Comprehensive knowledgebase of IT Governance, Risk and Compliance content
Core to our software solutions is the world's most comprehensive knowledgebase of IT governance risk, and compliance content — a component based database of baseline IT policy templates with over 600 IT standards and 6000 controls covering 90 technologies, all mapped to over 30 regulations and industry frameworks. Brabeion ships with this Knowledgebase, does not require additional software, and has an easy to use interface that supports the ability to create additional mappings. Our content is the most comprehensive repository on the market today. Starting with over 30 regulations and frameworks, our policy and controls, provided by PricewaterhouseCoopers, are mapped to over 600 industry standards. Uniquely, the Brabeion Knowledgebase provides detailed, step-by-step implementation and compliance procedures for over 90 technologies.
To browse examples of the Brabeion Knowledgebase,
view our Interactive Glossary »
The Brabeion Knowledgebase provides:
- Over 30 regulations and industry frameworks (COSO, Cobit, ISO, ITIL, NIST)
- Modules for SOX, GLBA, FFIEC, HIPAA, SB 1386, NERC, EU Directives and others
- PCI DSS Reference module including Automated Self Assessment Questionnaire (SAQ)
- Role and Process assessments with over 300 questions in 8 key roles and 12 key processes
- Policies and procedures for over 90 technologies mapped over 6000 controls, and 600 industry standards derived from ISO:27002
- Largest built-in library of audit baseline expertise
- Sole third party provider of PricewaterhouseCooper's security and controls content
- Brabeion Knowledgebase content is built by over 100 professionals around the globe and updated quarterly
- Provides as much information as needed to support a governance, risk and compliance program
Starting with the policy and controls content provided by PwC, as well as explicit requirements defined in regulations and industry standards, the Brabeion Knowledgebase gives our customers a solid baseline in which to build or augment their IT GRC programs.
| Technology
Controls |
| ACF2 |
Linux Red Hat |
SQL Server 2000 |
| AIX |
Lotus Domino R5 SMTP Gateway |
SQL Server 2005 |
| AntiVirus |
Lotus Domino R5 Web Server |
SUSE Linux |
| Apache Web Server 1.3.27 |
Lotus Domino R5 General |
SVR4 |
| Application Development |
Lotus Domino R6 HTTP |
Sybase |
| Bay Networks Router |
Lotus Domino R6 SMTP |
Tandem |
| Checkpoint FW1 NG |
Lotus Domino R6 General |
TCPIP |
| Cisco Catalyst Switch |
Lotus Notes Client |
Top Secret |
| Cisco IDS |
Lotus Notes Client R6 |
VMS |
| Cisco PIX Firewall |
Lotus Notes Version 3 |
VMWare ESX Server |
| Cisco Router |
Lotus Quickplace 2.07 |
W2K Encrypting File System |
| Cisco VPN Concentrator |
Lotus Sametime |
W2K Unix Services for Windows |
| Citrix Metaframe XP |
Lucent PBX |
Windows 2000 Domain Controller |
| DB2 |
MS ISA Proxy Server |
Windows 2000 IIS 5.0 |
| Electronic Evidence |
MVS |
Windows 2000 Member Server |
| Exchange 2000 |
Netscape Enterprise Server |
Windows 2000 Professional |
| Exchange 5.5 |
Netware 3.X |
Windows 2000 Terminal Server |
| Exchange Server 2003 |
Netware 4.X |
Windows 2003 Domain Controller |
| Firewall1 |
Netware 5.X |
Windows 2003 Internet Information
Server |
| General Controls |
Nortel Meridian 1 PBX |
Windows 2003 Member Server |
| General Firewall |
Nortel Meridian Mail |
Windows 98 |
| General Networking |
Oracle 10g |
Windows NT 4.0 |
| Generic PBX |
Oracle 9.x |
Windows NT 4.0 PDC |
| HP-UX |
OS 390 |
Windows NT 4.0 SQL |
| IIS 4.0 |
OS 400 |
Windows NT SNA and WINS Server |
| IMS v2 |
RACF |
Windows NT Workstation 4.0 |
| Internet Web Technologies |
Raptor Firewall |
Windows XP |
| iPlanet Web Server 6.0 |
Remote Access |
Wireless Networking Cisco
Access Point |
| Regulations and Reference Standards |
| Gramm Leach Bliley |
| HIPAA |
| FDA CFR 21 Part 11 |
| FISMA |
| NIST 800-53 |
| PCI-DSS v1.1 |
| FFIEC Information Security |
| FFIEC Outsourcing |
| NERC |
| FERC |
| COSO |
| COBIT 4.0 (SOX) |
| ISO 17799 |
| California SB 1386 |
| EU Privacy Directive 58/2002 |
|
| Policies |
| Risk Assessment and Treatment |
| Security Policy |
| Organizational Security |
| Asset Management |
| Human Resources Security |
| Physical and Environmental Security |
| Communications and Operations
Management |
| Access Control |
| Information Systems Acquisition,
Development and Maintenance |
| Information Security Incident
Management |
| Business Continuity Management |
| Compliance |
|
| Role Assessments |
| Application Developer |
| 3rd Party Vendor Management |
| Firewall Administrator |
| Network Administrator |
| Encryption Key Custodian |
| Security Policy Manager |
| PCI Compliance Manager |
| Change Control Manager |
|
| Process Assessments |
| Firewall Configuration |
| Default Configurations |
| Data Protection |
| Data Transmission |
| Anti-Virus |
| System Maintenance and Development |
| Logical Access |
| Physical Access |
| Network Monitoring |
| System Testing |
| Security Policy |
| PCI Automated Self Assessment Questionairre (SAQ) |
|
