Monday, 17 August 2015 Compliance Management, Governance and Benchmarking Strategic security management
C o m p l i a n c e M a n a g e m e n t Compliance ?! EuroSOX® COBIT Sarbanes- Oxley Proprietary standards DS 484:2005 (Danish Standard) ISO Other FDA ISO9001 Policy Enforcer® PresentationPage 2Monday, August 17, 2015
C o m p l i a n c e M a n a g e m e n t The challenge Policy Enforcer® PresentationPage 3Monday, August 17, 2015 Technical IT Corporate Governance Finance Physical security HRR&D $ Common reference
C o m p l i a n c e M a n a g e m e n t The challenge Policy Enforcer® PresentationPage 4Monday, August 17, 2015 Most organizations have a security policy Not all are communicated Some are rooted in top management Few are audited and enforced Lack of common reference Lack of clearly defines responsibilities Lack of systematic internal audits
C o m p l i a n c e M a n a g e m e n t The pain Policy Enforcer® PresentationPage 5Monday, August 17, 2015 Compliance with Law Compliance with rules and regulations Compliance with best practices Comments from external audit Requirements from board or stockholders Requirements from customers and partners Good governance
C o m p l i a n c e M a n a g e m e n t Bringing it all together: Management visions and targets The processes of the organization The features of the applications The design of the infrastructure Audit and review on all levels Coherence between targets, processes and IT Reporting to top management The thread from business to IT Controls Business processes Organization Applications Infrastructure Policy Enforcer® PresentationPage 6Monday, August 17, 2015
C o m p l i a n c e M a n a g e m e n t The solution Policy Enforcer® PresentationPage 7Monday, August 17, 2015 One portal for governance and compliance Generic framework with editable content Includes international standards Best practices for security policies Software built on proven technology Combines manual and automatic enforcement in one system Integrates with major vendors of system management Simple to use and understand Powerful reports
C o m p l i a n c e M a n a g e m e n t Customer benefits Policy Enforcer® PresentationPage 8Monday, August 17, 2015 Ensure compliance with approved policy Reduce risks by appropriate audits Improve communication concerning security Increase internal security awareness Reduce costs of external audit Ensure maximum effect of investments
C o m p l i a n c e M a n a g e m e n t How it works Auditor Schedule Enforcement Procedures Policies Policy Enforcer ® Framework System Management IBM Tivoli MS SMS HP OpenView CA UniCenter N/A A B C IIS SQL SMTP SysAdmin Admin/User Policy Enforcer® PresentationPage 9Monday, August 17, 2015
C o m p l i a n c e M a n a g e m e n t Corporate compliance COMPLIANT NON COMPLIANT COMPLIANT WITH EXEPTIONS Policy Enforcer® PresentationPage 10Monday, August 17, 2015
1. Gather available information 2. Define the policy and anchor it in the organization 3. Define the important procedures 4. Define audits on the critical procedures 5. Perform the first audits 6. Present your first compliance report C o m p l i a n c e M a n a g e m e n t The process Policy Enforcer® PresentationPage 11Monday, August 17, 2015 Six steps to compliance
C o m p l i a n c e M a n a g e m e n t The cost Policy Enforcer® PresentationPage 12Monday, August 17, 2015 Policy Enforcer® with ISO content Organisation management Policy & Procedure Manual enforcement Automatic enforcement Basic reporting Extended reporting Data content control Features ME editionEnterprise editionStandard edition £ 5,900£ 9,900£ 24,900
C o m p l i a n c e M a n a g e m e n t The cost Policy Enforcer® PresentationPage 13Monday, August 17, 2015 Typical Policy Enforcer® solution startup Also featured as SaaS (Software-as-a-Service) online. Policy Enforcer® Software£ 9,900 Software maintenance 1 year (20%)£ 1,980 Installation and setup (partner)£ 1,900 Policy Creator project (partner)£ 5,900 - additional site is +10% Products & Services £ 19,680
C o m p l i a n c e M a n a g e m e n t Facts Policy Enforcer® PresentationPage 14Monday, August 17, 2015 Developed in C# Require.NET 1.1 or later Require SQL server Running on IIS on Windows 2003 server Uses generic SMTP for Supports Internet Explorer 5.5 and later Integrates with Tivoli SCM International language support Content and UI can be freely modified Can integrate with most log-files Tested by Microsoft®
C o m p l i a n c e M a n a g e m e n t Policy Enforcer® PresentationPage 15Monday, August 17, 2015 Compliance and Governance are HOT topics Address top management rather than IT Get a strategic discussion about security Total and ongoing security GAP analysis Increase sales of security software Package sales of security services Policy Enforcer® provides a platform for governance and compliance that can be used as a reference for all future security projects. What’s in it for the reseller?
C o m p l i a n c e M a n a g e m e n t The link to security software? Policy Enforcer® PresentationPage 16Monday, August 17, 2015 Anti Virus Patch Management ”compliance” System Management Storage Management ”compliance” Storage Management Risk Management Services Policy Enforcer Compliance Management Software IT Security Policy ISO ILM Patch Management Asset Management Anti Virus Database Management Asset Management
C o m p l i a n c e M a n a g e m e n t The company Policy Enforcer® PresentationPage 17Monday, August 17, 2015 Policy Enforcer founded in 2005 by Frederik Helweg-Larsen Funded by Technological Innovation and the Danish government Frederik has 16 years of security experience (CISM) Member of ISSA and ISACA Customers in Government, Public sector, Private sector and Education International resellers such as IBM and Deloitte IBM Business Partner and Microsoft Certified Partner (ISV)
C o m p l i a n c e M a n a g e m e n t Contact us Policy Enforcer® PresentationPage 18Monday, August 17, 2015 Policy Enforcer ApS Gregersensvej 1 A DK-2630 Taastrup Denmark Phone: Frederik Helweg-Larsen CEO, CISM GSM: