Continuous Compliance Monitoring
•0 j'aime•405 vues
Télécharger pour lire hors ligne
Signaler
ControlCase covers the following: - About PCI DSS, ISO 27001, NERC, HIPAA, FISMA and EI3PA - Components for Continuous Compliance Monitoring within IT Standards/Regulations - Recurrence Frequency and Calendar - Challenges in Continuous Compliance Monitoring
Recommandé
Contenu connexe
Tendances
Tendances(20)
Similaire à Continuous Compliance Monitoring
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
1.7K vues•43 diapositives
Similaire à Continuous Compliance Monitoring(20)
Plus de ControlCase
Plus de ControlCase(14)
Dernier
"How we switched to Kanban and how it integrates with product planning", Vady...Fwdays
59 vues•24 diapositives
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)Splunk
172 vues•10 diapositives
Dernier(20)
Continuous Compliance Monitoring
- 1. © 2019 ControlCase All Rights Reserved Continuous Compliance Your IT Compliance Partner – Go Beyond the Checklist
- 2. © 2019 ControlCase All Rights Reserved Our Agenda 2 4 2 3 Your IT Compliance Partner – Go beyond the checklist ControlCase Introduction Continuous Compliance Components Frequency/Calendar Common Challenges Why ControlCase5 1
- 3. © 2019 ControlCase All Rights Reserved ControlCase Introduction1
- 4. © 2019 ControlCase All Rights Reserved ControlCase Snapshot 4 Certification and ContinuousCompliance Services Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies • Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1000+ Clients 275+ Security Experts 10,000+ IT Security Certifications
- 5. © 2019 ControlCase All Rights Reserved Solution - Certification and Continuous Compliance Services 5 “I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness.” Security and Compliance Manager, Data Center
- 6. © 2019 ControlCase All Rights Reserved Certification Services 6 OneAudit – Collect Once, Certify Many PCI DSS ISO 27001 & 27002 SOC 1, SOC 2, SOC 3, & SOC for Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS “You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business.” Sr. Director, Information Risk & Compliance, Large Merchant
- 7. © 2019 ControlCase All Rights Reserved Continuous Compliance Components2
- 8. © 2019 ControlCase All Rights Reserved Continuous Monitoring • Test once, comply to multiple regulations • Mapping of controls • Automated data collection • Self assessment data collection • Executive dashboards 8 8
- 9. © 2019 ControlCase All Rights Reserved Continuous Compliance Domains 9 • Policy Management • Vendor/Third Party Management • Asset and Vulnerability Management • Log Management • Change Management • Incident and Problem Management • Data Management • Risk Management • Business Continuity Management • HR Management • Physical Security
- 10. © 2019 ControlCase All Rights Reserved Policy Management • Appropriate update of policies and procedures • Link/Mapping to controls and standards • Communication, training and attestation • Monitoring of compliance to corporate policies Reg/Standard Coverage area ISO 27001 A.5 PCI 12 HIPAA 164.308a1i FISMA AC-1 FERC/NERC CIP-003-6 10
- 11. © 2019 ControlCase All Rights Reserved Vendor/Third Party Management • Management of third parties/vendors • Self attestation by third parties/vendors • Remediation tracking Reg/Standard Coverage area ISO 27001 A.6, A.10 PCI 12 HIPAA 164.308b1 FISMA PS-3 FERC/NERC Multiple Requirements 11
- 12. © 2019 ControlCase All Rights Reserved Asset/Vulnerability Management • Asset list • Management of vulnerabilities and dispositions • Training to development and support staff • Management reporting if unmitigated vulnerability • Linkage to non compliance Reg/Standard Coverage area ISO 27001 A.7, A.12 PCI 6, 11 HIPAA 164.308a8 FISMA RA-5 FERC/NERC CIP-010 12
- 13. © 2019 ControlCase All Rights Reserved Logging & Monitoring • Logging • File Integrity Monitoring • 24X7 monitoring • Managing volumes of data Reg/Standard Coverage area ISO 27001 A.7, A.12 PCI 6, 11 HIPAA 164.308a1iiD FISMA SI-4 13
- 14. © 2019 ControlCase All Rights Reserved Change Management 14 Escalation to incident for unexpected logs/alerts Response/Resolution process for expected logs/alerts Correlation of logs/alerts to change requests Change Management ticketing System Logging and Monitoring (SIEM/FIM etc.) Reg/Standard Coverage area ISO 27001 A.10 PCI 1, 6, 10 FISMA SA-3
- 15. © 2019 ControlCase All Rights Reserved Incident/Problem Management 15 Monitoring Detection Reporting Responding Approving Lost Laptop Changes to firewall rulesets Upgrades to applications Intrusion Alerting Reg/Standard Coverage area ISO 27001 A.13 PCI 12 HIPAA 164.308a6i FISMA IR Series FERC/NERC CIP-008
- 16. © 2019 ControlCase All Rights Reserved Data Management • Identification of data • Classification of data • Protection of data • Monitoring of data Reg/Standard Coverage area ISO 27001 A.7 PCI 3, 4 HIPAA 164.310d2iv FERC/NERC CIP-011 16
- 17. © 2019 ControlCase All Rights Reserved Risk Management • Input of key criterion • Numeric algorithms to compute risk • Output of risk dashboards Reg/Standard Coverage area ISO 27001 A.6 PCI 12 HIPAA 164.308a1iiB FISMA RA-3 17
- 18. © 2019 ControlCase All Rights Reserved Business Continuity Management • Business Continuity Planning • Disaster Recovery • BCP/DR Testing • Remote Site/Hot Site REG/STANDARD COVERAGE AREA ISO 27001 A.14 PCI Not Applicable HIPAA 164.308a7i FISMA CP Series FERC/SERC CIP-009 18
