Más contenido relacionado La actualidad más candente (20) Similar a The Trick to Passing Your Next Compliance Audit (20) The Trick to Passing Your Next Compliance Audit1. Modern Software Factory for Mainframe
The Trick to Passing
Your Next Compliance
Audit
What will you say when an auditor comes
knocking on your door?
2. © 2018 CA All rights reserved.
Stuart McIrvine
VP of Product Management
CA Technologies
Today’s Speakers
Mike Vizard
IT Editor
SecurityBoulevard.com
2
3. © 2018 CA All rights reserved.
Your Mainframe is at Risk
3
“Big iron is still very secure…unfortunately we have this thing called people that
surround the mainframe.” – Patrick Gray, Ex FBI Security Agent
People
Insider threats range from malicious users to
well-intentioned employees making a
mistake.
Data
70% of today’s corporate data – including
sensitive and regulated data like PII – reside
on the mainframe.
Systems
The mainframe is increasingly connected
into the digital economy – applications,
mobile devices, Big Data.
SecuretheMainframe
4. © 2018 CA All rights reserved.
Question 1
4
Does your organization have formal processes in place to secure
mainframe data from internal threats?
A. Yes
B. No
C. It’s a work in progress
D. I don’t know
5. © 2018 CA All rights reserved.
Who are the involved parties?
GDPR UK Data Protection
Act 1998
PCI DSS EU-U.S. Privacy
Shield
• Prove that data is being
protected
• Appoint a Data
Protection Officer
• Fines of 4% of annual
turnover
• Information
Commissioners Office
• Wide scope
• Consent
• Cross-industry
• Protect stored cardholder
data
• Encrypt transmissions
• Maintain InfoSec policy
• U.S. Department of
Commerce and
European Commission
• Individual choice &
control
• Security
The Regulatory Ecosystem
5
Know which regulations
apply to your business.
6. © 2018 CA All rights reserved.
Question 2
6
Which of the following mandates apply to your organization? (Check
all that apply)
GDPR
HIPAA
PCI DSS
SOX
FIPS-42
7. © 2018 CA All rights reserved.
Fundamentals of Regulatory Readiness
7
1
How do you
prepare for an
audit?
2
What tips do you
suggest to
organizations
trying to achieve
regulatory
readiness?
3
What common
mistakes do
organizations
make?
8. © 2018 CA All rights reserved.
Data Discovery
Take appropriate measures to locate,
classify, and protect critical data.
Automation
Manage risk with on-demand security
incident reporting and event forwarding.
Access Control
Effectively manage privileged users
and secure sensitive information.
Best Practices for Achieving Compliance
8
9. © 2018 CA All rights reserved.
Question 3
9
What is the state of mainframe data management within your
organization?
A. We know where all our sensitive mainframe data resides.
B. We know where most of our sensitive mainframe data resides.
C. We know where some of our sensitive mainframe data resides.
D. We don’t know where our sensitive mainframe data resides.
10. © 2018 CA All rights reserved.
Idea Flexibility AbilityCross-Enterprise
Collaboration
10
Internal
Auditing
Compliance
Budget
Culture of
Compliance
Organizational Structure
11. © 2018 CA All rights reserved.
Question 4
11
Does your organization have a Chief Risk Officer?
A. Yes
B. No
C. We’re evaluating the role
D. I don’t know
12. © 2018 CA All rights reserved.
Gain a Competitive Advantage
12
Cost Reduction Digital Trust RevenueProductivity
14. VP of Product Management
Stuart.McIrvine@ca.com
Stuart McIrvine
@CAmainfrmae
slideshare.net/CAinc
www.ca.com/regulatorycompliance
linkedin.com/company/ca-technologies