Lunch and Learn: June 29, 2010

  • View
    614

  • Download
    2

Embed Size (px)

DESCRIPTION

Control Compliance Suite and Policy Portal presentation.

Text of Lunch and Learn: June 29, 2010

  • 1. Welcome We will be starting in approximately 10 minutes
    • Compliance Automation and Policy Management
  • Lunch & Learn

2. Welcome We will be starting in approximately 5 minutes

  • Compliance Automation and Policy Management
  • Lunch & Learn

3. Welcome We will be starting in approximately 2 minutes

  • Compliance Automation and Policy Management
  • Lunch & Learn

4. WELCOME

  • Compliance Automation and Policy Management
  • Lunch & Learn

5. Prevalent MasterCard Update

  • Service company no longer in business.
  • Looking for an alternative to the card.
  • All registrants for this Lunch and Learn were sent a certificate that can be used for lunch.
  • We will send instructions whether any additional funds left on the card can be used.

6.

  • Lunch or Technical
    • [email_address]
  • Topic Q&A
    • Please use chat feature in GoToMeeting client.
  • My Contact information:
    • Jonathan Dambrot
    • [email_address]
    • 646-442-4236

Questions or Issues 7. About Prevalent Networks

  • Founded January 5, 2004
  • Solution Focus on Risk Management
    • Information Security
    • IT Compliance
    • Disaster Recovery, Availability,and Backup
    • Infrastructure
  • Consulting and Engineering Services across all solution areas.
  • Certified Sales and Consulting Staff Across All Solutions
    • Symantec Platinum Partner
      • Sit on the Symantec Partner Advisory Council and Technical Advisory Council
    • Highest level partner for most other vendors.
  • Offices in New Jersey (HQ), New York, Mass, and Philadelphia
    • National Project Teams

8. Enterprise Governance, Risk and Compliance:Key Concerns Symantec Control Compliance Suite 10.0

  • Increasing sophistication of threats
  • Changing infrastructure & configurations
  • Increasing regulatory mandates

Security Risks

  • Frequency of assessments
  • Internal and external audit
  • Reporting to multiple constituencies

Regulatory / Audit Compliance

  • Overlapping matrix control objectives
  • Manual assessment of controls
  • Scale and diversity of environment

Security and Compliance Costs 9. Costs of IT Compliance Remain High Symantec Control Compliance Suite 10.0 Source:IT Policy Compliance Group n=3,000 ; Seattle Post Intelligencer - www.seattlepi.com/boeing/sox/

  • Case study: Boeing Aerospace
    • Failed SOX audit in 2004
    • Spent $165M in 2005-2007 to resolve issues
    • Root problem: inconsistent information security policies, procedures, and controls, including:
      • Database and application patching
      • Failed/missing controls
      • Improper access rights

2006 2008 Average Annual Regulatory Audit Spend MM 10. Automation Reduces Audit Costs and Improves Outcomes Symantec Control Compliance Suite 10.0 * Based on a survey of 3,280 companies Source:IT Policy Compliance Group Automation increases audit frequency which reduces risk 0 1 2 3 4 5 6 7 Leastmature Mostmature Months between assessments Mature organizations use automation to reduce costs by up to 54% Leastmature Mostmature Relative spend on regulatory compliance 0% 20% 40% 60% 80% 100% 54% less 11. IT Governance Risk and Compliance is a Complex Problem Symantec Control Compliance Suite 10.0 3 rdPARTYEVIDENCE TECHNICAL CONTROLS

  • Automatically identify deviations from technical standards
  • Identify critical vulnerabilities
  • Replace paper-based surveys with web-based questionnaires to evaluate if polices were read and understood
  • Combine evidence from multiple sourcesand map to policies

ASSETS CONTROLS EVIDENCE NEW POLICY

  • Define and manage policies for multiple mandates with out-of-the-box policy content
  • Map policies to control statements

PROCEDURAL CONTROLS REPORT

  • Gather results in one central repository anddeliverdynamic web-based dashboardsand reports

