1

Compliance EvaluatorSingle-View Overall Compliance Reports

2

Part 1 Overview

3

Overview

The iSecurity Compliance Evaluator enables managers to quickly check the compliance of their systems with industry and corporate policies based on customizable user-friendly reports.

4

“All done! I’ve got all the compliance info I need”.

4

Using Compliance Evaluator,just customize a built-in template ,

and run a report…

2

“Compliance is such a hassle …How do I even check

all those PCI requirements?”

1

Get a concise or detailed PCI compliance report

within seconds!

3

“Now, each morning when I reach the office, a PCI compliance report is

already waiting for me.”

5

“And my staff can use the detailed report to easily get

PCI compliant!”

6

Getting PCI Compliant with Compilance Evaluator

5

Features

• Network-wide compliance status at a glance• PCI, SOX, etc. compliance checks• Results in colorful Excel spreadsheet• Results can be emailed directly from AS/400 • Automatic scheduling• Single general score per system and specific scores per topic• Each item & topic can receive individual importance• All scores displayed as percentages• Several report templates, with different levels of detail• Unlimited number of reports• Detailed or summary data • Ready-made & customizable checks• User-friendly GUI

6

Part 2 Screens

7

Compliance Evaluator on the iSecurity activity tree

iSecurity Activity Tree

8

Product supplied plans including SOX, HIPAA and PCI specific Compliance Evaluator plans

Plans can be Run, Displayed, Renamed, etc. See following slides.

Product Supplied Plans

9

Run SAMPLE_REP definitions. Choice of Output templates on left.

Running Definitions

10

Report sent to e-mail as attachment.

Emailed Report

11

Requested report as presented in Excel

Emailed Report

12

Note correlation of Item Importance (in Excel) for Sample User Profile Reports with definition below.

Note correlation of Topic Importance with bold entries under Importance below.

Relative Importance above will always be normalized to total 100% (in this example, not necessary).

(This example not in synch with report in slide 6.)

Sample Reports

13

This part of the report shows, for each of the 2 systems, the Current Value, the Optimal Value, and the Score assigned to this item.

Report Details

Optimal Value can be different for different systems..

14

Clicking on All Network Attribute Values above, gives definition screen on the right. Z$T_ALL is the appropriate report.

All Network Attribute Values Screen

15

Clicking on All System Values Information above, gives definition screen on the right. Z$S_ALL is the appropriate report.

All System Values Screen

16

Detailed Network Attributes and System Values screens above. Note that definition for System Value QABNORMSW appears twice, once for system S44K1246 and once for all other systems.

All System Values Screen

17

Now we’ll analyze the definitions for each of the 3 reports in the Sample User Profile Reports counts area.

Analyzing Definitions for Reports

18

Note the relative importance for each report, the Query name, as well as the Scores assigned for the various Value ranges.

Relative Importance for Different Values

19

The definition for system S44K1246 assigned a Score of 100 when this report returns a value between 0 and 15; other systems will return 100 for values between 0 and 25.

S44K1246 could be the site’s Production system.

Defining Scores

20

The PCI plan is composed of numerous reports; each section is preceded by a header called “Topic (of Counts)” which points to the relevant PCI paragraph.

Various Reports for PCI

21

Please visit us at www.razlee.com

Thank You !