Bill McClanahan – Principal Business Consultant LPS Integration.

Slides:

Advertisements

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Advertisements

Professional Services Overview

IT Analytics for Symantec Endpoint Protection

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Chapter 10 Accounting Information Systems and Internal Controls

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

© 2006 Industry Direct Ltd. All Rights Reserved. 1 This entire 21 screen presentation is copyright IDL 2006 all rights reserved & no reproduction or presentation.

Security Controls – What Works

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

Know your risk. This screenshot of the Stellent Sarbanes-Oxley Solution offering from IDT shows the organization’s current state of risk by presenting.

Copyright © 2007 Advantica Inc. (USA Only) and Advantica Ltd. (Outside USA). All rights reserved by the respective owner. Benefits of an Integrated Compliance.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

1 When Cloud Networking meets Cloud Computing: Software-Defined Networking (SDN) Customer Application Faan DeSwardt Infrastructure Architecture Manager.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

Governance, Risk, and Compliance Bill Greene Senior Industry Director.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Vulnerability Management Dimension Data – Tom Gilis 24 November 2011.

Chapter Nine Conducting the IT Audit. Audit Standards AICPA — Statements of Auditing Standards (SASs) AICPA — Statements of Auditing Standards (SASs)

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

A NASSCOM ® Initiative Security and Quality Kamlesh Bajaj CEO, DSCI May 23, 2009 NASSCOM Quality Summit Hyderabad 1.

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

The Next Phase of Virtual Infrastructure Kevin Bailey Director - Product Marketing EMEA Symantec Corporation.

Chapter 3 Internal Controls.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

GRC - Governance, Risk MANAGEMENT, and Compliance

Symantec Managed Security Services The Power To Protect Duncan Evans Director, Cyber Security Services 1.

Considering Internal Control

IT Pro Day Auditing in SQL Server 2012 Charley Hanania Principal Consultant, QS2 AG – Quality Software Solutions

© 2015 ForeScout Technologies, Page 2 Source: Identity Theft Resource Center Annual number of data breaches Breaches reported Average annual cost of security.

Symantec Targeted Attack Protection 1 Stopping Tomorrow’s Targeted Attacks Today iPuzzlebiz

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

The Infrastructure Optimization Journey Kamel Abu Ayash Microsoft Corporation.

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

Identity Solution in Baltic Theory and Practice Viktors Kozlovs Infrastructure Consultant Microsoft Latvia.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

The current state of Cybersecurity Targeted and In Your Pocket Dale “Dr. Z” Zabriskie CISSP CCSK Symantec Evangelist.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

President’s Forum and WSML 2012 SYMSTRAT 03: Enterprise Sales Conversations for Virtualization Todd Zambrovitz with guest appearance by Kevin Fiedler 1.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Compliance August 18, Agenda Outline Status Draft of Answers.

Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Albany Bank Corporation Security Incident Management Program.

Cyber Security in the Post-AV Era Amit Mital Chief Technology Officer General Manager, Emerging Endpoints Business Unit.

Introducing Novell ® Identity Manager 4 Insert Presenter's Name (16pt) Insert Presenter's Title (14pt) Insert Company/ (14pt)

Copyright © 2014 Pearson Education, Inc. Publishing as Prentice Hall. Chapter

Compliance Primer Shekar Ayyar SVP BindView Corporation.

Software Engineering Process - II 7.1 Unit 7: Quality Management Software Engineering Process - II.

Changing IT Managing Networks in a New Reality Alex Bakman Founder and CEO Ecora Software.

1© Copyright 2016 EMC Corporation. All rights reserved. VIEWTRUST SOFTWARE OVERVIEW RISK MANAGEMENT AND COMPLIANCE MONITORING.

Copyright © 2007 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Juniper Security Threat Response Manager (STRM)

Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Securing Enterprise Identities Against Cyberthreats Brian Krause Manager of North America.

Viewtrust software overview

Deployment Planning Services

Deployment Planning Services

Automating Vendor Management

5/29/2018 6:22 AM THR2267 ABN AMRO use case to secure and manage their Azure infrastructure and applications Joël Blaauw – ABN AMRO Security Architect.

