How to Ask Questions
Type your question here
Click “Send”
Agenda
Why compliance is important
What ISO/IEC 27001 is
ISO/IEC 27001 compliance benefits
Meeting specific ISO requirements with Netwrix
Q&A
Why Compliance is Important
TIME UNTIL GDPR ENFORCEMENT
525 DAYS
2013 – Target: $3.6 – 12 billion (estimated)
2015 – Anthem: 78.8 million entries
2016 – Red Cross: 1.28 million donor records
2016 – Panama Papers: 2.6 terabytes of information drawn from Mossack Fonseca’s internal database
ISO/IEC 27001
ISO/IEC 27001, like any other compliance standard, is aimed to protect
private and sensitive data and to prevent security breaches. It provides
guidance and details on how to establish, implement, maintain, and
continuously improve an information security management system (ISMS).
o applicable to organisations across all industries
o contains the best information security practices
o originally came from BS 7799 standard published by BSI Group
o BSI Group is Netwrix customer
ISO Compliance Benefits
© BSI Group BSI/UK/842/SC/0416/EN/BLD*Source: BSI Benefits survey - BSI clients were asked which benefits they obtained from IS/IEC 27001:2013
Meet Specific ISO Requirements
ISO/IEC 27002:2013 has 14 security control sections containing a total of
35 main security categories and 114 controls.
Netwrix Auditor is designed to help with:
A. 9: Access Control
A. 13: Communication Security
A. 16: Information Security Incident Management
A. 17: Information Security Aspects of Business Continuity Management
A. 18: Compliance
Meet Specific ISO Requirements
Netwrix Auditor helps indirectly with:
A. 6: Organisation of Information Security
A. 7: Human Resource Security
A. 12: Operations Security
A. 14: System Acquisition, Development and Maintenance
A. 15: Supplier Relationships
A. 9: Access Control
Objective:
o to control access to information
o to prevent unauthorized access to information systems
o to prevent compromise or theft of data
Controls:
9.2.1 User registration and de-registration
9.2.3 Management of privileged access rights
9.3.1 Use of secret authentication information
9.4.2 Secure log-on procedures
9.4.3 Password management system
A. 13: Communication Security
Objective:
o to ensure the protection of information in networks
o to maintain the security of information transferring
Controls:
13.1.1 Network controls Audit authorization and access procedures for
discrepancies
13.1.3 Segregation in networks
13.2.1 Information transfer policies and procedures
A. 16: Security Incident Management
Objective:
o to ensure effective approach to security incidents management
o to have personnel trained and equipped to report and respond
Controls:
16.1.2 Reporting information security events
16.1.4 Assessment of and decision on information security events
16.1.5 Response to information security incidents
16.1.7 Collection of evidence
A. 17: Business Continuity Management
Objective:
o to ensure the continuity of operations under extraordinary
circumstances
Controls:
17.1.2 Implementing information security continuity
17.1.3 Verify, review and evaluate information security continuity
A. 18: Compliance
Objective:
o to avoid breaches of legal, statutory or regulatory
Controls:
18.1.3 Protection of records
18.1.4 Privacy and protection of personally identifiable information
18.2.2 Compliance with security policies and standards
18.2.3 Technical compliance review
Achieve ISO Compliance with Netwrix
Strengthen security of data by auditing your IT systems
Achieve ISO Compliance with Netwrix
Streamline certification audits with our-of-the-box compliance reports
Achieve ISO Compliance with Netwrix
Quickly answer detailed questions from auditors
Achieve ISO Compliance with Netwrix
Enable long-term audit data archiving to ensure continuous compliance
Real Case Study
Customer: The Football Pools
Industry: Entertainment
The challenge: to evidence to auditors that all changes and access to SQL
databases are monitored according to the requirements of the UK Gambling
Commission, which are based on ISO/IEC 27001 standard
Key benefits:
o Proof of Compliance with ISO/IEC 27001
o Less time and effort required to pass audit checks
o Reduced risk of data loss and downtime
o Video recording of every remote DBA session
Real Case Study
Netwrix Auditor Platform
Netwrix Auditor
A visibility and governance platform that enables control over
changes, configurations, and access in hybrid cloud IT environments by
providing security analytics to detect anomalies in user behavior and
investigate threat pattern before a data breach occurs.
Netwrix Auditor Benefits
Relieves IT departments of manual
crawling through weeks of log data
to get the information about who
changed what, when and where
and who has access to what.
Detect Data Security Threats – On Premises
and in the Cloud
Pass Compliance Audits with Less Effort and
Expense
Increase the Productivity of Security and Operations Teams
Bridges the visibility gap by
delivering security analytics about
critical changes, state of
configurations and data access in
hybrid cloud IT environments and
enables investigation of suspicious
user behavior.
Provides the evidence required to
prove that your organization’s IT
security program adheres to PCI
DSS, HIPAA, HITECH, SOX,
FISMA/NIST800-53, COBIT, ISO/IEC
27001 and other standards.
Netwrix Auditor Applications
Netwrix Auditor for Active Directory
Netwrix Auditor for Windows File Servers
Netwrix Auditor for Windows Server
Netwrix Auditor for VMware
Netwrix Auditor for Exchange
Netwrix Auditor for SQL Server
Netwrix Auditor for SharePoint
Netwrix Auditor for Office 365
Netwrix Auditor for NetApp
Netwrix Auditor for EMC
Netwrix Auditor for Azure AD
Netwrix Auditor for Oracle Database
Netwrix Customers
GA
Financial
Healthcare & Pharmaceutical
Federal, State, Local, Government
Industrial/Technology/Other
About Netwrix Corporation
Year of foundation:
2006
Headquarters location:
Irvine, California
Global customer base:
over 7000
Recognition:
Among the fastest growing software companies in the US with 95 industry awards from Redmond Magazine, SC Magazine, Windows IT Pro and others
Awards
All awards: www.netwrix.com/awards
Read more about ISO netwrix.com/ISO_IEC_Compliance
Free Trial: setup in your own test environment:
On-premises: netwrix.com/freetrial
Virtual: netwrix.com/go/appliance
Cloud: netwrix.com/go/cloud
Test Drive: virtual POC, try in a Netwrix-hosted test lab netwrix.com/testdrive
Live Demo: product tour with Netwrix expert netwrix.com/livedemo
Contact Sales to obtain more information netwrix.com/contactsales
Webinars: join our upcoming webinars and watch the recorded sessions
netwrix.com/webinars
netwrix.com/webinars#featured
Next Steps
Thank You!
Q&A