Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bill McClanahan – Principal Business Consultant LPS Integration.

Similar presentations


Presentation on theme: "Bill McClanahan – Principal Business Consultant LPS Integration."— Presentation transcript:

1 Bill McClanahan – Principal Business Consultant LPS Integration

2  World’s fourth largest independent software company  Independence: Delivers solutions across multiple platforms  Insight: Broad knowledge about the Internet and infrastructure  Trusted leader in Windows protection  Named to FORTUNE’s 2006 America’s Most Admired Companies list 2  Founded in 1982, IPO in 1989  More than 17,000 employees in 40 countries  Launched 100 new products and services in FY06  Highest R&D Spend in the Industry (17%)  Shipped nearly 23 million boxes of consumer product in FY06  Serves 99% of the 2006 FORTUNE 1000 list  Fortune 500 company  $5 billion in revenue in FY06  72% enterprise revenue Fast Facts:

3 3 SOX HIPAA GLBA Basel II ISO ISO CIS FFIEC COBIT FISMA World Bank Technology Risk Checklist CFR ISO NIST COSO CIP Circular A-123 NSA SNAC PCI ITIL NERC

4 4 Number of controls, control objectives, days between control assessments or more 3 to 6 2 or less 16 or more 3 to 15 2 or less Annual data losses/thefts Compliance deficiencies Days between control assessments Number of procedural and technical controls Number of control objectives (policies) 1.Reduce control objectives (policies) 2.Increase controls 3.Increase the assessment of controls 4.Automate repetitive activities

5 5 19.7% 20.2% 19.2% 20.9% 20.0% Procedures and controls Assessment of compliance with IT policies Collection of audit-related data Remediation and change management Ongoing monitoring and reporting N: 704 Source: IT PCH, 2008

6 6

7 Policies Standards Entitlements Response Assessment

8 8 Standards  Create/Select standard  Assess controls  Detect deviations  Remediate deficiencies Entitlement  Gather effective permissions  Translate permissions into human readable format  Route entitlements to data owner for review & approval Response  Assess non- programmatically assessable controls  Report with risk weighted model  Centralize view of procedural controls Policy  Define/manage written policies  Distribute policies & track exceptions  Demonstrate coverage  Display evidence NIST PCI Cobit SOX ISO GLBA FISMA Malware Policy Endpoint Policy Data Protection Policy

9 9 Exception Technical Controls Written Policy Procedural Controls CreateMapPublishAssessFix Control self assessment Questionnaire responses Risk-based prioritization Entitlements review Group\file permission Classify & assign owners Approval workflow Configurations Security best practices Remediation Vulnerabilities Non-credentialed checks Credentialed checks Patch Mgmt PCISOX Basel II NIST COBIT ISO Scoped by Risk Level Corporate Policies Info Security Access Control Termination

10 © 2006 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. Thank You! Presentation based off of a Symantec presentation by Steve Smith – Symantec Principal System Engineer

11 11

12 12

13 13

14 14 Detailed Regulatory Definitions Help Assure Understanding.

15 15

16 16 Evidence (Automated and Custom) should map to Control Statements. Covers requirements of Policies and Regulations.

17 17 Policy Mapping may be expanded to other related Regulations and Frameworks to help visualize coverage.

18 18

19 19

20 20

21 21

22 22

23 23

24 24

25 25

26 26

27 27

28 28

29 29

30 30

31 31

32 32

33 33

34 34

35 35

36 36

37 37

38 38

39  Basics:  Provides automated surveys and manual assessments to capture and track procedural controls  Enhances CCS’ ability to centralize and control the information affecting risk management, regulatory compliance and security  Advanced Analysis capabilities assist understanding  Evidence (documents, spreadsheets, computerized information) may be submitted with the survey questions 39

40 40 Provides a comprehensive set of questionnaires Allows for individual weighting of survey questions Dramatically adds to our regulatory content CobIT, FISMA, ISO, NERC and PCI and custom designed surveys

41 41 Provides a comprehensive set of questionnaires Allows for individual weighting of survey questions Dramatically adds to our regulatory content

42 42

43 43

44 44


Download ppt "Bill McClanahan – Principal Business Consultant LPS Integration."

Similar presentations


Ads by Google