- 19. © 2019 ControlCase All Rights Reserved HR Management 19 Training Background Screening Reference Checks Reg/Standard Coverage area ISO 27001 A.8 PCI 12 HIPAA 164.308a3i FISMA AT-2 FERC/NERC CIP-004
- 20. © 2019 ControlCase All Rights Reserved Physical Security • Badges • Visitor Access • CCTV • Biometric Reg/Standard Coverage area ISO 27001 A.11 PCI 9 HIPAA 164.310 FISMA PE Series FERC/NERC CIP-006 20
- 21. © 2019 ControlCase All Rights Reserved Recurrence Frequency & Calendar3
- 22. © 2019 ControlCase All Rights Reserved Daily Monitoring Domains 22 • Asset and Vulnerability Management • New Assets • New Vulnerabilities • Log Management • Response time window • Change Management • Impact in case of an error • Unknown and insecure applications • Incident and Problem Management • Root cause of systemic problems • Response to operational and security incidents
- 23. © 2019 ControlCase All Rights Reserved Monthly/Quarterly Monitoring Domains 23 • Vendor/Third Party Management • Time taken by third parties to respond • Data Management • Identification of unknown data • HR Management • Time taken for training • Time taken for background checks • Physical Security Management • Time take to install new physical security components
- 24. © 2019 ControlCase All Rights Reserved Annual Monitoring Domains 24 • Policy Management • Annual policy reviews • Risk Management • Enterprise wide nature of risk assessment • BCP/DR Management • Time taken to conduct BCP/DR tests
- 25. © 2019 ControlCase All Rights Reserved Common Challenges4
- 26. © 2019 ControlCase All Rights Reserved Common Challenges 26 • Redundant Efforts • Cost inefficiencies • Lack of dashboard • Fixing of dispositions • Change in environment • Reliance on third parties • Increased regulations • Reducing budgets (Do more with less)
- 27. © 2019 ControlCase All Rights Reserved ControlCase Solution5
- 28. © 2019 ControlCase All Rights Reserved Summary – Why ControlCase 28 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us.” Dir. of Compliance, SaaS company Your IT Compliance Partner – Go beyond the auditor’s checklist
- 29. © 2019 ControlCase All Rights Reserved Automation-driven 29 SkyCAM IT Compliance Portal — Automation-driven certification and continuous compliance
- 30. © 2019 ControlCase All Rights Reserved Predictive Continuous Compliance Services 30 70% Of company’s assets are non- compliant at some point in the year. • Address common non-compliant situations that leave you vulnerable all year long, including: • In-scope assets not reporting logs • In-scope assets missed from vulnerability scans • Critical, overlooked vulnerabilities due to volume • Risky firewall rule sets go undetected • Non-compliant user access scenarios not flagged • Go beyond monitoring and alerting to predict, prioritize and remediate compliance risks before they become security threats “The continuous compliance monitoring is a big value add to their audit and certification services, which is good for organizations that don’t have the team in-house. It’s a big differentiator for them.” VP of IT, Call Center/BPO Company Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services
- 31. © 2019 ControlCase All Rights Reserved Predictive Continuous Compliance Services 31 Automation- DrivenSkyCAM Partnership Approach IT Certification Services Continuous Compliance Services What is Continuous Compliance Quarterly review of 20-25 high impact/high risk questions Technical review of vulnerability scans, log management, asset list and other available automated systems Benefits of Continuous Compliance Eliminates the need for potential major last minute audit findings Reduces effort for final audit by approximately 25% Reduces the risk of technical shortcomings such as, Quarterly scans missed certain assets Logs from all assets not reporting Deliverable of Continuous Compliance
- 32. © 2019 ControlCase All Rights Reserved Email contact@controlcase.com Telephone Americas +1.703-483-6383 India: +91.22.50323006 Social Media https://www.facebook.com/ControlCase https://www.linkedin.com/company/controlcase/ Visit our website www.controlcase.com THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM
Notes de l'éditeur
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
- Partnership Approach – Proactive expertise, responsive support and new, innovative ideas to streamline and improve compliance Right mix of size and responsiveness - We’re big enough to provide comprehensive compliance services, but agile enough to deliver responsive client care and support Automation-Driven – Take advantage of automation to cut time and costs and improve efficiencies in becoming certified and maintaining compliance ControlCase IT Compliance Portal Automated evidence collection – on prem or in the cloud Real-time Certification Dashboard AI-powered Predictive Compliance Go beyond monitoring and alerting to predict, prioritize and remediate compliance risk before they become security threats GRC Platform integration Continuous Compliance – Use ControlCase’s continuous compliance services to maintain compliance continuously in between annual certification efforts, because point-in-time, snap-shot compliance doesn’t effectively keep your company compliant or secure Predict, prioritize and remediate compliance risks before they become security threats