RVision

RVision is an information security management system.

On November 11, 2013 the ISM Systems company announced completion of rebranding of the RVision system.

Description

The RVision system is intended for information security management and helps to solve problems of planning, assessment and control over a status of information security and compliance to regulatory requirements.

Four modules which provide automation of certain processes are a part of the solution:

• information security risk management,
• audit of cybersecurity on compliance of requirements for information security of the Bank of Russia (Provision 382-P, service station of BR IBBS),
• information security incident management

Risk Manager

The module implements risks assessment of information security according to requirements of the Russian and international standards (service station of BR IBBS, ISO, PCI DSS, OCTAVE, NIST).

Risk Manager helps to make model of threats, to create the plan of processing of risks, to prove the budget on information security depending on the level of risks. In a system can work at the same time several users. The module provides the centralized information storage with a possibility of export/import of results of assessment.

For November 11, 2013 a system provides unloading (the list is replenished):

• list of data assets;
• "Data Assets — Environment Objects" list;
• "Environment Objects — Data Assets" list;
• protocol of an approval of criteria for evaluation of risks of cybersecurity;
• summary risk register cybersecurity;
• the detailed risk register cybersecurity;
• plan of processing of risks of cybersecurity.

Incident Manager

Information security incident management, maintaining the centralized base of incidents and preparation of the reporting under incidents are undertaken by Incident Manager.

The module manages incidents of the information security and information analysis relating to an incident. It will help:

• automate process of identification and registration of events and incidents of cybersecurity;
• accelerate a response time on the taken place events;
• provide fast elimination of effects of implementation of an incident;
• organize and control response to cybersecurity incidents;
• carry out the analysis of origins of incidents of cybersecurity and create offers for decrease in number of similar incidents.

NPS Auditor

NPS Auditor carries out conformity assessment to requirements of Provision of the Bank of Russia No. 382-P and preparation of the reporting under information security.

NPS Auditor supports simultaneous operation of several users, provides the centralized storage of all information about a possibility of export/import of results of assessment (KliKO, PTK design and estimate documentation).

Audit Manager

The module implements audit of cybersecurity on compliance to requirements of service station of BR IBBS (the standard of the Bank of Russia on information security). It is a free online service for independent assessment by banks of information security on compliance to requirements of service station of BR IBBS-1.0.

Possibilities of service:

• make the program of a self-assessment and audit;
• define the structure of the working groups;
• make the register of all necessary certificates;
• estimate indicators of compliance to requirements and calculate the final level of compliance;
• prepare the documents necessary for the reporting under results which is carried out self-assessment/audit.