Align Matters Launches Cybersecurity Management Built on the CIS Controls
Align Matters Launches Cybersecurity Management
Align’s Cybersecurity Management pre-builds the CIS Controls into a single, collaborative SaaS platform. It enables corporations to easily and collaboratively connect all teams to create a comprehensive plan to achieve and maintain continuous compliance against the CIS Controls. The platform maps and provides a collaborative and secure environment to achieve and maintain compliance with key cybersecurity frameworks, such as ISO 27001/27002, NIST, HIPAA, PCI-DSS and SSAE 16. Align runs on Microsoft’s secure Azure cloud.
About the Tool
Alan Nathanson, Align Matters’ CEO and CTO explained that the challenge for most corporations today is not the lack of point-solutions or services to address specific security and compliance challenges: there are many products and consultancies, be it information asset inventorying, threat detection, data encryption, access controls, antivirus, employee training, policy development, etc. Mr. Nathanson said, “Align does not seek to add yet another cybersecurity tool to this crowded space. We’re helping organizations simplify and organize compliance requirements.”
Instead, Align meets the challenge corporations struggle with the most: how do you effectively manage cybersecurity and readily demonstrate compliance? How do you bring together and enable the multidisciplinary team – business leadership, security, compliance, IT, HR, operations, in-house counsel, outside counsel, and consultants – to work collaboratively, transparently and effectively to plan, develop, track, maintain, and report on the entirety of your cybersecurity and compliance programs in one place? How do you ensure that the organization knows whether continuous compliance has been achieved, on time, on budget, and on spec?
How do you protect against cybersecurity threats without disrupting business innovation and growth? Align’s Cybersecurity Management allows companies to comply with the California Attorney General’s Data Breach report which stipulates that companies that hold personal and personal health information about customers or employees must implement the CIS Controls.
“Align does not seek to add yet another cybersecurity tool to this crowded space.We’re helping organizations simplify and organize compliance requirements.”
– Alan Nathanson,
CEO and CTO,
Companies use Align’s Cybersecurity Management to evaluate and determine which CIS Controls and sub-controls are critical to their business requirements and operations. Align then automatically pre-builds all of the requirements, planning, budgets, activities, and data requirements for all of the teams responsible for deploying and auditing each control. Data, analytics, and “evidence capture” are generated in real time, not only from the CIS Control but also from all of the tools monitoring and managing security requirements. Dashboards allow team leads and business management to continuously monitor cybersecurity status, budgets, and operations to receive and respond to alerts and provide real time responses to their customers and/or regulators or law enforcement in the event of a breach.
Companies require “evidence” of events, actions, planning, status, alerts, and remediation to make decisions, fine-tune planning, rapidly respond to threats, and to provide detailed reporting to auditors, regulators, and law enforcement. Align harvests evidence from its interlocking framework. Evidence is not limited to the CIS Controls.
Align harvests “evidence” from four sources, explains Mr. Nathanson.
- Project Management: The tool builds every control, standard, incident-response, and governance requirement into a multidisciplinary team project. As every person working on the project does and logs their work, they generate “evidence” – demonstrating the workflow, status, handoffs that are the first line of investigation by regulators, FBI, etc.
- Manual: Companies generate documents, e.g., system documentation, network topologies, policies, education manuals, certifications, procurement RFPs, product evaluations, risk committee sign-offs and approvals, communications with regulatory agencies, etc. The metadata from these documents generate data including a date and time stamp for every step in the document workflow, electronic signatures, management sign-offs, approvals, etc.
- Automated: Data outputs from the security software tools each company deploys. Align captures and compiles these data as “evidence” in the dashboards for each control and in the overview management dashboard.
- Analysis and decision-making: The incident reports and alerts from the automation source, above, must be evaluated and decisions made based on severity. Align pulls the incident report and alert into an incident and response project that assembles the right team to evaluate the incident, provides the data, and then provides them the four-level NIST severity scale for determining responses. That action generates “evidence.” The severity level they choose (more “evidence”) kick starts a set of actions and timings for multidisciplinary teams. The work they perform is captured and logged as “evidence.”
Using data analytics assessments, the tool scores from the evidence using algorithms that score the business objectives and risks. The company must define its objectives and the importance of the threat for each control or project using available templates. The choices an organization makes in the templates invoke the algorithms to help guide decision-making.
About Align Matters
About Alan Nathanson
Alan Nathanson has been in the legal and technology industry for over 20 years. He created products for Thomson Reuters and founded Align Matters in 2012. Along the way, he obtained two patents: Predictive Modeling System and Method for Generating a Project Plan and Budget and System, Method and Apparatus for Planning and Managing Engagements.