Succeed in ISO/IEC Audit Checks. Bob Cordisco Systems Engineer

Similar documents
Product Overview. Netwrix Auditor. Presenter: Jeff Melnick Manager of Sales Engineering x 971

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208

John R. Robles CISA, CISM, CRISC

Admin Report Kit for Exchange Server

E. G. S. Pillay Engineering College, Nagapattinam Computer Science and Engineering

Patch Management Policy

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

SIEM Use Cases 45 use cases for Security Monitoring

Welcome to Manage Risk to Your Organization with Effective Data Security

UPGRADING TO DISCOVERY 2005

Privacy Policy. Information We Collect. Information You Choose to Give Us. Information We Get When You Use Our Services

Top 10 Questions About the Next-Generation Registration Directory Service (RDS)

HP Server Virtualization Solution Planning & Design

TDR and Avast Business Antivirus. Integration Guide

Atlona Academy Partner Program Outline for Becoming a Certified Partner

General Data Protection Regulation (GDPR) for CEO s Quick overview & impact

EcoStruxure for Data Centers FAQ

Program Overview for Web Pros

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

DELL EMC PERSONALIZED SUPPORT SERVICES

Department of Computer Information Systems KEMU

Customer Information. Agilent 2100 Bioanalyzer System Startup Service G2949CA - Checklist

Cyber Security for Accounting and Auditing Professionals

TRAINING WEEK COURSE OUTLINE May RADISSON HOTEL TRINIDAD Port of Spain, Trinidad, W.I.

INFORMATION TECHNOLOGY SERVICES NIST COMPLIANCE AT FSU - CONTROLLED UNCLASSIFIED INFORMATION

Enrolling onto the Open Banking Directory How To Guide

TDR and Symantec. Integration Guide

AWS Privileged Access Management

Compliance Guardian 4. User Guide

Overview of Data Furnisher Batch Processing

MAGNET identity management proposal for Personal Networks. Dimitris M. Kyriazanos

PRIVACY AND E-COMMERCE POLICY STATEMENT

CaseWare Working Papers. Data Store user guide

How to set up Dell SonicWALL Aventail SRA Appliance with OPSWAT GEARS Client

TDR and Panda Fusion. Integration Guide

e-bridge The future of connected care

How to use DCI Contract Alerts

Keeping Dynamics GP Secure

TDR and Trend Micro. Integration Guide

OmniPCX Record PCI Compliance 2.3

Introduction to Mindjet on-premise

DocAve 6 Installation

Cisco Smart Software Manager satellite

TDR and Sophos Software. Integration Guide

TDR and Kaspersky. Integration Guide

271 Waverley Oaks Rd. Telephone: Suite 206 Waltham, MA USA

EU General Data Protection Regulation

CCNA Security v2.0 Chapter 3 Exam Answers

Cisco EPN Manager Network Administration

IT Security & New Regulatory Requirements May 29, 2014

Independent Adjudication for Customers. Royal Institution of Chartered Surveyors (RICS) Application Form

Oracle Universal Records Management Oracle Universal Records Manager Adapter for Documentum Installation Guide

App Orchestration 2.6

TDR and Malwarebytes. Integration Guide

TDR & Bitdefender. Integration Guide

TDR and McAfee. Integration Guide

NCTA-Certified Cloud Technologist (NCT) Exam NCT-110

ITD Information Security October 19, 2015

Imagine for MSDNAA Student SetUp Instructions

Frequently Asked Questions

DocAve 6 Report Center

Frequently Asked Questions

Kaltura MediaSpace User Manual. Version: 3.0

Security in Bomgar Cloud Remote Support

DELL EMC VxRAIL vcenter SERVER PLANNING GUIDE

TPP: Date: October, 2012 Product: ShoreTel PathSolutions System version: ShoreTel 13.x

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Developing Microsoft SharePoint Server 2013 Core Solutions

Suppliers, contractors and freelance workers requiring controlled access to the IT networks.

Product Documentation. New Features Guide. Version 8.7.5/XE6

Virtual Server Protection (VSP)

Employee ID Conversion Workshop. Florida Department of Financial Services Division of Accounting & Auditing

TDR and ESET Endpoint. Integration Guide

Forcepoint UEBA Management of Personal Data

ERS IT Portfolio Report

Performance of usage of MindSphere depends on the bandwidth of your internet connection.

Implementing Microsoft Azure Infrastructure Solutions Syllabus

Troubleshooting of network problems is find and solve with the help of hardware and software is called troubleshooting tools.

