IronSphere Survey
How do you STATUS AUDIT your legacy infrastructure?
A 3rd party product.
The system produced reports.
3rd party annual assessment.
We do not perform Status Audit.
How frequently do you STATUS AUDIT your legacy?
Every day
Once a week
Once a month
Once a year
Does this frequency align with the applied laws and regulations?
Yes, our business performs in a regulated market.
Yes, our business does not perform in a regulated market.
No, but our business performs in a regulated market.
No. we are not performing in a regulated market.
If a 3rd party tool is used, which one is it?
IBM zSecure
CA Auditor
What are the monthly hours invested in STATUS AUDIT?
1-10 hours
11-30 hours
31-60 hours
More than 60 hours.
How readable are the reports you use?
Contains just what I need to identify the risk
Too much information, need to separate the wheat from the chaff
if no finding, still need to read the report
Do you enforce security framework?
Yes, we use NIST SP 800
Yes, we use ISO 27000
Yes, CIS benchmarks
your organization sector
Government and public sector
Have you heard of ISCM concept (Information Security contiguous Monitoring)?
Yes, but not used it
Yes, we use it.