Compliance Measurement in Tenable Security Center

measuring compliance with tenable security center n.w
1 / 32
Embed
Share

Explore the importance of compliance, what it entails, and how to measure it effectively in Tenable Security Center. Learn about the significance of compliance, the standards to comply with, and the methods for measurement. Discover the key steps and considerations in ensuring compliance in various domains such as government, regulatory, and corporate governance.

  • Compliance Measurement
  • Tenable Security Center
  • Regulations
  • Data Security
  • Risk Management
rayaanacharya
asw_ter Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Measuring Compliance with Tenable Security Center Joe Zurba | HUIT IT Summit May 23, 2013

  2. Agenda: Introduction What is compliance and why is it important? What do we need to comply with? What can we measure? How is measurement accomplished? What are the first steps? What are the next steps? Questions 2

  3. Introduction 3

  4. What is Compliance? com pli ance /k m pl ns/ Noun 1. The action or fact of complying with a wish or command. 2. The state or fact of according with or meeting rules or standards. Synonyms agreement - consent - accord - accordance - conformity Compliance means conforming to a rule, such as a specification, policy, standard or law. 4

  5. What is Compliance? com pli ance /k m pl ns/ Noun 1. The action or fact of complying with a wish or command. 2. The state or fact of according with or meeting rules or standards. Synonyms agreement - consent - accord - accordance - conformity Compliance means conforming to a rule, such as a specification, policy, standard or law. 5

  6. Why is Compliance Important? Compliance provides a baseline posture from which we can build more mature process and controls Compliance provides standards Compliance helps to lower risk Compliance helps to improve the quality of work Compliance helps to mitigate potential penalties 6

  7. What Do We Need To Comply With? Depending on where you are within Harvard, you may need to comply with one or several of the following policies/standards: HIPAA FERPA PCI Massachusetts 201 CMR 17 Harvard Information Security Policy Harvard Research Data Security Policy Contractual Obligations 7

  8. What Can We Measure? Government Compliance FISMA, NIST, DISA STIG, CERT Regulatory Compliance HIPAA, Sarbanes-Oxley (SOX), FERPA Corporate (Institutional) Governance, Risk, and Compliance (GRC) Institutional Policy, PCI, ISO 27001 And Harvard Security Policy 8

  9. How Is Measurement Accomplished? Tenable Security Center Vulnerability Scanning Used to measure systems for vulnerabilities in Operating Systems and common applications Uses credentialed scans to unobtrusively log into systems to analyze patch status Tenable Security Center Compliance Scanning Uses industry standard or custom audit files to measure system configurations Uses credentialed scans to unobtrusively log into systems 9

  10. Audit Files 10

  11. Audit Files 11

  12. Audit Files 12

  13. Scan Policy 13

  14. Scan Policy 14

  15. Scan Policy 15

  16. Scan Policy 16

  17. Add a Compliance Scan 17

  18. Add a Compliance Scan 18

  19. Add a Compliance Scan 19

  20. Add a Compliance Scan 20

  21. Analyze The Results 21

  22. Analyze The Results 22

  23. Analyze The Results 23

  24. Analyze The Results 24

  25. Analyze The Results 25

  26. Analyze The Results 26

  27. Analyze The Results 27

  28. What Are The First Steps? Measuring systems that store or process HRCI (PII) against 10 points of the HEISP: Private IP addressing Host-based firewall Vulnerability Scanning and Patching program External logging (Splunk) Active, up-to-date Anti-Virus software Unique credentials, default passwords changed, shared accounts disabled Password length and complexity Brute force credential lock-outs Logging of successful and unsuccessful login attempts 28

  29. What Are The Next Steps? Establish a process for ongoing compliance scanning, reporting and remediation Expand the service offering to comply with other regulatory standards HIPAA PCI Define standard build audit files to scan for deviation 29

  30. Where To Find More Information For this presentation Harvard iSite HUIT IT Security - http://hvrd.me/13CFp4Z ithelp@harvard.edu 617-495-7777 30

  31. Questions 31

  32. Thank you. Joe Zurba | HUIT IT Summit June 6, 2013

Related


Mandatory Vendor Compliance Training & Regulatory Requirements Overview

Mandatory Vendor Compliance Training & Regulatory Requirements Overview

auggie
The Crucial Role of Compliance in Payroll Management Software!

The Crucial Role of Compliance in Payroll Management Software!

PayEaze
Corporate Compliance Program: Ensuring Ethical Practices

Corporate Compliance Program: Ensuring Ethical Practices

tyson
Exploring-Measuring-Tools-for-Accuracy-in-Dubais-Construction-Sector

Exploring-Measuring-Tools-for-Accuracy-in-Dubais-Construction-Sector

sitco
RRH Student Re-Entry Process for Clinical Requests & Compliance

RRH Student Re-Entry Process for Clinical Requests & Compliance

eliel
ADA Compliance and Accessibility for Document Creators

ADA Compliance and Accessibility for Document Creators

charlotte
Electrical Measuring Instruments and Transducers in Engineering

Electrical Measuring Instruments and Transducers in Engineering

olin
Enhancing Compliance Monitoring in South African Public Service

Enhancing Compliance Monitoring in South African Public Service

astoria
Effective Corporate Compliance Program Overview

Effective Corporate Compliance Program Overview

kannon
Post Award Fiscal Compliance: Who We Are and What We Do

Post Award Fiscal Compliance: Who We Are and What We Do

rebeca
NYS Workers' Compensation System Compliance Outreach 2015 Updates

NYS Workers' Compensation System Compliance Outreach 2015 Updates

godric
Essential Kitchen Lab Equipment for Cooking Enthusiasts

Essential Kitchen Lab Equipment for Cooking Enthusiasts

weikert_b
Challenges in Measuring Corruption: Tools, Methodologies, and Solutions

Challenges in Measuring Corruption: Tools, Methodologies, and Solutions

main_ma
Various Types of Precision Measuring Tools

Various Types of Precision Measuring Tools

amilliana
Power Quality Monitoring and Evaluation in Modern Energy Systems

Power Quality Monitoring and Evaluation in Modern Energy Systems

trayton
Importance of Compliance Training in Ensuring Ethical Business Practices

Importance of Compliance Training in Ensuring Ethical Business Practices

amya_9
Measuring Success in Environmental and Health Change Agency

Measuring Success in Environmental and Health Change Agency

nils_197
Compliance and Sustainability Leadership Team Overview

Compliance and Sustainability Leadership Team Overview

kor_mar
Factors Influencing Dairy Farmers' Grass Measuring Technology Adoption

Factors Influencing Dairy Farmers' Grass Measuring Technology Adoption

dal_w
Compliance Assurance Report on Dental Services in Q1 2024

Compliance Assurance Report on Dental Services in Q1 2024

summ_62
Compliance Testing by ERA for IT Systems Developed and Deployed for TAF TSI

Compliance Testing by ERA for IT Systems Developed and Deployed for TAF TSI

makynli
Addressing Compliance Challenges in Ottawa's Housing Sector

Addressing Compliance Challenges in Ottawa's Housing Sector

josh298

More Related Content