Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Restricting
Authenticating
Tracking
User Access?
12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191
This paper is your ...
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIV...
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIV...
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIV...
COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIV...
Upcoming SlideShare
Loading in …5
×

Cyber security audits and risk management 2016

Two Interdependent lists everyone should have!

  • Login to see the comments

  • Be the first to like this

Cyber security audits and risk management 2016

  1. 1. Restricting Authenticating Tracking User Access? 12100 Sunrise Valley Dr. Suite 290-1 Reston, VA 20191 This paper is your guide to more efficient and effective audits and risk assess- ments. Consistency in managing your cyber security controls not only reduces the time required to prepare for audits and risks assessments, it also makes any organization more secure—especially in the event of security breaches. Any regulatory agency that governs an organization provides it with guidance and a checklist of expectations for audits and risk management. HIPAA, for example, has the Audit Protocol ; GLBA uses the FFIEC IT Examination Hand Book ; PCI provides the Report on Compliance template ; and many of the regulations and standards use the NIST Cyber Security Framework . All of these are very similar in terms of what they expect you to have in place to demonstrate that your practices match what you have documented. VIMRO helps clients prepare for these audits, and also conducts audits/as- sessments for HIPAA, GLBA, and PCI (VIMRO is a PCI-QSA ), etc. Based on the commonly requested items for these regulations, we include below two lists describing what we request for cybersecurity documentation and controls evidence. One of the biggest challenges for our clients is gathering and maintaining both cybersecurity documentation and controls evidence. This is why a Gov- ernance, Risk, and Compliance (GRC) application is a must-have control in which successful organizations invest, and why the GRC is item #1 on List B. “A guide to efficient and effective audits and risk assessments.” Cyber Security Audits and Risk Management Two interdependent lists everyone should have!
  2. 2. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS The table below explains how a GRC solution addresses some of the challenges. (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Cyber Security Audits and Risk Management Two interdependent lists everyone should have! Authored by VIMRO’s Cybersecurity Leaders
  3. 3. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS VIMRO is vendor-agnostic, meaning that we do not sell any products, nor are we paid by any vendor to promote their products. We do however, help and guide our customers in choosing the most effective products, such as GRC solutions, based on client requirements. Whether you are just considering a GRC solution, or are in the middle of a GRC implementation project, ensure that you have the documents and evidence we list in this paper’s Lists A and B. Many of our clients conduct the GRC project in parallel with documentation/evidence collection projects. By referring to the lists, there is a lot of work required from both a security-technology mechanisms and a documentation perspective. Your goal is to have a GRC solution in place, along with the cybersecurity documentation and controls evidence required to demonstrate compli- ance and secure practices. With this goal met, your audit and risk manage- ment process is optimized, and your focus can shift to proactively main- taining an optimized process rather than reacting to audit requests. Contact VIMRO to discuss how we can help you implement your policy and procedures, evidence controls, and GRC initiatives. (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Success depends on the documents and evidence identified in the two interdependent Lists A and B Cyber Security Audits and Risk Management Two interdependent lists everyone should have!
  4. 4. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL LIST A Policy, Procedures and General Documentation Request List
  5. 5. COPYRIGHT © 2015 VIMRO, LLC. ALL RIGHTS RESERVED. ALL REFERENCED COMPANY NAMES AND LOGOS ARE TRADEMARKS OF THEIR RESPECTIVE OWNERS (800) 272 0019 Ashburn, VA | Baltimore, MD | Boston, MA | Glendale, CA | Las Vegas, NV | Reston, VA | San Diego, CA | Tampa, FL Authored by VIMRO’s Cybersecurity Leaders Cyber Security Audits and Risk Management Two interdependent lists everyone should have! List B Cybersecurity Controls Evidence Request List Authored by VIMRO’s Cybersecurity Leaders

×