SlideShare una empresa de Scribd logo

2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf

ControlCase
ControlCase

Data Protection by Design

Internet
1 de 27
Descargar para leer sin conexión
WEBINAR: DATA PROTECTION BY DESIGN THE MULTICERT WAY YOUR IT COMPLIANCE PARTNER GO BEYOND THE CHECKLIST
ASHISH KIRTIKAR President, UK ControlCase Ashish is responsible for handling the HITRUST and CSP verticals and ensures efficient and quality delivery of services to clients in the Healthcare sector and beyond. In addition, he is also responsible for sales and execution of business for the Europe and UK regions. Ashish has over 13 years of experience and proficiency in Information and Network Security, Information Risk Management, Cyber Security, Resilience, Security Architecture Designing, Information Security Audit and Governance having handled clients across the globe. He has handled the entire gamut of project management functions related to Cyber Security/Information Security Operations across Banking, Financial, Insurance, Telecom, and IT Services and Industries. Ashish has functioned as a speaker and trainer on various Information Security Topics globally and writes online articles/blogs covering topics of Information Security and Leadership. He has a Bachelor’s Degree in Computer Science from Mumbai University and has completed a management program from the Indian School of Business and National University of Singapore. Our Speaker © ControlCase. All Rights Reserved. 2
Agenda © ControlCase. All Rights Reserved. 3 1. ControlCase Introduction 2. Data Protection by Design 3. The Multi-cert Way to Data Protection 4. Multi-cert Common Challenges 5. One Audit™ Assess Once, Comply to Many
CONTROLCASE INTRODUCTION 1 © ControlCase. All Rights Reserved. 4
ControlCase Snapshot © ControlCase. All Rights Reserved. 5 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution © ControlCase. All Rights Reserved. 6 I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center Certification & Continuous Compliance Services “
Certification Services © ControlCase. All Rights Reserved. 7 PCI DSS ISO 27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS One Audit™ Assess Once. Comply to Many. “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
DATA PROTECTION BY DESIGN 2 © ControlCase. All Rights Reserved. 8
DATA IS THE NEW OIL What is Data Protection by Design? © ControlCase. All Rights Reserved. 9
What is Data Protection by Design? © ControlCase. All Rights Reserved. 10 DATA PROTECTION = PRIVACY DATA PROTECTION = SECURITY DATA PROTECTION = PRIVACY + SECURITY animate
Data protection by design is an approach that ensures data protection requirements are considered at the design phase of any system, service, product or process and then throughout the lifecycle. ICO UK has recommended this approach to be considered for effective GDPR implementation. This approach helps in having a proactive outlook towards data protection instead of a reactive one. This helps strategize whether a detective, preventive or deterrent control needs to be implemented for overall security / protection as well as effective business operability for any system, service, product or process. What is Data Protection by Design? © ControlCase. All Rights Reserved. 11
THE MULTI-CERT WAY TO DATA PROTECTION 3 © ControlCase. All Rights Reserved. 12
Why Multi-cert? © ControlCase. All Rights Reserved. 13 In today’s world multiple certifications/regulations have been enforced for the security and privacy of data. Some cover specific datasets, overall security posture, or they may be specific to privacy requirements. A multi-cert approach acts like a tongue and groove joint, where controls which are not covered in one certification are covered in other thus giving a wholistic implementation. This assists in organization’s achieve an effective implementation of ‘Defense in Depth’, methodology which can provide deep Data Protection.
Multi-cert Way For Example: consider the following certifications, which are seen in the UK / Europe region © ControlCase. All Rights Reserved. 14 Payment Card Industry Data Security Standard (PCI DSS) Established by leading payment card issuers - Guidelines for securely processing, storing, or transmitting payment card account data. GDPR General Data Protection Regulation is a regulation in EU / UK law on data protection and privacy in the UK / European Union and the European Economic Area. It was adopted in 2016 and enforceable since 2018. ISO 27001/ISO 27002 - ISO 27001 The management framework for implementing information security within an organization. ISO 27002 are the detailed controls from an implementation perspective. SOC 2 Created by the American Institute of Certified Public Accountants (AICPA) to fill the gap for organizations that were being requested to have a SAS 70 (now SSAE 18). The purpose of a SOC 2 report is to evaluate an organization’s information systems relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
Multi-Cert Way – Data Protection by Design © ControlCase. All Rights Reserved. 15 The multi-cert approach provides an integrated way of compliance and data protection implementation by covering the multiple aspects to the right. All the regulations mentioned in the earlier slide, have a very important parameter which talks of security / privacy as a part of the organizational lifecycle. This when implemented in an integrated manner helps achieve Data Protection by Design. Compliance Management Policy Management Vendor / Third Party Management Asset and Vulnerability Management Logging and Monitoring Change Management Incident and Problem Management Data Management Risk Management Business Continuity Management HR Management Physical Security Compliance Project Management
INDUSTRY REGULATION Business Process Organizations (BPOs) GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Payments GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Financial Services GDPR, PCI DSS, PSD-2, ISO 27001, Cyber Essentials (UK) Critical Infrastructure GDPR, NIS-1 / NIS-2, ISO27001, Cyber Essentials plus (UK) Common Regulations by Region / Industry © ControlCase. All Rights Reserved. 16
MULTI-CERT COMMON CHALLENGES 4 © ControlCase. All Rights Reserved. 17
Multi-cert Common Challenges © ControlCase. All Rights Reserved. 18 Redundant Efforts Cost Inefficiencies Lack of Compliance Dashboard Fixing of Dispositions Change in Environment Reliance on Third Parties Increased Regulations Reducing Budgets (Do more with less)
ONE AUDIT™ ASSESS ONCE, COMPLY TO MANY 5 © ControlCase. All Rights Reserved. 19
ControlCase Solution – One Audit™ © ControlCase. All Rights Reserved. 20 One Audit™ Assess Once. Comply to Many. ? No. Topic Question ControlCase Integrated Standard PCI DSS 3.2.1 ISO 27001 HIPAA SOC2 4 Scoping Provide your asset list, a list of the software, databases, data storage locations, Sample Sets and other related data elements. CC4 X X X X 28 Data Encryption at rest Provide the following for all filesystems, databases and any backup media: • Details on the method (encryption, hashing, truncation, tokenization) being used to protect covered information in storage • Evidence (screenshots or settings) showing covered information is protected. For encryption method, please share the evidence of it's associated key management. • Documented description of the cryptographic architecture that includes: 1. Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date 2. The function of each key used in the cryptographic architecture. 3. Inventory of any HSMs and other secure cryptographic devices (SCD) used for key management (to be provided in inventory as part of Q4). CC37 X X X X 44 Logical Access Provide the organizational access control policy. CC63 X X X X 50 Logical Access For all assets identified in the sample provide evidence of logical access account and password features to include: CC69 X X X X 67 Logging and Monitoring For the sample, provide the audit log policy settings. CC95 X X X 67 77 Security Testing Provide external penetration test reports for network and application layer. CC115 X X X 77
Compliance Evidence Overlap © ControlCase. All Rights Reserved. 21 Regulation(s) Completed Other Regulation status based on questions overlap PCI SOC 2 ISO 27001 HIPAA 100% Complete 49.1% (84) Complete 67% (77) Complete 76.1% (54) Complete 50.9% (87) No Evidence Uploaded 33% (38) No Evidence Uploaded 23.9% (17) No Evidence Uploaded
Assisted by Automation © ControlCase. All Rights Reserved. 22 ACE • Automated Compliance Engine • Can collect evidence such as configurations remotely CDD • Data Discovery Solution • Can scan end user workstations for card data 1 2
Compliance & Certification Time Savings © ControlCase. All Rights Reserved. 23 1,600 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 350 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 2,200 hrs. total time spent on compliance & certification using another auditor* 950 hrs. total time spent on compliance & certification by partnering with ControlCase* * Based on 1 environment with 4 parallel certifications (PCI, ISO, SOC2, HIPAA).
Three Key Areas of Focus © ControlCase. All Rights Reserved. 24 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays.
Summary – Why ControlCase © ControlCase. All Rights Reserved. 25 They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company “
QUESTIONS & ANSWERS 6 © ControlCase. All Rights Reserved. 26
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com

