IC L19 - Consolidate Information from across your Infrastructure to create a custom report for PCI DSS Hands-On Lab

Similar documents
IC121-End-to-End Virtual Security Hands-On Lab

IC L17 Strategic Understanding using Symantec Protection Center Hands-On Lab

EM L04 Using Workflow to Manage Your Patch Process and Follow CISSP Best Practices

Customer Compliance Portal. User Guide V2.0

IS L02-MIGRATING TO SEP 12.1

Deliver and manage customer VIP POCs. The lab will be directed and provide you with step-by-step walkthroughs of key features.

Qualys Cloud Platform

ForeScout Extended Module for Qualys VM

SR L09 - Messaging Gateway, Encryption and Data Loss Prevention: Three Great Things Even Better Together Hands-On Lab

Tenable.io User Guide. Last Revised: November 03, 2017

We start by providing you with an overview of the key feature of the IBM BPM Process Portal.

Hitachi NEXT 2018 Automating Service Maintenance with Hitachi Automation Director (HAD)

Employee Dashboard User Manual

UP L12: Still on SEP 11? Let us show you how to simplify migration to SEP.

Maximo Self Service Center

Table of Contents HOL-SDC-1315

How to Install Audatex Estimating and AudaUpdate Quick Reference Guide

ForeScout Extended Module for Tenable Vulnerability Management

PCI Compliance Assessment Module with Inspector

Administrator Quick Guide

ISL01: Transparently Authenticating Tablets, Smartphones and Laptops with Symantec Managed PKI Service

ICL02: Security Analytics: Discover More in your Endpoint Protection Dashboard Hands-On Lab

Canvas: Interface & Modules

[ Getting Started with Analyzer, Interactive Reports, and Dashboards ] ]

Introduction to the Azure Portal

Ariba Sourcing Event Evaluator Getting Started Guide

PCI COMPLIANCE IS NO LONGER OPTIONAL

EMPLOYEE SPACE. INSTRUCTIONS for EMPLOYEES. Hurley Medical Center Department of Human Resources

JOB AID: Contractor: Timecard and Expense Entry in the New UI

This Reporting Fragment will be sown on the Business Entity Details screen within OpenPages.

Assignment Statuses An assignment can have any one of the following statuses. Depending on how the assignment is made,

GEMCO Customer Portal Guide

ForeScout CounterACT. Configuration Guide. Version 5.0

EMC Voyence Payment Card Industry Advisor. User s Guide. Version P/N REV A01

Symantec Control Compliance Suite 11.0 Readme. Maintenance Pack 3 (Product Update )

June 2012 First Data PCI RAPID COMPLY SM Solution

User Guide. Copyright 2015 Cody Consulting Group, Inc. All Rights Reserved. Patent Pending. CodySoft User Guide V3.0

Quick Guide to TIDE: Adding Users and Students

Training and Documentation Manual End User Training: Placing an Order

Archive to the Cloud: Hands on Experience with Enterprise Vault.cloud

How to design and print cards using a database connection with. emedia CS Software

Policy Commander Console Guide - Published February, 2012

SM L04 Veritas Operations Manager Advanced 4.0 RU1: Optimize Your Heterogeneous Storage Environment Hands-On Lab Description

Patrice M. Anderson Instructional Designer

NCSR GENERAL USER GUIDE

etendering PORTAL User Manual Product Version 7-0-4

irespond Quick Reference Guide

Parent Portal User Guide

FAQs. The Worldpay PCI Program. Help protect your business and your customers from data theft

Windows Intune Trial Guide Getting the most from your Windows Intune trial. Simplify PC management. Amplify productivity.

Transform AP for EnterpriseOne User's Guide

Volume. User Manual and Resource Guide

Colligo Console. Administrator Guide

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

CounterACT Reports Plugin

NATE PROCTOR USER GUIDE Industry Competency Exam

CLD206x Compliance in Office 365: Data Governance

User Guide REVISION 6/6/2016

DreamTeam Suite User Guide

NCI s Learning Management System (LMS) Instructor-Led Training (ILT) Learner Guide

Welcome to the Investor Experience

Qualys Cloud Suite 2.28

Control Network Vulnerabilities

How to Login, Logout and Manage Password (QRG)

MyFloridaMarketPlace. equote Training State Agencies

QUICK START GUIDE. Welcome to EDGAR Pro, your access to SEC filings and more! We ve created this user guide to facilitate your use of this service.

A step-by-step guide to eportfolio for assessors.

User Guides. Here is an overview of the process for connecting with organisations and using the App

USER GUIDE for Simon Malls On-Line Resource Center. SimonResourceCenter.com

JOB AID FOR EMARKET REQUESTERS THIS JOB AID IS FOR THOSE INDIVIDUALS THAT HAVE THE FSU_PO_REQUESTER ROLE IN OMNI ONLY.

Version 5. Recruiting Manager / Administrator

UP L13: Leveraging the full protection of SEP 12.1.x

OUTLOOK HOW DO I? 2013

Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab

MN Studio Website - User Guide

Compliance Document Manager User Guide

Creating an Online Course

2012 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Excel, Lync, Outlook, SharePoint, Silverlight, SQL Server, Windows,

PCI Compliance. Network Scanning. Getting Started Guide

Storefront Ordering System Demonstration Guide. Powered by

SCHOOL USER GUIDE LPN - BSN PROGRAM

ReadyTalk for Marketo User Guide

CLASS ADMIN. Learning (SIU) Class Admin Responsibilities and Tools

Integrate Saint Security Suite. EventTracker v8.x and above

VeriSign Managed PKI for SSL and Symantec Protection Center Integration Guide

Customer Tips. Scanning with TCP/IP in Novell 5.x, 6.x Using Web Templates. for the user. Purpose. Network Setup. Xerox Multifunction Devices

Publisher Onboarding Kit

OnCommand Insight 7.2

DSS User Guide. End User Guide. - i -

PCI Compliance Assessment Module

KSU/SPSU Consolidation Projects Manager

OnCommand Insight 7.1 Planning Guide

Request Manager User's Guide

Sitecore guide building a blog

e-survey System User Manual for AML/CFT COMPLIANCE REPORT

How to Complete Your P2PE Self-Assessment Questionnaire

Learning & Development Online. Quick reference Guide. Version 2.0. Page 1

Introduction to Cognos Participants Guide. Table of Contents: Guided Instruction Overview of Welcome Screen 2

epact2 User Guide epact2 Essentials Guide epact2 - Essentials Master Guide v3

Welcome to the DSSLearnCenter

Transcription:

IC L19 - Consolidate Information from across your Infrastructure to create a custom report for PCI DSS Hands-On Lab Description How to implement external data connectors for data relevant to PCI and map that data to controls alongside data from across your environment. Using Analysis within Control Compliance Suite, map controls to the requirements of PCI and other regulations. Customize dashboards to present the mandate data in multiple ways for different teams to easily digest. At the end of this lab, you should be able to View a PCI dashboard Understand how external data gets into CCS Using Assessment Manager to assess PCI Procedural controls Understanding Control Statements View Mandate Report Notes A brief presentation will introduce this lab session and discuss key concepts. The lab will be directed and provide you with step-by-step walkthroughs of key features. Feel free to follow the lab using the instructions on the following pages. You can optionally perform this lab at your own pace. Be sure to ask your instructor any questions you may have. Thank you for coming to our lab session.

Exercise 1: PCI Dynamic Dashboard View This exercise focuses on identifying changes in the PCI status of an asset. Using the CCS Dashboards you can see a consolidated view of data collected from CCS Standards Manager and Third party solutions which have been integrated into CCS. CCS has pre-fined dashboard views for mandates such as PCI. 1. Double click on the CCS Web portal from the desktop icon This brings you to the CCS Web Client. The web client provides the ability to view and create dashboards using the data within the CCS and External data from third party solution, Accept, review, and approve policies from the CCS policy manager solution and answer questionnaires from the CCS Assessment Manager solution. 2. Select the Dashboards Tab 3. Expand the Misc tab These are the default dashboards that come with the solution. They have been generated to provide a view of information based on Mandates and operational information 4. Select the Compliance Analyis PCI Mandate Dashboard 5. From the Compliance Score for PCI Mandate select the Red piece of the pie chart 6. Select the SYMPL\WS6535 Asset This provides you a data sheet which shows all the information we have collected for the Asset. 7. What are the two Providers for the Failed External Data Assessments? Exercise 2: Understand the CCS External Data Connector feature In order to show due diligence for PCI requirements it is important to have a single view of data from multiple solutions as we showed in exercise1. The next step is to learn how data from external solutions is easily brought into the CCS solution and the different ways to view that data. 1. Double click on the Symantec Control Compliance Suite Console Icon from the desktop 2 of 9

