How to Survive an IT Audit… and Thrive Off It!€¦ · How to Survive an IT Audit… and Thrive...
Transcript of How to Survive an IT Audit… and Thrive Off It!€¦ · How to Survive an IT Audit… and Thrive...
How to Survive an IT Audit… and Thrive Off It!
Presenter:
Adam StetsonPresales [email protected] x2907
How to Ask Questions
Type your question here
Click “Send”
Agenda
Compliance overview
Continuous compliance
Control processes
Demonstration
Briefly about Netwrix
Questions and Answers
Compliance Overview
Best Practices, Standards and Regulations
ISO 27001, COBIT, NIST
PCI, HIPAA, SOX, FISMA, FFIEC/GLBA
GDPR
Commonalities
Availability, Integrity, Accountability
Policies, Implementation, Validation, Reporting
Perform reviews of your policies
Periodic reviews should be planned and executed
Processes for policies and procedures improvement should be established
Visibility Failures Real-Life Examples
Compliance Investigations2015 – Anthem Inc. — 78,8 million entries
2014 – NY and Presbyterian Hospital — $4.8 million fine
Compromised Security 2016 – Panama Papers: 2.6 terabytes of information drawn from Mossack Fonseca’s internal database
2015 – Office of Personnel Management — 21,5 Million records
2014 – Home Depot 56 million customer cards compromised (largest retail breach on record)
– Dairy Queen 395 locations
– Jimmy John’s 216 locations
– JPMorgan Chase 76 million households, 8 million small businesses exposed
2013 – Target. $3.6 – 12 billion (estimated)
Business Continuity DisruptionsA Global Oil Company
Someone mistakenly deleted 2000 user accounts because of a mistake in a script. Monday morning, people couldn’t logon
Large Recycling Company
GP change caused File Server Firewalls to snap on leading to major disruption, as around 60% of the users were unable to access particular applications/resources
Ways to Approach Compliance
One-Time Effort
Compliance as an Event
Regime Establishment
Compliance as a Continuous Process
Continuous Compliance is the Way
Initial effort for establishing a continuous compliance regime can be
cumbersome:
Extensive planning and development of internal policies,
Assignment of roles and responsibilities,
Implementation of controls and mechanisms for feedback and improvement.
Once continuous compliance is established, it brings many benefits, including:
Increased efficiency of operations
No high risk periods
Continuous improvement
Lower total cost (over the years)
Change managementProcess for controlling the lifecycle of all changes, ensuring that no unauthorized changes appear in information systems
Access controlProcess for establishing selective restrictions of access to information systems and data
Account managementIssuing, removing, maintaining, and configuring information systems’ accounts and related privileges
Credentials managementManagement of credential information such as user names and passwords
Privileged users managementManagement of privileged accounts, including their provisioning and life cycle management, authentication, authorization, credentials management, auditing, and access control
Control Processes
Integrity monitoringProcess for performing validation of data and configurations integrity by comparing between the current state and the known, good baseline
Configuration managementInterrelated processes and management techniques for evaluating, coordinating, and controlling changes to and configurations states of the information systems
Data governanceManagement of the availability, usability, integrity, and security of the data employed in an organization
Audit trialCollection, consolidation, retention, and processing of the audit data
Control Processes (continued)
Demonstration
Netwrix Auditor
About Netwrix Auditor
Netwrix Auditor
A visibility platform for user behavior analysis and risk mitigation
that enables control over changes, configurations, and access in hybrid IT environments. It
provides security analytics to detect anomalies in user behavior and investigate threat
patterns before a data breach occurs.
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Oracle Database
Netwrix Auditor for Azure AD
Netwrix Auditor for EMC
Netwrix Auditor for SQL Server
Netwrix Auditor for Exchange
Netwrix Auditor for NetApp
Netwrix Auditor for Windows Server
Netwrix Auditor for Office 365
Netwrix Auditor for SharePoint
Netwrix Auditor for VMware
Netwrix Auditor Conceptual Model
About Netwrix Corporation
Year of foundation: 2006
Headquarters location: Irvine, California
Global customer base: over 8,000
Recognition: Among the fastest growing
software companies in the US with 105
industry awards from Redmond
Magazine, SC Magazine, WindowsIT Pro
and others
Customer support: global 24/5 support
with 97% customer satisfaction
Netwrix Locations
Corporate Headquarters:
300 Spectrum Center Drive #200
Irvine, CA 92618
888-638-9749
www.netwrix.com
Netwrix Customers
GA
Financial
Healthcare & Pharmaceutical
Federal, State, Local, Government
Industrial/Technology/Other
Industry Awards and Recognition
All awards: www.netwrix.com/awards
Free Trial: setup in your own test environment:
On-premises: netwrix.com/freetrial
Virtual: netwrix.com/go/appliance
Cloud: netwrix.com/go/cloud
Test Drive: run a virtual POС in a Netwrix-hosted test lab
netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/livedemo
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
• netwrix.com/webinars
• netwrix.com/webinars#featured
Next Steps
Thank You!