Recomendados

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
Shanmugavel Sankaran
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
automatskicorporation
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
Redazione InnovaPuglia
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
SafeNet
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
Niklas Hjorthen
 

Recomendados

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
Shanmugavel Sankaran
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
automatskicorporation
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
Redazione InnovaPuglia
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
SafeNet
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
Niklas Hjorthen
 
MEDS
MEDSMEDS
MEDS
mielmarketing
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Karina Matos
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
kpatrickwheeler
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
Syed Azher
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
sohailAhmad304
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
David Walker
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
ControlCase
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
Anil Kr. Dubey ISP ISLA CIISA ACSA CEH CIWSA CCNA MCSA
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
RapidScale
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
Omar Khawaja
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
Randy B.
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 

Más contenido relacionado

Similar a 2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf

How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
Samuel Loomis
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
Randy B.
 

Similar a 2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf (20)

MEDS
MEDSMEDS
MEDS
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 

Más de ControlCase

Más de ControlCase (20)

PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 

Último

Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
roncy bisnoi
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
Escorts Call Girls
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
SUHANI PANDEY
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
Escorts Call Girls
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 

Último (20)

Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
Call Girls Sangvi Call Me 7737669865 Budget Friendly No Advance BookingCall G...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 

2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf

  • 1. WEBINAR: DATA PROTECTION BY DESIGN THE MULTICERT WAY YOUR IT COMPLIANCE PARTNER GO BEYOND THE CHECKLIST
  • 2. ASHISH KIRTIKAR President, UK ControlCase Ashish is responsible for handling the HITRUST and CSP verticals and ensures efficient and quality delivery of services to clients in the Healthcare sector and beyond. In addition, he is also responsible for sales and execution of business for the Europe and UK regions. Ashish has over 13 years of experience and proficiency in Information and Network Security, Information Risk Management, Cyber Security, Resilience, Security Architecture Designing, Information Security Audit and Governance having handled clients across the globe. He has handled the entire gamut of project management functions related to Cyber Security/Information Security Operations across Banking, Financial, Insurance, Telecom, and IT Services and Industries. Ashish has functioned as a speaker and trainer on various Information Security Topics globally and writes online articles/blogs covering topics of Information Security and Leadership. He has a Bachelor’s Degree in Computer Science from Mumbai University and has completed a management program from the Indian School of Business and National University of Singapore. Our Speaker © ControlCase. All Rights Reserved. 2
  • 3. Agenda © ControlCase. All Rights Reserved. 3 1. ControlCase Introduction 2. Data Protection by Design 3. The Multi-cert Way to Data Protection 4. Multi-cert Common Challenges 5. One Audit™ Assess Once, Comply to Many
  • 5. ControlCase Snapshot © ControlCase. All Rights Reserved. 5 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 6. Solution © ControlCase. All Rights Reserved. 6 I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center Certification & Continuous Compliance Services “
  • 7. Certification Services © ControlCase. All Rights Reserved. 7 PCI DSS ISO 27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS One Audit™ Assess Once. Comply to Many. “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
  • 8. DATA PROTECTION BY DESIGN 2 © ControlCase. All Rights Reserved. 8
  • 9. DATA IS THE NEW OIL What is Data Protection by Design? © ControlCase. All Rights Reserved. 9
  • 10. What is Data Protection by Design? © ControlCase. All Rights Reserved. 10 DATA PROTECTION = PRIVACY DATA PROTECTION = SECURITY DATA PROTECTION = PRIVACY + SECURITY animate
  • 11. Data protection by design is an approach that ensures data protection requirements are considered at the design phase of any system, service, product or process and then throughout the lifecycle. ICO UK has recommended this approach to be considered for effective GDPR implementation. This approach helps in having a proactive outlook towards data protection instead of a reactive one. This helps strategize whether a detective, preventive or deterrent control needs to be implemented for overall security / protection as well as effective business operability for any system, service, product or process. What is Data Protection by Design? © ControlCase. All Rights Reserved. 11
  • 12. THE MULTI-CERT WAY TO DATA PROTECTION 3 © ControlCase. All Rights Reserved. 12