REMEDIATE

  • Remediate deficiencies based on risk via integration with popular ticketing systems

DATA CONTROLS

  • Tight integration with Symantec Data Loss Preventionto prioritize assessment and remediation of assets based on value of data

NEW IMPROVED IMPROVED 12. Symantec Control Compliance Suite Symantec Control Compliance Suite 10.0 3 rdPARTYEVIDENCE DATA CONTROLS TECHNICAL CONTROLS

  • Symantec Control Compliance Suite Standards Manager
  • Symantec Control Compliance Suite Vulnerability Manager
  • Symantec Control Compliance Suite Policy Manager
  • Symantec Control Compliance Suite Response Assessment Manager
  • Symantec Control
  • Compliance Suite (Infrastructure)
  • Symantec ServiceDesk 7.0
  • Symantec Data Loss Prevention Discover
  • Symantec Control
  • Compliance Suite (Infrastructure)

NEW ASSETS CONTROLS EVIDENCE NEW POLICY PROCEDURAL CONTROLS REPORT REMEDIATE IMPROVED IMPROVED 13. Symantec Control Compliance Suite Symantec Confidential 14. Define and Manage Policies Symantec Control Compliance Suite 10.0

  • Automate entire IT policy lifecycle to reduce cost and complexity
  • Define policies without-of-the-box policy content
  • Assess coverage for regulations and best practices
  • Automatic regulatory updates
  • Map policies to control statements
  • De-duplicate common controls across multiple regulations

Control Compliance Suite Policy Manager POLICY Corporate Policies Lifecycle Define 1 Review 2 Track Acceptances/ Exceptions 5 Approve 3 Distribute 4 15. Policy-driven Risk and Compliance Management

  • Evidentiary data feeds for technical controls
  • Evidence for non-technical controls

Create Map Distribute Prove Symantec Confidential ISO

  • CORPORATE POLICIES
  • Malware
  • Access Control
  • Acceptable Use

SOX PCI COBIT 16. Written Policy Management Symantec Confidential Display Evidence Demonstrate Coverage Distribute Define Written Policy 17. Automatically Assess IT Infrastructure Symantec Control Compliance Suite 10.0 ControlCompliance Suite Standards Manager

  • Improve visibility into IT risk and reduce compliance cost and complexity
  • Automate assessment of technical controls to identify deviations or configuration drift
  • Leverage best-in-class pre-packaged content
  • Manage exceptions
  • Flexible agent based or agent-less data gathering options

TECHNICAL CONTROLS Define Standards 1 Analyze and Fix 3 Managed/Unmanaged Assets 2 Evaluate (agent and/or agent-less) 18. Conduct Advanced Vulnerability Assessment Symantec Control Compliance Suite 10.0 ControlCompliance Suite Vulnerability Manager

  • Proactively prevent threats to critical assets and information
  • Identify critical vulnerabilities in Web applications, databases, servers and other network devices
  • More than 54,000 checks across 14,000 vulnerabilities
  • Unique vulnerability chaining mechanism
  • Unique risk scoring algorithm
  • High performance 64-bit scan engine

Control Compliance Suite Vulnerability Manager chains together all vulnerabilities found to uncover new, hidden issues TECHNICAL CONTROLS 19. Automatically Evaluate Procedural Controls Symantec Control Compliance Suite 10.0 ControlCompliance Suite Response Asset Manager PROCEDURAL CONTROLS

  • Replace costly, time-consuming manual processes
  • Automate assessment of procedural controls
  • Web-based questionnaires covering 60+ regulations and frameworks
  • Assess via risk-weighted surveys
  • Track responses - acceptances, exception and clarification requests

Administer Survey Analyze Results Respondents Distribute via web Consolidate responses 20. Identify and Prioritize Critical Assets Symantec Control Compliance Suite 10.0

  • Gain a better overview of compliance and security posture
  • Use Symantec Data Loss Prevention Discovery information to identify assets with critical data
  • Prioritize these assets for controls evaluation
  • Elevate hardening measures on these assets
  • Show Control