Lumension LCRM - DSS @Vilnius 2010

•

0 likes•267 views

Andris Soroka

Lumension Security presented new solution for compliance and risk management.

Technology

From Data Theft to …

Compliance & Risk Management!

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

… Agenda

2
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…Agenda

3
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…just a simple pricelist ?

4
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…active measures against card fraud

5
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

PCI DSS, PA DSS, 27001, CoBiT, NERC, Basel
II, SOX, ... … … …

Mounting External Compliance Regulations
3 out 4 organizations must comply with two or PII Security
Standards
more regulations and corresponding audits.
Sarbanes-Oxley,
Section 404

43% of organizations comply with 3 or more PCI Data Security PCI Data Security
Standards (DSS) Standards (DSS)
regulations.
Basel II Basel II

SB1386 SB1386 SB1386
(CA Privacy Act) (CA Privacy Act) (CA Privacy Act)

USA Patriot Act USA Patriot Act USA Patriot Act USA Patriot Act

Gramm Leach Gramm Leach Gramm Leach Gramm Leach Gramm Leach
Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA)

21CFR11 21CFR11 21CFR11 21CFR11 21CFR11 21CFR11

HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA

EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive

*The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com

Time

7
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Today Organizations Spend 30-50%
More On Compliance Than They Should

Our IT Networks Were Never Designed With
Compliance In Mind

Compliance & IT Risk Management Challenges

ry
ulato
f Reg
La ck o wledge
Kno

HIPAA Excel

SOX Database Business
Security Processes
Policy
PCI Manual IT
Surveys Resources
Password Length
Special Characters
Non Standardized
Processes

Functional Silos Disparate
Data Collection

9
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Challenges in Compliance and Risk Management

Business Interests

Auditor

Stakeholders

Standardized Compliance & Control Framework [UCF]

Assess

Technical Controls:
Automatically assess technical
controls through integration to
Lumension and 3rd party tools

Procedural & Physical Controls:
Utilize automated workflow
based surveys

13
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Automation of Assessment Data
Consolidated Assessment Data supports a holistic view of
compliance and IT risk posture

Technical Controls Procedural & Physical Controls

Automated Connectors Automated Assessment Workflow

Lumension Lumension 3rd Party
Patch, Scan & Application & Web-Based Auditor / Analyst
Products Surveys Attestation
Configuration Device
Control

15
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

16
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

17
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

18
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

19
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Remediate

Remediate: Prioritize remediation
efforts based on impact to overall
organizational IT risk &
compliance posture

20
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Manage

Manage: Create operational and
strategic visibility across
compliance, IT risk postures

21
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lumension Risk Manager - summary

Give you better visibility into your
compliance and risk posture.

Help you save time & money in your
security management process.

24
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Global Headquarters
15880 N. Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260

1.888.725.7828
info@lumension.com

thomas.wendrich@lumension.com

www.lumension.com/itgrc-software

What's hot

Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...gogo6

eDiscovery and Records Oh...My!J. David Morris

GDPR & digital strategyProf. Jacques Folon (Ph.D)

Meaningful Use Risk Analysis Webinardata brackets

Data Security For Compliance 2Flaskdata.io

Data Protection BrochureLiliana50

What's hot (6)

Panel Discussion: Small Steps for USGv6 a giant leap for Internet-kind? with ...

eDiscovery and Records Oh...My!

GDPR & digital strategy

Meaningful Use Risk Analysis Webinar

Data Security For Compliance 2

Data Protection Brochure

Similar to Lumension LCRM - DSS @Vilnius 2010

7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke

DSS ITSEC CONFERENCE - Lumension Security - Real Time Risk & Compliance Man...Andris Soroka

Enterprise Security Architecture: From Access to AuditBob Rhubart

Sunera business & technology risk consulting services -slide shareSunera

2007 issa journal-building a comprehensive security control frameworkasundaram1

Automating Policy Compliance and IT GovernanceSasha Nunke

Analyzing Your Government Contract Cybersecurity ComplianceRobert E Jones

Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Amazon Web Services

Valiente Balancing It SecurityCompliance, Complexity & CostGuardEra Access Solutions, Inc.

Automating security policies (compliance) with RudderJonathan Clarke

Cybersecurity Compliance in Government ContractsRobert E Jones

Analyzing Your GovCon Cybersecurity ComplianceRobert E Jones

Information Security Management System ISO/IEC 27001:2005ControlCase

DSS ITSEC Conference 2012 - RISK & COMPLIANCEAndris Soroka

Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase

Cybersecurity exchange briefing oct 2012 v2Naba Barkakati

Big data security the perfect stormUlf Mattsson

Guide to hipaa compliance for containersAbhishek Sood

Information Security It's All About ComplianceDinesh O Bareja

Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely

Similar to Lumension LCRM - DSS @Vilnius 2010 (20)

7 Mistakes of IT Security Compliance - and Steps to Avoid Them

DSS ITSEC CONFERENCE - Lumension Security - Real Time Risk & Compliance Man...

Enterprise Security Architecture: From Access to Audit

Sunera business & technology risk consulting services -slide share

2007 issa journal-building a comprehensive security control framework

Automating Policy Compliance and IT Governance

Analyzing Your Government Contract Cybersecurity Compliance

Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018

Valiente Balancing It SecurityCompliance, Complexity & Cost

Automating security policies (compliance) with Rudder

Cybersecurity Compliance in Government Contracts

Analyzing Your GovCon Cybersecurity Compliance

Information Security Management System ISO/IEC 27001:2005

DSS ITSEC Conference 2012 - RISK & COMPLIANCE

Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC

Cybersecurity exchange briefing oct 2012 v2

Big data security the perfect storm

Guide to hipaa compliance for containers

Information Security It's All About Compliance

Complying with Cybersecurity Regulations for IBM i Servers and Data

Recently uploaded

Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda

Decarbonising Buildings: Making a net-zero built environment a realityIES VE

Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica

Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC

Top 10 Hubspot Development Companies in 2024TopCSSGallery

Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos

React JS; all concepts. Contains React Features, JSX, functional & Class comp...Karmanjay Verma

A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3

A Journey Into the Emotions of Software DevelopersNicole Novielli

React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech

Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica

All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney

Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3

Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq

Recently uploaded (20)

Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger

Decarbonising Buildings: Making a net-zero built environment a reality

Testing tools and AI - ideas what to try with some tool examples

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx

Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure

Landscape Catalogue 2024 Australia-1.pdf

Top 10 Hubspot Development Companies in 2024

Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)

React JS; all concepts. Contains React Features, JSX, functional & Class comp...

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx

A Journey Into the Emotions of Software Developers

React Native vs Ionic - The Best Mobile App Framework

Glenn Lazarus- Why Your Observability Strategy Needs Security Observability

All These Sophisticated Attacks, Can We Really Detect Them - PDF

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...

Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...

Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration

The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...

Moving Beyond Passwords: FIDO Paris Seminar.pdf

Genislab builds better products and faster go-to-market with Lean project man...

Lumension LCRM - DSS @Vilnius 2010

1. From Data Theft to … Compliance & Risk Management! PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

2. … Agenda 2 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

3. …Agenda 3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

4. …just a simple pricelist ? 4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

5. …active measures against card fraud 5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

6. PCI DSS, PA DSS, 27001, CoBiT, NERC, Basel II, SOX, ... … … …

7. Mounting External Compliance Regulations 3 out 4 organizations must comply with two or PII Security Standards more regulations and corresponding audits. Sarbanes-Oxley, Section 404 43% of organizations comply with 3 or more PCI Data Security PCI Data Security Standards (DSS) Standards (DSS) regulations. Basel II Basel II SB1386 SB1386 SB1386 (CA Privacy Act) (CA Privacy Act) (CA Privacy Act) USA Patriot Act USA Patriot Act USA Patriot Act USA Patriot Act Gramm Leach Gramm Leach Gramm Leach Gramm Leach Gramm Leach Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) Bliley (GLBA) 21CFR11 21CFR11 21CFR11 21CFR11 21CFR11 21CFR11 HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive *The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com Time 7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

8. Today Organizations Spend 30-50% More On Compliance Than They Should Our IT Networks Were Never Designed With Compliance In Mind

9. Compliance & IT Risk Management Challenges ry ulato f Reg La ck o wledge Kno HIPAA Excel SOX Database Business Security Processes Policy PCI Manual IT Surveys Resources Password Length Special Characters Non Standardized Processes Functional Silos Disparate Data Collection 9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

10. Challenges in Compliance and Risk Management Business Interests Auditor Stakeholders

11. Data Collection

12. Standardized Compliance & Control Framework [UCF]

13. Assess Technical Controls: Automatically assess technical controls through integration to Lumension and 3rd party tools Procedural & Physical Controls: Utilize automated workflow based surveys 13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

14. Standardized & IT Risk Mgmt. Framework Regulation Authority Documents GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC… Business Interests Corporate Policies Business Processes Revenue Streams Trade Secrets IT Assets Profile Risk Attributes Open to the Internet Contains Credit Card Information Contains Customer Data Applicable Controls Pass/Fail Regulation Assessment Password Length Data Encryption Power Save Corp-Policy ISO 27001 PCI NERC 100% 65% 65% 30%

15. Automation of Assessment Data Consolidated Assessment Data supports a holistic view of compliance and IT risk posture Technical Controls Procedural & Physical Controls Automated Connectors Automated Assessment Workflow Lumension Lumension 3rd Party Patch, Scan & Application & Web-Based Auditor / Analyst Products Surveys Attestation Configuration Device Control 15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

16. Connector … 16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

17. Connector … 17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

18. Connector … 18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

19. Connector … 19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

20. Remediate Remediate: Prioritize remediation efforts based on impact to overall organizational IT risk & compliance posture 20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

21. Manage Manage: Create operational and strategic visibility across compliance, IT risk postures 21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

22. Identify…and it starts again

23. Adaptation

24. Lumension Risk Manager - summary Give you better visibility into your compliance and risk posture. Help you save time & money in your security management process. 24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

25. Global Headquarters 15880 N. Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260 1.888.725.7828 info@lumension.com thomas.wendrich@lumension.com www.lumension.com/itgrc-software

Lumension LCRM - DSS @Vilnius 2010

Recommended

Recommended

More Related Content

What's hot

What's hot (6)

Similar to Lumension LCRM - DSS @Vilnius 2010

Similar to Lumension LCRM - DSS @Vilnius 2010 (20)

More from Andris Soroka

More from Andris Soroka (20)

Recently uploaded

Recently uploaded (20)

Lumension LCRM - DSS @Vilnius 2010