SECURITM Information Security Management Service

The main articles are:

• IT Service Management (ITSM)
• RPA (Robotic process automation)
• SaaS - History. Philosophy. Development drivers

No. 11924 in the Register of domestic software

2024: Appointment. Composition. Key features

SECURITM is a universal tool for corporate information security services that allows accounting, control and automation of all organizational processes important to information security services in one system. Instead of disparate applications, tables and documents, information security employees can use a single platform to monitor and enforce security rules and procedures. These are SGRC, VM, IRP, ITAM, RPA in one bottle, developing Community on the principle of openness and accessibility for each Information Security Service.

SECURITM

SECURITM consists of modules (as of March 2024):

• Asset management (ITAM, Information technology asset management)
• Risk management
• Compliance
• Management of protective measures
• Technical Vulnerability Management (VM)
• Task Management
• Surveys and Applications
• Process automation (RPA, Robotic process automation)
• Metric management

For companies, SECURITM ensures business continuity and reduces the cost of dealing with security incidents by:

• reduces up to 40% of leaks and violations by increasing the efficiency of processes and eliminating the human factor in information security;
• Layoffs and changes in the information security service do not lead to degradation of the information security system;
• All information security work is transparent and understandable thanks to reports and metrics;
• The validity of human and financial costs is assessed.

SECURITM information security services allow:

• Move away from disparate Excel spreadsheets and non-specialized systems;
• Maintain control and accounting of ISDS, CII, GIS and any related assets, combining them into digital models;
• Automate up to 90% of routine processes and operations;
• Reduce up to 70% of the time to collect information from employees and counterparties;
• Automatically assess and monitor compliance with any regulatory and regulatory requirements;
• Integrate with enterprise systems;
• Launch a risk-based approach from scratch in 5 minutes.

Features of use:

In the Asset Module, you can record and manage various entities, from servers to logs to business processes. More than 200 types of assets (registries) and the ability to create their own types, endowing them with any attributes and properties, including links to other objects. Assets can be linked to the digital model of a company, displaying it on the graphs of connections, automate behavior in asset management using the RPA constructor, and form your own metrics for assets and their parameters. The asset module is well suited for logging, such as CIPF or Security Incident Logs (IRPs). Data can come to SECURITM through direct integrations, via APIs, or through files.

In the Risk Management Module, you can create registers and risk management plans, define the assessment methodology and criteria, and create registers of current security threats. Risk assessment can take place either manually or automatically, changing after changes in metrics and technical indicators. NOS and infrastructures FSTEC MITRE ATT&CK bases are connected.

The Compliance Module contains the largest public database of information security documents, divided into requirements and related to each other. By assessing compliance with one standard, SECURITM indirectly assesses dozens of other documents, due to the correlation of similar requirements from various documents with each other. There are percentage and ballroom conformity assessments, the ability to conduct an assessment according to industry methods, for example, according to GOST 57580.2. Evaluation can be done in several ways, ranging from simple yes/no to automated assessment based on metrics and the state of the company's IT infrastructure.

The VM module is an aggregator of reports from security scanners. Infrastructure scanners Qualys(,,, Nessus RedCheck Nmap, OpenVas,,, 8 Kaspersky,) XSpider, MaxPatrol MaxPatrol VM web application scanners (OWASP ZAP), perimeter scanners (Scan Factory), cloudy infrastructure scanners (Cloud Advisor), code scanners (,, etc.). AppScreener Snyk Vulnerabilities are prioritized, including according to the FSTEC Methodology, Russia convenient for analysis dashboards and decision-making on management. Tasks are formed to eliminate vulnerabilities - in your own SECURITM task module or in third-party systems (for example). Jira

In the RPA Module, you can form automation processes in the designer that start when changes in the system or on a schedule, which allows you to remove part of the routine from the Information Security Services. For example, you can run a third-party script when a critical vulnerability appears in the infrastructure, or start the process of familiarizing a new worker with security documents.

In the Protective Measures, registers of all activities of the Information Security Service are maintained, projects, work plans and reporting are formed. Protective measures affect the magnitude of risks and the level of compliance.

Through the Survey Module, you can update asset cards (for example, IDMS or OKII) from their owners, conduct a compliance assessment (for example, as part of the supplier safety assessment procedure), train employees, and collect feedback. There, in the application module, you can build a Service Desk portal through which users will apply for access or report the detection of security incidents.

The metrics module is a constructor in which you can create dashboards for various information security indicators. There are several ways to collect data (telemetry) to form metrics - and manual options through user surveys and automatic, when data is collected through direct and custom integrations, and metrics are formed on their basis according to given formulas. In case of violation by metrics of specified thresholds, tasks can be automatically generated, safety risks and compliance level can be reassessed.

Key features of the system:

• Swiss All In One knife for multiple security processes
• Suitable for any industry and tasks - PD, CII, GIS, SUIB, CIS, 57580
• Largest Public Adjusted Regulatory Base to Conduct Compliance Assessment
• A ready-made public base with draft risks and protective measures
• Clear pricing and open price right on the manufacturer's website
• The product has a free Community version.
• There are also SaaS and On-Premise delivery options
• Releases with feature updates every week
• Ready-to-use direct integrations with enterprise systems and endless integrations via universal connectors (APIs and files)