This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Quantum sits within the ST Telemedia (STT) family which is wholly owned by Temasek (Singapore sovereign wealth fund with assets over $300 billion). ST Telemedia invests and owns leading businesses across the communications / media, data centres and infrastructure technology space.
STT Group CompaniesWe are actively combining a group of companies under STT ownership to remove the blurry lines between MSP, MSSP, DevOps and cybersecurity technology needs. This approach will deliver coordinated and automated secure cloud outcomes. Experience the power of our strategic integrations between these companies:
ASIA MSP GLOBAL MSP CYBER TECHNOLOGY MANAGED SECOPS
We look forward to our own journey as we combine these capabilities to globally deliver the world’s most secure and performant cloud experience.
DEVOPS
3
Conventional cybersecurity approaches are failing and escape from their crippling constraints is long overdue. Quantum liberates you with its cybersecurity platform and services that are non-proprietary, comprehensive, scalable, and the best of all – affordable.
• Local organizations need to provide assurances to other organizations located:• In Asia-Pacific• In other parts of the world (e.g., EU, USA)
• Cloud Providers and Service Providers seeking to demonstrate assurances to their customers
• All organizations seeking to manage their third-party risk• Organizations who seek efficiency, coverage, and currency for their own internal
program needs.• Providing Transparency into Privacy and Security Programs• Organizations now have a need to provide assurances with respect to the Work
From Home (WFH) / Work From Anywhere (WFA) strategies.• Growing need to demonstrate a combined posture for Privacy and Cybersecurity• Organizations operating in the region need to meet a multitude of regulatory
requirements for information security and data privacy
Dominant information protection and compliance use cases faced by organizations operating in Asia-Pacific:
HITRUST and the Asia Pacific RegionHITRUST, a leading data protection standards development and certification organization, continues to expand and enhance services and support in the Asia Pacific region as part of a global information protection approach to streamline information risk management and compliance for organizations of any type, size, or geography delivering services locally, nationally, or internationally.
• To accomplish this important global objective, HITRUST has undertaken several activities:• Establish the HITRUST Asia Advisory Council• Further update the HITRUST CSF framework with additional Asia-specific authoritative sources• Enable organizations to execute targeted assessments against relevant ISO standards (ISO 2701-27002)• Work to support data localization within HITRUST MyCSF• Designated as an Accountability Agent under the Asia Pacific Economic Cooperation (APEC) Cross Border Privacy Rules System
(CBPR) and Privacy Recognition for Processors System (PRP).• Design a globally relevant TPRM methodology and program
• This strategy builds on the HITRUST Approach vision of One Framework, One Assessment, Globally, further allowing organizations to Assess once, Report many.
HITRUST Asia Advisory CouncilPurpose• The Asia Advisory Council helps to ensure the HITRUST Approach remains current and relevant to the needs of the HITRUST community in Asia-Pacific countries.
• The Council supports HITRUST in facilitating continuous improvement of information security and individual privacy as HITRUST expands within Asia by providing thought leadership on the emerging laws, policies, and trends impacting regional risk management and compliance.
A few council members from leading international organizations include:
About HITRUSTHITRUST addresses the globally growing need for a common framework, tailorable to all sizes and types of organizations, to improve trust and mitigate data breaches.
HITRUST champions programs and solutions that protect sensitive information and manage information risk & compliance, from start to finish, for organizations across all industries.
One of the most widely adopted frameworks – covers over 40
authoritative sources
Hundreds of thousands of privacy and security risk assessments performed
All the programs and tools you need in one spot – the
Primary Drivers for APAC Organizations to Provide Assurances• Need to demonstrate trust to customers and trading partners• Regulatory• Data Privacy (acknowledging the dependency of privacy on security)• Desire to avoid data breaches and/or the need to be able to
effectively respond thereto• Need to expand WFH/WFA into programs, demonstrating that
remote working is safe (especially for Service Providers)• Third Party Privacy and Security Assessment (both directions)• Insider Risk• Headquarter direction/needs in Global Organizations• Need to manage competing requirements and multiple frameworks• Resource Challenges – Acutely felt
Information Protection and Compliance Can Be Challenging
• Multiple regulations• Increasing customer expectations• Market variations• Dynamic business models• Organizational culture• Third Party Risk• Technical Evolution• New Threats
Question – How can organizations best address this challenge?
