Security managers need to know what we have, where it is, what risk it has, and who is doing what to it.
It’s not always possible to harden every system to a high level, or turn on logging on every drive. Knowing what information is inherently risky, and where it is, means we can focus our efforts on that data and those systems. We may find information that needs to be moved or deleted, or systems that should be better secured. As well as these preventative controls, we need detective controls, to identify any breaches that happen so we can respond.
My focus is on the risk profile of the enterprise – I need to know where our risky information is, and what happens to it.
How we help
Castlepoint is your comprehensive information security solution. It helps you comply with the Cyber Security Principles:
- Govern: Castlepoint indexes the entire network to find sensitive and classified information, and records subject to secrecy provisions under law, even where they do not have appropriate metadata. It creates an information asset register of the enterprise so you know the content, risk, and value of all systems. It shows you what can be lawfully disposed of, helping reduce your risk.
- Protect: Castlepoint helps you determine the risk of each system so you can apply appropriate confidentiality, integrity, and availibilty controls.
- Detect: Castlepoint captures events from every system into a single dashboard, and reports and alerts on exceptions to policy.
- Respond: If you experience a breach, Castlepoint can quantify the impact in civil and criminal penalties, report on affected data and entities, and help you plan your response and recovery.