Succeed in ISO/IEC 27001 Audit Checks Bb Crdisc Systems Engineer Bb.Crdisc@netwrix.cm
Hw t Ask Questins Type yur questin here Click Send
Agenda Why cmpliance is imprtant What ISO/IEC 27001 is ISO/IEC 27001 cmpliance benefits Meeting specific ISO requirements with Netwrix Q&A
Why Cmpliance is Imprtant 2013 Target: $3.6 12 billin (estimated) 2015 Anthem: 78.8 millin entries 2016 Red Crss: 1.28 millin dnr recrds TIME UNTIL GDPR ENFORCEMENT 2016 Panama Papers: 2.6 terabytes f infrmatin drawn 525 DAYS frm Mssack Fnseca s internal database
ISO/IEC 27001 ISO/IEC 27001, like any ther cmpliance standard, is aimed t prtect private and sensitive data and t prevent security breaches. It prvides guidance and details n hw t establish, implement, maintain, and cntinuusly imprve an infrmatin security management system (ISMS). applicable t rganisatins acrss all industries cntains the best infrmatin security practices riginally came frm BS 7799 standard published by BSI Grup BSI Grup is Netwrix custmer
ISO Cmpliance Benefits *Surce: BSI Benefits survey - BSI clients were asked which benefits they btained frm IS/IEC 27001:2013 BSI Grup BSI/UK/842/SC/0416/EN/BLD
Meet Specific ISO Requirements ISO/IEC 27002:2013 has 14 security cntrl sectins cntaining a ttal f 35 main security categries and 114 cntrls. Netwrix Auditr is designed t help with: A. 9: Access Cntrl A. 13: Cmmunicatin Security A. 16: Infrmatin Security Incident Management A. 17: Infrmatin Security Aspects f Business Cntinuity Management A. 18: Cmpliance
Meet Specific ISO Requirements Netwrix Auditr helps indirectly with: A. 6: Organisatin f Infrmatin Security A. 7: Human Resurce Security A. 12: Operatins Security A. 14: System Acquisitin, Develpment and Maintenance A. 15: Supplier Relatinships
A. 9: Access Cntrl Objective: t cntrl access t infrmatin t prevent unauthrized access t infrmatin systems t prevent cmprmise r theft f data Cntrls: 9.2.1 User registratin and de-registratin 9.2.3 Management f privileged access rights 9.3.1 Use f secret authenticatin infrmatin 9.4.2 Secure lg-n prcedures 9.4.3 Passwrd management system
A. 13: Cmmunicatin Security Objective: t ensure the prtectin f infrmatin in netwrks t maintain the security f infrmatin transferring Cntrls: 13.1.1 Netwrk cntrls Audit authrizatin and access prcedures fr discrepancies 13.1.3 Segregatin in netwrks 13.2.1 Infrmatin transfer plicies and prcedures
A. 16: Security Incident Management Objective: t ensure effective apprach t security incidents management t have persnnel trained and equipped t reprt and respnd Cntrls: 16.1.2 Reprting infrmatin security events 16.1.4 Assessment f and decisin n infrmatin security events 16.1.5 Respnse t infrmatin security incidents 16.1.7 Cllectin f evidence
A. 17: Business Cntinuity Management Objective: t ensure the cntinuity f peratins under extrardinary circumstances Cntrls: 17.1.2 Implementing infrmatin security cntinuity 17.1.3 Verify, review and evaluate infrmatin security cntinuity
A. 18: Cmpliance Objective: t avid breaches f legal, statutry r regulatry Cntrls: 18.1.3 Prtectin f recrds 18.1.4 Privacy and prtectin f persnally identifiable infrmatin 18.2.2 Cmpliance with security plicies and standards 18.2.3 Technical cmpliance review
Achieve ISO Cmpliance with Netwrix Strengthen security f data by auditing yur IT systems
Achieve ISO Cmpliance with Netwrix Streamline certificatin audits with ur-f-the-bx cmpliance reprts
Achieve ISO Cmpliance with Netwrix Quickly answer detailed questins frm auditrs
Achieve ISO Cmpliance with Netwrix Enable lng-term audit data archiving t ensure cntinuus cmpliance
Real Case Study Custmer: The Ftball Pls Industry: Entertainment The challenge: t evidence t auditrs that all changes and access t SQL databases are mnitred accrding t the requirements f the UK Gambling Cmmissin, which are based n ISO/IEC 27001 standard Key benefits: Prf f Cmpliance with ISO/IEC 27001 Less time and effrt required t pass audit checks Reduced risk f data lss and dwntime Vide recrding f every remte DBA sessin
Real Case Study
Netwrix Auditr Platfrm Netwrix Auditr A visibility and gvernance platfrm that enables cntrl ver changes, cnfiguratins, and access in hybrid clud IT envirnments by prviding security analytics t detect anmalies in user behavir and investigate threat pattern befre a data breach ccurs.
Netwrix Auditr Benefits Detect Data Security Threats On Premises and in the Clud Pass Cmpliance Audits with Less Effrt and Expense Increase the Prductivity f Security and Operatins Teams Bridges the visibility gap by delivering security analytics abut critical changes, state f cnfiguratins and data access in hybrid clud IT envirnments and enables investigatin f suspicius user behavir. Prvides the evidence required t prve that yur rganizatin s IT security prgram adheres t PCI DSS, HIPAA, HITECH, SOX, FISMA/NIST800-53, COBIT, ISO/IEC 27001 and ther standards. Relieves IT departments f manual crawling thrugh weeks f lg data t get the infrmatin abut wh changed what, when and where and wh has access t what.
Netwrix Auditr Applicatins Netwrix Auditr fr Active Directry Netwrix Auditr fr Azure AD Netwrix Auditr fr Exchange Netwrix Auditr fr Office 365 Netwrix Auditr fr Windws File Servers Netwrix Auditr fr EMC Netwrix Auditr fr NetApp Netwrix Auditr fr SharePint Netwrix Auditr fr Oracle Database Netwrix Auditr fr SQL Server Netwrix Auditr fr Windws Server Netwrix Auditr fr VMware
Netwrix Custmers Financial Healthcare & Pharmaceutical Federal, State, Lcal, Gvernment GA Industrial/Technlgy/Other
Abut Netwrix Crpratin Year f fundatin: 2006 Headquarters lcatin: Irvine, Califrnia Recgnitin: Amng the fastest grwing sftware cmpanies in the US with 95 industry awards frm Redmnd Magazine, SC Magazine, Windws IT Pr and thers Glbal custmer base: ver 7000
Awards All awards: www.netwrix.cm/awards
Next Steps Read mre abut ISO netwrix.cm/iso_iec_cmpliance Free Trial: setup in yur wn test envirnment: On-premises: netwrix.cm/freetrial Virtual: netwrix.cm/g/appliance Clud: netwrix.cm/g/clud Test Drive: virtual POC, try in a Netwrix-hsted test lab netwrix.cm/testdrive Live Dem: prduct tur with Netwrix expert netwrix.cm/livedem Cntact Sales t btain mre infrmatin netwrix.cm/cntactsales Webinars: jin ur upcming webinars and watch the recrded sessins netwrix.cm/webinars netwrix.cm/webinars#featured
Thank Yu! Q&A