Beruflich Dokumente
Kultur Dokumente
IN A COMPLEX ENVIRONMENT
7 MARCH 2019
WELCOME To receive your
CPE Credit:
1. Complete 3 Attendance
Audio is streamed over your computer. Checkpoints
or
Milt Rosberg
John Connors
VP of Technology
Subjects:
• Board Expectations
• Stakeholder Discussion
• Compromise Impact
• Q &A
Board Assurances - Are We Safe - All Good ?
• BOD asks stakeholders
• Meeting Regulations
• Improve Efficiency
• Avoid Penalties
Vanguard Integrity Professionals -2019 Nevada All Rights Reserved Image source: Twitter
Recognizing a Legitimate Concern
2017 2018
5,579,438 total vs 15,085,302 total = 37% Increase
Average 35% of all corporate hacks were from knows users from
inside the company.
Vanguard Integrity Professionals -2019 Nevada All Rights Reserved Source: IBM Knowledge Base
VANGUARD MEETS COMPLIANCE CHALLENGES
KNOWN
USER
with
Permissions KNOWN
USER
with
Permissions KNOWN
KNOWN USER
with
USER KNOWN Permissions
with USER Network Perimeter KNOWN KNOWN
Permissions
with USER USER
Permissions with with
Permissions Permissions
KNOWN
USER
with
KNOWN
USER
ACCESS
Permissions with KNOWN KNOWN
Permissions USER
with
CONTROL USER
with
Permissions Permissions
LIBRARY
35% of all attacks in KNOWN
USER
2018 were from with
KNOWN Permissions
insiders/known users USER
with
Permissions
KNOWN USERS
• Human users with assigned unique alpha numeric ID
• Stakeholders give known users access permissions
Vanguard Integrity Professionals -2019 Nevada All Rights Reserved
VANGUARD COMPLIANCE SOLUTION
KNOWN
USER
with
KNOWN
Permissions
USER
with
Permissions
APF/ACL
HUMAN CLEAR OF ANY
USER UNAUTHORIZED
USER IDs
INSTALL
Q’s
VERIFIES LIST SCANS
OF USER IDs LIBRARIES TO FINDS GAPS AND
ALLOWED VERIFY WHO IS UNAUTHORIZED
COLLECT ACCESS BY A CURRENT USER IDs AND
DATA THE COMPANY MATCH REMEDIATES
System B System C
System A System D
System A System B
System C System D
Web Interface
Systems Checks
Milt Rosberg
Milton.Rosberg@go2vanguard.com
info@go2vanguard.com
702.794.0014 x 320
This training content (“content”) is provided to you without warranty, “as is” and “with all
faults”. ISACA makes no representations or warranties express or implied, including
those of merchantability, fitness for a particular purpose or performance, and non-
infringement, all of which are hereby expressly disclaimed.
You assume the entire risk for the use of the content and acknowledge that: ISACA has
designed the content primarily as an educational resource for IT professionals and
therefore the content should not be deemed either to set forth all appropriate
procedures, tests, or controls or to suggest that other procedures, tests, or controls that
are not included may not be appropriate; ISACA does not claim that use of the content
will assure a successful outcome and you are responsible for applying professional
judgement to the specific circumstances presented to determining the appropriate
procedures, tests, or controls.
Copyright © 2018 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This webinar may not be used, copied, reproduced,
modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).
THANK YOU FOR
ATTENDING THIS
WEBINAR