Skip to content

Keeping Safe

Security and assurance are ongoing and collaborative processes. They are used to protect the integrity of the systems that support the business to provide, for example:

  • trust in its business operations,
  • the prevention of data breaches, and
  • the protection of sensitive data.

The term system is used here in its broadest meaning, in that it includes the collaboration of people, processes, and technology to operate the business.

Egeria's Keeping Safe solutions aim to provide transparency from system design through to implementation and operation, helping to engage key people in the ongoing process of improving the safety, security, and privacy of the systems used by your organization. In addition, they help develop practical steps to handle such a situation if an unfortunate event occurs, and capture the information needed to reduce the chance of it happening again.

  • Assessing a new regulation helps to extract the key information from a regulation and create a model of its contents to first help key people understand its requirements and then build a definition of how the organization is going to meet its requirements and monitor its compliance.
  • Defining the Security Strategy describes how to lay out your organization's approach to security making use of standard definitions from security experts and their recommended best practices.
  • Threat Modelling helps to understand the risks that an organization faces and how to prioritize, mitigate and monitor them.
  • Incident Management helps to manage incidents that occur in the organization and ensure that they are handled in a timely and effective manner whilst collecting appropriate data for later analysis and improvement.
  • Proactive Cataloguing helps to ensure that the organization's assets are properly catalogued and that the catalog is up to date from the moment a new IT capability is deployed.
  • Auditing Users helps to ensure that users are properly authenticated and authorized to access the organization's systems and data.
  • Distributed Secrets helps to ensure that secrets are properly managed and distributed across the organization's systems and that they are properly protected.

Before you begin

An organization's security is not the act of a single security team, nor is it provided by the presence of security software, although both play their part. To use a cliché, security is everyone's business. So the aim of a security program is to raise awareness that everyone's actions matter. Anyone can compromise security through careless management of passwords, missing a software test case, failing to upgrade a software package, etc. Secure practices and feedback need to be provided to all employees and external partners.

Egeria's security and assurance solutions provide comprehensive information gathering, linking, analysis and reporting. This helps in the awareness and coordination of security practices between people and security tools. It is important to also engage security experts who bring experience to the table. Their role is to help frame the security strategy, provide guidance on the most effective approaches to mitigate the risks that an organization faces. Organizations such as OWASP provide a wealth of information on security and assurance. Their material is quoted in the solution descriptions, where appropriate. It is built from deep experience. By following their guidance, you can eliminate the majority of threats, leaving your teams more time to focus on aspects of security that are unique to your business.

Key personas

  • Ivor Padlock - Security Officer - responsible for the security and assurance of the organization's systems and data.

Examples showing how to use Egeria's security and assurance solutions

Raise an issue or comment below