Post on 23-Dec-2015
1
Compliance EvaluatorSingle-View Overall Compliance Reports
2
Part 1 Overview
3
Overview
The iSecurity Compliance Evaluator enables managers to quickly check the compliance of their systems with industry and corporate policies based on customizable user-friendly reports.
4
“All done! I’ve got all the compliance info I need”.
4
Using Compliance Evaluator,just customize a built-in template ,
and run a report…
2
“Compliance is such a hassle …How do I even check
all those PCI requirements?”
1
Get a concise or detailed PCI compliance report
within seconds!
3
“Now, each morning when I reach the office, a PCI compliance report is
already waiting for me.”
5
“And my staff can use the detailed report to easily get
PCI compliant!”
6
Getting PCI Compliant with Compilance Evaluator
5
Features
• Network-wide compliance status at a glance• PCI, SOX, etc. compliance checks• Results in colorful Excel spreadsheet• Results can be emailed directly from AS/400 • Automatic scheduling• Single general score per system and specific scores per topic• Each item & topic can receive individual importance• All scores displayed as percentages• Several report templates, with different levels of detail• Unlimited number of reports• Detailed or summary data • Ready-made & customizable checks• User-friendly GUI
6
Part 2 Screens
7
Compliance Evaluator on the iSecurity activity tree
iSecurity Activity Tree
8
Product supplied plans including SOX, HIPAA and PCI specific Compliance Evaluator plans
Plans can be Run, Displayed, Renamed, etc. See following slides.
Product Supplied Plans
9
Run SAMPLE_REP definitions. Choice of Output templates on left.
Running Definitions
10
Report sent to e-mail as attachment.
Emailed Report
11
Requested report as presented in Excel
Emailed Report
12
Note correlation of Item Importance (in Excel) for Sample User Profile Reports with definition below.
Note correlation of Topic Importance with bold entries under Importance below.
Relative Importance above will always be normalized to total 100% (in this example, not necessary).
(This example not in synch with report in slide 6.)
Sample Reports
13
This part of the report shows, for each of the 2 systems, the Current Value, the Optimal Value, and the Score assigned to this item.
Report Details
Optimal Value can be different for different systems..
14
Clicking on All Network Attribute Values above, gives definition screen on the right. Z$T_ALL is the appropriate report.
All Network Attribute Values Screen
15
Clicking on All System Values Information above, gives definition screen on the right. Z$S_ALL is the appropriate report.
All System Values Screen
16
Detailed Network Attributes and System Values screens above. Note that definition for System Value QABNORMSW appears twice, once for system S44K1246 and once for all other systems.
All System Values Screen
17
Now we’ll analyze the definitions for each of the 3 reports in the Sample User Profile Reports counts area.
Analyzing Definitions for Reports
18
Note the relative importance for each report, the Query name, as well as the Scores assigned for the various Value ranges.
Relative Importance for Different Values
19
The definition for system S44K1246 assigned a Score of 100 when this report returns a value between 0 and 15; other systems will return 100 for values between 0 and 25.
S44K1246 could be the site’s Production system.
Defining Scores
20
The PCI plan is composed of numerous reports; each section is preceded by a header called “Topic (of Counts)” which points to the relevant PCI paragraph.
Various Reports for PCI