EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES



Similar documents
PCI DSS READINESS AND RESPONSE

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Preemptive security solutions for healthcare

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.

Payment Card Industry Data Security Standard

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

IBM Internet Security Systems October FISMA Compliance A Holistic Approach to FISMA and Information Security

Strategies for assessing cloud security

NEC Managed Security Services

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

CORE Security and GLBA

Trend Micro VMware Solution Guide Summary for Payment Card Industry Data Security Standard

The Impact of HIPAA and HITECH

8 Key Requirements of an IT Governance, Risk and Compliance Solution

IT Security & Compliance. On Time. On Budget. On Demand.

Security management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.

SECURITY. Risk & Compliance Services

Cisco Security Optimization Service

Trend Micro Cloud Security for Citrix CloudPlatform

EMC ADVERTISING ANALYTICS SERVICE FOR MEDIA & ENTERTAINMENT

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Key Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Implement security solutions that help protect your IT systems and facilitate your On Demand Business initiatives.

CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY

SUSTAINING COMPETITIVE DIFFERENTIATION

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Alcatel-Lucent Services

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

The Value of Vulnerability Management*

Security Controls What Works. Southside Virginia Community College: Security Awareness

IMPROVING RISK VISIBILITY AND SECURITY POSTURE WITH IDENTITY INTELLIGENCE

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment Adaptive Network Security...

NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES

fs viewpoint

WHITEPAPER. Addressing Them with Secure Network Access Control. Executive Summary... An Evolving Network Environment... 2

Achieving Security through Compliance

EMC INFORMATION INFRASTRUCTURE SOLUTIONS FOR THE PUBLIC SECTOR. Delivering constituent value through government innovation

Leveraging a Maturity Model to Achieve Proactive Compliance

Maximizing Configuration Management IT Security Benefits with Puppet

RSA Solution Brief. RSA envision. Platform. Compliance and Security Information Management. RSA Solution Brief

Total Protection for Compliance: Unified IT Policy Auditing

agility made possible

IBM Policy Assessment and Compliance

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Continuous Network Monitoring

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Accelerate Your Enterprise Private Cloud Initiative

IT Security & Compliance Risk Assessment Capabilities

Defending the Database Techniques and best practices

Information Protection Framework: Data Security Compliance and Today s Healthcare Industry

How To Implement Data Loss Prevention

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

CREATING THE RIGHT CUSTOMER EXPERIENCE

Boosting enterprise security with integrated log management

ENABLE YOUR JOURNEY TO THE CLOUD

RISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA PHONE:

Microsoft Services Premier Support. Security Services Catalogue

White paper. Four Best Practices for Secure Web Access

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

HITRUST CSF Assurance Program

Discover & Investigate Advanced Threats. OVERVIEW

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Whitepaper: 7 Steps to Developing a Cloud Security Plan

HIPAA and HITRUST - FAQ

Report Book: Retina Network Security Scanner Unlimited

An Oracle White Paper January Access Certification: Addressing & Building on a Critical Security Control

Tufin Orchestration Suite

PCI DSS. Payment Card Industry Data Security Standard.

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

HP ITSM Assessment Services Helping you reach the levels of service your business requires

Detect & Investigate Threats. OVERVIEW

SYMANTEC MANAGED SECURITY SERVICES. Superior information security delivered with exceptional value.

Leveraging Network and Vulnerability metrics Using RedSeal

Network Test Labs Inc Security Assessment Service Description Complementary Service Offering for New Clients

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Leveraging Privileged Identity Governance to Improve Security Posture

Outsourcing and Information Security

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

Transcription:

