SOURCE: TraceSecurity


October 03, 2012 08:17 ET

TraceSecurity Introduces Industry's First Cloud Solution Delivering Holistic, Risk-Based Information Security Programs Improving Security and Compliance

TraceCSO Delivers Complete Information Security Programs for Risk and Vulnerability Management, Governance and Compliance to Address Today's Top Security Concerns, Such as BYOD and Cloud Security

LOS GATOS, CA--(Marketwire - Oct 3, 2012) -  TraceSecurity, a pioneer in cloud-based IT governance, risk and compliance (GRC) solutions, today introduced TraceCSO, the industry's first cloud solution for a holistic and risk-based information security program that delivers comprehensive visibility and accountability for improved risk and compliance profiles across all areas of an organization, including cloud environments. TraceCSO allows organizations of any size, industry or security skill set to evaluate, create, implement and manage a comprehensive risk-based information security program, to protect their organizations from today's top information security risks, including cloud security and "bring your own device" (BYOD) concerns.

Today, organizations struggle with growing risk, complexities, costs and resource demands of deploying and maintaining a complete information security program around risk and vulnerability management, governance and compliance. Current competitive offerings are made up of expensive point solutions with no integration or automated central management, requiring costs and resources that are too much for many organizations outside the F1000 to bear. Now with TraceCSO, organizations have an affordable, scalable solution that is deployed quickly to centralize and tightly integrate key functional areas -- including risk management, auditing, governance and compliance reporting; as well as specific areas of policy, process, training, vendor, and vulnerability management -- required to build and manage an on-going risk-based information security program, with no third-party software required.

"A hosted approach backed with long experience in the field enables a much wider range of organizations to have access to tools for more consistent management of security and regulatory priorities," said Scott Crawford, Enterprise Management Associates managing research director. "Many organizations simply do not have access to this capability, or need a more consistent source of insight on objectives and best practices. TraceSecurity is helping extend these values to a much broader swath of organizations than many on-premises technologies, and can also go far to help reduce management costs."

TraceCSO seamlessly guides users through the process of implementing and managing a holistic risk-based information security program that is integrated to identify and dramatically reduces many redundant security controls and security gaps caused by disparate systems, and automates tasks to increase productivity. A centralized solution, TraceCSO simplifies compliance reporting processes and security management of organizations' data.

Unlike current information security program solutions, which simply provide a console and no remediation tools, TraceCSO identifies and prioritizes risk to an organization's information -- including network vulnerabilities -- and identifies, implements and audits security controls. To help organizations stay current with the latest regulatory mandates specific to their industry, TraceCSO leverages a global database of hundreds of authorities and more than 25,000 regulations and citations.

"The TraceCSO system is slick and the setup wizard is very intuitive," said Richard Reinders, Lake Trust Credit Union Information Security analyst. "The assessment structure has so many options, you can take multiple approaches and the system still works. We can foresee TraceCSO increasing visibility into assets on our network through reports that are generated from its vulnerability scan. Also, its process management functionality can help us align controls with institution policies that are documented to meet industry regulations."

TraceCSO's wizards guide the system set up of adding users and departments, defining permissions and roles, coordinating network scanning, and selecting authority documents. TraceCSO's Risk Assessment -- the cornerstone for setting up and managing the risk-based information security program -- identifies asset threats and controls to mitigate risk, and assigns TraceSecurity's proprietary Risk Score. The Risk Score allows an organization to measure and report on mitigation effectiveness, set benchmarks, and analyze trends -- ultimately leading to better risk-based decisions and optimized information security allocations. TraceCSO also identifies existing ineffective or unnecessary controls and recommends the most effective replacements.

Once controls are identified, TraceCSO maps them to a database of more than 25,000 authorities, citations and regulations. This enables the organization to determine industry-specific compliance and allows for a best practice risk-based information security program that organically leads to compliance and eliminates the laborious compliance reporting process. Finally, information determined during the Risk Assessment filters and pre-populates all functional areas of TraceCSO, making the organization's information risk and compliance profile more visible, more accessible, more manageable and more valuable than ever.

"Current GRC and point products have failed to help companies truly implement a risk-based information security program," said Peter Stewart, TraceSecurity President and CEO. "With TraceCSO, organizations finally have visibility and accountability into their risk and compliance profiles. TraceCSO enables organizations to implement enterprise-level security without enterprise-level overhead or costs. We have relied upon our years of experience of successfully delivering leading vulnerability and risk management solutions, as well as customer feedback, to today deliver the industry's first and only affordable solution that gives all organizations improved control and the tools required to simply address today's top risk and compliance concerns. This new product eliminates current barriers of managing an on-going and complete risk-based information security program, including the lack of security expertise, resources and tools."

Pricing and Availability
TraceCSO is sold for an annual subscription rate that scales by employee size, with pricing starting at approximately $5,000, which includes support. It is available later this month from TraceSecurity, with further information available at

About TraceSecurity
TraceSecurity, a leading pioneer in cloud-based security solutions, provides IT governance, risk and compliance (GRC) management solutions. The company's cloud-based services help organizations achieve, maintain and demonstrate security compliance while significantly improving their security posture. With more than 1,400 customers, TraceSecurity supports the security and risk management efforts of organizations in financial services, healthcare, insurance, government and other regulated sectors. Founded in 2004, the company has executive offices in Silicon Valley and offices in Baton Rouge, La. For more information, call (225) 612-2121 or visit

© 2012 TraceSecurity. TraceSecurity and TraceCSO are registered trademarks of TraceSecurity. All rights reserved worldwide.

Contact Information