Presentation is loading. Please wait.

Presentation is loading. Please wait.

G R C The Science of Compliance ® ®. Craig Isaacs CEO, Unified Compliance Framework The world's largest and most reviewed legal framework. 2.

Similar presentations


Presentation on theme: "G R C The Science of Compliance ® ®. Craig Isaacs CEO, Unified Compliance Framework The world's largest and most reviewed legal framework. 2."— Presentation transcript:

1 G R C The Science of Compliance ® ®

2 Craig Isaacs CEO, Unified Compliance Framework The world's largest and most reviewed legal framework. 2

3 G R C Strict Adherence to a Standard Will Leave You Exposed 3

4 Areas of Exposure: Comparison of Standards to… 1.PCI 2.SOX 3.Healthcare 4.Banking 4

5 ISO Direct Controls

6 PCI DSS Direct Controls

7 ISO vs PCI DSS 3.0: Overlapping Controls Unique Controls 217 Unique Controls 76 17% Overlap

8 PCI DSS 3.0 Unique Controls Sample of Unique Controls: 1.Establish and maintain a media inventory. 2.Test the system for buffer overflows. 3.Incorporate breach of the security of data incident response notification into the incident response plan Unique Controls

9 ISO Unique Controls Sample of Unique Controls: 1.Separate systems that store or process restricted data from those that do not by deploying Physical access controls. 2.Define the executive policy, executive mission, and executive vision of the continuity planning process. 3.Verify that the continuity plan includes purchasing enough insurance Unique Controls

10 “Sarbanes-Oxley” Isn’t One Authority Document 1.Sarbanes-Oxley Act (only 19 direct controls in audit, records management, and monitoring) 2.COSO ERM 3.17 CFR Parts 210, PCAOB Auditing Standards 5.Etc… 10

11 SOX Guidance Direct Controls

12 ISO vs SOX Group: Overlapping Controls Unique Controls 10% Overlap 136 Unique Controls 38

13 121 Unique Controls ISO vs PCI DSS 3.0 vs SOX Unique Controls 202 Unique Controls SOX ISO PCI

14 Sarbanes-Oxley Unique Controls Sample of Unique Controls: 1.Establish and maintain data processing integrity through segregation of duties. 2.Assign the audit to impartial auditors. 3.Establish and maintain a compliance monitoring policy and audit policy Unique Controls

15 Comparison of Standards 1.NIST R4 2.ISO

16 ISO Direct Controls

17 721 Direct Controls NIST R4 17

18 588 Unique Controls ISO vs NIST R Unique Controls % Overlap

19 677 Unique Controls 130 Unique Controls SOX Guidance vs NIST R % Overlap

20 577 Unique Controls 149 Unique Controls PCI DSS 3.0 vs NIST R % Overlap

21 Healthcare & Life Sciences vs. NIST R4 21

22 721 Direct Controls NIST R4 22

23 Healthcare & Life Sciences Guidance Direct Controls

24 1214 Unique Controls 1214 Unique Controls NIST R4 vs. Healthcare & Life Sciences 24 23% Overl ap Unique Controls

25 Banking Guidance vs. ISO

26 ISO Direct Controls

27 Banking Guidance Direct Controls

28 729 Unique Controls 729 Unique Controls ISO vs. Banking Guidance 28 21% Overlap

29 Recommendations Reduce audit and compliance costs by properly defining system scope and related control requirements. Leverage standards where overlaps exist. Determine business case for implementing controls without mandates. Automate evidence gathering, compliance correlation, and ongoing compliance review. Audit once as much as possible. 29


Download ppt "G R C The Science of Compliance ® ®. Craig Isaacs CEO, Unified Compliance Framework The world's largest and most reviewed legal framework. 2."

Similar presentations


Ads by Google