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES Aligning information with business and operational objectives ESSENTIALS Leverage EMC Consulting as your trusted advisor to move your and compliance posture to the next level to gain sustainable competitive advantage. Develop and establish a and compliance strategy and appropriate polices aligned to your overall information program Identify and classify levels of criticality and sensitivity of your organization s information assets Apply controls appropriately based on risk and compliance requirements Leverage best-practice-based assessments of governance, policy, data protection,, access, and other business and technical infrastructure to strengthen controls Develop programs, policies, and controls to ensure compliance while protecting customers and the organization from risk As the global financial crisis stabilizes and those affected governments, industries, and consumers take stock, talk is increasingly focused on how to prevent such a crisis from happening again. A flood of well intentioned regulations designed to increase corporate transparency and risk is expected to appear, adding complexity to compliance with current, overlapping controls. In fact, about 80 percent of today s global IT-relevant regulations share control goals and directives. Many organizations realize that business as usual will not support the complexity, overlap, and heightened scrutiny demanded by this flood of new regulations. Frameworks and approaches for IT best practices such as the ISO 27000 series, PCI Data Standard, and NIST 800-30 can offer guidance. However, benefits are not realized unless organizations actually implement these best practices and ensure they are mapped appropriately to new regulations. In addition to best-practice frameworks, an end-to-end information risk- approach helps prioritize investments. By focusing on information critical to key business initiatives, organizations can prioritize investments based on the amount of risk associated with information and related processes relative to the potential business reward. Strategic IT leaders see coming regulations as an opportunity to reform a broken system for assessing and tracking compliance. Many organizations have set the goal of constructing a sustainable model for assessing and communicating compliance across a wide range of evolving regulations. ALIGNING SECURITY STANDARDS AND COMPLIANCE FOR BUSINESS ACCELERATION In order to successfully ride the wave of new regulations, organizations must formulate and implement strategies based on a clear view of business goals, risk, and compliance drivers. Leveraging expertise, repeatable best practices, and insights on emerging standards can strengthen risk,, and compliance and postures. Experience has shown that organizations with strong and compliance postures are able to realize greater competitive advantages through increased agility. S E R V I C E O V E R V I E W

EMC Consulting can help you implement effective strategies and programs to accelerate your standards and compliance objectives in the context of a proactive and holistic and risk- program. We work as trusted advisors to address requirements in the context of business and industry requirements. We take an information-centric, comprehensive approach to risk to enable your organization to maximize and protect the value of information, identities, and infrastructure. We leverage the expertise and industry leadership of RSA, The Division of EMC, to accelerate and optimize strategies and risk postures while transforming to a business enabler. We apply industry best practices, proven methodologies, and established project techniques to deliver value across multiple and compliance requirements. This common approach helps you maximize investments across a number of standards and regulations including PCI DSS, COBIT, HIPAA, HITECH, EU Data Directive, SOX, GLBA, BASEL II, and NERC. STRATEGY AND COMPLIANCE SERVICES Policy Development: Policy forms the basis for an organization s entire information program. Policy Less detail Policy #1 Policy #2 Policy #n Standards Procedure A Procedure B More detail This service develops and establishes appropriate polices that are aligned with the objectives of an overall information program. For example, studies show that one of the most critical policies involves awareness both employees and contractors need to be aware of their responsibilities to protect valuable information. We work with you to develop information policy, objectives, and controls as a set of information standards documents covering: ISO 27002- (or appropriate) based policies Portfolio of policies from desktop to data center addressing governance, compliance, and risk Supporting standards and guidelines which facilitate policy implementation and enforcement Use of best practices for policy formatting and change

Classification for : This service identifies and classifies levels of criticality and sensitivity of an organization s information assets. Classification Policy Restricted Control Objectives Confidentiality Public Confidential Internal Integrity Availability Business Owners Business and Regulatory Drivers Through classification, organizations are able to apply controls appropriately according to sensitivity and criticality of information assets. Once the classification has been established, controls for each level of information are defined; resources can be prioritized to protect the assets with the highest value to the business first. We work with you to: Set standards across the organization for the required protection of information assets Apply controls appropriately according to sensitivity and criticality of information assets Define appropriate controls for each level of information Direct resources at protecting assets based on business value Risk Assessment: This service is based on the ISO 27002 standard covering governance, policy, data protection,, access, and other business and technical infrastructure controls mapped to established best practices. R I S K S Endpoint Network Applications Databases Storage Loss/theft Device takeover Eavesdropping Intercept Fraud Corruption Media loss/theft Corruption I N F O R M A T I O N R I S K A S S E S S M E N T S E R V I C E Digital rights Consumer Data-in-flight Transaction Encryption and key Transaction Content Secure storage Media Media encryption