• HITRUST CSF®—a robust privacy and security controls framework
• HITRUST Threat Catalogue™—a list of reasonably anticipated threats mapped to specific HITRUST CSF controls• HITRUST CSF Assurance Program—a scalable and transparent means to provide reliable assurances to internal
and external stakeholders
• HITRUST Shared Responsibility Program—a matrix of HITRUST CSF requirements identifying service provider and customer responsibilities
• HITRUST Assessment XChange™—an automated means of sharing assurances between organizations• HITRUST MyCSF®—an assessment and corrective action plan management platform
• HITRUST® Third-Party Assurance Program—a third-party risk management process and a managed third-party risk management service
• HITRUST Academy®—a comprehensive training program designed to educate about information protection and the implementation of the HITRUST CSF
• HITRUST RightStart Program™—assist and guide start-up organizations build a solid foundation for risk management, compliance and privacy
15
The HITRUST Approach eliminates the need for multiple assessments and reports, scales and customizes to adapt to your organization’s growing needs and is based on the most up-to-date framework that incorporates international, federal, and state regulations concerning privacy and security.
HITRUST has data protection, information risk, and compliance programs — all in one approach, the HITRUST Approach.
* Since HITRUST, ISO, NIST and PCI are all RMFs, the document specifying their associated controls is used in the table to uniquely identify them † The NIST Cybersecurity Framework is a high-level framework that relies on the specification or design of additional controls to support the framework’s recommended outcomes ‡ HIPAA specifies information security requirements (generally at a high level) but is a U.S. federal regulation and not a risk management framework
The gold standard in risk management frameworks. The HITRUST Approach is the most comprehensive globally applicable risk management approach.
To support organizations operating in APAC, HITRUST has added the following regulations to our list of Authoritative Sources for inclusion in upcoming and future versions of the CSF Library:
Hong Kong – v10Personal Data Privacy
Ordinance (PDPO)
Malaysia Personal Data
Protection Act 2010
Philippines Data Privacy Act of 2012
Australian Signals Directorate Information
Security Registered Assessors Program
(IRAP)
Thailand Personal Data Protection Act,
B.E. 2562 (2019) (PDPA)
Dubai Information Security Regulation
(ISR) version 2
Relevancy: Ongoing Compliance with Authoritative Sources and Regulations
Personal Data Privacy Ordinance in Hong Kong is slated to be added in HITRUST's v10 release. All other authoritative sources and regulations will be included in future releases, undetermined at this time.
Benefits of a HITRUST CSF CertificationProvides significant assurances that can be relied upon by all applicable parties such as clients, vendors, shareholders, and internal stakeholders.
Differentiates your organization relative to security and privacy posture
Reduces unnecessary efforts to responding to third-party proprietary questionnaires
Increases awareness of your organization’s relative risk exposure, inherent risk, current security posture, and the maturity of your information risk management program.
Demonstrates that your organization is committed to managing risk, improving its security posture, and meeting compliance requirements
Potentially helps save on cybersecurity insurance premiums
Starts conversations and potential new business partnerships with organizations who may require in-depth, third party verified assurances
Starting your journey to HITRUST CSF Certification*
1 Download the HITRUST CSF Framework• Identify your privacy and security controls
2
3
4
5
Conduct a Readiness Assessment using our software, MyCSF• Allows you to self-assess using the standard methodology, requirements, and tools provided under the HITRUST CSF Assurance
Program
Prepare for a Validated Assessment • Select your authorized HITRUST External Assessor to help with the process• Utilize MyCSF to streamline preparedness
Undergo a Validated Assessment process using MyCSF• Select your Authorized HITRUST External Assessor to help with the process• Our Assurance team audits your validated assessment and will issue your certification (assuming a
passing score)
Receive your HITRUST Letter of Certification• Maintain certification every 2 years *Recommended best practices. Every organization is unique in their needs.
