The SeCube software Governance module is a software component that is capable of independent operation.

Besides the analysis and planning functions, the software is explicitly aimed at the permanent supervision and maintenance of the information security management system.

BIA – Business impact analysis

Potential damage impacts due to business process, system or data asset failures can be assessed based on material and immaterial assessment standards for the company. The impact value of all your assets can be classified on the basis of this analysis.

BIA assessment methodology: The business impact analysis can be used for the analysis of status change in all three information security aspects:

  • damage in availability – over any period of time,
  • damage in confidentiality,
  • damage in integrity.

The software supports the performance of the business impact analyses from the aspect of data, business processes, or IT service. The scope of resources to be included in the impact analysis can be flexibly set.

Flexible parameterization of damage effects: The Damages table can be flexibly defined: the level of damages and the aspect of damage effects (material damages, damages to goodwill, legal consequences, personal injury, etc.) and their textual interpretation can be fully tailored to the company and its environment. Public administration (Information Security Act), market, and GDPR-specific damages table templates are also available.

BIA analyses: Based on the compiled methodology, the business impact analysis can be carried out by the designated responsible users.

BIA reports and results: The BIA analysis results are inherited along the lines of Inventory dependency relations, and they can be sorted into lists and are used for numerous other functions:

  • Resource classification
  • Identification of the vulnerability of certain asset elements, with a display of time
  • Finding faults with the biggest impacts
  • Consequences of simulated events
  • Risk analysis effect data
  • BCM recovery time objectives (RTO, MTPD)
Resource CIA classification

Resources can be classified according to customizable CIA security levels. Classification may be manual or based on parameterizable rules calculated on the basis of BIA results.

Document management

The SeCube document management function can be used to order, label, and review the documents uploaded in other software functions. An own document database can be developed for the company’s information security management system.

Task manager

An integrated task manager function supports the reviewing and management of the tasks and measures not included in the software’s other modules and functions, and also supports the creation of new tasks. They allow the overview the one-off, permanent and periodical tasks in the information security management system. Email notifications can be set for responsible persons and executors of the various task types.

Historical records of security and data protection incidents

The historical incidents records can be tailored, with status monitoring. 

Recording and management of security exceptions

Security exceptions are temporary states of deviation from the security requirements of the organization (e.g. providing temporary access for developers to live systems). Records can be kept of exceptions and permissions can be managed, with email notifications for any upcoming expiries.

Multiple inventory management

The software supports the use of one Inventory as well as providing independent Inventories to each module. The version and reconciliation management of these independent Inventories is supported by Inventory version management.