We work with you to assess: Vulnerability: Where is my organization exposed to information risk? Threats: What threats can exploit these vulnerabilities? Likelihood: How likely is it a particular type of threat will occur, especially when compared to other threats? Countermeasures/controls: How effective is what we have done to protect against the threats and vulnerabilities? Improvements: Do we need to do more, and if so, what should we do? Materiality: What will be the impact of a breach to my organization? Readiness Assessment: Many companies are already challenged to consistently apply the required controls and demonstrate their ability to maintain a steady state of compliance. And this challenge is growing. For example, new guidelines in PCI DSS version 2.0 offer clarifications and additional guidance and address evolving requirements not previously addressed in PCI DSS version 1.2. This new version updates the standards to keep pace with emerging threats, technology evolution, and changes in the market. Such change is typical across industry and regulatory requirements, highlighting the need for sound preassessment evaluation and planning prior to a formal compliance review. Services such as the PCI Readiness Assessment from EMC Consulting helps customers understand their current PCI posture (or other industry and regulatory compliance requirements) and answer the question, Do I have the right PCI DSS policies and controls in place that will ensure compliance and protect my customers from risk? A PCI Readiness Assessment provides a clear analysis and remediation roadmap prior to undergoing a formal PCI audit. This service does not replace or serve as a PCI audit, but rather helps merchants identify and address weaknesses prior to undergoing a PCI audit. EMC Consulting resources use a combination of interviews, system reviews, site visits, and document reviews to discover gaps and issues with the client s compliance to requirements, and span the following high-level task areas: Deliverable Readiness Assessment Remediation Roadmap Supplemental Findings Report Description Provides a clear understanding of compliance in relation to the PCI DSS. Spreadsheet format covering the exact elements of the PCI DSS to be leveraged as a remediation roadmap should the need arise. Review and document of any compensating controls in place. Details identifying compliance or non-compliant gaps, and sufficient direction to target those systems requiring remediation. Items that do not impact compliance, but specific suggestions on improving your posture. Plan and pre-assessment preparation Determine and identify relevant programs per defined criteria Interview various program owners and work with client staff to gather required data Document, review, and confirm collected data with program owners Analyze collected program data based on defined criteria Report finding and recommendations

EMC CONSULTING FOR YOUR STANDARDS AND COMPLIANCE PROGRAMS EMC Consulting s experts in and compliance can assist you in moving your posture to the next level and gaining a sustainable competitive advantage. RSA, The Division of EMC, is a global leader in and event and GRC platforms. We benefit from their deep insight into architectures, concepts, and solutions. We have hundreds of certified professionals, who have delivered thousands of projects with some of the most information-intensive organizations in the world meeting challenges that other consulting companies are just starting to consider. EMC CONSULTING As part of EMC Corporation, the world s leading developer and provider of information infrastructure technology and solutions, EMC Consulting provides strategic guidance and technology expertise to help organizations exploit information to its maximum potential. With worldwide expertise across organizations businesses, applications, and infrastructures, as well as deep industry understanding, EMC Consulting guides and delivers revolutionary thinking to help clients realize their ambitions in an information economy. EMC Consulting drives execution for its clients, including more than half of the Global Fortune 500 companies, to transform information into actionable strategies and tangible business results. CONTACT US For more information, visit www.emc.com/ consulting, or contact your local EMC Consulting representative. EMC 2, EMC, RSA, the RSA logo, the EMC logo, and where information lives are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Copyright 2010 EMC Corporation. All rights reserved. Published in the USA. 11/10 Service Overview H7254 EMC Corporation Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.emc.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information