7/27/2019 3 Steps to Simplifying Audits Showing Compliance and
Managing Enterprise Risk
1/2
Meeting the PCI DSS Compliance Challenge
How Luminet Enterprise Fraud Management Software Can Help
Trusted employees commit more compliance violations
than anyone else. Government and industry groups have
responded by enacting raud management regulations
designed to protect public and shareholder interests.
But your business generates enormous volumes o
network trac every day. Tracking all user activity and
then siting through it or abuse, misuse, and error
can eel like an impossible task.
Fortunately, technology does exist to help you overcome
these challenges. Its called Attachmate
Luminet
enterprise raud management sotware. And its built
to help you generate the data you need to simpliy the
audit process, demonstrate compliance, and manage
enterprise risk.
Who Did What, Whenand Why?
Continuous monitoring is the key to knowing exactly
who did what, and whenthen being able to put that
inormation into context. Attachmate Luminet can
help you do that in three steps:
Step 1: Capture the Data
Luminet captures and records all user activity on allenterprise
applications in real timescreen by screen,
keystroke by keystrokecreating a complete and
accurate audit trail directly rom the network. This
audit trail includes both update and read-only actions
or regular and privileged users. Stored in a secure,
digitally signed repository, this inormation can be
visually played back to show screens, keystrokes, and
activities that support your audit.
Step 2: Analyze the Data
Luminets powerul analytics engine tracks user
behavior in real time, detecting cross-channel patterns
and visually revealing activities and relationships. Forexample,
does one nancial clerk exhibit an unusual
pattern o payment activity with a particular vendor? Is
an employee reading the details o VIP health records
signicantly more than other employees in the same
role? In this way, it can pinpoint suspicious actions
based on business rules and weighted scores that
youve denedand generate real-time alerts. You
can use the alerts to demonstrate the controls youve
established to fag noncompliant behavior.
Step 3: Generate Custom Reports
Auditors expect precise and detailed inormation about
how the thousands o people across your enterprise
are accessing sensitive inormation on hundreds o
applications each day. They also expect to see this
inormation presented in a ormat that aligns withtheir unique
regulatory requirements. With Luminet,
you can easily access specic audit inormation at any
timeand adjust reports to meet auditor expectations.
Theres no need to manually extract more or dierent
data rom log lesor worse, orce auditors to guess
what happened when log les all short.
In these three steps, Luminet delivers the intelligence
you need to take inormed action or auditing,
compliance, and general risk-management purposes.
3 Steps to Simplifying Audits, ShowingCompliance, and Managing
Enterprise Risk
What If You Could. . .
Quicklypiecetogetherdataonmultiplesystemsin
multiple departments to create a complete audit trail?
Runhistoricalqueries,patternanalysis,and
behavioral analytics against user activity to placekeystrokes in
context?
Testyourlevelofcompliancepriortoanexternal audit?
Respondtoupdatedregulationsbychangingaew rules rather than
remapping log outputs to
compliance requirements?
Retrieveclearandactionableevidencelongater the user activity
occurred?
With Luminet, you canwithout adding controlsor changing a single
line o code.
SOLUTION BRIEF
http://www.attachmate.com/http://www.attachmate.com/http://www.attachmate.com/
7/27/2019 3 Steps to Simplifying Audits Showing Compliance and
Managing Enterprise Risk
2/2
SOLUTION BRIEF
2012 Attachmate Corporation. All rights reserved. Attachmate,
the Attachmate symbol, and Luminet are registered trademarks o
Attachmate Corporation in the United States and other countries.
All other trademarks, tradenames, or company names reerenced herein
are used or identication only and are the property o their
respective owners. 12-0007.0312
SOLUTION BRIEF
North AmericanStandards & Regulations What It Is How Luminet
Can Help
FISMA (Federal Information A U.S. law enacted in 2002 that
requires each ederal agency Luminet provides real-time inormation
and continuous
Security Management Act) develop, document, and implement a plan
to provide security or monitoring o insider threats. Event
inormation
the data and systems that support agency operations and assets.
gathered by Luminet supports FISMA reporting.
