Information Security Governance
Entrust Solutions and Professional Services
Implementing an Information Security Governance (ISG) program can deliver tangible benefits to an organization beyond simply legislative compliance, including:
- improved internal processes and controls
- reduced audit and insurance costs
- market/competitive differentiation as perceived by a commitment to continuous governance review and improvement
- self-governance as a better alternative to regulation
To realize these benefits requires the help of a trusted advisor with the right leadership and technologies to do the job.
Entrust is an acknowledged leader in delivering Identity and Access Management solutions and professional services that support the information security requirements set out by the multitude of global government regulations around Corporate and Information Security Governance.
Entrust ISG Quick Start Program
Entrust began its own Information Security Governance program in early 2003, and has been working with the U.S. Federal Government and industry associations to develop a methodology for self-assessment, remediation and reporting suitable for organizations of all sizes. As the framework evolved, so too did Entrust's self-assessment program, offering an opportunity to field-test the concepts and guidance.
Along the way, a number of valuable lessons have been learned. To help organizations capitalize on these best practices, Entrust developed a three-day ISG Quick Start Program.
Using the framework as guidance, experienced Entrust professional services consultants will work with the customer to complete an initial assessment of information security practices within selected business segments. Initial findings will then be presented to C-level executives to help them develop more comprehensive corporate-wide ISG policies, and implement ISG as a continual improvement process.
Overall, the Quick Start exercise is geared to helping customers:
- understand the value of ISG
- interpret the content of the Corporate Governance task force's ISG framework
- implement a self-assessment process that is in line with ISO 17799 standards
- drive awareness/acceptance of Information Security Governance as a corporate responsibility
For more information on the Entrust ISG Quick Start program, have an Entrust representative contact you. 
Entrust Solutions
Entrust delivers a suite of solutions that collectively provide the strong security functionality required for organizations to more confidently:
- know who they are dealing with, by managing identities and access rights for large numbers of users both inside and outside the organization;
- protect privacy and confidentiality of online transactions and messages to lessen the risks of unauthorized access to or theft of sensitive personal and business information; and
- enforce information security policy through centralized control and audit of who has access to what information, and how they are using it.
Identity management
- secure one-step process to add and remove users streamlines access control across large user populations and can help reduce the risk of errors that may lead to unauthorized access, theft or fraud
- workflow capabilities allow mandatory corporate approval processes to be enforced and audited
- Entrust Secure Identity Management Solution provides secure centralized user provisioning, workflow, audit and user self-service
Strong authentication
- strong user authentication enables a user population that is accountable for each transaction and data access request
- Entrust Secure Identity Management Solution delivers Web and enterprise authentication using a broad range of identity types, including user name/password, SAML, Microsoft Passport, and digital certificates stored on a user's computer or smart card, USB token or biometric device
- Entrust Secure Data Solution strongly authenticates user access to encrypted files, folders and e-forms
- Entrust Secure Messaging Solution strongly authenticates user access to e-mail messages
Policy-based access control
- centralized access control management protects sensitive data and applications against unauthorized use
- Entrust Secure Identity Management delivers Web and enterprise authorization, and extends to Web services via standards like SAML
Data encryption (in transit or at rest)
- end-to-end encryption enables protection of data at all stages of the data lifecycle process
- Entrust Secure Data Solution helps protect sensitive data either stored on PCs/laptops, servers and databases, or 'in transit' via standard Web and file transfer mechanisms
- Entrust Secure Messaging Solution enables e-mail messages to be encrypted both in transit and while at rest on e-mail servers or in end-user inboxes and outboxes
- Entrust Certificate Services provides Web server SSL certificates to enable basic encryption between Web browsers and Web servers
Digital signatures
- digital signatures help protect the integrity and authenticity of online information and transactions
- Entrust Secure Messaging Solution enables users to digitally sign e-mails to confirm the integrity of messages and attachments exchanged over the Internet
- Entrust Secure Data Solution enables digital signatures for e-forms to create a record of accountability
Audit
- maintaining records of all transactions and approvals provide organizations the internal controls they need to satisfy strict auditing and policy management requirements outlined in many regulations
- Entrust Secure Identity Management Solution provides administration and auditing capabilities through a centrally managed secure system, helping organizations to view and log user activity as they access multiple business applications
- all Entrust security solutions provide centralized session management that controls user sign on and provides activity logging
For more information on how Entrust solutions can help you facilitate compliance with regulations, have an Entrust representative contact you.
Find out how Entrust solutions can help you facilitate compliance with the Sarbanes-Oxley Act.
