Security Governance Overview

What Is Security Governance?

Security Governance is an automatic security assessment and compliance governance platform. It provides the unified cloud service cybersecurity & compliance standard (3CS). It offers security governance templates to help you comply with PCI DSS, ISO 27701, ISO 27001, and more. It automatically checks your services against preset compliance policies, intuitively presents your service compliance status, and allows you to quickly download compliance reports.

Application Scenarios

Security Governance in SecMaster can help you easily assess how well your cloud workloads comply with applicable security standards, regulations, and laws. You will quickly find the gap, rectify issues, and get related certification faster. SecMaster provides security governance templates and compliance policy scanning services. The standard clauses in security compliance packs have been converted into check items. If you subscribe to a compliance pack, SecMaster can automatically check your workload compliance with check items in the pack and generate a report for you.

Features

Security Governance provides you with security governance templates and checks your services based on regulation terms in the compliance packs.

• Compliance Pack

  SecMaster provides security governance templates, including detailed terms, scan policies, compliance evaluation items, and improvement suggestions from experts. These templates covers PCI DSS, ISO 27701, ISO 27001, privacy protection, and other standards. You can subscribe to and unsubscribe from compliance packs and view results.

• Policy Check

  The compliance status of cloud assets is checked periodically through code-based scanning. You can view compliance risks on the dashboard, and obtain corresponding improvement suggestions from our experts.

• Compliance Evaluation

  Security Governance integrates regulatory clauses and standard requirements into compliance pack check items. You complete evaluation of your services using the compliance pack, and view evaluation results. You can also view historical results, upload and download evidence, and take actions based on suggestions from our experts.

• Result Display

  Security Governance displays the evaluation results and compliance status on the dashboard, including the compliance rates of the compliance packs you subscribed to, and the compliance rate of each term the regulations and standards, each security, as well as the policy check results.

Advantages

• Compliance as a Service

  Security Governance provides the unified Cloud Service Cybersecurity & Compliance Standard (3CS). It integrates regulatory clauses and standard requirements into your business and information technologies by providing various 3CS-based security governance templates.

• Improved Efficiency

  Security Governance opens security governance templates for you to be compliant with PCI DSS, ISO 27701, and ISO 27001, providing compliance policies and evaluation items. With your authorization, Security Governance automatically scans your cloud assets against compliance policies, and the service evaluation items help you quickly manage the compliance status. You can download compliance reports in few clicks.

• Intuitive Display

  Security Governance presents both the overall compliance information and requirement-specific compliance status on the dashboard. You can easily identify potential issues and take actions based on expert suggestions.

Process of Using SecMaster

Table 1 shows the process of using SecMaster security governance.

Figure 1 Process of using the security governance function