From Data Theft to …

Compliance & Risk Management!

PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

… Agenda

2 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…Agenda

3 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…just a simple pricelist ?

4 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

…active measures against card fraud

5 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

PCI DSS, PA DSS, 27001, CoBiT, NERC, Basel II, SOX, ... … … …

Mounting External Compliance Regulations

7 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

EU Directive

Basel II

HIPAA

Sarbanes-Oxley, Section 404

PCI Data Security Standards (DSS)

PII Security Standards

21CFR11

Gramm Leach Bliley (GLBA)

USA Patriot Act

SB1386 (CA Privacy Act)

EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive EU Directive

HIPAA HIPAA HIPAA HIPAA HIPAA HIPAA

21CFR11 21CFR11 21CFR11 21CFR11 21CFR11

Gramm Leach Bliley (GLBA)

Gramm Leach Bliley (GLBA)

Gramm Leach Bliley (GLBA)

Gramm Leach Bliley (GLBA)

USA Patriot Act USA Patriot Act USA Patriot Act

SB1386 (CA Privacy Act)

SB1386 (CA Privacy Act)

Basel II

PCI Data Security Standards (DSS)

Time *The Struggle to Manage Security Compliance for Multiple Regulations”..SecurityCompliance.com

3 out 4 organizations must comply with two or more regulations and corresponding audits.

43% of organizations comply with 3 or more regulations.

Our IT Networks Were Never Designed With Compliance In Mind

Today Organizations Spend 30-50% More On Compliance Than They Should

Compliance & IT Risk Management Challenges

9 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Lack of Regulatory

Knowledge

HIPAA

PCI

SOX

Security Policy

Password Length Special Characters

Excel

Manual Surveys

Database Business Processes

IT Resources

Disparate Data Collection

Functional Silos

Non Standardized Processes

Challenges in Compliance and Risk Management

Business Interests

Auditor

Stakeholders

Data Collection

Standardized Compliance & Control Framework [UCF]

Assess

13 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Technical Controls:

Automatically assess technical controls through integration to Lumension and 3rd party tools

Procedural & Physical Controls:

Utilize automated workflow based surveys

Standardized & IT Risk Mgmt. Framework

Regulation Authority Documents

Business Interests Corporate Policies

Profile Risk Attributes

Open to the Internet

Contains Credit Card Information

Contains Customer Data

Pass/Fail Regulation Assessment

Corp-Policy 100%

ISO 27001 65%

PCI 65%

NERC 30%

Applicable Controls

Password Length

Data Encryption

Power Save

IT Assets

Business Processes Revenue Streams Trade Secrets

GLBA PCI FISMA HIPAA NHS NERC SOX ISO/IEC…

Automation of Assessment Data

15 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Technical Controls Procedural & Physical Controls

Lumension Patch, Scan & Configuration

Lumension Application &

Device Control

3rd Party Products

Automated Connectors Automated Assessment Workflow

Web-Based Surveys

Auditor / Analyst Attestation

Consolidated Assessment Data supports a holistic view of compliance and IT risk posture

Connector …

16 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

17 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

18 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Connector …

19 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Remediate

20 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Remediate: Prioritize remediation efforts based on impact to overall organizational IT risk & compliance posture

Manage

21 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Manage: Create operational and strategic visibility across compliance, IT risk postures

Identify…and it starts again

Adaptation

Lumension Risk Manager - summary

24 PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION

Give you better visibility into your compliance and risk posture.

Help you save time & money in your security management process.

Global Headquarters 15880 N. Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260

1.888.725.7828 info@lumension.com

www.lumension.com/itgrc-software

thomas.wendrich@lumension.com