Public Relations

Asgent Announces the Functionality for Measuring the Effectiveness of ISMS to M@gicPolicyCoSMO, ISMS Establishing and Managing Tool

- Announcing the release of Ver.2.10 -

January 30, 2007
Asgent,Inc.

Asgent, Inc. (President & CEO: Takahiro Sugimoto, located in Nihonbashi, Chuo-ku, Tokyo), a pioneer of security solutions, announces the release of M@gicPolicyCoSMO Ver.2.10, an ISMS establishing and managing tool, which Asgent develops and distributes, and the addition of a new function to measure the effectiveness of controls selected and implemented to improve information security management system.

■ Background

The certification requirements for an Information Security Management System were first granted ISO status and issued as ISO/IEC 27001 in 2005, then granted JIS (Japanese Industrial Standards) status when they were issued as JIS Q 27001 in May 2006. Under these requirements, measurement of the effectiveness of selected and implemented controls or groups of controls had been added to the previous requirements. As a result, it has become necessary for administrators and management to judge the effectiveness of planned control targets (control objectives) by the extent to which they have been achieved by using controls. On the other hand, management of controls designed to reduce risk is made difficult by the fact that the types and combination of these controls differs depending on the information assets, and the methods used to measure these controls differs from organization to organization.
Therefore, there is a need for systems and tools that can be used to judge the effectiveness of controls or groups of controls that are designed to reduce risk, based on the implementation status of the controls and records showing actual achievement of control objectives.

Asgent realizes the importance of ISMS, and provides “M@gicPolicyCoSMO” as a tool to support establishing and managing ISMS. “M@gicPolicyCoSMO” is a professional tool, which effectively implements risk assessment such as risk analysis and risk evaluation of information assets and enables continual operation and management of the PDCA (Plan, Do, Check, Act) cycle for ISMS in coordination with management, security forum members, employees, partners, etc. M@gicPolicyCoSMO checks and judges whether or not the controls as selected by the organization are being implemented or not, based on multiple check lists. By recording the results of these checks in a database, it is possible to make comparisons on a chronological basis. Also, it is possible to measure the effectiveness of ISMS by considering the results of internal ISMS audits carried out, and the records of security incidents saved in M@gicPolicyCoSMO. These measurements are important information as input to a management review, and prove their worthiness when examining continuous improvements to ISMS.

■ M@gicPolicyCoSMO

Start of Sales: January 30th, 2007

Sales Target: 50 units/year

Price: Open Price

<< M@gicPolicyCoSMO Ver.2.10 main additional and enhanced functions >>

Addition of function to measure the effectiveness of controls

• Measurement of control effectiveness as required by ISO/IEC27001:2005/JIS Q 27001:2006 is possible, and the measurements can be compared by recording them in a database.
• By recording effectual measurement check lists for measuring effectiveness in a database, it is possible to accumulate “knowhow” (measurement check lists, measurement methods etc.) inherent in the organization.
• Samples of check items to measure the effectiveness of controls are included in the product.

Addition of function to measure the effectiveness of ISMS

• Effective utilization of measurement results of ISMS effectiveness.
• It is possible to measure the effectiveness of ISMS as a whole. The measurement results are important information as input to a management review, and prove their worthiness when examining continuous improvements to ISMS.
• It is possible to visually comprehend the improvement for selected and implemented controls that are ineffective as a result of evaluation by displaying the effectiveness measurement results of each control as data.

Addition of feedback function

• By reflecting the results of previous risk treatment (assessed value of threats and vulnerabilities following the treatment of risk) as carried out in M@gicPolicyCoSMO in following risk assessments, it is possible to manage the risk assessment results from year to year.

Enhancement of management function for threats and vulnerabilities

• It is possible to manage threats etc. that are particular to a specific industry by adding threats and vulnerabilities as defined by the organization to a predefined list created with expert oversight.
• Detailed risk classification can be performed by determining the impact of the risk, a combination of threats and vulnerabilities is related to a particular attribute of confidentiality, integrity or availability.

Other enhanced features

• Ability to add controls at any point within ISMS activities.
• Support for ISO/IEC 27002:2005/JIS Q 27002:2006 by information security audit items, which are useful for internal ISMS audits.
• Material to be used as input to a management review can be attached so that management review can be carried out more effectively.
• The utility “As-C Builder”, which imports the information of selected and implemented controls to information assets into M@gicPolicyCoSMO, is included in the product.

<< Specifications >>

[Server]

Hardware requirements

CPU	Intel Pentium III 1.3GHz or higher
Memory	512MB or higher (1024MB recommended)
HDD	500MB or more free space

Software Requirement

OS	Microsoft Windows Server 2003 Microsoft Windows 2000 Server (Service Pack 4 or higher, .NET Framework1.1)
Database	Microsoft SQL Server 2000 (SP3 or higher) Microsoft SQL Server 2000 Desktop Engine Release A (MSDE2000) or higher
Data Access	Microsoft Data Access Components（MDAC) (2.7 or higher)
Web Server	Internet Information Services (5.0 or higher)

[Client]

Web Browser

Microsoft Internet Explorer 6.0 or higher