This article reads like a press release or a news article and may be largely based on routine coverage .(February 2018) |
Type | Subsidiary of Navex Global |
---|---|
Industry | Security Management, Governance, Risk, Compliance |
Founded | 2010 |
Founder | Chris Caldwell Chris Goodwin |
Headquarters | |
Products | Keylight Platform Blacklight Platform |
Parent | Navex Global |
Website | www |
Lockpath is a governance, risk management, and compliance and information security software platform based in Overland Park, Kansas. [1] Its Keylight platform integrates business processes to simplify risk management and regulatory compliance challenges. Common business areas Lockpath target are policy and procedure management, risk assessment, incident management, vulnerability management, vendor management, business continuity planning and internal audit preparation.
Lockpath was founded by Chris Caldwell and Chris Goodwin in 2010 [2] to develop and sell governance, risk management and compliance software. Lockpath is headquartered in Overland Park, Kansas. Lockpath was purchased by NAVEX Global in 2019.
Lockpath launched the Keylight Platform and their first application, Compliance Manager, in October 2010. [3] The initial launch consisted of a regulatory content and controls library fully integrated with the Unified Compliance Framework (UCF), workflow capabilities and a reporting engine. Keylight 1.2 introduced the Threat Manager and Vendor Manager applications. [4] Keylight 2.0 launched the Dynamic Content Framework [5] and introduced two new applications, Incident Manager and Risk Manager. SE Magazine's Peter Stephenson described Keylight as a "...family of applications [that] helps organizations manage enterprise risks and demonstrate compliance by providing visibility into corporate risk and security controls. The ready-to-use toolset integrates all applications under a single user interface, unifies and correlates any amount of security content, exposes vulnerabilities throughout the organization by tracking and recording key information about secured assets, and creates an iron-clad audit history." [6] Keylight 2.4 introduced the Business Continuity Manager application and gave users the ability to create business continuity plans, conduct Business Impact Analyses, and perform tabletop exercises to test business continuity plans. [7] Keylight 3.0 included an integration with the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), a framework designed for healthcare organizations. [8] Keylight 3.3 introduced the Audit Manager application [9] and renamed Threat Manager to Security Manager. [10] Keylight 3.5 included a hybrid-cloud delivery method for Vendor Manager [11] and the Anonymous Incident Portal. [12] Keylight 4.0 added the Advanced Analytics Engine to the product portfolio. [13]
On 28 October 2014, Lockpath received U.S. patent number 8,874,621 for the Dynamic Content Framework (DCF). [14]
Keylight 4.1 introduced the Keylight Ambassador. [15] It was the first GRC platform to allow for both SAML and LDAP integration, the first to perform bulk tasks on data records, including data edits, workflow and record deletion, and the first to create ad-hoc reports on historical content. Keylight 4.1 also added support for syslog data collection.
In 2018 Lockpath launched Blacklight, [16] Blacklight brings automation to the configuration assessment of servers and corporate devices. The platform utilizes agent technology that continuously assesses devices and systems against Center for Internet Security (CIS) configuration benchmarks, as well as custom benchmarks, to detect misconfigurations that put organizations at risk for breaches or noncompliance.
The launch of Keylight 4.1 in November 2014 introduced the Keylight Ambassador, the first hybrid connector on the market to allow users to securely automate data collection processes from on-premise applications, custom applications, applications without APIs, and applications where ad-hoc data is created.[ citation needed ]
Microsoft Servers is a discontinued brand that encompasses Microsoft software products for server computers. This includes the Windows Server editions of the Microsoft Windows operating system, as well as products targeted at the wider business market. Microsoft has since replaced this brand with Microsoft Azure, Microsoft 365 and Windows 365.
In business and accounting, information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC include controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called "input-processing-output" controls. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organizations are often led by a chief information officer (CIO), who is responsible for ensuring effective information technology controls are utilized.
Software as a service is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. SaaS is also known as "on-demand software" and Web-based/Web-hosted software.
Galvanize is a privately owned software as a service (SaaS) company founded and headquartered in Vancouver, British Columbia, Canada. The Company builds security, risk management, compliance and audit software for the governance, risk management, and compliance (GRC) market.
Governance, risk management and compliance (GRC) is the term covering an organization's approach across these three practices: governance, risk management, and compliance. The first scholarly research on GRC was published in 2007 by Scott L. Mitchell, Founder and Chair of OCEG where GRC was formally defined as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity." The research referred to common "keep the company on track" activities conducted in departments such as internal audit, compliance, risk, legal, finance, IT, HR as well as the lines of business, executive suite and the board itself.
