Implementation of RBAC and Data Classification
|
|
- Barbara Harrell
- 5 years ago
- Views:
Transcription
1 Implementation of RBAC and Data Classification Steve Tresadern Rui Miguel Feio RSM Partners December 2014 v1.7
2 Agenda Introductions Data Classification & Ownership Role-Based Access Control (RBAC) Maintain the environment Results Q&A
3 Who are we? Steve Tresadern 27 years mainframe experience Former z/os Systems Programmer Experience in Cryptography, RACF, Compliance Rui Miguel Feio 15 years mainframe experience Experience in z/os, RACF, zsecure, Development Last 4 years working in Security and implementing RBAC
4 DATA CLASSIFICATION & OWNERSHIP
5 Data Classification What is it? Understanding what your data is User 14% Credit Card 11% Development 23% Sarbanes Oxley 36% Customer - Confidential 16%
6 Data Classification What is it? Who owns your data User 8% Credit Card 7% Development 14% Insurance 22% Systems 9% Branch 27% HR 13%
7 Data Classification Reasons to do it Audit requirements Compliance Who has privileged access? Who is accessing confidential information? Reduce the risk of fraud?
8 Data Classification Reasons to do it Access List User 1 User 2 Group A Group B Group C Access List Access List Access List Group D Access List
9 Data Classification Aims Every dataset and resource profile must be; Classified in terms of confidentiality and integrity. All linked to an application. The basic security correctly defined Understand who has privileged access All applications have a business/data owner. Ideally they should approve all access Review who has access
10 Sources for Data Classification XBridge Datasniff RACF Database Local Knowledge Naming Standards Support Teams Access Monitor
11 Sources for Data Ownership Support Teams Service Management Service Database RACF Database Data Ownership Local Knowledge
12 Data Classification Challenges Lack of knowledge in support teams Development Team Processes Business areas cooperation Non-RACF based security Unravelling of the environment Service Database Up to date?
13 Data Classification Benefits Recertification Focused Monitoring Audit Who has privileged access Reduced Risk of Fraud Compliance
14 ROLE-BASED ACCESS CONTROL (RBAC)
15 RBAC Reasons to do it Business organisation keeps changing Managing the mainframe security environment Audit requirements Compliance Recertification Remove access not required
16 RBAC Common Challenges - I Historical code Global Access Table (GAT) Lack of technical knowledge Business areas cooperation Least Privilege access implementation DB2
17 RBAC Common Challenges - II Recertification tools Unravelling of the RBAC
18 RBAC Define Standards and Rules Personal userid connected to one role group Role group describes the business role Define RBAC Rules Role group contains all the access All role groups will have an owner
19 RBAC - Sources of data HR Data Access Monitor RACF Local Knowledge Sources Business Org. Chart Global Address List Phone List
20 RBAC Stages An overview Analyse and prepare mainframe environment Identify logical grouping Engage with managers and users Devise RBAC implementation plan Test RBAC implementation Implement RBAC Update/Develop Processes
21 RBAC Implementation Tools RSM RBAC tool RSM DB2 RBAC Tools Access Monitor data RACF Offline CARLa code
22 RBAC Benefits Some examples User 1 Role Group A Access List User 2 Role Group B Access List
23 RBAC Benefits Some examples Security Management Least Privilege Access Joiners Movers Leavers Who does what Reduced Risk Fraud Recertification Who is who Audit Monitor
24 MAINTAINING THE ENVIRONMENT
25 Tools Maintain the environment In-House Security Panels IBM zsecure Command Verifier IBM zsecure Alert RSM ExceptionReporter RSM RealtimeDashboard
26 Tools RSM ExceptionReporter
27 Tools RSM RealtimeDashboard
28 RESULTS
29 Reduction in Privileged Accesses Before After
30 Reduction in Privileged Users Before After
31 Questions
32 Contact Details Rui Miguel Feio - ruif@rsmpartners.com Steve Tresadern - stevet@rsmpartners.com RSM Partners - RSM Software
IBM Fundamentals of Applying Tivoli Security and Compliance Management Solutions V2.