  • 13. Why Multi-cert? © ControlCase. All Rights Reserved. 13 In today’s world multiple certifications/regulations have been enforced for the security and privacy of data. Some cover specific datasets, overall security posture, or they may be specific to privacy requirements. A multi-cert approach acts like a tongue and groove joint, where controls which are not covered in one certification are covered in other thus giving a wholistic implementation. This assists in organization’s achieve an effective implementation of ‘Defense in Depth’, methodology which can provide deep Data Protection.
  • 14. Multi-cert Way For Example: consider the following certifications, which are seen in the UK / Europe region © ControlCase. All Rights Reserved. 14 Payment Card Industry Data Security Standard (PCI DSS) Established by leading payment card issuers - Guidelines for securely processing, storing, or transmitting payment card account data. GDPR General Data Protection Regulation is a regulation in EU / UK law on data protection and privacy in the UK / European Union and the European Economic Area. It was adopted in 2016 and enforceable since 2018. ISO 27001/ISO 27002 - ISO 27001 The management framework for implementing information security within an organization. ISO 27002 are the detailed controls from an implementation perspective. SOC 2 Created by the American Institute of Certified Public Accountants (AICPA) to fill the gap for organizations that were being requested to have a SAS 70 (now SSAE 18). The purpose of a SOC 2 report is to evaluate an organization’s information systems relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
  • 15. Multi-Cert Way – Data Protection by Design © ControlCase. All Rights Reserved. 15 The multi-cert approach provides an integrated way of compliance and data protection implementation by covering the multiple aspects to the right. All the regulations mentioned in the earlier slide, have a very important parameter which talks of security / privacy as a part of the organizational lifecycle. This when implemented in an integrated manner helps achieve Data Protection by Design. Compliance Management Policy Management Vendor / Third Party Management Asset and Vulnerability Management Logging and Monitoring Change Management Incident and Problem Management Data Management Risk Management Business Continuity Management HR Management Physical Security Compliance Project Management
  • 16. INDUSTRY REGULATION Business Process Organizations (BPOs) GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Payments GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Financial Services GDPR, PCI DSS, PSD-2, ISO 27001, Cyber Essentials (UK) Critical Infrastructure GDPR, NIS-1 / NIS-2, ISO27001, Cyber Essentials plus (UK) Common Regulations by Region / Industry © ControlCase. All Rights Reserved. 16
  • 18. Multi-cert Common Challenges © ControlCase. All Rights Reserved. 18 Redundant Efforts Cost Inefficiencies Lack of Compliance Dashboard Fixing of Dispositions Change in Environment Reliance on Third Parties Increased Regulations Reducing Budgets (Do more with less)
  • 19. ONE AUDIT™ ASSESS ONCE, COMPLY TO MANY 5 © ControlCase. All Rights Reserved. 19
  • 20. ControlCase Solution – One Audit™ © ControlCase. All Rights Reserved. 20 One Audit™ Assess Once. Comply to Many. ? No. Topic Question ControlCase Integrated Standard PCI DSS 3.2.1 ISO 27001 HIPAA SOC2 4 Scoping Provide your asset list, a list of the software, databases, data storage locations, Sample Sets and other related data elements. CC4 X X X X 28 Data Encryption at rest Provide the following for all filesystems, databases and any backup media: • Details on the method (encryption, hashing, truncation, tokenization) being used to protect covered information in storage • Evidence (screenshots or settings) showing covered information is protected. For encryption method, please share the evidence of it's associated key management. • Documented description of the cryptographic architecture that includes: 1. Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date 2. The function of each key used in the cryptographic architecture. 3. Inventory of any HSMs and other secure cryptographic devices (SCD) used for key management (to be provided in inventory as part of Q4). CC37 X X X X 44 Logical Access Provide the organizational access control policy. CC63 X X X X 50 Logical Access For all assets identified in the sample provide evidence of logical access account and password features to include: CC69 X X X X 67 Logging and Monitoring For the sample, provide the audit log policy settings. CC95 X X X 67 77 Security Testing Provide external penetration test reports for network and application layer. CC115 X X X 77
  • 21. Compliance Evidence Overlap © ControlCase. All Rights Reserved. 21 Regulation(s) Completed Other Regulation status based on questions overlap PCI SOC 2 ISO 27001 HIPAA 100% Complete 49.1% (84) Complete 67% (77) Complete 76.1% (54) Complete 50.9% (87) No Evidence Uploaded 33% (38) No Evidence Uploaded 23.9% (17) No Evidence Uploaded
  • 22. Assisted by Automation © ControlCase. All Rights Reserved. 22 ACE • Automated Compliance Engine • Can collect evidence such as configurations remotely CDD • Data Discovery Solution • Can scan end user workstations for card data 1 2
  • 23. Compliance & Certification Time Savings © ControlCase. All Rights Reserved. 23 1,600 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 350 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 2,200 hrs. total time spent on compliance & certification using another auditor* 950 hrs. total time spent on compliance & certification by partnering with ControlCase* * Based on 1 environment with 4 parallel certifications (PCI, ISO, SOC2, HIPAA).
  • 24. Three Key Areas of Focus © ControlCase. All Rights Reserved. 24 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays.
  • 25. Summary – Why ControlCase © ControlCase. All Rights Reserved. 25 They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company “
  • 26. QUESTIONS & ANSWERS 6 © ControlCase. All Rights Reserved. 26
  • 27. THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com