Deployment Planning Services

Governance, Risk, and Compliance Bill Greene Senior Industry Director

IS4680 Security Auditing for Compliance

SAM GDPR Assessment <Insert partner logo here>

Automation in an XML Authoring Environment

Holistic Approach to Information Security

Contact Center Security Strategies

Microsoft Virtual Academy

Microsoft Data Insights Summit

Presentation transcript:

Bill McClanahan – Principal Business Consultant LPS Integration

 World’s fourth largest independent software company  Independence: Delivers solutions across multiple platforms  Insight: Broad knowledge about the Internet and infrastructure  Trusted leader in Windows protection  Named to FORTUNE’s 2006 America’s Most Admired Companies list 2  Founded in 1982, IPO in 1989  More than 17,000 employees in 40 countries  Launched 100 new products and services in FY06  Highest R&D Spend in the Industry (17%)  Shipped nearly 23 million boxes of consumer product in FY06  Serves 99% of the 2006 FORTUNE 1000 list  Fortune 500 company  $5 billion in revenue in FY06  72% enterprise revenue Fast Facts:

3 SOX HIPAA GLBA Basel II ISO ISO CIS FFIEC COBIT FISMA World Bank Technology Risk Checklist CFR ISO NIST COSO CIP Circular A-123 NSA SNAC PCI ITIL NERC

4 Number of controls, control objectives, days between control assessments or more 3 to 6 2 or less 16 or more 3 to 15 2 or less Annual data losses/thefts Compliance deficiencies Days between control assessments Number of procedural and technical controls Number of control objectives (policies) 1.Reduce control objectives (policies) 2.Increase controls 3.Increase the assessment of controls 4.Automate repetitive activities

5 19.7% 20.2% 19.2% 20.9% 20.0% Procedures and controls Assessment of compliance with IT policies Collection of audit-related data Remediation and change management Ongoing monitoring and reporting N: 704 Source: IT PCH,

6

Policies Standards Entitlements Response Assessment

8 Standards  Create/Select standard  Assess controls  Detect deviations  Remediate deficiencies Entitlement  Gather effective permissions  Translate permissions into human readable format  Route entitlements to data owner for review & approval Response  Assess non- programmatically assessable controls  Report with risk weighted model  Centralize view of procedural controls Policy  Define/manage written policies  Distribute policies & track exceptions  Demonstrate coverage  Display evidence NIST PCI Cobit SOX ISO GLBA FISMA Malware Policy Endpoint Policy Data Protection Policy

9 Exception Technical Controls Written Policy Procedural Controls CreateMapPublishAssessFix Control self assessment Questionnaire responses Risk-based prioritization Entitlements review Group\file permission Classify & assign owners Approval workflow Configurations Security best practices Remediation Vulnerabilities Non-credentialed checks Credentialed checks Patch Mgmt PCISOX Basel II NIST COBIT ISO Scoped by Risk Level Corporate Policies Info Security Access Control Termination

© 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. Thank You! Presentation based off of a Symantec presentation by Steve Smith – Symantec Principal System Engineer

11

12

13

14 Detailed Regulatory Definitions Help Assure Understanding.

15

16 Evidence (Automated and Custom) should map to Control Statements. Covers requirements of Policies and Regulations.

17 Policy Mapping may be expanded to other related Regulations and Frameworks to help visualize coverage.

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

 Basics:  Provides automated surveys and manual assessments to capture and track procedural controls  Enhances CCS’ ability to centralize and control the information affecting risk management, regulatory compliance and security  Advanced Analysis capabilities assist understanding  Evidence (documents, spreadsheets, computerized information) may be submitted with the survey questions 39

40 Provides a comprehensive set of questionnaires Allows for individual weighting of survey questions Dramatically adds to our regulatory content CobIT, FISMA, ISO, NERC and PCI and custom designed surveys

41 Provides a comprehensive set of questionnaires Allows for individual weighting of survey questions Dramatically adds to our regulatory content

42

43

44