Beruflich Dokumente
Kultur Dokumente
Morris Hicks
Consulting Technical Director
2009 ArcSight, Inc. All rights reserved.
ArcSight and the ArcSight logo are trademarks of ArcSight, Inc. All other product and company names may be trademarks or registered trademarks of their respective owners.
www.arcsight.com
Compliance in a Nutshell
1. Document/define
Business processes
2. Internal controls
Properly defined
Monitored
Enforced
www.arcsight.com
Real-time monitoring
Rapid notification
Intelligent response
Workflow
Documentation
Roadmap
www.arcsight.com
Controls
Frameworks
ISO 27002:2005 (formerly 17799)
NIST SP 800-53
COBIT 4
www.arcsight.com
Areas
Risk
Entity
Access
Access
Chgn Mgmt
Chgn Mgmt
Key
IT3
Control
Control Objectives
Type:
Preventive
Entity - Policies:
Ensure IT has processes and
procedures for performing all
activities in the scope of SOX.
M
Logical security tools,
processes and
techniques are not
implemented and/or
configured to enable
restriction of access to
programs, data, and
other information
resources
M
Logical security tools,
processes and
techniques are not
implemented and/or
configured to enable
restriction of access to
programs, data, and
other information
resources
M
All necessary
modifications to existing
financial application
systems are not
implemented in a timely
manner - specifically a
modification that affects
the financials
Key
Key
Emergency program
changes are not
approved, documented
and implemented timely.
Control
No.
www.arcsight.com
IT4
Preventive
Key
IT10
Key
IT16
Preventive
IT17
Control Activity
Control Owner
Control
Frequency
IT Director
Annually
Manual
IT Policies; Sign-off
document show ing
that policies are
approved; Location
of policies.
As Occurs
Manual
User Access
Request Form;
HelpDesk Ticket.
n/a
Auto
Change Mgmt
SOX related application and
infrastructure changes are tested and Lead
approved by the Business Users or
cross-functionally before they are
applied in the Production environment.
Evidence of approvals are
documented and retained for future
audits.
As Occurs
Manual
Change mgmt
process and policy;
User Acceptance
Test Signoff
approved by
Business Ow ner(s).
As Occurs
Manual
Change Management
Policy; Change
Request Form; Help
Desk Ticket and
Evidence of Approval
Help Desk
IT creates and modifies user
Manager
accounts and/or assigns access
types based on w ritten request from
authorized Business Ow ners.
Window s
System Admin
Change Mgmt
Lead
Control
Setting
Evidence
ArcSight Auditors
ISO 27002-based
Network modeling
Identify regulated systems
Categorize regulated systems
Import active list data
www.arcsight.com
ArcSight Auditors
www.arcsight.com
www.arcsight.com
10
www.arcsight.com
11
Real-time Dashboards
Graphical summary
Highly configurable
www.arcsight.com
12
Reports
Scheduled
On demand
www.arcsight.com
13
Active Channels
Live event collection
Filter
Sort
Drilldown
www.arcsight.com
14
Topic
Use Cases
1-3
Introductory Sections
Not Applicable
Security Overview
Security Policy
Policy Violations
Organization of
Information Security
Reporting on Cases
Asset Management
Human Resources
Security
Physical &
Environmental Security
www.arcsight.com
15
Topic
Use Cases
10
Communications &
Operations
Management
11
Access Control
www.arcsight.com
16
Topic
Use Cases
12
Information Systems
Acquisition,
Development &
Maintenance
Certificate Management
Information Security
Incident Management
Internal Reconnaissance
Business Continuity
Management
Availability
Compliance
13
14
15
Attack Monitoring
Vulnerability Management
Escalated Threats
www.arcsight.com
17
Access monitoring
Configuration management
Audit trail
Network segmentation
www.arcsight.com
18
Use Case
Examples
Section 10 Communications
& Operations
Management
Configuration
Management
Audit Trail
Attacks and
Malicious
Code
www.arcsight.com
19
Use Case
Examples
Section 11
Access
Controls
Administrative
Access
User Access
Unauthorized
Access
www.arcsight.com
20
Use Case
Examples
Section 12
Info-Systems
Acquisition,
Development &
Maintenance
Change
Management
www.arcsight.com
21
Prepackaged content
Auditors
Based on ISO framework
Use case identifier
Best practices
Engagement drivers
Common applications of the technology
Roadmap
www.arcsight.com
22
Maximizing Value
Articulate requirements
Select controls from discussed best practices
Sample control matrix
Audit results (internal/external)
Security assessment results/penetration tests
Security policy & procedures
Interviews with key personnel (PMO, Internal Audit, Compliance,
InfoSec)
Architecture overview
Align resources
Personnel for interviews
System access for technology implementation
www.arcsight.com
23
Training/knowledge transfer
www.arcsight.com
24