Skip to main content

Compliance automation

Get Smart - Get Compliant!

Today IT is no longer considered as a black box that the Management Team can ignore. The stakes surrounding operational security management go beyond an IT departmental management optic and find their true place at the center of the enterprise strategy.

Software solutions for security event log analysis propose tools to cover the complete methodological cycle of security incident management: prevent, detect, confine, enquire, correct and report. Beyond the necessary correlation of alarms, real security log use of enterprise resources to ensure service quality and regulatory compliance. Click&DECiDE delivers real security log management solutions and helps companies close their IT Audit gap.

 

Compliance_WHITE_AuditReady

Security's Role

Security's role in log management is to aim to deliver the following three assurances:

  • Confidentiality
  • Integrity
  • Availability

In the past security was the responsibility of the IT department, today security is enterprise-wide and the CEO and CFO are held responsible for security violations. IT is a key stakeholder on the compliance steering committee. According to ISO 27002 (17799), the Management should express their commitment and clearly define and support the direction of the security policy. We can also clearly observe that recent legislation reflects the dimensions of security at present and over the coming years.

The Regulatory Challenge

Proper log management is critical if your organization is affected by laws and regulations that require the collection and archival of event logs. Audit and control reviews are help annually and quarterly, if not more frequently, to uncover violations of organizational policy or separation of duties, as well as breaches in the use of private or confidential customer or enterprise information.

Due to the increasing concerns over the integrity of today's business data, new regulations have been introduced which reinforce the need for stronger internal control mechanisms. In the US, the Sarbanes-Oxley Act has placed the responsibility for establishing rigorous internal control systems, and Record Management procedures among publicly-quoted companies directly on senior executives.

This development is not restricted to the US or US-quoted companies. Much of the EU corporate governance regulations are creating similar Records Management requirements. International and industrial regulations range from the Sarbanes-Oxley Act (US), Basel II ( Europe), Loi de Sécurité Financière (France), the Tabaksblat Code (Netherlands) to the Revised Corporate Governance Principles in Japan.

Frameworks and standards related to these regulations include: COSO, COBIT and ISO 27002. Some of the most common challenges posed by these regulations and which the above frameworks treat in detail include:

  • How to introduce better Internal Control mechanisms for new regulations?
  • How to define 'who has access to what' within the organization?
  • How to report on current access permissions as needed?
  • How to determine when access permissions were granted and revoked?
  • How to see how access permissions have changed over time?
  • How to comply while keeping cost down?
  • How to comply while supporting current operations?

 

Click&DECiDE 's Solution

Let Click&DECiDE help you comply with these regulations and automate this International necessity.

Your Logs: the compliance regulations are clear concerning the need for log analysis and retention. If companies have a running record of all the events occuring on their networks, they can easily discover what went wrong. This can also aid in following and prosecuting perpetrators.

Your Risk: are you under attack? When a security breach occurs, such as a virus, a worm, a disgruntled employee or even a hacker, Click&DECiDE will pinpoint the breach and distinguish a virus from a hacker and so on.

Your Shared Reports: security is a shared concern. By constantly analyzing logged evnts and keeping a stock of logged events, all your departments, including the IT Security department can generate reports on network activity and security to share the information with Senior Management.