Quantum liberates you from the constraints ofconventional cybersecurity strategy and execution.
YOUR VALUE STATEMENTS
FOUR FOCUSED INVESTMENTS
22
XDR + SOC VAPT DATA PROTECTION RISK MANAGEMENT
INTEGRATED WITH XDR INTEGRATED WITH XDR
Focusing On The Four Most Important Strategies To Better Protect Your Organisation
I detect alerts through AI/ML, create relevant incidents, and trust my 24/7 cybersecurity team to quickly respond to and remediate threats. Included are my users, applications, IT and cloud landscape.
I keep my valuable logging data, tuning, playbooks and automation – forever.
I am focused on the tactics, techniques and procedures (TTPs) of threat actors leveraging the MITRE ATT&CK framework.
I know my environment and threats are constantly evolving so require continuous vulnerability assessments / penetration testing to protect my data and organisation.
Data is the most important asset in my organisation to protect from cyber attacks. My data-centric strategy focuses efforts on our most sensitive data.
I always know where our sensitive data is through continuous discovery. I have applied smart classification methods and can remediate / protect data that breaks policy.
I empower my organisation to take a strategic and comprehensive view into cybersecurity risk.
Aligning to the HITRUST framework allows me to support many compliance standards, manage third-party risks, measure effectiveness of our cybersecurity implementation, share control responsibilities with leading cloud providers, and easily report to my management and third parties.
A CONTINUOUS AND ENDURING STRATEGY
RISK MANAGEMENT SERVICE DESCRIPTION
23
Today, you are required to assess & report your organization’s risk posture with multiple regulatory frameworks and standards across global geos. There is a pressing need to comply with an ever-growing set data privacy regulations. Continually managing your risk & security maturity assurance, designing and delivering in information privacy and managing vendor risk has never been more important
WHY?
One Framework, One Assessment - GloballyQuantum helps you get assessed on HITRUST CSF, a framework that is mapped to a large and growing list of authoritative sources globally including ISO 27001, NIST, PCI-DSS, HIPAA, GDPR, PDPA. Services include HITRUST CSF Adoption and Certification.
A Comprehensive & Continuous View of Risk PostureBuild and adopt a sustainable security and risk governance programme using a universally portable and globally acceptable framework. Get a full view of your risk posture - for both Cybersecurity and Privacy throughout your assessment lifecycle.
Track and Monitor RemediationQuantum helps you to have a full view of gaps in your environment and implement corrective action plans to remediate them so that you can measure, demonstrate and celebrate your ever- improving posture with your internal teams and partners.
Efficiency of ReportingAssess once against up to 44 authoritative sources and obtain a single report with an ability to provide assurances to multiple requesting parties
Localized Engagement ModelsChoose between different engagement models based on your organizational maturity, size, and goals to have control on your adoption process. Enjoy subscription models to benefit from continuous advisory services from Quantum.
Quantum’s Risk & Compliance assessment and Advisory as-a-Service delivers the most prescriptive approach to protecting customer data using the globally recognized risk framework- HITRUST. Quantum helps you to build a sustainable security and IT risk governance program and thereby improve your security & risk maturity. Using the HITRUST CSF, Quantum helps you to “assess once and report many” allowing you to meet a vast variety of internal and external requirements.
• Successful adoption by managing cultural aspects• Inheritance and the Shared Responsibility Model• Enabling the startup community (HITRUST RightStart Program)• Effective and efficient third-party risk management
Built especially for you, HITRUST Central members can learn about HITRUST programs and services, engage in discussions on current security and privacy trends, learn from peers’ experiences, and take part in relevant industry discussions.As a member, you'll get to:
• Access exclusive early product announcements• Participate in discussions with peers and industry-leading experts
• Chat directly with our HITRUST subject matter experts
• Download and access curated content• ...and much more!