Main Page

From ESIS-Wiki
Jump to: navigation, search
Welcome to Consulare Wiki for ESIS
the opensource Executive Security Information System

ESIS

ESIS is an opensource software that brings a global framework to manage IT Security & Risks processes. It delivers pragmatical and simple answers to key questions that have plagued the organization of Risk management. Even though ESIS first target is IT Security, the fact that it relies on standard processes enable to use it to manage any kind of risks.

ESIS is built upon a vision that risks related processes needs to interact such as to form an end-to-end process from threats management to crisis management. The establishment of true processes is essential to allow all the stakeholders (ie. CSO, CIO, Outsourcer, Compliance & Risk Officers, Auditors, etc.) to work together. The management of risks and of IT security is hampered by the lack of processes and clear interaction in between all the stakeholders. In deed, IT may manage Threats on one end with its set of tools. Auditors & Internal control manage their audits with their Excel or whatever works. Compliance and global risk use their own toolbox and so on. By the end the biggest risk is that risk management isn't coordinated and thus cannot lead to crisis prevention and management which is the goal.

By design ESIS can handle simultaneously the processes of multiple "companies" or subsidiaries, each having its own separate dataspace. Thus ESIS can provide global answers to questions related to either a "group" posture (vertical consolidation), "customers" for an outsourcers (horizontal consolidation) down to the specific people of department of a precise site.

Modules

Just like a business ERP ESIS is composed of different modules that can be used independently but also linked to provide an integrated management of risks. At this time 5 modules are available :

  • Consolidated Indicators and Dashboards
How to compute global & holistics risks & security indicators ?
ESIS-Wiki:Module-Metrics
  • Vulnerabilities, Security advisories & Threats Process Management
How to consolidate all the parts that handle threats in a global process ?
ESIS-Wiki:Module-Threat
  • Audits & Controls Management
How to efficiently manage audits, reports, recommendations, recommendations responses, etc ?
ESIS-Wiki:Module-Audit
  • Risk Register Management
How to define risks from the causes to the evaluation criteria ?
ESIS-Wiki:Module-Risk_Register
  • Risk Assessment Management
How to handle the assessments process of identified risks ?
ESIS-Wiki:Module-Risk_Assessment

ESIS-Wiki:Modules

Probes

ESIS use probes to consolidate data into the processes and compute Key Performance Indicators (KPI) and Key Risk Indicators (KRI).

ESIS-Wiki:Probes
ESIS-Wiki:Probes list

Referentials

ESIS embeds business referential which enable to define standards & norms, locations, groups and departments, business zones, etc. Basically defining the thee main axes : Organizations, Geographies, Standards used in GRC reporting.

ESIS-Wiki:Organization

ISO Compliance

ESIS brings all the core processes to support an ISO 27001 ISMS and furthermore complies with ISO 27004, 27005, 19011, 31000, 38500.

ESIS-Wiki:ISO27001

Configuration

ESIS-Wiki:Installing
ESIS-Wiki:Updating
ESIS-Wiki:Global_properties
ESIS-Wiki:AD_AUTHENTICATION

Administration & Monitoring

ESIS-Wiki:ADM_PROCEDURES
ESIS-Wiki:Monitoring_Nagios

FAQ

ESIS-Wiki:Installing-FAQ

Misc.

ESIS-Wiki:Probe_Msde
ESIS-Wiki:Flash-Debug
ESIS-Wiki:Info_Logrotate
ESIS-Wiki:Info_LogUnix

Links


Retrieved from "http://www.consulare.ch/apps/mediawiki/index.php5?title=Main_Page"
Personal tools