5 insider tips for using it audits to maximize security
Transcript of 5 insider tips for using it audits to maximize security
![Page 1: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/1.jpg)
© 2011 NetIQ Corporation. All rights reserved.
5 Insider Tips: Using IT Audits to Maximize Security
Mike Chapple – Senior Director for Enterprise Support Services at the University of Notre Dame
Renee Bradshaw – Senior Product Marketing Manager, NetIQ
![Page 2: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/2.jpg)
© 2011 NetIQ Corporation. All rights reserved.
An Insider’s Guide to Effective Audits − Treat audits as a lifecycle process. − Understand the scope.− You shouldn’t learn anything!− Don’t be afraid to speak up!− Embrace findings.
Aligning Compliance, Security, and Business Goals
Q and A
Agenda
![Page 3: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/3.jpg)
© 2011 NetIQ Corporation. All rights reserved.
About the Speaker
Mike ChappleSenior Director for Enterprise Support Services at the University of Notre Dame• Assistant professor, Information Security, University of
Notre Dame• Former senior advisor to the Executive Vice President
at University of Notre Dame • Former Executive Vice President and Chief Information Officer
at Brand Institute • Former active duty intelligence officer in the U.S. Air Force• Published author, including the best-selling CISSP: Certified
Information Systems Security Professional Study Guide • Ph.D. and BS, Computer Science and Engineering, University
of Notre Dame; MBA, Auburn University; MS, Computer Science, University of Idaho
![Page 4: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/4.jpg)
5 Insider TipsUsing IT Audits
to Maximize Security
Mike Chapple, Ph.D
Senior Director, Enterprise Support Services
University of Notre Dame
![Page 5: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/5.jpg)
Tip #1
Treat Audits as a Lifecycle Process
![Page 6: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/6.jpg)
Audits Shouldn’t be your Super Bowl
![Page 7: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/7.jpg)
But More Like a Doctor’s Visit
![Page 8: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/8.jpg)
Auditing as a Lifecycle
Prepare
Assess
Audit
Remediate
![Page 9: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/9.jpg)
Tip #2
Understand the Scope
![Page 10: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/10.jpg)
Covered Devices
![Page 11: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/11.jpg)
Business Processes
![Page 12: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/12.jpg)
Standards
PCI DSS
SOX
HIPAA
SAS 70
COBIT
GLBA
FISMA
![Page 13: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/13.jpg)
Audit Process
![Page 14: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/14.jpg)
Tip #3
You Shouldn’t Learn Anything!
![Page 15: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/15.jpg)
This is Not the Time for Discovery!
![Page 16: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/16.jpg)
Tip #4
Don’t be Afraid to Speak Up!
![Page 17: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/17.jpg)
It’s Now or Never
![Page 18: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/18.jpg)
Just Keep It Civil
![Page 19: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/19.jpg)
Tip #5
Embrace Findings
![Page 20: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/20.jpg)
Learn and Adapt
![Page 21: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/21.jpg)
Auditing as a Lifecycle
Prepare
Assess
Audit
Remediate
![Page 22: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/22.jpg)
5 Insider TipsUsing IT Audits
to Maximize Security
Mike Chapple, Ph.D
Senior Director, Enterprise Support Services
University of Notre Dame
![Page 23: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/23.jpg)
© 2011 NetIQ Corporation. All rights reserved.
Aligning Compliance, Security, and Business Goals
Renee Bradshaw – Senior Product Marketing Manager, NetIQ
![Page 24: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/24.jpg)
© 2011 NetIQ Corporation. All rights reserved.
Compliance should be a “by-product” of security efforts.− Compliance mandates only provide
minimum standard
Focus first on minimizing risk and improving security.− Leverage your audit findings− Define tools and controls which align to risk
tolerance and business objectives− Realize improvement in overall security posture
Plan for Good SecurityDirect compliance efforts towards risk mitigation
24
![Page 25: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/25.jpg)
© 2011 NetIQ Corporation. All rights reserved.
Implement a common set of controls− Encompasses regulatory, industry, and
internal corporate mandates− Simplifies audits; provides reporting
framework− Avoids conflicting controls and
unnecessary expense− Adds controls as the regulatory
environment changes
Improve security and efficiency of IT environment− Automates routine, labor-intensive tasks− Reduces the cost of compliance − Avoids “audit panic”
Ease the Compliance BurdenCreate an adaptable compliance program
25
![Page 26: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/26.jpg)
© 2011 NetIQ Corporation. All rights reserved.
The best way to achieve compliance is to get the security basics right.
Realize positive, long-term business impact.− Reduce breach risk− Avoid non-compliance penalties − Operational efficiencies − Improve security posture
Back to BasicsGood security makes compliance easier
26
![Page 27: 5 insider tips for using it audits to maximize security](https://reader035.fdocuments.us/reader035/viewer/2022062515/55d51610bb61eb726b8b46b1/html5/thumbnails/27.jpg)
© 2011 NetIQ Corporation. All rights reserved.
Complete our survey. − Enter for a chance to win
an Apple iPad!
Access informative white papers; gain insight. − “Achieving ROI from your PCI DSS
Investment” − “Sustainable Compliance: How to
Align Compliance, Security and Business Goals”
Learn More at NetIQ.com
27
tinyurl.com/ROIfromPCI
tinyurl.com/sustainable-compliance