Consul Unveils GLBA and ISO 17799 Compliance Management Modules for InSight 5.0

Business Wire, June 28, 2004

HERNDON, Va. -- Enhanced InSight Enforces Audit and Compliance Through Policy-Based Monitoring and Detection

Consul risk management, Inc., the worldwide provider of security audit and compliance solutions for the enterprise, will unveil this month two new Regulatory Compliance Management Modules, GLBA and ISO 17799, to improve and extend the functionality for its new Consul InSight Security Manager(TM) 5.0 (Consul InSight(TM) 5.0) product suite. These are new additions to a family of Modules that already includes capabilities vital to compliance with Sarbanes-Oxley regulations. Consul is currently developing Modules for the HIPAA and Basel II regulations.

Each Regulatory Compliance Management Module is an integrated add-on to Consul InSight. In addition to performance enhancements and a new look and feel, new features include a regulatory management resource center, asset classification and security policy templates, incident tracking capabilities and report options specifically designed to accelerate compliance with GLBA and the ISO 17799 standard.

"Blaming a breach of security on products that have failed won't cut it. Businesses must deploy 'best practice' measures in order to avoid paying out millions of dollars in damages or going to jail," said Pete White, senior infrastructure security analyst at NiSource, a Fortune 500 holding company in the energy industry. "It is imperative for us to be proactive and implement compliance solutions now; we cannot wait until the regulations are mandated. With ISO 17799 as the model for any new regulatory requirements in our space, using Consul's Compliance Management Module gives us a clear understanding of our current security landscape and what we need to do before it gets too late."

The Force of the Regulations

The Financial Services Modernization Act or GLBA focuses on protecting personally identifiable financial information. The Act is designed to insure the security and confidentiality of customer records and information; to protect against any anticipated threats or hazards to the security or integrity of such records; and to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.

ISO 17799 guidelines recommend that organizations identify system components that warrant logging, determine the level of data logged for each component and establish policies for securely handling and analyzing log files.

"A landslide of regulations, corporate governance initiatives, audits and security threats require organizations to consider more detailed auditing of actual user and file activity to determine who touched what data and if that action violated policy," said Joe Sander, president and CEO at Consul.

"With the introduction of these additional Regulatory Compliance Management Modules for Consul InSight, Consul makes the process of demonstrating compliance easy for organizations by offering audit trails, incident response and compliance reporting. Consul has the only security audit and compliance solution that acts like a security auditor to streamline policy and regulatory compliance efforts," added Sander.

Key Features and Benefits of the Compliance Management Modules:

--A Compliance Dashboard displays an easy-to-understand, color-coded matrix highlighting degrees and level of compliance based on user behavior and data access.

--Incident Tracking Capabilities denotes a compliance breach for further investigation, improving the ability to track and resolve incidents.

--Resource Centers help facilitate compliance and provide information on each regulation or standard and how to use Consul InSight for compliance.

--Classification Templates enable quick classification of an enterprise into compliance-relevant categories from which to report.

--Policy Templates recommend baseline policies for who should be allowed to access specific information and what they can do with it.

--Audit Enablement Guides provide specific advice on how to adjust the logging and audit settings in an enterprise to enable proper access monitoring.

--Report Centers provide more than 100 auditor-ready reports for monitoring compliance to each regulation or standard and understanding who touched what across the network.

"Confronted with the international web of regulations, senior management might be tempted to forgo compliance. However, the repercussions of Wall Street, public image degradation, regulatory fines, and potential civil and criminal liability are not attractive," said Mike Rasmussen, principal analyst, Forrester Research, Inc. "Furthermore, business integrity, stakeholder value and the public trust are jeopardized when the spotlight of noncompliance flashes on an organization. Under this pressure, executives and the board tremble. It is their duty to see that the organization meets its compliance obligations."

Pricing and Availability

Consul InSight Compliance Management Modules for Sarbanes-Oxley, GLBA and ISO 17799, are available this month. Pricing will start at $40,000 per license. The subscription fee will include updates to the Module to ensure that it reflects any changes in the associated regulation.