Adobe LiveCycle Enterprise Suite (ES4) is a service-oriented architecture Java EE server software product from Adobe Systems used to build applications that automate a broad range of business processes for enterprises and government agencies. LiveCycle ES4 is an enterprise document and form platform that allows capturing and processing information, delivering personalized communications, and protecting and tracking sensitive information. It is used for purposes such as account opening, services, and benefits enrollment, correspondence management, requests for proposal processes, and other manual-based workflows. LiveCycle ES4 incorporates new features with a particular focus on mobile devices. LiveCycle applications also function in both online and offline environments. These capabilities are enabled through the use of Adobe Reader, HTML/PhoneGap, and Flash Player clients to reach desktop computers and mobile devices.
Software asset management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization. According to ITIL, SAM is defined as “…all of the infrastructure and processes necessary for the effective management, control, and protection of the software assets…throughout all stages of their lifecycle.” Fundamentally intended to be part of an organization's information technology business strategy, the goals of SAM are to reduce information technology (IT) costs and limit business and legal risk related to the ownership and use of software, while maximizing IT responsiveness and end-user productivity. SAM is particularly important for large corporations regarding redistribution of licenses and managing legal risks associated with software ownership and expiration. SAM technologies track license expiration, thus allowing the company to function ethically and within software compliance regulations. This can be important for both eliminating legal costs associated with license agreement violations and as part of a company's reputation management strategy. Both are important forms of risk management and are critical for large corporations' long-term business strategies.
Information governance, or IG, is the overall strategy for information at an organization. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organization can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behavior regarding how organizations and their employees handle information whether it is physically or electronically created (ESI).
Network intelligence (NI) is a technology that builds on the concepts and capabilities of Deep Packet Inspection (DPI), Packet Capture and Business Intelligence (BI). It examines, in real time, IP data packets that cross communications networks by identifying the protocols used and extracting packet content and metadata for rapid analysis of data relationships and communications patterns. Also, sometimes referred to as Network Acceleration or piracy.
Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware. Vendors sell SIEM as software, as appliances, or as managed services; these products are also used to log security data and generate reports for compliance purposes. The term and the initialism SIEM was coined by Mark Nicolett and Amrit Williams of Gartner in 2005.
HP Business Service Automation was a collection of software products for data center automation from the HP Software Division of Hewlett-Packard Company. The products could help Information Technology departments create a common, enterprise-wide view of each business service; enable the automation of change and compliance across all devices that make up a business service; connect IT processes and coordinate teams via common workflows; and integrate with monitoring and ticketing tools to form a complete, integrated business service management solution. HP now provides many of these capabilities as part of HP Business Service Management software and solutions.
Tufin is a security policy management company specializing in the automation of security policy changes across hybrid platforms while improving security and compliance. The Tufin Orchestration Suite supports next-generation firewalls, network layer firewalls, routers, network switches, load balancers, web proxies, private and public cloud platforms and microservices.
IBM cloud computing is a set of cloud computing services for business offered by the information technology company IBM. IBM Cloud includes infrastructure as a service (IaaS), software as a service (SaaS) and platform as a service (PaaS) offered through public, private and hybrid cloud delivery models, in addition to the components that make up those clouds.
The Network Inc. is a technology and services company that develops and delivers integrated GRC solutions designed to help organizations mitigate risk and promote organizational compliance. The Network's solutions are based on proprietary SaaS-based technology and expert-level services. The company uses the phrase "Protect, Detect, Correct" to describe how its solutions enable global enterprises and institutions manage risks posed by fraud and unethical conduct.
TraceSecurity is a cybersecurity company that provides cloud-based IT governance, risk, and compliance management solutions for organizations.
Netwrix is an Irvine, California-based private IT security software company that develops software to help companies identify and secure sensitive data and assist with compliance auditing. After six acquisitions the company's team geographically expanded to Latin America, UK, Asia, USA as well as other countries. The company's flagship products are Netwrix Auditor and StealthAUDIT that help information security and governance professionals manage sensitive, regulated and business-critical data.
Workiva, Inc. is a global software-as-a-service (SaaS) company. It provides a cloud-based connected and reporting compliance platform that enables the use of connected data and automation of reporting across finance, accounting, risk, and compliance.
Enterprise legal management (ELM) is a practice management strategy of corporate legal departments, insurance claims departments, and government legal and contract management departments.
Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files, rather than physical hardware configuration or interactive configuration tools. The IT infrastructure managed by this process comprises both physical equipment, such as bare-metal servers, as well as virtual machines, and associated configuration resources. The definitions may be in a version control system. The code in the definition files may use either scripts or declarative definitions, rather than maintaining the code through manual processes, but IaC more often employs declarative approaches.
Oracle Cloud is a cloud computing service offered by Oracle Corporation providing servers, storage, network, applications and services through a global network of Oracle Corporation managed data centers. The company allows these services to be provisioned on demand over the Internet.