2. Open the CCS Console and navigate to Manage > External Data Integration 3. Expand the Qualys Vulnerability Manager Data System You must add an external data system to CCS before you can import data into CCS. CCS supports ODBC, CSV and Web services as data connections. The data connection used is going to be determined by the format the data is in within the external solution. The Qualys Vulnerability Manager Data System is a connector created by Symantec for Qualys data. Symantec provides several predesigned connectors for third party solutions which are available on the Symantec Community Connect Web Site: http://www.symantec.com/connect/?inid=us_sc_flyout_connect 4. From the properties tab view select the Field Mappings tab The field mappings are the data fields being brought into CCS from the third party solution which are then mapped to data fields within CCS. 5. Check that following field from the Qualys data are mapped to CCS: Vulnerability Type Last Scan Date/Time Patchaable IP Address 6. Which Mapped field would indicate the Asset Type? 7. Select the Qualys Connector beneath the Qualys Manager Data System. The Data Connection provides the information needed in order to collect the data from the third party solution. 8. What are the three parameters used to collect data from Qualys? Right click on the Qualys Vulnerability Manager Data System Select View Data Schema What is the number of Data Records Displayed? Note: For this demo environment we only collected Qualys vulnerability data from one IP address. 9. Double click on the CCS Web portal from the desktop icon 10. Select the Dashboards Tab 11. Expand the Misc tab 3 of 9

12. Select the Compliance Analyis PCI Mandate Dashboard 13. From the Compliance Score for PCI Mandate select the Red piece of the pie chart 14. Select the link for the Asset 10.0.39.6:10.0.39.6 15. View the External Data provided by Qualys Exercise 3: Using Assessment Manager for PCI Procedural controls Technical controls are not the only type of data necessary for showing a compliance strategy towards PCI. CCS Assessment Manager provides the ability to assess your procedures used towards your PCI goals. The PCI SAQ questionnaire was designed as a self-evaluation tool provided for merchants and service providers who are not required to do an on-site security assessment. Using the CCS Assessment Manager solution you have the ability to use the PCI SAQ questionnaires to answer those critical procedural questions and associate the information back to your infrastructure and your policies. 1. Double click the CCS Web Console icon on the desktop 2. Select the CCS Assessment Manager (AM) link within the Favorites tool bar 3. The CCS AM Home page is displayed The CCS Assessment Manager Admin Web client provides access to various Adminrelated functions that you perform for a questionnaire 4. Looking at the console, how many Assessments are still in Progress? 5. How many are pending acceptance? Questionnaires are created within the CCS Assessment Manager Client. For this lab we have prepopulated questionnaires for you. 6. Select the Review and Publish link from within the Questionnaires section of the home page Once a questionnaire has been created it is reviewed and published from this location. Once a questionnaire is published it becomes available for review 7. Select the PCI SAQ 2.0 Self-Assessment Questionnaire C 8. Click the publish button and then click OK 9. From within the Assessments section select the Initiate and Track Assessments link 4 of 9

Once a questionnaire is approved and published, you can initiate an assessment by sending the assessment to selected end users 10. Click Create There are two types of Assessments which can be created. User Assessment: allows you to collect responses based on non-it assessments. These assessments are usually quiz-based and help you assess compliance based on an individual as opposed to an asset. A good example would be Security Awareness training. The Asset Compliance assessment allows you to collect responses and evidence based on procedural controls which relate to assets within the environment and are related to the controls within mandates, polices and risk objectives. 11. Select the Asset Compliance Assessment. 12. Click on the PCI DSS v2.0 Self-Assessment Lab Questionnaire 13. Select next Asset compliance assessments will be sent to asset owners of business assets or individual assets which are defined within the CCS Asset System. 14. Click the Individual Asset Owners 15. Expand the Asset System 16. Select the Qualys Folder 17. Select Next 18. Who is the Asset Owner? 19. Select Next Some assessments will require multiple responders based on the different sections within the questionnaire. The example questionnaire was created so that sections would not show. 20. Select next Prerequisites allow you to attach collateral such as documentation, videos or URL s which you would like to associate and have available for the attester to review. There is also the option to require the attester to acknowledge they have read the content. 21. Select Next 22. Change the Due date to two weeks from today. The solution will populate the questionnaire within the end users CCS Web interface. You have the ability to email a notification to the user as well as a reminder to ensure they are notified to go look for the questionnaire. 23. Select Next 24. Within the Welcome Text box type: This is a short example of a much larger PCI DSS v2.0 Self-Assessment Questionnaire 25. Select Next 5 of 9