IBM 000-003 Fundamentals of Applying Tivoli Security and Compliance Management Solutions V2 http://killexams.com/exam-detail/000-003 A. IBM will provide legal, accounting, or auditing advice. B. Customers
More informationPrivileged Identity Management
Privileged Identity Management Sven-Erik Vestergaard Certified IT specialist Security architect IBM Nordic Agenda What is Privileged Identity Management Compliance issues Steps in controlling Privileged
More informationThe Old is New Again Engineering Security in the Age of Data Access from Anywhere
The Old is New Again Engineering Security in the Age of Data Access from Anywhere Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 10, 2014 Session 14971 AGENDA History 1 This
More informationPerforming a z/os Vulnerability Assessment. Part 2 - Data Analysis. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 2 - Data Analysis Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More informationInsurance Industry - PCI DSS
Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services. Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance with the
More informationVANGUARD WHITE PAPER VANGUARD INSURANCE INDUSTRY WHITEPAPER
VANGUARD INSURANCE INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationWHITE PAPERS. INSURANCE INDUSTRY (White Paper)
(White Paper) Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to ensure enterprise compliance
More informationVANGUARD Policy Manager TM
Compliance Endures that RACF commands comply with company policy Remediation Provides proactive enforcement, corrects commands in accordance with corporate policies Auditing Provides and audit trail within
More informationSecuring Mainframe File Transfers and TN3270
Securing Mainframe File Transfers and TN3270 with SSH Tectia Server for IBM z/os White Paper October 2007 SSH Tectia provides a versatile, enterprise-class Secure Shell protocol (SSH2) implementation for
More informationVANGUARD POLICY MANAGERTM
VANGUARD TM VANGUARD dramatically reduces security risks and improves regulatory compliance, minimizing the need for expensive remediation, while increasing staff productivity. Policy Manager provides
More informationA Pragmatic Path to Compliance. Jaffa Law
A Pragmatic Path to Compliance Jaffa Law jaffalaw@hk1.ibm.com Introduction & Agenda What are the typical regulatory & corporate governance requirements? What do they imply in terms of adjusting the organization's
More informationMcAfee Database Security
McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability
More informationPOLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE)
POLICY MANAGER VANGUARD POLICY MANAGER (AUDIT/COMPLIANCE) VANGUARD POLICY MANAGER dramatically reduces security risks and improves regulatory compliance, minimizing the need for expensive remediation,
More informationBuilding a Case for Mainframe Security
Building a Case for Mainframe Security Dr. Paul Rohmeyer, Ph.D. Stevens Institute of Technology Hoboken, New Jersey June 13-15, 2010 1 AGENDA - Problem Statement - Defining Security - Understanding Mainframe
More information1 Hitachi ID Access Certifier. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
1 Hitachi ID Access Certifier Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Periodic review and cleanup of security entitlements. 2 Agenda Hitachi ID corporate overview.
More informationGlobal Wind Organisation CRITERIA FOR THE CERTIFICATION BODY
Global Wind Organisation CRITERIA FOR THE CERTIFICATION BODY December 2015 (Version 3) 1 Contents 1. Introduction... 5 2. Criteria for approval of a Certification Body... 5 3. Selection of audit team members
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationEleven Steps to Make Mainframe Security Audits More Effective and Efficient
Eleven Steps to Make Mainframe Security Audits More Effective and Efficient These are some things I ve learned about auditing IBM mainframe computers by trying a lot of approaches, some of which worked
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationAGENDA. A New Look at Mainframe Hacking And Penetration Testing 01/11/2016. World Class z Specialists
World Class z Specialists A New Look at Mainframe Hacking And Penetration Testing Delivering the best in z services, software, hardware and training. AGENDA What is the state of mainframe security? How
More informationVanguard Advisor TM Your Way: Enhanced Masking, Report Formatting and Exception Criteria. Presented by Vanguard Integrity Professionals
Vanguard Advisor TM Your Way: Enhanced Masking, Report Formatting and Exception Criteria Presented by Vanguard Integrity Professionals Legal Notice Copyright 2013 Vanguard Integrity Professionals, Inc.
