What is
...
Isora GRC?
ISORA Isora GRC is an information security risk assessment and inventory control application. It can be used to conduct targeted risk assessments to assess compliance with specific laws and regulations such as: GLBA 314.4(b), FERPA, HIPAA, SOX, DFARS and GDPR. It can also be used to conduct organization-wide risk assessments against cyber-security frameworks such as: NIST 800-53, NIST 800-171, NIST CSF, ISO/IEC, ITIL and COBIT.
Who should read this document?
Anyone responsible for administering the ISORA Isora GRC product.
Who should not read this document?
End-users of ISORA Isora GRC who are simply required to fill out surveys for assessments (and/or may need to add inventory into ISORAIsora GRC); they should read the ISORA Isora GRC User Guide instead.
How to use this Guide
If you are just getting started with ISORAIsora GRC, start with the overview to get a big-picture view of how the tool is used. Then go through each section step-by-step, in order. The next section of this guide, 2. Initial Setup, contains a list of steps that only need to be performed once, when you first configure the product. The remaining sections consist of explanations of how to use each module of the ISORA Isora GRC product. Over time, as you add more assessments, you can revisit this information to remind yourself how to do individual tasks with ISORAIsora GRC.
Overview of
...
Isora GRC
The purpose of ISORA Isora GRC is to conduct assessments against organizational units and inventory. Before assessments can be performed, you need to put data about your organization and your inventory into ISORAIsora GRC. Then you create lists of questions about the organizational units and lists of inventory items to be classified. You can pull from existing lists of questions and/or create your own custom questions. When you create a new assessment, these questions will be compiled into surveys which are targeted to specific organizational units.
...
Over time, you will likely run the same basic assessment on a regular, scheduled basis. ISORA’s Isora GRC’s Report feature allows you to generate C-level-friendly charts showing trends across multiple instances of an assessment.
Figure 1‑1 General Workflow with ISORAIsora GRC
The order of all steps in the workflow is not set in stone; however, before surveys are filled out and OU heads sign off on the surveys, all of the previous steps must be completed- data (both organizational and inventory) must be in ISORA Isora GRC and the assessment must be created and published.
In some cases, administrators are not directly responsible for host-level inventory information. This is particularly likely in large-scale environments. It may be the case that ISORA Isora GRC administrators are directly responsible only for those hosts that are directly used by their organizational unit; and others within the larger organization are responsible for the majority of hosts. In that case, an alternative workflow may be used.
Figure 1‑2 Alternative Workflow with ISORAIsora GRC
Users may add inventory data to ISORA Isora GRC before or after the ISORA Isora GRC administrator creates an assessment.
...