Upload
naorem-sing
View
215
Download
0
Embed Size (px)
Citation preview
7/27/2019 3 Steps to Simplifying Audits Showing Compliance and Managing Enterprise Risk
1/2
Meeting the PCI DSS Compliance Challenge
How Luminet Enterprise Fraud Management Software Can Help
Trusted employees commit more compliance violations
than anyone else. Government and industry groups have
responded by enacting raud management regulations
designed to protect public and shareholder interests.
But your business generates enormous volumes o
network trac every day. Tracking all user activity and
then siting through it or abuse, misuse, and error
can eel like an impossible task.
Fortunately, technology does exist to help you overcome
these challenges. Its called Attachmate
Luminet
enterprise raud management sotware. And its built
to help you generate the data you need to simpliy the
audit process, demonstrate compliance, and manage
enterprise risk.
Who Did What, Whenand Why?
Continuous monitoring is the key to knowing exactly
who did what, and whenthen being able to put that
inormation into context. Attachmate Luminet can
help you do that in three steps:
Step 1: Capture the Data
Luminet captures and records all user activity on allenterprise applications in real timescreen by screen,
keystroke by keystrokecreating a complete and
accurate audit trail directly rom the network. This
audit trail includes both update and read-only actions
or regular and privileged users. Stored in a secure,
digitally signed repository, this inormation can be
visually played back to show screens, keystrokes, and
activities that support your audit.
Step 2: Analyze the Data
Luminets powerul analytics engine tracks user
behavior in real time, detecting cross-channel patterns
and visually revealing activities and relationships. Forexample, does one nancial clerk exhibit an unusual
pattern o payment activity with a particular vendor? Is
an employee reading the details o VIP health records
signicantly more than other employees in the same
role? In this way, it can pinpoint suspicious actions
based on business rules and weighted scores that
youve denedand generate real-time alerts. You
can use the alerts to demonstrate the controls youve
established to fag noncompliant behavior.
Step 3: Generate Custom Reports
Auditors expect precise and detailed inormation about
how the thousands o people across your enterprise
are accessing sensitive inormation on hundreds o
applications each day. They also expect to see this
inormation presented in a ormat that aligns withtheir unique regulatory requirements. With Luminet,
you can easily access specic audit inormation at any
timeand adjust reports to meet auditor expectations.
Theres no need to manually extract more or dierent
data rom log lesor worse, orce auditors to guess
what happened when log les all short.
In these three steps, Luminet delivers the intelligence
you need to take inormed action or auditing,
compliance, and general risk-management purposes.
3 Steps to Simplifying Audits, ShowingCompliance, and Managing Enterprise Risk
What If You Could. . .
Quicklypiecetogetherdataonmultiplesystemsin
multiple departments to create a complete audit trail?
Runhistoricalqueries,patternanalysis,and
behavioral analytics against user activity to placekeystrokes in context?
Testyourlevelofcompliancepriortoanexternal audit?
Respondtoupdatedregulationsbychangingaew rules rather than remapping log outputs to
compliance requirements?
Retrieveclearandactionableevidencelongater the user activity occurred?
With Luminet, you canwithout adding controlsor changing a single line o code.
SOLUTION BRIEF
http://www.attachmate.com/http://www.attachmate.com/http://www.attachmate.com/7/27/2019 3 Steps to Simplifying Audits Showing Compliance and Managing Enterprise Risk
2/2
SOLUTION BRIEF
2012 Attachmate Corporation. All rights reserved. Attachmate, the Attachmate symbol, and Luminet are registered trademarks o Attachmate Corporation in the United States and other countries. All other trademarks, tradenames, or company names reerenced herein are used or identication only and are the property o their respective owners. 12-0007.0312
SOLUTION BRIEF
North AmericanStandards & Regulations What It Is How Luminet Can Help
FISMA (Federal Information A U.S. law enacted in 2002 that requires each ederal agency Luminet provides real-time inormation and continuous
Security Management Act) develop, document, and implement a plan to provide security or monitoring o insider threats. Event inormation
the data and systems that support agency operations and assets. gathered by Luminet supports FISMA reporting.