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationTECHED USER CONFERENCE MAY 3-4, 2016
TECHED USER CONFERENCE MAY 3-4, 2016 Bruce Beaman, Senior Director Adabas and Natural Product Marketing Software AG Software AG s Future Directions for Adabas and Natural WHAT CUSTOMERS ARE TELLING US
More informationAgenda. Introduction. Key Concepts. The Role of Internal Auditors. Business Drivers Identity and Access Management Background
Identity and Access Management IIA Detroit Chapter Dinner Meeting Vis Ta Tech Conference Center January 8, 2008 Stuart McCubbrey Director, Information Technology Audit General Motors Corporation Sajai
More informationOracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero
Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1 Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products
More informationPROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO
Section: Subject: Administration (AD) Data Governance AD.3.3.1 DATA GOVERNANCE PROCEDURE Legislation: Alberta Evidence Act (RSA 2000 ca-18); Copyright Act, R.S.C., 1985, c.c-42; Electronic Transactions
More informationDatabase Centric Information Security. Speaker Name / Title
Database Centric Information Security Speaker Name / Title The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated
More informationProtecting Information Assets - Week 10 - Identity Management and Access Control. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 10 - Identity Management and Access Control MIS5206 Week 10 Identity Management and Access Control Presentation Schedule Test Taking Tip Quiz Identity Management and
More informationHow Vanguard Solves. Your PCI DSS Challenges. Title. Sub-title. Peter Roberts Sr. Consultant 5/27/2016 1
How Vanguard Solves Title Your PCI DSS Challenges Sub-title Peter Roberts Sr. Consultant 5/27/2016 1 AGENDA 1. About Vanguard/Introductions 2. What is PCI DSS 3. PCI DSS 3.1/3.2 Important Dates 4. PCI
More informationAdministration and Data Retention. Best Practices for Systems Management
Administration and Data Retention Best Practices for Systems Management Agenda Understanding the Context for IT Management Concepts for Managing Key IT Objectives Aptify and IT Management Best Practices
More informationIs Your z/os System Secure?
Ray Overby Key Resources, Inc. Info@kr-inc.com (312) KRI-0007 A complete z/os audit will: Evaluate your z/os system Identify vulnerabilities Generate exploits if necessary Require installation remediation
More informationPROFESSIONAL SERVICES (Solution Brief)
(Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard
More informationWhat s Cool About the CONNECT Command in RACF
What s Cool About the CONNECT Command in RACF Stu Henderson stu@stuhenderson.com 5702 Newington Road www.stuhenderson.com Bethesda, MD 20816 (301) 229-7187 AGENDA 2 1. We all know the CONNECT command 2.
More informationInformation Technology Branch Organization of Cyber Security Technical Standard
Information Technology Branch Organization of Cyber Security Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 1 November 20, 2014 Approved:
More informationInvestigation. City of Edmonton Office of the City Auditor. ETS Workforce Development. January 14, 2019
City of Edmonton Office of the City Auditor Investigation ETS Workforce Development January 14, 2019 1200, Scotia Place, Tower 1 10060 Jasper Ave Edmonton, AB T5J 3R8 Phone: 780-496-8300 edmonton.ca/auditor
More informationPerforming a z/os Vulnerability Assessment. Part 3 - Remediation. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 3 - Remediation Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More informationVANGUARD WHITE PAPER VANGUARD GOVERNMENT INDUSTRY WHITEPAPER
VANGUARD GOVERNMENT INDUSTRY WHITEPAPER Achieving PCI DSS Compliance with Vanguard Integrity Professionals Software & Professional Services Vanguard is the industry leader in z/os Mainframe Software to
More informationDelivering Real Business Value While Driving Down IT Cost with Virtual Tape
Delivering Real Business Value While Driving Down IT Cost with Virtual Tape Piotr Polanowski Oracle Corporation March 2, 2011 Session Number 9017 Agenda Data trends and drivers Data classification and
