Lumension LCRM - DSS @Vilnius 2010

•

0 likes•267 views

Andris Soroka

Lumension Security presented new solution for compliance and risk management.

Technology

From Data Theft to …

Compliance & Risk Management!

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

… Agenda

2
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…Agenda

3
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…just a simple pricelist ?

4
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…active measures against card fraud

5
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

PCI DSS, PA DSS, 27001, CoBiT, NERC, Basel
II, SOX, ... … … …

Mounting External Compliance Regulations
3 out 4 organizations must comply with two or PII Security
Standards
more regulations and corresponding audits.
Sarbanes-Oxley,
Section 404

43% of organizations comply with 3 or more PCI Data Security PCI Data Security
Standards (DSS) Standards (DSS)
regulations.
Basel II Basel II

SB1386 SB1386 SB1386
(CA Privacy Act) (CA Privacy Act) (CA Privacy Act)

USA Patriot Act USA Patriot Act USA Patriot Act USA Patriot Act

Gramm Leach Gramm Leach Gramm Leach Gramm Leach Gramm Leach
Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA)

21CFR11 21CFR11 21CFR11 21CFR11 21CFR11 21CFR11

HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA

EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive

*The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com

Time

7
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Today Organizations Spend 30-50%
More On Compliance Than They Should

Our IT Networks Were Never Designed With
Compliance In Mind

Compliance & IT Risk Management Challenges

ry
ulato
f Reg
La ck o wledge
Kno

HIPAA Excel

SOX Database Business
Security Processes
Policy
PCI Manual IT
Surveys Resources
Password Length
Special Characters
Non Standardized
Processes

Functional Silos Disparate
Data Collection

9
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Challenges in Compliance and Risk Management

Business Interests

Auditor

Stakeholders

Standardized Compliance & Control Framework [UCF]

Assess

Technical Controls:
Automatically assess technical
controls through integration to
Lumension and 3rd party tools

Procedural & Physical Controls:
Utilize automated workflow
based surveys

13
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Automation of Assessment Data
Consolidated Assessment Data supports a holistic view of
compliance and IT risk posture

Technical Controls Procedural & Physical Controls

Automated Connectors Automated Assessment Workflow

Lumension Lumension 3rd Party
Patch, Scan & Application & Web-Based Auditor / Analyst
Products Surveys Attestation
Configuration Device
Control

15
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

16
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

17
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

18
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

19
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Remediate

Remediate: Prioritize remediation
efforts based on impact to overall
organizational IT risk &
compliance posture

20
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Manage

Manage: Create operational and
strategic visibility across
compliance, IT risk postures

21
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lumension Risk Manager - summary

Give you better visibility into your
compliance and risk posture.

Help you save time & money in your
security management process.

24
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Global Headquarters
15880 N. Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260

1.888.725.7828
info@lumension.com

thomas.wendrich@lumension.com

www.lumension.com/itgrc-software

What's hot

Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...gogo6

eDiscovery and Records Oh...My!J. David Morris

GDPR & digital strategyProf. Jacques Folon (Ph.D)

Meaningful Use Risk Analysis Webinardata brackets

Data Security For Compliance 2Flaskdata.io

Data Protection BrochureLiliana50

What's hot (6)

Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...

eDiscovery and Records Oh...My!

GDPR & digital strategy

Meaningful Use Risk Analysis Webinar

Data Security For Compliance 2

Data Protection Brochure

Similar to Lumension LCRM - DSS @Vilnius 2010

7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke

DSS ITSEC CONFERENCE - Lumension Security - Real Time Risk & Compliance Man...Andris Soroka

Enterprise Security Architecture: From Access to AuditBob Rhubart

Sunera business & technology risk consulting services -slide shareSunera

2007 issa journal-building a comprehensive security control frameworkasundaram1

Automating Policy Compliance and IT GovernanceSasha Nunke

Analyzing Your Government Contract Cybersecurity ComplianceRobert E Jones

Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Amazon Web Services

Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.

Automating security policies (compliance) with RudderJonathan Clarke

Cybersecurity Compliance in Government ContractsRobert E Jones

Analyzing Your GovCon Cybersecurity ComplianceRobert E Jones

Information Security Management System ISO/IEC 27001:2005ControlCase

DSS ITSEC Conference 2012 - RISK & COMPLIANCEAndris Soroka

Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase

Cybersecurity exchange briefing oct 2012 v2Naba Barkakati

Big data security the perfect stormUlf Mattsson

Guide to hipaa compliance for containersAbhishek Sood

Information Security It's All About ComplianceDinesh O Bareja

Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely

Similar to Lumension LCRM - DSS @Vilnius 2010 (20)

7 Mistakes of IT Security Compliance - and Steps to Avoid Them

DSS ITSEC CONFERENCE - Lumension Security - Real Time Risk & Compliance Man...

