operations
- board-level reporting lagging operational events and detail
The iGRC Consortium project manager, Mike Popham said "To sustain a consistently high level of security in complex ICT infrastructure, processes and management must all operate within a single governance, risk and compliance control framework able to adapt swiftly to current and anticipated threats and vulnerabilities. ‘Agile adaptability’ is our watch phrase."
More information can be obtained from Andy Kays (andrew.kays(at)nexor(dot)com).
Notes for Editors About the iGRC Consortium
Assuria provides IT security assurance, compliance and log management solutions to organisations in more than 50 countries worldwide. Assuria solutions help to implement and monitor compliance with international IT security standards and assist with implementation of IT security ‘good practice’ by optimising security configurations of business systems and monitoring systems for unauthorised changes and suspicious events. Protection is also provided by the automatic collection and storage of system event logs with real time alerting and comprehensive analysis and reporting. Retention of original logs enables future investigations, a mandatory requirement of most Information Security standards.
For more information, visit us at http://www.assuria.com.
About Birkbeck, University of London
Renowned for its world class research, Birkbeck is a vibrant centre of academic excellence, where over 90% of Birkbeck academics are research active. The goal of the College’s research strategy is to sustain and enhance its standing as a leading national and international research institution. This goal includes the achievement of excellence in research and scholarship in all College disciplines; the development of research concentrations in areas of strength; and that research should inform the College’s teaching. In 2006 the College was awarded a prestigious Queen’s Anniversary Prize for excellence in higher education research.
For more information about Birkbeck's research strategy please consult http://www.bbk.ac.uk/research/strategy/.
CPNI provides integrated security advice (combining information, personnel and physical) to the businesses and organisations which make up the national infrastructure. Through the delivery of this advice, we protect national security by helping to reduce the vulnerability of the national infrastructure to terrorism and other threats.
Advisers working for CPNI cover the full range of security disciplines and are highly experienced in providing advice to national infrastructure organisations. CPNI is an interdepartmental organisation, with resources from industry, academia and a number of government departments and agencies. These include the Security Service, CESG (the UK's national technical authority for information assurance) and other government departments responsible for national infrastructure sectors.
More information about CPNI is at: http://www.cpni.gov.uk
About Cranfield University
Cranfield Defence and Security (CDS) is one of the five schools of Cranfield University and is based at the Shrivenham site of the Defence Academy of the United Kingdom. CDS is made up of three academic departments of which the Department of Informatics and Sensors specialises in research and research-led education and training in defence and security-related disciplines focussing on information collection, management and exploitation. The Centre for Forensic Computing and Security within the department is a leading research centre examining topics such as network intrusion detection, network-centric warfare and the retrieval of digital evidence from electronic devices. More information about Cranfield University is at: http://www.cranfield.ac.uk.
HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments and society. The world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services and IT infrastructure to solve customer problems. More information about HP (NYSE: HPQ) is available at: http://www.hp.com.
About Information Governance Limited
InfoGov is a specialist governance risk and compliance software development company. Our principal product is Proteus Enterprise, the full enterprise wide, multi-standard, web based compliance and risk management framework. Proteus® software has a history dating back to 1995 when the BSI (British Standards Institution) first adopted our software as the preferred tool to automate the BS7799 Code of Practice for Information Security Management.
For further details see: http://www.infogov.co.uk.
About Loughborough University
Loughborough is one of the country’s leading universities. It was awarded the coveted Sunday Times University of the Year 2008-09 title and has received six Queen's Anniversary Prizes, in recognition of its research and innovation. The University has one of the largest engineering faculties in the UK and is also renowned for its strong links with industry. The Engineering Systems of Systems Group, led by Professor Michael Henshaw, is delighted to be part of the iGRC programme, bringing their expertise in supply chain analysis to the consortium. For further details see: http://www.lboro.ac.uk.
Nexor is a leading provider of information assurance solutions to defence and government agencies. Founded in 1990, Nexor connects, transforms and protects sensitive information to ensure trusted access and secure interoperability. Nexor’s comprehensive portfolio of technology and services is readily tailored to provide a value for money contribution to information assurance programmes. More information about Nexor is available at http://www.nexor.com.
About SEEDA, the South East England Development Agency
SEEDA is the Government-funded agency responsible for the sustainable economic development of the South East of England – the driving force of the UK’s economy. Through supporting businesses, encouraging innovation, developing skills and engaging with public and private partners, we aim to create a successful, sustainable future for the region. SEEDA’s support helped deliver the following over the period 2005-2008:
- 17,500 jobs created or safeguarded
- 32,500 people helped to get work
- 10,000 businesses created or attracted to region
- 137,500 businesses assisted
- £638m investment, 45% levered from private sector
- 200ha Brownfield land remediated
- 148,500 people assisted in skills development
For further details see: http://www.seeda.co.uk.
SITC is a not-for-profit membership organisation dedicated to supporting the development of innovative and technologically sophisticated security solutions, backed by the South East England Development Agency (SEEDA). For further details see: http://www.securityintech.com.
About the Technology Strategy Board
The Technology Strategy Board is a business-led executive non-departmental public body, established by the Government. Its role is to promote and support research into, and development and exploitation of, technology and innovation for the benefit of UK business, in order to increase economic growth and improve quality of life. It is sponsored by the Department for Business, Innovation and Skills (BIS). For more information please visit http://www.innovateuk.org.
# # #