The act extends this requirement to include assets managed
by
other agencies and contractors.
GLBA (Gramm-Leach- A U.S. law enacted in 1999 to protect the
personal fnancial Luminet can monitor and alert on user activity
and
Bliley Act) inormation o consumers that is held by fnancial
institutions. help enorce inormation policies with continuous
Under GLBA, fnancial institutions are required to implement
monitoring and alerts.
saeguards that provide inormation security, privacy, and
data integrity.
HIPAA A U.S. law enacted in 1996 that preserves the privacy and
Luminet helps organizations show auditors who has
(Health Insurance Portability security o personal health
records. HIPAA requires that healthcare accessed what records and
provide context to those
and Accountability Act) organizations adhere to specifc
physical, administrative, and actions with screen-by-screen
replay.
technical saeguards to prevent unauthorized access to and
manipulation o electronic patient inormation.
HITECH (Health Information A U.S. law enacted in 2009 that
extends HIPAA (Health Insurance With Luminet, organizations can
instantly report on
Technology for Economic Portability and Accountability Act) to
include various third party and who has accessed a given record.
Luminet can alsoand Clinical Health) Act cloud providers. It also
contains breach disclosure requirements. help quantiy inormation
access and disclosure.
NIST (National Institute of Part o the Special Publication 800
series that specifes security Luminet provides inormation that
auditors require
Standards and Technology) controls or ederal inormation systems
and audit records. and traditional logging methods miss. Luminet
also
Special Publication 800-53 reduces the manual process or
gathering audit data.
PCI DSS (Payment Card Industry A U.S. industry standard
maintained by the PCI Security Standards Luminet helps to protect
organizations rom unnecessary
Data Security Standard) Council that dictates rules or handling
sensitive cardholder fnes and limits brand damage by illuminating
who
databoth in transit and in storage. Businesses that ail to had
access to what, and when.
comply may be restricted in their use o credit card
services.
PIPEDA (Personal Information A Canadian law enacted in 2000 that
governs the way in which Luminet can be used to inorm individuals
when their
Protection and Electronic companies collect, use, and disclose
personal inormation. inormation was accessed or disclosed. Luminet
can
Documents Act) also demonstrate compliance to auditors.
SOX (Sarbanes-Oxley Act) A U.S. law enacted in 2002 to protect
the fnancial inormation o Luminet provides continuous monitoring o
user
Section 404 public companies. Section 404 mandates certain
internal controls activity and helps automate and document
incidentor fnancial reporting and documentation. The Securities and
response. It also helps demonstrate SOX compliance.
Exchange Commission oversees SOX compliance.
Global Standards & Regulations What It Is How Luminet Can
Help
Basel II An international standard developed by the Basel
Committee Luminet helps organizations demonstrate compliance
on Banking Supervision that requires fnancial institutions to
with internal policies and government regulations,
maintain enough cash reserves to cover their operational risks.
including Basel II.
Basel III An international standard developed by the Basel
Committee on Luminet helps organizations demonstrate compliance
Banking Supervision that strengthens the banking sectors ability
with internal policies and government regulations,
to deal with fnancial stress. Basel III eectively triples the
size o including Basel III.
the capital reserves that the worlds banks must hold against
losses.
Directive 95 46 EC A European Union directive that regulates the
collection, storage, Luminet can provide visibility into data use,
access,
and use o personal data. It is an important part o the European
and interaction and can be used to help demonstrate
Union privacy and human rights law. Directive 95 46 EC
compliance.
FACTA (Fair and Accurate Credit Sections 114 and 315 o FACTA, a
U.S. ederal law enacted in Luminet can help organizations covered
under the
Transaction Act) 2003, that require the National Credit Union
Administration and Red Flag Rule by documenting access to
records
Red Flag Rule the Federal Trade Commission to create regulations
or fnancial and breach disclosure or audits.
institutions and creditors that will prevent identity thet.
Demonstrating Compliance with Attachmate Luminet
