Presentation is loading. Please wait.

Presentation is loading. Please wait.

ComplyCORE: Why didn’t I think of that?

Published byVera Oesman Modified over 5 years ago

Similar presentations

Presentation on theme: "ComplyCORE: Why didn’t I think of that?"— Presentation transcript:

1 ComplyCORE: Why didn’t I think of that?
Jason Hill, Director of Strategic Services, Cybriant CISA, CISSP 15 years experience Managed SIEM, Endpoint protection, Identity Management vCISO, Vulnerability & Pentesting, Risk Assessments

2 COMING UP The current process is broken
Firefighting is not a solution Each audit creates chaos There are more and more compliance headaches every year New regulations - GDPR, GLBA Changes to existing What if there were a better way? Roll with the punches New regulations are absorbed easily Don’t over explain!

3 CURRENT STATE Step 1 Step 2 Step 3 Step 4 Step 5 Ignore Panic
Go through each and every requirement Step 4 Apply every requirement to environment Step 5 Update policies and procedures CURRENT STATE

4 CURRENT STATE Step 6 Step 7 Step 8 Step 9 Remediate
Act as cool as Jar Jar during battle Step 8 Undergo audit Step 9 Repeat CURRENT STATE

5 REGULATION ROULETTE GDPR, PCI, HIPAA, GLBA, etc.
The alphabet soup of compliance is getting thicker and thicker Regulatory oversight is ever increasing With each publicized breach more attention is drawn to security There doesn’t seem to be any reprieve in sight Each compliance framework exists in a bubble Each framework assumes no security in place Seemingly conflicting requirements State by state instead of federal rules 265+ bills or resolutions: National Conference of State Legislatures

6 THERE HAS GOT TO BE A BETTER WAY!
There is! 1. Establish the Framework 4. Additional Compliances 2. Deploy Framework 5. Maintain This is just an overview, KISS 6. Rinse & Repeat 3. Remediate

7 ESTABLISH THE FRAMEWORK
Many to chose from: NIST, PCI, COBIT, ISO, and on and on Why NIST? Used by every branch of government Plenty of documentation Required for anyone dealing with government data NIST is adaptable – 109 security controls – 212 security controls Cybersecurity Framework or Risk Management Framework

8 DEPLOY THE FRAMEWORK Determine risk tolerance
Perform risk assessment / gap analysis based on your framework Identify missing documentation and security controls Establish compensating controls Remediate

9 ADDITIONAL COMPLIANCES
Identify overlap Perform gap-analysis on remainder Identify missing documentation and security controls Establish compensating controls Remediate

10 MAINTAIN Perform risk assessments yearly or on major changes
Make security practices part of the change management process Constantly stay up to date on latest industry and regulatory changes Test security controls Train employees on security plan Make adjustments to security plan regularly based on the above

11 CONCLUSION Welcome to your inner Han. There is a better way
Establish the framework Deploy framework Remediate Additional compliances Maintain Rinse & Repeat

12 ANY QUESTIONS? Jason Hill, Director of Strategic Services, Cybriant
CISA, CISSP

Download ppt "ComplyCORE: Why didn’t I think of that?"

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.

Managing Outsourced Service Providers By: Philip Romero, CISSP, CISA.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.

CSF Support for HIPAA and NIST Implementation and Compliance Presented By Bryan S. Cline, Ph.D. Presented For HITRUST.
Bill McClanahan – Principal Business Consultant LPS Integration.

Bill McClanahan – Principal Business Consultant LPS Integration.
Module 2 – PenTest Overview

Module 2 – PenTest Overview
PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT 210-458-4679.

PII / IDENTITY THEFT Is Your University an Open Market for ID Thieves? TACUA 2011 Carol Rapps CIA, CISA, CCSA, GLIT
Security Controls – What Works

Security Controls – What Works
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,
PlatinumAgri Pty. Ltd. Consulting Services Overview.

PlatinumAgri Pty. Ltd. Consulting Services Overview.
Enterprise Risk Management (ERM) ABN AMRO Business Unit North America (BU NA) Overview for ERM Committee April 11, 2007.

Enterprise Risk Management (ERM) ABN AMRO Business Unit North America (BU NA) Overview for ERM Committee April 11, 2007.
Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.

Identity Protection (Red Flag/PCI Compliance/SSN Remediation) SACUBO Fall Workshop Savannah, GA November 3, 2009.
GRC - Governance, Risk MANAGEMENT, and Compliance

GRC - Governance, Risk MANAGEMENT, and Compliance
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.

Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.

What to Expect and How to Prepare: Healthcare Security & Privacy Regulation and Enforcement in 2015 and Beyond.

Similar presentations

Ads by Google