Bob CordiscoSystems EngineerBob.Cordisco@netwrix.com

Succeed inISO/IEC 27001 Audit Checks

How to Ask Questions

Type your question here

Click “Send”

Agenda

Why compliance is important

What ISO/IEC 27001 is

ISO/IEC 27001 compliance benefits

Meeting specific ISO requirements with Netwrix

Q&A

Why Compliance is Important

TIME UNTIL GDPR ENFORCEMENT

525 DAYS

2013 – Target: $3.6 – 12 billion (estimated)

2015 – Anthem: 78.8 million entries

2016 – Red Cross: 1.28 million donor records

2016 – Panama Papers: 2.6 terabytes of information drawn from Mossack Fonseca’s internal database

ISO/IEC 27001

ISO/IEC 27001, like any other compliance standard, is aimed to protect

private and sensitive data and to prevent security breaches. It provides

guidance and details on how to establish, implement, maintain, and

continuously improve an information security management system (ISMS).

o applicable to organisations across all industries

o contains the best information security practices

o originally came from BS 7799 standard published by BSI Group

o BSI Group is Netwrix customer

ISO Compliance Benefits

© BSI Group BSI/UK/842/SC/0416/EN/BLD*Source: BSI Benefits survey - BSI clients were asked which benefits they obtained from IS/IEC 27001:2013

Meet Specific ISO Requirements

ISO/IEC 27002:2013 has 14 security control sections containing a total of

35 main security categories and 114 controls.

Netwrix Auditor is designed to help with:

A. 9: Access Control

A. 13: Communication Security

A. 16: Information Security Incident Management

A. 17: Information Security Aspects of Business Continuity Management

A. 18: Compliance

Meet Specific ISO Requirements

Netwrix Auditor helps indirectly with:

A. 6: Organisation of Information Security

A. 7: Human Resource Security

A. 12: Operations Security

A. 14: System Acquisition, Development and Maintenance

A. 15: Supplier Relationships

A. 9: Access Control

Objective:

o to control access to information

o to prevent unauthorized access to information systems

o to prevent compromise or theft of data

Controls:

9.2.1 User registration and de-registration

9.2.3 Management of privileged access rights

9.3.1 Use of secret authentication information

9.4.2 Secure log-on procedures

9.4.3 Password management system

A. 13: Communication Security

Objective:

o to ensure the protection of information in networks

o to maintain the security of information transferring

Controls:

13.1.1 Network controls Audit authorization and access procedures for

discrepancies

13.1.3 Segregation in networks

13.2.1 Information transfer policies and procedures

A. 16: Security Incident Management

Objective:

o to ensure effective approach to security incidents management

o to have personnel trained and equipped to report and respond

Controls:

16.1.2 Reporting information security events

16.1.4 Assessment of and decision on information security events

16.1.5 Response to information security incidents

16.1.7 Collection of evidence

A. 17: Business Continuity Management

Objective:

o to ensure the continuity of operations under extraordinary

circumstances

Controls:

17.1.2 Implementing information security continuity

17.1.3 Verify, review and evaluate information security continuity

A. 18: Compliance

Objective:

o to avoid breaches of legal, statutory or regulatory

Controls:

18.1.3 Protection of records

18.1.4 Privacy and protection of personally identifiable information

18.2.2 Compliance with security policies and standards

18.2.3 Technical compliance review

Achieve ISO Compliance with Netwrix

Strengthen security of data by auditing your IT systems

Achieve ISO Compliance with Netwrix

Streamline certification audits with our-of-the-box compliance reports

Achieve ISO Compliance with Netwrix

Quickly answer detailed questions from auditors

Achieve ISO Compliance with Netwrix

Enable long-term audit data archiving to ensure continuous compliance

Real Case Study

Customer: The Football Pools

Industry: Entertainment

The challenge: to evidence to auditors that all changes and access to SQL

databases are monitored according to the requirements of the UK Gambling

Commission, which are based on ISO/IEC 27001 standard

Key benefits:

o Proof of Compliance with ISO/IEC 27001

o Less time and effort required to pass audit checks

o Reduced risk of data loss and downtime

o Video recording of every remote DBA session

Real Case Study

Netwrix Auditor Platform

Netwrix Auditor

A visibility and governance platform that enables control over

changes, configurations, and access in hybrid cloud IT environments by

providing security analytics to detect anomalies in user behavior and

investigate threat pattern before a data breach occurs.

Netwrix Auditor Benefits

Relieves IT departments of manual

crawling through weeks of log data

to get the information about who

changed what, when and where

and who has access to what.

Detect Data Security Threats – On Premises

and in the Cloud

Pass Compliance Audits with Less Effort and

Expense

Increase the Productivity of Security and Operations Teams

Bridges the visibility gap by

delivering security analytics about

critical changes, state of

configurations and data access in

hybrid cloud IT environments and

enables investigation of suspicious

user behavior.

Provides the evidence required to

prove that your organization’s IT

security program adheres to PCI

DSS, HIPAA, HITECH, SOX,

FISMA/NIST800-53, COBIT, ISO/IEC

27001 and other standards.

Netwrix Auditor Applications

Netwrix Auditor for Active Directory

Netwrix Auditor for Windows File Servers

Netwrix Auditor for Windows Server

Netwrix Auditor for VMware

Netwrix Auditor for Exchange

Netwrix Auditor for SQL Server

Netwrix Auditor for SharePoint

Netwrix Auditor for Office 365

Netwrix Auditor for NetApp

Netwrix Auditor for EMC

Netwrix Auditor for Azure AD

Netwrix Auditor for Oracle Database

Netwrix Customers

GA

Financial

Healthcare & Pharmaceutical

Federal, State, Local, Government

Industrial/Technology/Other

About Netwrix Corporation

Year of foundation:

2006

Headquarters location:

Irvine, California

Global customer base:

over 7000

Recognition:

Among the fastest growing software companies in the US with 95 industry awards from Redmond Magazine, SC Magazine, Windows IT Pro and others

Awards

All awards: www.netwrix.com/awards

Read more about ISO netwrix.com/ISO_IEC_Compliance

Free Trial: setup in your own test environment:

On-premises: netwrix.com/freetrial

Virtual: netwrix.com/go/appliance

Cloud: netwrix.com/go/cloud

Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive

Live Demo: product tour with Netwrix expert netwrix.com/livedemo

Contact Sales to obtain more information netwrix.com/contactsales

Webinars: join our upcoming webinars and watch the recorded sessions

netwrix.com/webinars

netwrix.com/webinars#featured

Next Steps

Thank You!

Q&A