Avigilon Control Center Server User Guide. Version 6.4

CLOUD & DATACENTER MONITORING WITH SYSTEM CENTER OPERATIONS MANAGER. Course 10964B; Duration: 5 Days; Instructor-led

AvePoint Online Services 2

Announcing Veco AuditMate from Eurolink Technology Ltd

INSTALLING CCRQINVOICE

Your New Service Request Process: Technical Support Reference Guide for Cisco Customer Journey Platform

Proficy* SmartSignal 6.1 Installation Guide

SOLUTION OVERVIEW DATA CATALOGS FOR DATA RATIONALIZATION

DocAve 6 Service Pack 1 Report Center

OBSERVATIONS FROM CYBERSECURITY EXAMINATIONS

Data Processing Information for Users of the Career and Alumni Portal of HTW Berlin (Data Privacy Policy)

Dynamic Storage (ECS)

Security in Cloud Remote Support

CLIENT. Corporation. Hosting Services. August 24, Marc Gray Flywire Technology CLIENT. 104 West Candler St Winder, GA

DocAve Governance Automation 2

Quick Guide on implementing SQL Manage for SAP Business One

F5 Technical Boot Camp - Partner Edition

Privacy Policy. We may collect information about you in a variety of ways. The information we collect on the Site includes:

Questions and Answers

COMPLETE ENDPOINT DEFENSE INTEGRATING PROTECTION, DETECTION, RESPONSE AND REMEDIATION IN A SINGLE SOLUTION

Cisco EPN Manager Operations

DocAve 6 ediscovery. User Guide. Service Pack 3, Cumulative Update 1. Revision F Issued August DocAve 6: ediscovery

Transcription:

Succeed in ISO/IEC 27001 Audit Checks Bb Crdisc Systems Engineer Bb.Crdisc@netwrix.cm

Hw t Ask Questins Type yur questin here Click Send

Agenda Why cmpliance is imprtant What ISO/IEC 27001 is ISO/IEC 27001 cmpliance benefits Meeting specific ISO requirements with Netwrix Q&A

Why Cmpliance is Imprtant 2013 Target: $3.6 12 billin (estimated) 2015 Anthem: 78.8 millin entries 2016 Red Crss: 1.28 millin dnr recrds TIME UNTIL GDPR ENFORCEMENT 2016 Panama Papers: 2.6 terabytes f infrmatin drawn 525 DAYS frm Mssack Fnseca s internal database

ISO/IEC 27001 ISO/IEC 27001, like any ther cmpliance standard, is aimed t prtect private and sensitive data and t prevent security breaches. It prvides guidance and details n hw t establish, implement, maintain, and cntinuusly imprve an infrmatin security management system (ISMS). applicable t rganisatins acrss all industries cntains the best infrmatin security practices riginally came frm BS 7799 standard published by BSI Grup BSI Grup is Netwrix custmer

ISO Cmpliance Benefits *Surce: BSI Benefits survey - BSI clients were asked which benefits they btained frm IS/IEC 27001:2013 BSI Grup BSI/UK/842/SC/0416/EN/BLD

Meet Specific ISO Requirements ISO/IEC 27002:2013 has 14 security cntrl sectins cntaining a ttal f 35 main security categries and 114 cntrls. Netwrix Auditr is designed t help with: A. 9: Access Cntrl A. 13: Cmmunicatin Security A. 16: Infrmatin Security Incident Management A. 17: Infrmatin Security Aspects f Business Cntinuity Management A. 18: Cmpliance

Meet Specific ISO Requirements Netwrix Auditr helps indirectly with: A. 6: Organisatin f Infrmatin Security A. 7: Human Resurce Security A. 12: Operatins Security A. 14: System Acquisitin, Develpment and Maintenance A. 15: Supplier Relatinships

A. 9: Access Cntrl Objective: t cntrl access t infrmatin t prevent unauthrized access t infrmatin systems t prevent cmprmise r theft f data Cntrls: 9.2.1 User registratin and de-registratin 9.2.3 Management f privileged access rights 9.3.1 Use f secret authenticatin infrmatin 9.4.2 Secure lg-n prcedures 9.4.3 Passwrd management system

A. 13: Cmmunicatin Security Objective: t ensure the prtectin f infrmatin in netwrks t maintain the security f infrmatin transferring Cntrls: 13.1.1 Netwrk cntrls Audit authrizatin and access prcedures fr discrepancies 13.1.3 Segregatin in netwrks 13.2.1 Infrmatin transfer plicies and prcedures