More informationSet up of an IMS Security Baseline
Set up of an IMS Security Baseline 23 Oct 2014 IMS GSE Leo Van Looy Agenda Baseline setup Oct 23th 2014 2 BNP Paribas Fortis Baseline setup BNP Paribas Fortis Bank BNP Paribas Net profit : EUR 623 M (2013)
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationIBM Internet Security Systems October Market Intelligence Brief
IBM Internet Security Systems October 2007 Market Intelligence Brief Page 1 Contents 1 All About AIX : Security for IBM AIX 1 AIX Adoption Rates 2 Security Benefits within AIX 3 Benefits of RealSecure
More informationOptim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales
Optim Solutions for Data Governance R. Kudžma Information management technical sales kudzma@lt.ibm.com IBM Software Group 10/23/2009 2008 IBM Corporation What is Data Governance Data Governance is the
More informationAuditing DB2 on z/os. Software Product Research
Auditing DB2 on z/os Software Product Research 1 Information stored in DB2 databases is of enormous value to corporations. Misuse of this information can launch competitive and legal penalties. In many
More informationMANEWS Issue Number 21 the Mainframe Audit News
This newsletter tells you stuff you need to know to audit IBM mainframe computers runinng with z/os and the MVS operating system. This issue we show you how to plan the data gathering for your audit. Table
More information# All Security All The Time: System z Security Update for CA ACF2, IBM RACF, CA Top Secret
#12264 All Security All The Time: System z Security Update for CA ACF2, IBM RACF, CA Top Secret February 4, 2013 ~ 3:00pm Mark Hahn Carla A. Flores Session Evaluations QR codes Online for up to 72 hours
More informationVANGUARD Compliance Manager VANGUARD Policy Manager VANGUARD Security Manager VANGUARD Enforcer
VANGUARD Compliance Manager VANGUARD Policy Manager VANGUARD Security Manager VANGUARD Enforcer VANGUARD Compliance Manager Customization Compliance Support Performs specific custom baseline checks Performs
More informationDATA SHEET VANGUARD CONFIGURATION MANAGER TM KEY FEATURES: VANGUARD TAKES THE TARGET OFF YOUR
TM Vanguard automates review of current z/os Security Server configurations against prevailing standards to include DISA STIG, NIST, and DB2 hardening standards and Vanguard Best Practices dramatically
More informationEmbedding Privacy by Design
Embedding Privacy by Design Metric Stream Customer Conference May 12, 2015 TRUSTe Data Privacy Management Solutions 1 Today s Agenda Privacy in the Context of GRC Data Privacy Management and Top Privacy
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationThe University of Texas at El Paso. Information Security Office Minimum Security Standards for Systems
The University of Texas at El Paso Information Security Office Minimum Security Standards for Systems 1 Table of Contents 1. Purpose... 3 2. Scope... 3 3. Audience... 3 4. Minimum Standards... 3 5. Security
More informationConfiguring zsecure To Send Data to QRadar
Configuring zsecure To Send Data to QRadar CONFIGURATION, SETUP, AND EXAMPLES Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free:
More informationVanguard Configuration Manager Customization and Use
SECURITY & COMPLIANCE CONFERENCE 2016 Vanguard Configuration Manager Customization and Use Bruce Schaefer Manager, Mainframe Products (GRC) VSS-5 Legal Notice Copyright All Rights Reserved. You have a
More informationSAS70 Type II Reports Use and Interpretation for SOX
SAS70 Type II Reports Use and Interpretation for SOX November 19, 2007 Presented by: Erin Erickson, Senior Manager Enterprise Governance and Brenda Karl, Director Technology Risk Management Agenda Background
More informationwith Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle
Data Privacy Enhanced Database Security with Oracle IDM Peter Heintzen, Sen. Mgr. Information Security Oracle Security Levels for SLAs Preventive Controls Detective Controls Corrective
More informationSOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:
(Solutions Brief) An integrated cybersecurity Administration solution for securing any Large Enterprise. The Industry s most complete protection for the Large Enterprise and Cloud Deployments. KEY SERVICES:
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationWhat is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services
What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services 4/28/2016 1 AGENDA 1.About Vanguard/Introductions 2.What is PCI DSS History 3.High Level Overview 4.PCI DSS 3.0/3.1/3.2
More informationCOMPLIANCE BRIEF: HOW VARONIS HELPS WITH PCI DSS 3.1
COMPLIANCE BRIEF: HOW VARONIS HELPS WITH OVERVIEW The Payment Card Industry Data Security Standard (PCI-DSS) 3.1 is a set of regulations that govern how firms that process credit card and other similar
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationDeveloping Legacy Platform Security. Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21
Developing Legacy Platform Security Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21 About Me Philip Young Always interested in IT security Started with Audit Ernst
More informationVanguard Active Alerts. Jim McNeill Sr Consultant
Vanguard Active Alerts Jim McNeill Sr Consultant Legal Notice Copyright All Rights Reserved. You have a limited license to view these materials for your organization s internal purposes. Any unauthorized
More informationComplete document security
DOCUMENT SECURITY Complete document security Protect your valuable data at every stage of your workflow Toshiba Security Solutions DOCUMENT SECURITY Without a doubt, security is one of the most important
More informationIBM Future of Work Forum
IBM Cognitive IBM Future of Work Forum The Engaged Enterprise Comes Alive Improving Organizational Collaboration and Efficiency While Enhancing Security on Mobile and Cloud Apps Chris Hockings IBM Master
More informationtrue-xtended Reporting for Azure Rights Management V1.1c
true-xtended Reporting for Azure Rights Management V1.1c www.keyon.ch, info@keyon.ch About Microsoft Rights Management Rights Management is a solution for organizations that want to classify and protect
More informationWhite Paper. The Evolution of RBAC Models to Next-Generation ABAC: An Executive Summary
White Paper The Evolution of RBAC Models to Next-Generation ABAC: An Executive Summary 2 Overview: IT security has gone through major changes. Enterprises today are facing a rapid expansion of diverse
More informationVANGUARD INTEGRITY PROFESSIONALS Page 1
VANGUARD CONFIGURATION MANAGER (AUDIT/COMPLIANCE) Vanguard Configuration Manager automates review of current z/os Security Server configurations against prevailing standards to include DISA STIG, NIST,
More informationIT Architecture and Infrastructure Committee
IT Architecture and Infrastructure Committee 9:00-10:30am., February 10, 2017, FAC 228D I. 9:00-9:30 Printing (Eric Hepburn) II. 9:30-10:00 IAM Modernization Program Update (CW Belcher, Rosa Harris, Madia
More informationMitigate Risk Around Unstructured Data Assess and remediate access to your company's sensitive data
Mitigate Risk Around Unstructured Data Assess and remediate access to your company's sensitive data Dan Krpata Information Security Specialist STEALTHbits Technologies, Inc. What is Unstructured Data Challenges
More informationSAMPLE QUESTIONS for: Test C , Security Dynamic and Static Applications V2, Fundamentals
SAMPLE QUESTIONS for: Test C2150-500, Security Dynamic and Static Applications V2, Fundamentals Note: The bolded response option is the correct answer. Item 500.1.1.5 A customer of five years calls on
More informationDB2 Security Overview
DB2 Security Overview Deb Jenson Product Manager, Data Studio dejenson@us.ibm.com November 20, 2008 Disclaimer This presentation is intended to provide general background information, not regulatory, legal
More informationSecuring the Cloud Today: How do we get there?
Samson Tai, Chief Technologist, IBM Innovation Network Securing the Cloud Today: How do we get there 9/15/2009 What is Cloud Computing Cloud is a new consumption and delivery model for many IT-based services,
More informationOracle Audit Vault Implementation
Oracle Audit Vault Implementation For SHIPPING FIRM Case Study Client Company Profile It has been involved in banking for over 300 years. It operates in over 50 countries with more than 1, 47,000 employees.