At this point you have the option to schedule the date and time the questionnaire is sent to the end user. Select Finish sending the questionnaire now 26. From the Desktop select the Login as a different user icon 27. Login name: SYMPL\Jane_Martin Password: symc4now 28. Start a web browser and browse to http://svr-ccs2.symplified.org/ra_webclient 29. Select the questionnaire: PCI DSS v2.0 Self-Assessment Lab Questionnaire 30. Answer the questions with yes and no s 31. Click the submit button 32. Select Start and Log out as Jane to get back into the system as the Administrator 33. Open the CCS Web Portal 34. Select the Dashboards Tab 35. Expand the Misc tab 36. Select the Compliance Analyis PCI Mandate Dashboard 37. From the Compliance Score for PCI Mandate select the Red piece of the pie chart 38. Select the link for the Asset 10.0.39.6:10.0.39.6 39. View the two types of external evidense now available Exercise 4: Understanding Control Statements Now that you have seen different ways of collecting and displaying data brought into CCS it is important to understand how to make since of the information and tie it to PCI as evidence. Organizations have many controls to help secure their environment. CCS provides a mechanism to collect evidence from third party tools and apply that data towards your risk and compliance assessments and reports. 1. Double click on the Symantec Control Compliance Suite Console Icon from the desktop 2. Select Manage > Content 3. Click the Controls Studio button CCS Controls Studio allows you to map mandates and policies to control statements and control statements to checks, questions, SCAP rules, and external data assessments. Control Statements are a short account of a detailed requirement. 4. From the Mandates tab expand Frameworks 6 of 9

This is a view of the content available within CCS which can be used to map your control evidence. 5. Select the PCI DSS v2.0 Framework 6. Expand Build and Maintain a Secure Network 7. Expand Requirement 2 Do Not use Vendor-supplied defaults for system passwords or other security parameters 8. Expand 2.2 and click on 2.2.3 9. From the right hand page select Statement Mappings 10. What control statement is this requirement mapped to? 11. From the tabs at the bottom left select Controls Framework Controls Framework provides you the means to organize all the control statements in a logical structure 12. Select the magnifying glass within the tool bar 13. Type in Secure System Configuration 14. Click Search 15. Double click on the Secure System Configuration 16. From the right hand of the screen select Mandate Mappings 17. How many Mandates is the control mapped to? 18. Click on Question Mappings 19. How many currently published questionnaires is the control statement mapped to? 20. Click on External Data Assessment Mappings 21. What External solution is the control statement mapped to? The information just viewed is an example of what the evidence for PCI Requirement 2.2.3 is mapped to within CCS. Exercise 5: Mandate Reports Control Compliance Suite provides 30 predefined Report Templates which can be customized to your requirements. The Mandate reports are designed to provide specific information on the mandates required for your environment. 1. Double click on the Symantec Control Compliance Suite icon on the desktop 2. Select the Reporting Tab > Report Templates 3. Expand the Predefined Reports folder 7 of 9

4. From the bottom left Report Templates Filter View select Mandate Reports 5. Click on the red up arrow to filter the reports. 6. Right click on Mandate Compliance and select Schedule Report 7. Name the Report Symplified PCI Mandate Compliance 8. Click Next 9. Highlight and Add the PCI DSS v2.0 10. Click Next 11. Keep the Control type for All 12. Click Next 13. Select All Assets and click Add 14. Click Next 15. Keep Status set to All 16. Click Next 17. Select Finish 18. Select yes to conclude The Report generation job will automatically start 19. Once it is finished running select Reporting > My Reports to view the finished report 20. What is the percentage of controls in the failed state? Next we will generate a Mandate Remediation Report 21. Select the Reporting Tab > Report Templates 22. Expand the Predefined Reports folder 23. From the bottom left Report Templates Filter View select Mandate Reports 24. Click on the red up arrow to filter the reports. 25. Right click the Mandate Remediation Report and select Schedule report 26. Name the Report Symplified PCI Remediation Report 8 of 9

27. Click Next 28. Select PCI DCC v2.0 29. Click Add and Click Nect 30. Select All Assets and click Add 31. Keep the default settings for the rest of the report and click finish 32. Click OK at the Job Status Window 33. Once the report is finished running select Reporting > My Reports to view the finished report 9 of 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback