简化企业IT合规审计-RSAenVision帮您降低企业控制成本提升安全

简化企业IT合规审计

RSAenVision帮您降低企业内部控制本钱，提升平安总在不断变化的合规环境PCIDSSHIPAAInternalPolicyGLBAHSPD12CSB1386CountryPrivacyLawsSOXEUCDRUKRIPAFISMACOCOMDataSecurityActFACTAEUDataPrivacyFFIECBASELIIC-SOXIRS97-22NERCNISPOMPartnerRulesACSI33NIST800StatePrivacyLaws接下来还有…??

纷繁的&昂贵的IT合规PCIDSSComplianceBaselIIComplianceInternalPolicyComplianceDataPrivacyRegulationCompliancePartnerPolicyComplianceNetworkEndpointApp/DBStorageFS/CMSEncryptionMonitoringAuthenticationPolicyEncryptionMonitoringNACAccessControlAuthenticationLogManagementDataLeakageAccessControlMonitoringAuthenticationMonitoringEncryptionGartner评估认为一个接一个的规章制度，企业连续投入的资源相当与合规平均投入的150%，很大程度上是由于重复劳动!“GartnerforITLeadersOverview:TheITComplianceProfessional.〞FrenchCaldwell.October22,2007基于框架的平安〔Framework-BasedSecurity〕

消除您平安管理中的漏缝FrameworkBasedSolutions 全面的检查清单 控制手段 平安整体视图内部策略框架财务资料个人信息知识产权员工档案补丁式解决方案信用卡数据健康记录基于框架的平安

信息风险管理实现EndpointNetworkApps/DBFS/CMSStorageSensitiveInformationSecurityIncidentsBusinessInitiativesITSystemsRisk企业范围的控制框架Framework-basedsecurityensuresyourorganizationispreparedtocomprehensivelymitigateandmanageinformationrisk持续一致 提供平安根底，实现对数据类似的平安风险采用类似的控制手段进行保护全面整合 确保企业能够采用适当的控制手段进行全面的风险管理以减低风险经济高效缩减冗余控制手段，获取技术投入的最大回报NetworkEndpointApp/DBStorageFS/CMS加密密钥管理加密加密加密加密加密数据防丧失监控,报表,审计PCIDSSComplianceBaselIIComplianceInternalPolicyComplianceDataPrivacyRegulationCompliancePartnerPolicyCompliance身份认证访问控制基于框架的平安合规

实现经济、高效的合规适用于合规的内控平安框架流程根据合规要求，确定IT内控范围根据内控范围进行资产盘点和风险评估执行内部IT审计内控审计报告基于框架的合规流程

RSA&EMCSolutions资产目录&风险评估RSADataLossPreventionRSAProfessionalServicesRSAPartners策略&分级RSAProfessionalServicesRSAPartners发现识别RSADataLossPreventionRSAProfessionalServicesEMCSMARTSADM执行控制框架RSAAuthentication&AuthorizationRSADataSecurityRSAInformationandEventManagementEMCInformationManagementSolutions监控，管理&提升RSAInformationandEventManagementRSAProfessionalServicesRSAPartnersRSAenVision——

3合1的信息事件管理平台ServerEngineeringBusinessOps.ComplianceAuditApplication&DatabaseNetworkOps.RiskMgmt.SecurityOps.DesktopOps.日志管理AnyenterpriseIPdevice–UniversalDeviceSupport(UDS)Nofiltering,normalizing,ordatareductionSecurityevents&operationalinformationNoagentsrequired简化合规AccessControlConfigurationControlMaliciousSoftwarePolicyEnforcementsUserMonitoring&ManagementEnvironmental&TransmissionSecurity提升平安降低风险AccessControlEnforcementSLAComplianceMonitoringFalsePositiveReductionReal-timeAlertsUnauthorizedNetworkServiceDetectionPrivilegedUserMonitoring优化IT运营MonitornetworkassetsTroubleshootnetworkissuesAssistwithHelpdeskoperationsOptimizenetworkperformanceGainvisibilityintouserbehaviorBuildbaselineofnormalnetworkactivityReportAlert/CorrelationIncidentMgmt.LogMgmt.AssetIdent.ForensicsBaselineAlltheDATA

平安审计的目的是：

对重要数据的有效系统控制AnauditorwillwanttoseeallthecriticalpathstowardsfinancialaccountinginformationIDS/IDPlogsVPNlogsFirewalllogsClient&fileserverlogsWindowsdomainloginsOracleFinancialLogsSANfileAccessLogsMainframelogsDatabaseLogsVAScanlogsSwitchlogs3in1日志管理平台——简化合规

RobustAlerting&Reporting内置超过1400+报表模板易于定制已根据标准进行分组,如国家法律(SOX,BaselII,JSOX),行业标准(PCI),最正确实践和标准(ISO27002,ITIL)3in1日志管理平台——提高平安

Supportthe3keyaspectsofSecurityOperations

将实时事件，如平安威胁信息，转换成可执行的数据

创建闭环的事件处理流程SIEMtechnologyprovidesreal-timeeventmanagementandhistoricalanalysisofsecuritydatafromawidesetofheterogeneoussources.Thistechnologyisusedtofilterincidentinformationintodatathatcanbeactedonforthepurposesofincidentresponseandforensicanalysis.

MarkNicolette,Gartner

报告安全管理效果3in1日志管理平台——优化IT和网络运行

异常识别,易于排错EMCCelerraSystemShutdownSystemFailure企业内控合规报表审计RSAenVisionReport:密码变更和过期RSAenVisionReport:操作变更控制RSAenVisionReport:禁用帐号报表

CompliancePackagesRSAenVision内置提供了以下10大类的合规审计报表模板:BASELII

-InternationalConvergenceofCapitalMeasurementandCapitalStandards

Bill198

FederalInformationSecurityManagementAct(FISMA)

Gramm-Leach-BilleyAct(GLBA)

HealthInsurancePortabilityandAccountabilityAct(HIPAA)

ISO27002

NERC

NationalIndustrialSecurityProgramOperatingManual(NISPOM)

PaymentCardIndustry(PCI)DataSecurityStandard

StatementonAuditingStandardsNo.70(SAS70)

Sarbanes-OxleyAct(SOX)

RSAenVision——

3合1的日志管理平台ServerEngineeringBusinessOps.ComplianceAuditApplication&DatabaseNetworkOps.RiskMgmt.SecurityOps.DesktopOps.日志管理AnyenterpriseIPdevice–UniversalDeviceSupport(UDS)Nofiltering,normalizing,ordatareductionSecurityevents&operationalinformationNoagentsrequired简化合规AccessControlConfigurationControlMaliciousSoftwarePolicyEnforcementsUserMonitoring&ManagementEnvironmental&TransmissionSecurity提升平安降低风险AccessControlEnforcementSLAComplianceMonitoringFalsePositiveReductionReal-timeAlertsUnauthorizedNetworkServiceDetectionPrivilegedUserMonitoring优化IT运营Monitornetworkass