Enterprise Security Architecture: From Access to Audit

Sunera business & technology risk consulting services -slide share

2007 issa journal-building a comprehensive security control framework

Automating Policy Compliance and IT Governance

Analyzing Your Government Contract Cybersecurity Compliance

Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018

Valiente Balancing It SecurityCompliance, Complexity & Cost

Automating security policies (compliance) with Rudder

Cybersecurity Compliance in Government Contracts

Analyzing Your GovCon Cybersecurity Compliance

Information Security Management System ISO/IEC 27001:2005

DSS ITSEC Conference 2012 - RISK & COMPLIANCE

Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC

Cybersecurity exchange briefing oct 2012 v2

Big data security the perfect storm

Guide to hipaa compliance for containers

Information Security It's All About Compliance

Complying with Cybersecurity Regulations for IBM i Servers and Data

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst

Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos

AI as an Interface for Commercial BuildingsMemoori

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays

My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community

SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada

APIForce Zurich 5 April Automation LPDGMarianaLemus7

Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed

Commit 2024 - Secret Management made easyAlfredo García Lavilla

Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi

Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro

"ML in Production",Oleksandr BaganFwdays

costume and set research powerpoint presentationphoebematthew05

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

Pigging Solutions in Pet Food ManufacturingPigging Solutions

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems

Developer Data Modeling Mistakes: From Postgres to NoSQL

Bun (KitWorks Team Study 노별마루 발표 2024.4.22)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

AI as an Interface for Commercial Buildings

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack

My Hashitalk Indonesia April 2024 Presentation

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx

SAP Build Work Zone - Overview L2-L3.pptx

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024

APIForce Zurich 5 April Automation LPDG

Scanning the Internet for External Cloud Exposures via SSL Certs

Commit 2024 - Secret Management made easy

Vertex AI Gemini Prompt Engineering Tips

Unraveling Multimodality with Large Language Models.pdf

"ML in Production",Oleksandr Bagan

costume and set research powerpoint presentation

SQL Database Design For Developers at php[tek] 2024

Pigging Solutions in Pet Food Manufacturing

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

Lumension LCRM - DSS @Vilnius 2010

1. From Data Theft to … Compliance & Risk Management! PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

2. … Agenda 2 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

3. …Agenda 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

4. …just a simple pricelist ? 4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

5. …active measures against card fraud 5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

6. PCI DSS, PA DSS, 27001, CoBiT, NERC, Basel II, SOX, ... … … …

7. Mounting External Compliance Regulations 3 out 4 organizations must comply with two or PII Security Standards more regulations and corresponding audits. Sarbanes-Oxley, Section 404 43% of organizations comply with 3 or more PCI Data Security PCI Data Security Standards (DSS) Standards (DSS) regulations. Basel II Basel II SB1386 SB1386 SB1386 (CA Privacy Act) (CA Privacy Act) (CA Privacy Act) USA Patriot Act USA Patriot Act USA Patriot Act USA Patriot Act Gramm Leach Gramm Leach Gramm Leach Gramm Leach Gramm Leach Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) 21CFR11 21CFR11 21CFR11 21CFR11 21CFR11 21CFR11 HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive *The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com Time 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

8. Today Organizations Spend 30-50% More On Compliance Than They Should Our IT Networks Were Never Designed With Compliance In Mind

9. Compliance & IT Risk Management Challenges ry ulato f Reg La ck o wledge Kno HIPAA Excel SOX Database Business Security Processes Policy PCI Manual IT Surveys Resources Password Length Special Characters Non Standardized Processes Functional Silos Disparate Data Collection 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

10. Challenges in Compliance and Risk Management Business Interests Auditor Stakeholders

11. Data Collection

12. Standardized Compliance & Control Framework [UCF]

13. Assess Technical Controls: Automatically assess technical controls through integration to Lumension and 3rd party tools Procedural & Physical Controls: Utilize automated workflow based surveys 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

14. Standardized & IT Risk Mgmt. Framework Regulation Authority Documents GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC… Business Interests Corporate Policies Business Processes Revenue Streams Trade Secrets IT Assets Profile Risk Attributes Open to the Internet Contains Credit Card Information Contains Customer Data Applicable Controls Pass/Fail Regulation Assessment Password Length Data Encryption Power Save Corp-Policy ISO 27001 PCI NERC 100% 65% 65% 30%

15. Automation of Assessment Data Consolidated Assessment Data supports a holistic view of compliance and IT risk posture Technical Controls Procedural & Physical Controls Automated Connectors Automated Assessment Workflow Lumension Lumension 3rd Party Patch, Scan & Application & Web-Based Auditor / Analyst Products Surveys Attestation Configuration Device Control 15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

16. Connector … 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

17. Connector … 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

18. Connector … 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

19. Connector … 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

20. Remediate Remediate: Prioritize remediation efforts based on impact to overall organizational IT risk & compliance posture 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

21. Manage Manage: Create operational and strategic visibility across compliance, IT risk postures 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

22. Identify…and it starts again

23. Adaptation

24. Lumension Risk Manager - summary Give you better visibility into your compliance and risk posture. Help you save time & money in your security management process. 24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

25. Global Headquarters 15880 N. Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260 1.888.725.7828 info@lumension.com thomas.wendrich@lumension.com www.lumension.com/itgrc-software

Lumension LCRM - DSS @Vilnius 2010

Recommended

Recommended

More Related Content

What's hot

What's hot (6)

Similar to Lumension LCRM - DSS @Vilnius 2010

Similar to Lumension LCRM - DSS @Vilnius 2010 (20)

More from Andris Soroka

More from Andris Soroka (20)

Recently uploaded

Recently uploaded (20)

Lumension LCRM - DSS @Vilnius 2010