Lumension LCRM - DSS @Vilnius 2010

From Data Theft to …

Compliance & Risk Management!

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

… Agenda

2 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…Agenda


…just a simple pricelist ?


…active measures against card fraud


PCI DSS, PA DSS, 27001, CoBiT, NERC, Basel II, SOX, ... … … …

Mounting External Compliance Regulations


EU Directive

Basel II

HIPAA

Sarbanes-Oxley, Section 404

PCI Data Security Standards (DSS)

PII Security Standards

21CFR11

Gramm Leach Bliley (GLBA)

USA Patriot Act

SB1386 (CA Privacy Act)

EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive

HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA

21CFR11 21CFR11 21CFR11 21CFR11 21CFR11





USA Patriot Act USA Patriot Act USA Patriot Act



Basel II

PCI Data Security Standards (DSS)

Time *The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com

3 out 4 organizations must comply with two or more regulations and corresponding audits.

43% of organizations comply with 3 or more regulations.

Our IT Networks Were Never Designed With Compliance In Mind

Today Organizations Spend 30-50% More On Compliance Than They Should

Compliance & IT Risk Management Challenges


Lack of Regulatory

Knowledge

HIPAA

PCI

SOX

Security Policy

Password Length Special Characters

Excel

Manual Surveys

Database Business Processes

IT Resources

Disparate Data Collection

Functional Silos

Non Standardized Processes

Challenges in Compliance and Risk Management

Business Interests

Auditor

Stakeholders

Data Collection

Standardized Compliance & Control Framework [UCF]

Assess


Technical Controls:

Automatically assess technical controls through integration to Lumension and 3rd party tools

Procedural & Physical Controls:

Utilize automated workflow based surveys

Standardized & IT Risk Mgmt. Framework

Regulation Authority Documents

Business Interests Corporate Policies

Profile Risk Attributes

Open to the Internet

Contains Credit Card Information

Contains Customer Data

Pass/Fail Regulation Assessment

Corp-Policy 100%

ISO 27001 65%

PCI 65%

NERC 30%

Applicable Controls

Password Length

Data Encryption

Power Save

IT Assets

Business Processes Revenue Streams Trade Secrets

GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…

Automation of Assessment Data


Technical Controls Procedural & Physical Controls

Lumension Patch, Scan & Configuration

Lumension Application &

Device Control

3rd Party Products

Automated Connectors Automated Assessment Workflow

Web-Based Surveys

Auditor / Analyst Attestation

Consolidated Assessment Data supports a holistic view of compliance and IT risk posture

Connector …


Connector …


Connector …


Connector …


Remediate


Remediate: Prioritize remediation efforts based on impact to overall organizational IT risk & compliance posture

Manage


Manage: Create operational and strategic visibility across compliance, IT risk postures

Identify…and it starts again

Adaptation

Lumension Risk Manager - summary


Give you better visibility into your compliance and risk posture.

Help you save time & money in your security management process.

Global Headquarters 15880 N. Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260

1.888.725.7828 [email protected]

www.lumension.com/itgrc-software

[email protected]

Lumension LCRM - DSS @Vilnius 2010

Technology

public distribution

public distribution

public distribution

security compliance

compliance risk management

data theft

hipaa sarbanesoxley

risk management challenges