简化企业IT合规审计RSA enVision帮您降低企业内部控制成本提升安全.ppt

简化企业IT合规审计RSA enVision帮您降低企业内部控制成本，提升安全,总在不断变化的合规环境,PCIDSS,HIPAA,InternalPolicy,GLBA,HSPD 12,CSB 1386,CountryPrivacyLaws,SOX,EU CDR,UK RIPA,FISMA,COCOM,Data Security Act,FACTA,EU DataPrivacy,FFIEC,BASEL II,C-SOX,IRS 97-22,NERC,NISPOM,PartnerRules,ACSI 33,NIST 800,StatePrivacy Laws,纷繁的&昂贵的IT合规,PCI DSS Compliance,Basel IICompliance,Internal PolicyCompliance,Data Privacy RegulationCompliance,Partner PolicyCompliance,Network,Endpoint,App/DB,Storage,FS/CMS,AccessControl,Log Management,AccessControl,Monitoring,Gartner评估认为一个接一个的规章制度，企业连续投入的资源相当与合规平均投入的150%，很大程度上是由于重复劳动!“Gartner for IT Leaders Overview:The IT Compliance Professional.”French Caldwell.October 22,2007,基于框架的安全（Framework-Based Security）消除您安全管理中的漏缝,Framework Based Solutions全面的检查清单控制手段安全整体视图,财务资料,个人信息,补丁式解决方案,信用卡数据,基于框架的安全信息风险管理实现,Endpoint,Network,Apps/DB,FS/CMS,Storage,Sensitive Information,Security Incidents,Business Initiatives,IT Systems,企业范围的 控制框架,Framework-based security ensures your organization is prepared to comprehensively mitigate and manage information risk,持续一致提供安全基础，实现对数据类似的安全风险采用类似的控制手段进行保护,全面整合确保企业能够采用适当的控制手段进行全面的风险管理以减低风险,经济高效缩减冗余控制手段，获取技术投入的最大回报,Network,Endpoint,App/DB,Storage,FS/CMS,加密密钥管理,数据防丢失,监控,报表,审计,PCI DSS Compliance,Basel IICompliance,Internal PolicyCompliance,Data Privacy RegulationCompliance,Partner PolicyCompliance,身份认证,访问控制,基于框架的安全合规实现经济、高效的合规,适用于合规的内控安全框架流程,根据合规要求，确定IT内控范围根据内控范围进行资产盘点和风险评估执行内部IT审计内控审计报告,基于框架的合规流程 RSA&EMC Solutions,监控，管理&提升,RSA Information and Event ManagementRSA Professional ServicesRSA Partners,RSA enVision3合1的信息事件管理平台,日志管理,Any enterprise IP device Universal Device Support(UDS)No filtering,normalizing,or data reductionSecurity events&operational informationNo agents required,简化合规,Access ControlConfiguration ControlMalicious SoftwarePolicy EnforcementsUser Monitoring&ManagementEnvironmental&Transmission Security,提升安全降低风险,Access Control EnforcementSLA Compliance MonitoringFalse Positive ReductionReal-time AlertsUnauthorized Network Service DetectionPrivileged User Monitoring,优化IT运营,Monitor network assetsTroubleshoot network issuesAssist with Helpdesk operationsOptimize network performanceGain visibility into user behaviorBuild baseline of normal network activity,All the DATA,安全审计的目的是：对重要数据的有效系统控制,An auditor will want to see all the critical paths towards financial accounting information,IDS/IDP logs,VPN logs,Firewall logs,Client&file server logs,Windows domain logins,Oracle Financial Logs,SAN file Access Logs,Mainframe logs,Database Logs,VA Scan logs,Switch logs,3 in 1日志管理平台简化合规Robust Alerting&Reporting,内置超过1400+报表模板易于定制已根据标准进行分组,如国家法律(SOX,Basel II,JSOX),行业标准(PCI),最佳实践和标准(ISO 27002,ITIL),3 in 1日志管理平台提高安全Support the 3 key aspects of Security Operations,将实时事件，如安全威胁信息，转换成可执行的数据,SIEM technology provides real-time event management and historical analysis of security data from a wide set of heterogeneous sources.This technology is used to filter incident information into data that can be acted on for the purposes of incident response and forensic analysis.Mark Nicolette,Gartner,3 in 1日志管理平台优化IT和网络运行异常识别,易于排错,EMC Celerra,System Shutdown,System Failure,企业内控合规报表审计,RSA enVision Report:密码变更和过期,RSA enVision Report:操作变更控制,RSA enVision Report:禁用帐号报表,Compliance Packages,RSA enVision内置提供了以下10大类的合规审计报表模板:BASEL II-International Convergence of Capital Measurement and Capital Standards Bill 198 Federal Information Security Management Act(FISMA)Gramm-Leach-Billey Act(GLBA)Health Insurance Portability and Accountability Act(HIPAA)ISO 27002 NERC National Industrial Security Program Operating Manual(NISPOM)Payment Card Industry(PCI)Data Security Standard Statement on Auditing Standards No.70(SAS 70)Sarbanes-Oxley Act(SOX),RSA enVision3合1的日志管理平台,日志管理,Any enterprise IP device Universal Device Support(UDS)No filtering,normalizing,or data reductionSecurity events&operational informationNo agents required,简化合规,Access ControlConfiguration ControlMalicious SoftwarePolicy EnforcementsUser Monitoring&ManagementEnvironmental&Transmission Security,提升安全降低风险,Access Control EnforcementSLA Compliance MonitoringFalse Positive ReductionReal-time AlertsUnauthorized Network Service DetectionPrivileged User Monitoring,优化IT运营,Monitor network assetsTroubleshoot network issuesAssist with Helpdesk operationsOptimize network performanceGain visibility into user behaviorBuild baseline of normal network activity,All the DATA,20,Thank you!,