The act extends this requirement to include assets managed by
other agencies and contractors.
GLBA (Gramm-Leach- A U.S. law enacted in 1999 to protect the personal fnancial Luminet can monitor and alert on user activity and
Bliley Act) inormation o consumers that is held by fnancial institutions. help enorce inormation policies with continuous
Under GLBA, fnancial institutions are required to implement monitoring and alerts.
saeguards that provide inormation security, privacy, and
data integrity.
HIPAA A U.S. law enacted in 1996 that preserves the privacy and Luminet helps organizations show auditors who has
(Health Insurance Portability security o personal health records. HIPAA requires that healthcare accessed what records and provide context to those
and Accountability Act) organizations adhere to specifc physical, administrative, and actions with screen-by-screen replay.
technical saeguards to prevent unauthorized access to and
manipulation o electronic patient inormation.
HITECH (Health Information A U.S. law enacted in 2009 that extends HIPAA (Health Insurance With Luminet, organizations can instantly report on
Technology for Economic Portability and Accountability Act) to include various third party and who has accessed a given record. Luminet can alsoand Clinical Health) Act cloud providers. It also contains breach disclosure requirements. help quantiy inormation access and disclosure.
NIST (National Institute of Part o the Special Publication 800 series that specifes security Luminet provides inormation that auditors require
Standards and Technology) controls or ederal inormation systems and audit records. and traditional logging methods miss. Luminet also
Special Publication 800-53 reduces the manual process or gathering audit data.
PCI DSS (Payment Card Industry A U.S. industry standard maintained by the PCI Security Standards Luminet helps to protect organizations rom unnecessary
Data Security Standard) Council that dictates rules or handling sensitive cardholder fnes and limits brand damage by illuminating who
databoth in transit and in storage. Businesses that ail to had access to what, and when.
comply may be restricted in their use o credit card services.
PIPEDA (Personal Information A Canadian law enacted in 2000 that governs the way in which Luminet can be used to inorm individuals when their
Protection and Electronic companies collect, use, and disclose personal inormation. inormation was accessed or disclosed. Luminet can
Documents Act) also demonstrate compliance to auditors.
SOX (Sarbanes-Oxley Act) A U.S. law enacted in 2002 to protect the fnancial inormation o Luminet provides continuous monitoring o user
Section 404 public companies. Section 404 mandates certain internal controls activity and helps automate and document incidentor fnancial reporting and documentation. The Securities and response. It also helps demonstrate SOX compliance.
Exchange Commission oversees SOX compliance.
Global Standards & Regulations What It Is How Luminet Can Help
Basel II An international standard developed by the Basel Committee Luminet helps organizations demonstrate compliance
on Banking Supervision that requires fnancial institutions to with internal policies and government regulations,
maintain enough cash reserves to cover their operational risks. including Basel II.
Basel III An international standard developed by the Basel Committee on Luminet helps organizations demonstrate compliance
Banking Supervision that strengthens the banking sectors ability with internal policies and government regulations,
to deal with fnancial stress. Basel III eectively triples the size o including Basel III.
the capital reserves that the worlds banks must hold against losses.
Directive 95 46 EC A European Union directive that regulates the collection, storage, Luminet can provide visibility into data use, access,
and use o personal data. It is an important part o the European and interaction and can be used to help demonstrate
Union privacy and human rights law. Directive 95 46 EC compliance.
FACTA (Fair and Accurate Credit Sections 114 and 315 o FACTA, a U.S. ederal law enacted in Luminet can help organizations covered under the
Transaction Act) 2003, that require the National Credit Union Administration and Red Flag Rule by documenting access to records
Red Flag Rule the Federal Trade Commission to create regulations or fnancial and breach disclosure or audits.
institutions and creditors that will prevent identity thet.
Demonstrating Compliance with Attachmate Luminet