Secube
What is SeCube?
SeCube GRC is a security, risk, compliance, audit, and business continuity management software that can be modularly integrated in a single framework. Its purpose is to provide the integrated support of the security-related analysis, design, and maintenance processes in the company’s various divisions, thus creating a solution for the transparent and reportable management of security in the entire company.
Who is SeCube meant for?
SeCube’s target users include IT operations, the parties responsible for security and business processes, and the experts and managers in the fields of internal control and compliance. SeCube is able to manage companywide security-related activities of large number of users in various professional fields in a single system.
What solution does SeCube provide?
The SeCube GRC system can be used to develop and illustrate your company’s operating model (resources, systems, data, processes), to evaluate operations along the lines of business impact analyses, to use risk analyses (information security, physical, human, and business) to manage risks, to plan IT and business continuity, and to manage internal audit and compliance analyses in a single modular system.
A review of functions and modules
Inventory
The resources recorded in the SeCube configuration database can be grouped in a hierarchical order, with relations specified. The database can be used to store the company’s organizational structure, site structure, technological and human resources, systems, services, data assets, data processing activities, and business processes, among others, and also supports the illustration of their diverse relationships to visualize the company’s operation model.
Governance
Besides the analysis and planning functions, the software is explicitly aimed at the permanent supervision and maintenance of the security management system. Reports and task management functions are used to support the tracking of ongoing responsibilities and tasks.
BIA – Business Impact Analysis
Surveys can be made pertaining to the material and immaterial damages resulting from possible threats to business activities / data / systems. Based on the impact analyses, resources can be grouped into CIA triad categories, and input can be provided to risk analysis and business continuity management tasks.
RISK – Risk management
The risk analysis connects the vulnerabilities and protective measures of all assets with the relevant threats. In the event of their occurence, cause and effect simulations are available to analyze the consequences and the resulting business damages. The different types (information security, human, physical, business, operation, ad hoc, project-based) of risk analyses in a number of different areas can be run concurrently, the results of which can be managed in a uniform approach in the interest of implementing and supporting integrated comprehensive enterprise risk management (ERM). Continuous risk management and reporting functions support the continuous management of the company’s risk-proportionate protection.
Compliance & Audit
Regular compliance assessments and audits can be carried out as per the various pre-defined international standards, security recommendations and legislation or own audit/requirement catalogs can also be compiled easily (e.g. security regulations, parent company requirements, internal audit requirements). The different compliance/audit analyses can run concurrently, and deficiencies can be managed with the use of integrated action plans with the possibility to generate detailed or even time machine reports.
BCM - Business continuity and IT recovery management
The BCM module is capable of handling both business continuity and technological recovery planning in a unified manner along the lines of common recovery time objectives (RTO, MTPD, RPO). Business continuity planning (BCP) can be used to provide replacement or workaround solutions to manage the downtime of resources that support business process (either technological, human, or facility-related). Detailed recovery and workaround plans can be carried out for technological resources, systems, and services in the course of disaster recovery (DRP) and service continuity management (SCM) planning. A flexibly developable recovery and scenario plans supported with draft boardlike functions can be created, which is continuously kept up to date in the business as usual period period using change management, review, and testing functions. Detailed plans can be exported in Word format with test reports. In case of an emergency, simulation tests help in the correct application of the plans.
GDPR
The data protection functions support the keeping of data processing activity, personal data, and incident records and the implementation of privacy compliance assessments and risk analyses (DPIA).
SeCube implementation
The SeCube system was developed by KÜRT Ltd., one of Hungary’s leading information security companies. The company’s decadeslong stable corporate background, paired with its extensive portfolio, guarantees the permanent and high quality professional maintenance of its software support services.
Since the modules are capable of individual operation, partial software application focused on specific use cases is also supported.
KÜRT Zrt. and its extensive SeCube Partner network provide implementation of the software.
Method of use
- On premise license, perpetual (without expiration)
- On premise license, rental
- Kürt Cloud service
Implementation in the order of complexity
- Practical training
- Initial data upload, turnkey delivery
- Implementation related professional project (risk,
compliance, BCM)
Manufacturer product support
The software is provided with active manufacturer product support (including support, development demand management, updates, ensuring compliance with laws and standards, access to SeCube Store, training videos, webinars), with the first year always included in implementation.
Technical details
- Multitenant framework, supporting multiple subsidiaries and
member companies - MS IIS + SQL, multi-node load balancing online architecture
- Role and responsibility-based privilege management
- Transaction-level application logging with recovery function
- Active Directory integration, SSO, two-factor authentication
- CMDB and E-mail integration
- MS Excel add-in interface (import/export)
