Transcript
From Data Theft to …
Compliance & Risk Management!
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Mounting External Compliance Regulations
7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
EU Directive
Basel II
HIPAA
Sarbanes-Oxley, Section 404
PCI Data Security Standards (DSS)
PII Security Standards
21CFR11
Gramm Leach Bliley (GLBA)
USA Patriot Act
SB1386 (CA Privacy Act)
EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive
HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA
21CFR11 21CFR11 21CFR11 21CFR11 21CFR11
Gramm Leach Bliley (GLBA)
Gramm Leach Bliley (GLBA)
Gramm Leach Bliley (GLBA)
Gramm Leach Bliley (GLBA)
USA Patriot Act USA Patriot Act USA Patriot Act
SB1386 (CA Privacy Act)
SB1386 (CA Privacy Act)
Basel II
PCI Data Security Standards (DSS)
Time *The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com
3 out 4 organizations must comply with two or more regulations and corresponding audits.
43% of organizations comply with 3 or more regulations.
Our IT Networks Were Never Designed With Compliance In Mind
Today Organizations Spend 30-50% More On Compliance Than They Should
Compliance & IT Risk Management Challenges
9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Lack of Regulatory
Knowledge
HIPAA
PCI
SOX
Security Policy
Password Length Special Characters
Excel
Manual Surveys
Database Business Processes
IT Resources
Disparate Data Collection
Functional Silos
Non Standardized Processes
Assess
13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Technical Controls:
Automatically assess technical controls through integration to Lumension and 3rd party tools
Procedural & Physical Controls:
Utilize automated workflow based surveys
Standardized & IT Risk Mgmt. Framework
Regulation Authority Documents
Business Interests Corporate Policies
Profile Risk Attributes
Open to the Internet
Contains Credit Card Information
Contains Customer Data
Pass/Fail Regulation Assessment
Corp-Policy 100%
ISO 27001 65%
PCI 65%
NERC 30%
Applicable Controls
Password Length
Data Encryption
Power Save
IT Assets
Business Processes Revenue Streams Trade Secrets
GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…
Automation of Assessment Data
15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Technical Controls Procedural & Physical Controls
Lumension Patch, Scan & Configuration
Lumension Application &
Device Control
3rd Party Products
Automated Connectors Automated Assessment Workflow
Web-Based Surveys
Auditor / Analyst Attestation
Consolidated Assessment Data supports a holistic view of compliance and IT risk posture
Remediate
20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Remediate: Prioritize remediation efforts based on impact to overall organizational IT risk & compliance posture
Manage
21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Manage: Create operational and strategic visibility across compliance, IT risk postures
Lumension Risk Manager - summary
24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Give you better visibility into your compliance and risk posture.
Help you save time & money in your security management process.
top related