Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bill McClanahan – Principal Business Consultant LPS Integration.

Published byMacey Bradberry Modified over 9 years ago

Similar presentations

Presentation on theme: "Bill McClanahan – Principal Business Consultant LPS Integration."— Presentation transcript:

1 Bill McClanahan – Principal Business Consultant LPS Integration

2  World’s fourth largest independent software company  Independence: Delivers solutions across multiple platforms  Insight: Broad knowledge about the Internet and infrastructure  Trusted leader in Windows protection  Named to FORTUNE’s 2006 America’s Most Admired Companies list 2  Founded in 1982, IPO in 1989  More than 17,000 employees in 40 countries  Launched 100 new products and services in FY06  Highest R&D Spend in the Industry (17%)  Shipped nearly 23 million boxes of consumer product in FY06  Serves 99% of the 2006 FORTUNE 1000 list  Fortune 500 company  $5 billion in revenue in FY06  72% enterprise revenue Fast Facts:

3 3 SOX HIPAA GLBA Basel II ISO 17799 ISO 27001 CIS FFIEC COBIT FISMA World Bank Technology Risk Checklist CFR ISO 27002 NIST COSO CIP Circular A-123 NSA SNAC PCI ITIL NERC

4 4 Number of controls, control objectives, days between control assessments 0 50 100 150 200 250 12 or more 3 to 6 2 or less 16 or more 3 to 15 2 or less Annual data losses/thefts Compliance deficiencies Days between control assessments Number of procedural and technical controls Number of control objectives (policies) 1.Reduce control objectives (policies) 2.Increase controls 3.Increase the assessment of controls 4.Automate repetitive activities

5 5 19.7% 20.2% 19.2% 20.9% 20.0% Procedures and controls Assessment of compliance with IT policies Collection of audit-related data Remediation and change management Ongoing monitoring and reporting N: 704 Source: IT PCH, 2008 www.itpolicycompliance.com

6 6

7 Policies Standards Entitlements Response Assessment

8 8 Standards  Create/Select standard  Assess controls  Detect deviations  Remediate deficiencies Entitlement  Gather effective permissions  Translate permissions into human readable format  Route entitlements to data owner for review & approval Response  Assess non- programmatically assessable controls  Report with risk weighted model  Centralize view of procedural controls Policy  Define/manage written policies  Distribute policies & track exceptions  Demonstrate coverage  Display evidence NIST PCI Cobit SOX ISO GLBA FISMA Malware Policy Endpoint Policy Data Protection Policy

9 9 Exception Technical Controls Written Policy Procedural Controls CreateMapPublishAssessFix Control self assessment Questionnaire responses Risk-based prioritization Entitlements review Group\file permission Classify & assign owners Approval workflow Configurations Security best practices Remediation Vulnerabilities Non-credentialed checks Credentialed checks Patch Mgmt PCISOX Basel II NIST COBIT ISO Scoped by Risk Level Corporate Policies Info Security Access Control Termination

10 © 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. Thank You! Presentation based off of a Symantec presentation by Steve Smith – Symantec Principal System Engineer

11 11

12 12

13 13

14 14 Detailed Regulatory Definitions Help Assure Understanding.

15 15

16 16 Evidence (Automated and Custom) should map to Control Statements. Covers requirements of Policies and Regulations.

17 17 Policy Mapping may be expanded to other related Regulations and Frameworks to help visualize coverage.

18 18

19 19

20 20

21 21

22 22

23 23

24 24

25 25

26 26

27 27

28 28

29 29

30 30

31 31

32 32

33 33

34 34

35 35

36 36

37 37

38 38

39  Basics:  Provides automated surveys and manual assessments to capture and track procedural controls  Enhances CCS’ ability to centralize and control the information affecting risk management, regulatory compliance and security  Advanced Analysis capabilities assist understanding  Evidence (documents, spreadsheets, computerized information) may be submitted with the survey questions 39

40 40 Provides a comprehensive set of questionnaires Allows for individual weighting of survey questions Dramatically adds to our regulatory content CobIT, FISMA, ISO, NERC and PCI and custom designed surveys

41 41 Provides a comprehensive set of questionnaires Allows for individual weighting of survey questions Dramatically adds to our regulatory content

42 42

43 43

44 44

Download ppt "Bill McClanahan – Principal Business Consultant LPS Integration."

Similar presentations

Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
Professional Services Overview

Professional Services Overview
IT Analytics for Symantec Endpoint Protection

IT Analytics for Symantec Endpoint Protection
Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing

1 Getting Beyond Standalone Antivirus to Advanced Threat Protection Eric Schwake Sr. Product Marketing
© 2006 Industry Direct Ltd. All Rights Reserved. 1 This entire 21 screen presentation is copyright IDL 2006 all rights reserved & no reproduction or presentation.

© 2006 Industry Direct Ltd. All Rights Reserved. 1 This entire 21 screen presentation is copyright IDL 2006 all rights reserved & no reproduction or presentation.
Security Controls – What Works

Security Controls – What Works
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
Know your risk. This screenshot of the Stellent Sarbanes-Oxley Solution offering from IDT shows the organization’s current state of risk by presenting.

Know your risk. This screenshot of the Stellent Sarbanes-Oxley Solution offering from IDT shows the organization’s current state of risk by presenting.
Copyright © 2007 Advantica Inc. (USA Only) and Advantica Ltd. (Outside USA). All rights reserved by the respective owner. Benefits of an Integrated Compliance.

Copyright © 2007 Advantica Inc. (USA Only) and Advantica Ltd. (Outside USA). All rights reserved by the respective owner. Benefits of an Integrated Compliance.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Euseden INTERNAL AUDIT & ASSURANCE SERVICES.

Euseden INTERNAL AUDIT & ASSURANCE SERVICES.
1 When Cloud Networking meets Cloud Computing: Software-Defined Networking (SDN) Customer Application Faan DeSwardt Infrastructure Architecture Manager.

1 When Cloud Networking meets Cloud Computing: Software-Defined Networking (SDN) Customer Application Faan DeSwardt Infrastructure Architecture Manager.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Governance, Risk, and Compliance Bill Greene Senior Industry Director.

Governance, Risk, and Compliance Bill Greene Senior Industry Director.
Www.skyboxsecurity.com Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.

Skybox® Security Solutions for Symantec CCS Comprehensive IT Governance Risk and Access Compliance Management Skybox Security's.
Vulnerability Management Dimension Data – Tom Gilis 24 November 2011.

Vulnerability Management Dimension Data – Tom Gilis 24 November 2011.

Similar presentations

Ads by Google