SecureInfo Selected to Present on Automating Information Security Compliance at the New York ISSA Seminar Sponsored by Ernst & Young

Business Wire, Jan 12, 2005

SAN ANTONIO -- Steve Kiser, SecureInfo President and CEO, will Present on Establishing a Centralized Information Security Baseline as the Foundation for Managing IT Risk Management

SecureInfo Corporation, a recognized leader in delivering information security compliance and managed security operations solutions, announced today, that Steve Kiser, President and CEO of SecureInfo, will present at the New York ISSA (Information Systems Security Association) Seminar, on Tuesday, January 12. This presentation will illustrate the importance of establishing a standardized program to demonstrate compliance, and using the compliance baseline to continuously assess and test the effectiveness of security controls in order to improve an enterprise's security posture.

Today's CISO and other IT security professionals are faced with the challenge of managing and demonstrating compliance along with monitoring and maintaining the day-to-day IT risk management objectives. In the past, most organizations have viewed compliance as a one-off project in order to satisfy management, auditors and regulators. However, due to recent regulatory changes information security compliance is now mandated to be integrated as an ongoing process with IT security management. Regulations such as Sarbanes-Oxley, GLBA and HIPAA require significant process changes for managing information security compliance.

Without automation the information security compliance lifecycle is a difficult process to manage and document. Organizations will burn excess resources, produce inconsistent results, redirect time and money away from critical projects, and create a decentralized data environment to manage and report. Additionally, acquisitions and mergers introduce new people, processes, and technology that must be integrated and measured against the compliance baseline. Many organizations remain fragmented in their compliance hierarchy and are challenged with the demand to facilitate compliance across the enterprise. Requirements cross different parts of the organization and require collaboration and monitoring of compliance from a central location.

"A well-defined and implemented information security compliance program which is integrated into the security architecture allows IT security management the ability to align and measure information security to compliance objectives with the ability to make more informed security decisions and effectively manage risk," said Steve Kiser, President and CEO of SecureInfo. "An automated solution will not only streamline and standardize the compliance program, it will also allow periodic assessments for ongoing compliance in order to test security controls and provide gap analysis reporting for any system change, regulatory updates and both new process and technology vulnerabilities."

RMS(TM) (Risk Management System) - Automating Information Security Compliance

The RMS software solution integrates industry's most comprehensive set of information security compliance requirements and test plans with a workflow tool tailored for the risk assessment process. RMS's compliance architecture maps the compliance program across multiple mandated regulations (Sarbanes-Oxley, GLBA, HIPAA, FFIEC, ISF, ISO 17799, BS 7799, NIST) eliminating ambiguity with actionable content that addresses what should be done to be compliant, how to demonstrate compliance, and how to maintain controls. By delivering actionable requirements and tests plans within the product, RMS drives adoption and reduces costs within the organization with consistent, repeatable, and measurable results.

About SecureInfo Corporation

SecureInfo provides solutions that protect critical information assets. The Company is a leading provider of managed security solutions, information security compliance software and Information Assurance consulting services to commercial and government enterprises. An Inc. 500 Corporation, SecureInfo is recognized as one of the top 10 providers of Information Security Solutions to the Federal Government. Additional information is available at www.secureinfo.com.