More informationHow we use your personal and business information
How we use your personal and business information Correct as at 13 January 2018 IMPORTANT INFORMATION If we prov ide you w ith an account or other banking serv ices then you agree that we can use your
More informationSecurity Compliance and Data Governance: Dual problems, single solution CON8015
Security Compliance and Data Governance: Dual problems, single solution CON8015 David Wolf Director of Product Management Oracle Development, Enterprise Manager Steve Ries Senior Systems Architect Technology
More informationIT Audit Process Prof. Liang Yao Week Two IT Audit Function
Week Two IT Audit Function Why we need IT audit A Case Study What You Can Learn about Risk Management from Societe Generale? https://www.cio.com/article/2436790/security0/what-you-can-learn-about-risk-management-fromsociete-generale.html
More information1 Hitachi ID Suite. 2 Agenda. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications
1 Hitachi ID Suite Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications Administration and Governance of Identities, Entitlements and Credentials. 2 Agenda Hitachi ID corporate
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationOverview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview
PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationAuditing and Protecting your z/os environment
Auditing and Protecting your z/os environment Guardium for IMS with IMS Encryption Roy Panting Guardium for System z Technical Sales Engineer March 17, 2015 * IMS Technical Symposium 2015 Agenda Audit
More informationInformation Technology Risks & Controls for Financial Systems PEM-PAL Treasury CoP Workshop 2011 Kristin Lado Tufan
Information Technology Risks & Controls for Financial Systems PEM-PAL Treasury CoP Workshop 2011 Kristin Lado Tufan 1 Introduction IT Risk and Compliance Officer in Information Management and Technology
More informationPractical Guide to Securing the SDLC
Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationFive Steps to Faster Data Classification
CONTENTS OF THIS WHITE PAPER Unstructured Data Challenge... 1 Classifying Unstructured Data... 1 Faster, More Successful Data Classification... 2 Identify Data Owners... 2 Define Data of Interest... 3
More informationZ AUDIT FOR QRADAR. Getting Started. Version Last Modified March 23, 2018
Z AUDIT FOR QRADAR Getting Started Version 1.0.0 - Last Modified March 23, 2018 1 1. Overview This document describes how to install, configure and use the IBM Z Audit for QRadar (Z Audit) application.
More informationIBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ]
s@lm@n IBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ] Question No : 1 What lists of key words tell you a prospect is looking to buy a SIEM or Log Manager Product?
More informationDemonstrating Compliance in the Financial Services Industry with Veriato
Demonstrating Compliance in the Financial Services Industry with Veriato Demonstrating Compliance in the Financial Services Industry With Veriato The biggest challenge in ensuring data security is people.
More informationIBM i (iseries, AS/400) Security: the Good, the Bad, and the downright Ugly
2016 IBM i (iseries, AS/400) Security: the Good, the Bad, and the downright Ugly Today s Agenda Introductions Regulations on IBM i Conducting the Study The State of IBM i Security Study Questions and Answers
More informationPerforming a z/os Vulnerability Assessment. Part 1 - Data Collection. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 1 - Data Collection Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More information2 The IBM Data Governance Unified Process
2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.
More informationSecurities Industry Association Sarbanes Oxley from the IT Practitioner s Point of View. October, 2004
Securities Industry Association Sarbanes Oxley from the IT Practitioner s Point of View October, 2004 Introduction Influences on Bear Stearns approach Bear Stearns IT Strategy 2 SOX Section 404 SEC. 404.
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationIBM InfoSphere Guardium Vulnerability Assessment
IBM InfoSphere Guardium Vulnerability Assessment Scan database infrastructures to detect vulnerabilities and suggest remedial actions Highlights Lowers total cost of ownership, improves security and suppor
More informationMobile-Friendly Benefits Strategy: Update Your Benefits Program for a Mobile World. February 28, 2018
Mobile-Friendly Benefits Strategy: Update Your Benefits Program for a Mobile World February 28, 2018 Will the webinar be recorded? Yes! We will send you a link to the recording after the webinar. Will
More informationCorporate Information Security Policy
Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed
More informationInformation Security Risk Strategies. By
Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not
More informationStrengthening your fraud and cyber-crime protection controls. March 2017
Strengthening your fraud and cyber-crime protection controls March 2017 Audience question: What is your role within your institution? a) Payment operations / cash management / treasury services b) Compliance
More informationt a Foresight Consulting, GPO Box 116, Canberra ACT 2601, AUSTRALIA e foresightconsulting.com.
e info@ Mr. James Kavanagh Chief Security Advisor Microsoft Australia Level 4, 6 National Circuit, Barton, ACT 2600 19 August 2015 Microsoft CRM Online IRAP Assessment Letter of Compliance Dear Mr. Kavanagh,
More informationISO/IEC overview
ISO/IEC 20000 overview Overview 1. What is ISO/IEC 20000? 2. ISO/IEC 20000 and ITIL 2 BS 15000 BS15000 started in UK and first launched on July 1, 2003. Which was replaced by ISO/IEC 20000 after formal
More information