How does SecurityProgram.io work? How are we different?
There are a slew of security and compliance tools out there. We think we're different.
For one, we start with the idea that a regular person (not a security expert) has to be able to build a program with our tool.
For another, we blend a technology based solution with expert support and services to ensure our customers success.
Finally, and most importantly, we keep our customer's goals at the forefront of everything we do.
There is no one technology solution you can buy or implement to get security. Our platform recognizes that and provides an intelligent blend of process and technology to help you keep your company safe and meet customer security expectations.
Standards Aligned Policies
Your security program begins with reviewing and adopting security policies.
We built the simplest possible policies that adhere to NIST 800-53 and work for smaller tech companies with primarily a cloud based presence, SaaS based tooling but also resource constraints and rapid process changes.
We cross reference our program activities to other standards including NIST CSF, CIS 20, ISO 27001, SOC 2 TSC, and CMMC to make sure you get credit for the work you do either with customers or with your management team.
SecurityProgram.io Policy Management
Experience has shown that this approach allows companies to move fast while making pragmatic security improvements that both improve security and demonstrate alignment to standards that customers trust.
A robust security program must include security training. Not only must we provide training, but we need to track it to prove that it has been done.
With securityprogram.io we provide a variety of training for your entire team. This includes universal Security Awareness Training, developer trainings around the OWASP Top 10 and AWS Cloud Security, Threat Modeling and policy specific training to help customers implement each security policy.
The training is all video based and delivered by industry experts, like Matt Konda, our CEO and former Chair of OWASP.
Automation and Tools
We seized opportunities to make key complicated security activities easier and more accessible by automating them in the tooling.
- Tracking Customer Questionnaires
- Network Scans
- Automated User Audit (Google, Azure, AWS and Github)
- Risk Register
- Vendor (3rd Party) Tracking
A lot of the magic of securityprogram.io comes out when a client goes through a rigorous third party review and realizes they've done all of the hard things the client asked for. Often, they tell us how relieved they are!
This is possible because we did the hard work of mapping out tasks you need to do to implement a program. We also broke them into Rounds, which provide a more digestible sequence of work stages. Things you need to do periodically automatically pop up at the right time to keep you on track. All tasks have descriptions that explain how to do them - for an IT generalist.
Finally, we mapped the tasks to different standards and made them fully searchable, exportable and assignable so that you don't have to worry about missing anything.
In any major initiative, we need to know how we are progressing and provide those updates periodically to executive management. The top level dashboard captures key progress metrics to ensure we stay on track.
Often, in addition to the general progress illustrated in the dashboard above, clients want to know where they stand related to other prominent standards. Below, we show an example where maturity against NIST-CSF is captured. This dashboard also supports detailed breakdowns for: CIS 20, SOC 2, ISO 27001 and CMMC.
This dashboard captures a deeper view of maturity that can be an effective communication to stakeholders and funding sources, like your board of directors.