Endpoint Security Compliance:            Top 19 Questions Auditors Ask Made possible by:                                 ...
Brought to you by               www.lumension.comSpeaker    Minky Kernacs    Sr. Business Intelligence Consultant
Preview of Key Points General questions 4 areas in most endpoint security audits                                 Configu...
General questions What are our endpoints? How many? How do you come up with that list?© 2012 Monterey Technology Group ...
Patch 1. What is your process for being informed of    and reviewing patches?   How do you ensure all applications are co...
Configuration management 1. What is your golden configuration    standard? 2. What is your process for keeping existing   ...
Antivirus 1. What AV engines are in place?   Scanning options? 2. How many systems have it? 3. How many systems are up-to...
Vulnerability Scanning 1. How many systems scanned, how often? 2. How often vulnerability database    updated? 3. Status f...
Other possible areas Encryption Device control Application control© 2012 Monterey Technology Group Inc.
Bottom Line  You may already be covering all 4 areas  But you must be able to show  How many systems you have          ...
Brought to you by               www.lumension.comSpeaker    Minky Kernacs    Sr. Business Intelligence Consultant
Upcoming SlideShare
Loading in …5
×

Endpoint Security Compliance: Top 19 Questions Auditors Ask

1,528 views
1,404 views

Published on

If you're being audited, a little preparation can save you a world of pain. Download the presentation slides, presented by Randy Franklin Smith of Ultimate Windows Security, as he provides guidance for audits that are focused on endpoint security compliance. He'll take you through the top 4 areas.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,528
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Endpoint Security Compliance: Top 19 Questions Auditors Ask

  1. 1. Endpoint Security Compliance: Top 19 Questions Auditors Ask Made possible by: © 2012 Monterey Technology Group Inc.
  2. 2. Brought to you by www.lumension.comSpeaker Minky Kernacs Sr. Business Intelligence Consultant
  3. 3. Preview of Key Points General questions 4 areas in most endpoint security audits Configuration Patch management Endpoint Security Audit AV Vulnerability Scanning© 2012 Monterey Technology Group Inc.
  4. 4. General questions What are our endpoints? How many? How do you come up with that list?© 2012 Monterey Technology Group Inc.
  5. 5. Patch 1. What is your process for being informed of and reviewing patches? How do you ensure all applications are covered? 2. What patches have you approved? When were they deployed? 3. What patches did you opt out of and why? 4. What is the patch status of all your endpoints right now? 5. What is your average time from availability to install of patches?© 2012 Monterey Technology Group Inc.
  6. 6. Configuration management 1. What is your golden configuration standard? 2. What is your process for keeping existing and new system in compliance? 3. What is your process for exceptions? 4. Provide documentation showing all endpoints are configured in compliance© 2012 Monterey Technology Group Inc.
  7. 7. Antivirus 1. What AV engines are in place? Scanning options? 2. How many systems have it? 3. How many systems are up-to-date right now? 4. What is your average time from availability to deployment of updates? 5. How many actual infections in past year? Details? 6. Can users disable? 7. How are remote/mobile endpoints updated?© 2012 Monterey Technology Group Inc.
  8. 8. Vulnerability Scanning 1. How many systems scanned, how often? 2. How often vulnerability database updated? 3. Status for vulnerabilities detected in past year What was the follow up?© 2012 Monterey Technology Group Inc.
  9. 9. Other possible areas Encryption Device control Application control© 2012 Monterey Technology Group Inc.
  10. 10. Bottom Line  You may already be covering all 4 areas  But you must be able to show How many systems you have • How do you know this list is complete What is their current status in all 4 areas • As well as history A good auditor will want process and documentation process is actually followed  Added benefit: Being able to easily answer these questions means you have an efficient and well controlled endpoint environment© 2012 Monterey Technology Group Inc.
  11. 11. Brought to you by www.lumension.comSpeaker Minky Kernacs Sr. Business Intelligence Consultant

×