• No results found

How To Get Your Computer To Comply With Pca

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Get Your Computer To Comply With Pca"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Assessing PCI Compliance

with EMC Software Solutions

Assessing PCI Compliance

with EMC Software Solutions

Glenn O’Donnell

Principal Product Marketing Manager

Resource Management Software Group

Email:

[email protected]

Service Management Soapbox Blog:

(2)

Automate Your PCI

Compliance Initiatives

2 © Copyright 2007 EMC Corporation. All rights reserved.

Automate Your PCI

Compliance Initiatives

Scott Crawford

Enterprise Management Associates

Glenn O’Donnell

EMC Corporation

Pete Cruz

EMC Voyence

(3)

EMC Products and Solutions for Compliance

SAN Advisor and other products

Storage domain

More news coming in early 2008

IT Compliance Analyzer –

IT Compliance Analyzer –

Application Edition

Application domain

RSA has many products

and services

Now leveraging EMC tools

…and now Voyence!

Network domain

ITCA-AE

(4)

EMC IT Compliance Analyzer—Application Edition

Automated, ongoing discovery in real time

Leverages power of EMC Smarts Application Discovery Manager

§ Configurations

§ Changes

§ Interdependencies

Policy-based Application Validation for IT Compliance

4 © Copyright 2007 EMC Corporation. All rights reserved.

§ Interdependencies

Performs analysis to determine application configuration validation

Provides continuous analysis for ongoing IT compliance

Policy-based management

User-defined policies (internal governance)

Preconfigured policy templates (external regulatory – including PCI)

(5)

EMC IT Compliance Analyzer—Application Edition

A proactive approach to IT compliance

Run “what if…” scenarios

Address compliance violations before other

problems occur

Key Benefits

Simplifies the application of internal and

external IT compliance requirements

Helps ensure that third-party audits go

smoothly

Roll out new applications with confidence

Gauge the impact of planned

(6)

IT Compliance Analyzer—Structure

IT Compliance Analyzer is

packaged as an appliance

– Just like Smarts Application

Discovery Manager, but separate

– Accelerates time to value

The configuration management

CMDB /MDR

6 © Copyright 2007 EMC Corporation. All rights reserved.

The configuration management

database (CMDB) for V1.0 is

EMC Smarts Application

Discovery Manager

– Future versions will expand this

Policies:

– Initial release includes policy template for PCI compliance

– A community development model is being considered for policies

Configurations and application

dependencies

(7)
(8)

Policy Rule Examples

Check that there’s at least one DNS server configured

in Chicago at all times

Check that all Oracle DB servers used for the

Inventory

8 © Copyright 2007 EMC Corporation. All rights reserved. 8

Inventory

application have 2 CPUs and ≥ 4 GB of memory

Check that all SAP servers used for General Ledger

run in a cluster

(9)

VoyenceControl

Automates Network Compliance,

Change and Configuration

Management

Network Discovery and

Configuration Repository

Configuration Repository

Enforces Standard’s Based

Network Change Processes

Enforces Standards and Policies

for Network Compliance

(10)

VoyenceControl PCI Advisor

Maps Voyence

Solutions to PCI DSS

Requirements

Dashboards and reports

to help IT carry out

10 © Copyright 2007 EMC Corporation. All rights reserved.

to help IT carry out

compliance processes

on a daily basis

Provides the auditor

with printable

documentation

(11)

VC PCI Advisor – Supporting the Compliance Process

Plan

How should we use VoyenceControl to enable PCI compliance?

Audit

Give us all documentation necessary to validate that

Maintain

What do we need to do today to continue to be

Review

Do we still have adequate processes and policies in place to enable compliance

with all applicable PCI requirements?

necessary to validate that the stated processes and policies are being enforced.

(12)

Automating PCI DSS Requirement Compliance

PCI Requirement

IT Compliance Analyzer

VoyenceControl

Build and Maintain a Secure Network

1.0 Install and maintain

firewall configuration

















2.0 Avoid vendor-supplied

















12 © Copyright 2007 EMC Corporation. All rights reserved.

Application Domain

Network Domain

2.0 Avoid vendor-supplied

default settings

















Protect Cardholder Data

3.0 Protect stored

card holder data









4.0 Encrypt data across

(13)

Automating PCI DSS Requirement Compliance

PCI Requirement

IT Compliance Analyzer

VoyenceControl

Maintain a vulnerability management program

5.0 Use and regularly update

anti-virus software









6.0 Maintain secure systems

















Application Domain

Network Domain

6.0 Maintain secure systems

and applications

















Implement strong access control measures

7.0 Restrict access to card

holder data









8.0 Assign unique IDs to

those with access









(14)

Automating PCI DSS Requirement Compliance

PCI Requirement

IT Compliance Analyzer

VoyenceControl

Regularly Monitor and Test Networks

10.0 Track access to

resources and data

















11.0 Regularly test security

















14 © Copyright 2007 EMC Corporation. All rights reserved.

Application Domain

Network Domain

11.0 Regularly test security

systems and processes

















Maintain an Information Security Policy

12.0 Maintain an information

(15)

IT Compliance Analyzer

- Application Edition (DEMO)

IT Compliance Analyzer

- Application Edition (DEMO)

Daniel Lanzi

Product Manager

(16)

Contact your local EMC Smarts Sales Representative

Contact EMC Smarts Inside Sales at 866-362-2700

To learn more about how

IT Compliance Analyzer and VoyenceControl

can help you effectively automate PCI compliance initiatives:

16 © Copyright 2007 EMC Corporation. All rights reserved.

Contact EMC Smarts Inside Sales at 866-362-2700

Visit the EMC IT Compliance Analyzer page on emc.com:

http://software.emc.com/products/software_az/

it_compliance_analyzer_application_edition.htm

and Voyence at:

http://www.voyence.com

(17)

References

Download now ( PDF - 17 Page - 1.13 MB )

Related documents

Evaluation of the English version of the Fear of COVID-19 Scale and its relationship with behavior change and political beliefs

To test the concurrent validity, Pearson’s correlations were used to assess the relationship between the FCV-19S and the PVDS (Samples 1 and 2), the WEMWBS (Sample 2), and adherence

Disability, Pension Reform and Early Retirement in Germany

We start the empirical analysis of the relationship between health, DI uptake and labor force participation by showing long-term trends in mortality, other measures of health,

User interface master detail pattern on Android

For this case study, we built a basic application which takes advantage of our framework, MandroiD, for conceiving its graphical UI. The purpose of the application is to

Supporting Cloud Computing with the Virtual Block Store System

Figure 4  VBS Web services architecture  The Volume Delegate module is a Web service running on the volume server, responsible for executing LVM commands for volume and snapshot

The Struggle for Meanings and Power in Tunisia after the Revolution

In Tunisia, an unfortunate effect of the overemphasis on con- sensus and reform in political and historiographic discourse is the tendency to expurgate violence and class struggle

Domains and Network Configuration

Beyond the settings here, the port used for HTTP traffic is controlled by the listen port configured for the server (see Section 5.2: TCP/IP Ports and Protocols), and any

Improving Requirements-Test Alignment by Prescribing Practices that Mitigate Communication Gaps

Even though most of the distance measures we used were found to be relevant, some were less so. In particular, for the cognitive aspects of technical skill and organisational

NEW HIRE ORIENTATION CHECKLIST

[r]