Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program...
Transcript of Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program...
![Page 1: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/1.jpg)
Compliance Scorecard/Dashboard ProgramGlenn Gunara-ChenConsulting Services
![Page 2: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/2.jpg)
2
Agenda
• Experience in Compliance within Public Sector• Case Study:
– IMPACT Scorecard Program and Compliance Dashboard
![Page 3: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/3.jpg)
3
Experience
• United States FISMA Scorecard– Environmental Protection Agency (EPA)– Smithsonian Institute
• IMPACT
![Page 4: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/4.jpg)
4
IMPACT?
• The International Multilateral Partnership Against Cyber-Threats (‘IMPACT’) is a global initiative that was launched at the IMPACT World Cyber Security Summit.
• More than 27 countries are represented and it is the largest global partnership ever organised on cyber-terrorism.
• IMPACT is the world’s first truly international, public-private sector collaborative institution against cyber-threats
IMPACT serves as a platform to stimulate co-operation between governments, as well as between governments of the world and the international private sector. IMPACT will effectively enhance
the capability of the global community to prevent, defend and respond to cyber threats.
![Page 5: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/5.jpg)
5
IMPACT Security Framework
• Asset inventory• Asset categorization
– High– Moderate– Low
• Security controls– Management
– Risk Assessments, Planning, System and Services Acquisition, Certification, Accreditation and Security Assessments
– Operational– Personnel Security, Physical and Environmental Protection, Contingency Planning,
Configuration Management, Maintenance, System and Information Integrity, Media Protection, Incident Response, Awareness and Training
– Technical– Identification and Authentication, Access Control, Audit and Accountability, System and
Communications Protection
5
![Page 6: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/6.jpg)
6
Compliance overview
Determine risk and develop appropriate policies
Govern
Monitor compliance and remediate problems
Demonstrate due care and optimize controls
Operating Systems
Databases
Applications
Directories
People
SOX
HIPAA
GLBA
FISMA
Basel ll
COSO
COBIT
ISO17799
NIST
Internal policies
PCI-DSS
CIS
NIST
NSA
REGULATIONS FRAMEWORKS STANDARDS
Define
CORPORATE POLICIES
Control
MEASURE
RECORD
REPORT
IT CONTROL CHECKS
Determine risk and develop appropriate policies
Govern
Monitor compliance and remediate problems
Demonstrate due care and optimize controls
Operating Systems
Databases
Applications
Directories
People
SOX
HIPAA
GLBA
FISMA
Basel ll
COSO
COBIT
ISO17799
NIST
Internal policies
PCI-DSS
CIS
NIST
NSA
REGULATIONS FRAMEWORKS STANDARDS
Define
CORPORATE POLICIES
Control
MEASURE
RECORD
REPORT
IT CONTROL CHECKS
IMPACT Government Security Scorecard (IGSS) System
![Page 7: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/7.jpg)
7
Summary of Approach
Exception
Technical Controls
Written Policy
Procedural Controls
Create Map Publish Assess Fix
Control self assessment
• Questionnaire responses• Risk-based prioritization Entitlements review• Group\file permission • classify & assign owners• Approval workflow
Configurations• Security best practices• Remediation Vulnerabilities• Non-credentialed
checks• Credentialed checks• Patch Mgmt
PCISOX
Basel II
NIST
COBIT
ISO
Scoped by Risk Level
Corporate Policies• Info Security• Access Control• Termination
![Page 8: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/8.jpg)
8
Introduction to IMPACT Scorecard
• Consolidated view of compliance levels– Automated
• Dashboard view– Drill down capability
• Management Reporting capabilities– Independent assessment– Grading system
• Center of Excellence
![Page 9: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/9.jpg)
9
IMPACT Scorecard Diagram
Federal Compliance Enforcement Agency
Malay
sian
Fed
eral
Gov
ernm
ent
Min
istri
es
IMPACT Scorecard
Meta Database
Collectors
![Page 10: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/10.jpg)
10
Methodology ensures users receive the information they need, when they need it.
The CoE configure and support the solution to meet bespoke needs.
![Page 11: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/11.jpg)
11
![Page 12: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/12.jpg)
12
Sample IGSS Dashboard View (1/3)
![Page 13: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/13.jpg)
13
Sample IGSS Dashboard View (2/3)
![Page 14: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/14.jpg)
14
![Page 15: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/15.jpg)
15
![Page 16: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/16.jpg)
16
![Page 17: Compliance Scorecard/Dashboard Program · 2009-02-18 · Compliance Scorecard/Dashboard Program Glenn Gunara-Chen Consulting Services. 2 Agenda • Experience in Compliance within](https://reader031.fdocuments.in/reader031/viewer/2022040817/5e60b3251de36c709972aa3d/html5/thumbnails/17.jpg)
17
© 2007 Symantec Corporation. All rights reserved. THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND IS NOT INTENDED AS ADVERTISING. ALL WARRANTIES RELATING TO THE INFORMATION IN THIS DOCUMENT, EITHER EXPRESS OR IMPLIED, ARE DISCLAIMED TO THE MAXIMUM EXTENT ALLOWED BY LAW. THE INFORMATION IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE.
Thank You!