A. 16: Security Incident Management Objective: t ensure effective apprach t security incidents management t have persnnel trained and equipped t reprt and respnd Cntrls: 16.1.2 Reprting infrmatin security events 16.1.4 Assessment f and decisin n infrmatin security events 16.1.5 Respnse t infrmatin security incidents 16.1.7 Cllectin f evidence

A. 17: Business Cntinuity Management Objective: t ensure the cntinuity f peratins under extrardinary circumstances Cntrls: 17.1.2 Implementing infrmatin security cntinuity 17.1.3 Verify, review and evaluate infrmatin security cntinuity

A. 18: Cmpliance Objective: t avid breaches f legal, statutry r regulatry Cntrls: 18.1.3 Prtectin f recrds 18.1.4 Privacy and prtectin f persnally identifiable infrmatin 18.2.2 Cmpliance with security plicies and standards 18.2.3 Technical cmpliance review

Achieve ISO Cmpliance with Netwrix Strengthen security f data by auditing yur IT systems

Achieve ISO Cmpliance with Netwrix Streamline certificatin audits with ur-f-the-bx cmpliance reprts

Achieve ISO Cmpliance with Netwrix Quickly answer detailed questins frm auditrs

Achieve ISO Cmpliance with Netwrix Enable lng-term audit data archiving t ensure cntinuus cmpliance

Real Case Study Custmer: The Ftball Pls Industry: Entertainment The challenge: t evidence t auditrs that all changes and access t SQL databases are mnitred accrding t the requirements f the UK Gambling Cmmissin, which are based n ISO/IEC 27001 standard Key benefits: Prf f Cmpliance with ISO/IEC 27001 Less time and effrt required t pass audit checks Reduced risk f data lss and dwntime Vide recrding f every remte DBA sessin

Real Case Study

Netwrix Auditr Platfrm Netwrix Auditr A visibility and gvernance platfrm that enables cntrl ver changes, cnfiguratins, and access in hybrid clud IT envirnments by prviding security analytics t detect anmalies in user behavir and investigate threat pattern befre a data breach ccurs.

Netwrix Auditr Benefits Detect Data Security Threats On Premises and in the Clud Pass Cmpliance Audits with Less Effrt and Expense Increase the Prductivity f Security and Operatins Teams Bridges the visibility gap by delivering security analytics abut critical changes, state f cnfiguratins and data access in hybrid clud IT envirnments and enables investigatin f suspicius user behavir. Prvides the evidence required t prve that yur rganizatin s IT security prgram adheres t PCI DSS, HIPAA, HITECH, SOX, FISMA/NIST800-53, COBIT, ISO/IEC 27001 and ther standards. Relieves IT departments f manual crawling thrugh weeks f lg data t get the infrmatin abut wh changed what, when and where and wh has access t what.

Netwrix Auditr Applicatins Netwrix Auditr fr Active Directry Netwrix Auditr fr Azure AD Netwrix Auditr fr Exchange Netwrix Auditr fr Office 365 Netwrix Auditr fr Windws File Servers Netwrix Auditr fr EMC Netwrix Auditr fr NetApp Netwrix Auditr fr SharePint Netwrix Auditr fr Oracle Database Netwrix Auditr fr SQL Server Netwrix Auditr fr Windws Server Netwrix Auditr fr VMware

Netwrix Custmers Financial Healthcare & Pharmaceutical Federal, State, Lcal, Gvernment GA Industrial/Technlgy/Other

Abut Netwrix Crpratin Year f fundatin: 2006 Headquarters lcatin: Irvine, Califrnia Recgnitin: Amng the fastest grwing sftware cmpanies in the US with 95 industry awards frm Redmnd Magazine, SC Magazine, Windws IT Pr and thers Glbal custmer base: ver 7000

Awards All awards: www.netwrix.cm/awards

Next Steps Read mre abut ISO netwrix.cm/iso_iec_cmpliance Free Trial: setup in yur wn test envirnment: On-premises: netwrix.cm/freetrial Virtual: netwrix.cm/g/appliance Clud: netwrix.cm/g/clud Test Drive: virtual POC, try in a Netwrix-hsted test lab netwrix.cm/testdrive Live Dem: prduct tur with Netwrix expert netwrix.cm/livedem Cntact Sales t btain mre infrmatin netwrix.cm/cntactsales Webinars: jin ur upcming webinars and watch the recrded sessins netwrix.cm/webinars netwrix.cm/webinars#featured

Thank Yu! Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback