A.12 Information systems acquisition, development and maintenance

A.12.1 Security requirements of information systems

Objective: To ensure that security is an integral part of information systems.

A.12.1.1 Security requirements analysis and specification

Control

Statements of business requirements for new information systems, or enhancements to existing information systems shall specify the requirements for security controls.

Lumension Risk Manager provides a comprehensive view across hundreds of global regulations, mandates and internal policies improving the efficiency of controls and reducing risk. 

Lumension Risk Manager provides the capabilities to:

• Align business interests (sales and manufacturing processes, etc.) with IT assets (servers, workstations, applications, etc.), compliance regulations and control frameworks
• Define and model unique risk profiles across your IT assets
• Automate the gathering of compliance and IT risk assessment asset data through integration with Lumension and third party tools (i.e. vulnerability scanners, etc.)
• Benchmark risk assessments against IT control frameworks
• Report on risk,, compliance and remediation metrics across an entire regulation or internal mandate
• Prioritize potential risk by correlating IT assets to critical business processes