Information Security Management System (ISMS) 2.4
As a comprehensive solution for managing risk, compliance, and security operations, the Cherwell ISMS mApp® Solution leverages Cherwell's Configuration Management Database (CMDB), Information Technology Service Management (ITSM) framework, and lifecycle processes to marry the capabilities of typical Governance, Risk, Compliance (GRC) tools with real-time operational benefits for Security Incident handling.
Platform Version Requirements: Tested on CSM version 10.2.0.
Content Version Requirements: Tested on CSM 10.2.0; ISMS 2.4 contains specific changes to work with the enhanced Event Management Business Objects within 10.2.0 OOTB content. If you have an older content version, you should download the ISMS 2.3 mApp Solution, available in the Customer Support Portal.
Available languages: English.
This functionality is only available after you apply the mApp Solution.
Cherwell Software's Information Security Management System (ISMS) mApp Solution serves as a:
- Governance, Risk, Compliance (GRC) Tool: Cherwell ISMS provides a centralized platform for organizations to assess risk and manage compliance against numerous authoritative sources.
- Security Operations Tool: Cherwell ISMS serves as an aggregation point where security analysts can assess security alerts and events of interest from multiple sources and take appropriate actions when necessary.
Cherwell ISMS can align security controls and policies across multiple industry standards such as International Organization for Standardization (ISO) 27001:2013, Health Insurance Portability and Accountability Act of 1996 (HIPAA), Payment Card Industry (PCI), and more. Downloading Cherwell ISMS is not a requirement for security industry standards and does not automatically make an organization compliant with security standards.
Cherwell ISMS provides the following benefits:
- Centralized tracking of and adherence to security and compliance policies.
- Analysis and mitigation of risks and employment of applicable controls.
- Streamlined audits, findings reports, and process for appropriate actions.
- Important data related to security events in a single platform for assessment.
- Rapid containment of any breaches and documentation of steps taken in a secure, need-to-know process.
- Integrated hand-offs between IS and IT.
Key Business Objects
The following are the key Business Objects associated with Cherwell ISMS:
- Security Incident
- Compliance (Corrective and Preventative Actions)
- Authority Documents
- Risk Assessment
Authority Documents, Citations, Controls, and Policies
Authority Documents: External contractual obligations, standards, regulations, or statutes containing security measures your company is required to comply with.
Citations: Detailed statements of compliance requirements from the Authority Documents.
Controls: Actions required to comply with Citations. Controls may be associated with multiple Citations or Policies.
Policies: How your company intends to comply with Controls (example: password complexity, password expiration interval).
How Cherwell ISMS Works
CSM provides Cherwell ISMS as a mApp Solution so you can effectively manage your security processes. Use the Apply mApp Wizard to apply the mApp Solution to your development CSM system, where the solution can then be viewed and published. After evaluating and testing the solution against the development system, apply it to your production environment.
For a list of items included in the mApp Solution, see ISMS mApp Solution Items.
Apply the mApp Solution
- Extract the mApp Solution .zip file to a location that can be accessed by CSM.
- In CSM Administrator, use the Apply mApp Wizard to apply the mApp Solution. For more information, see Apply a mApp Solution. Select the topic that matches your version of CSM.
While you publish the Blueprint, you may see a set of warnings in the Scan Results page concerning Security Groups and Roles. Select the Ignore Warnings and Continue check box and select OK to publish the Blueprint.
|mApp Version||Platform Version Requirements||Content Version Requirements||Prerequisites|
|2.0a||9.3.1 - 9.4.0||9.1 - 9.4.0; depending on your configurations, versions back to 8.2.1 may also be compatible.||If you have ISMS 1.1 installed, install the ISMSv2-prequisite mApp Solution first. This will change the name of the Control Object to Citations to prepare the system for ISMS 2.0 Business Objects.|
|2.1||Tested on 9.7.0||Tested on 9.7.0; ISMS 2.1 may not be compatible on content versions older than 9.7.0, but as with all mApp Solutions, it should be tested on your customized system.||If you have ISMS 1.1 installed, install the ISMSv2-prequisite mApp Solution first. This will change the name of the Control Object to Citations to prepare the system for ISMS 2.0 Business Objects.|
|2.2||Tested on 10.0.0||Tested on 10.0.0; ISMS 2.2 may not be compatible on content versions older than CSM 9.7.0, but as with all mApp Solutions, it should be tested on your customized system.||None|
|2.3||Tested on 10.0.0||Tested on 10.0.0; ISMS 2.3 may not be compatible on content versions older than CSM 9.7.0, but as with all mApp Solutions, it should be tested on your customized system.||None|
|2.4||Tested on 10.2.0||Tested on 10.2.0; ISMS 2.4 contains specific changes to work with the enhanced Event Management Business Objects within 10.2.0 OOTB content. If you have an older content version, you should download the ISMS 2.3 mApp Solution, available in the Customer Support Portal.||None|