SlideShare ist ein Scribd-Unternehmen logo
1 von 18
Downloaden Sie, um offline zu lesen
Solution Overview National Continuity Solutions Platform Michael J. O’Dell CBCP – Sage Management
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Company Profile
Continuous Assessment and Monitoring Analyze & Prioritize Point-In-Time Audit Test Monitor & Alert Define Policy & Risk Translate Map Assess Collect Remediate Dashboard
Solution Architecture 8500.2 CNSSI 1253 800-53 ISO 800-66 Content Packs GRC Platform Connectors Integrated GRC Data Model Organizations Policies Assets Configurations Controls Risks Mappings Evidences Engines Workflow Collaboration Analytics What-If Risk Calculator Correlation Common Controls Assessment Business Interfaces Reports Dashboards Notification Tasks Office Integration Application Builder UI Configuration Key Indicators Middleware Workflow Reporting Data Integration Content Management Applications Policy Risk Compliance Vendor Threat Privacy Incident
Compliance Solution Market Trends Manual Processes Automation Compliance Driven Business & Risk Driven Custom Controls Standard Controls  Compliance and Risk Silos Common Control Framework Fragmented Tools Integrated Solution Periodic Audits Continuous Monitoring Internally Developed Tools Purpose-Built Platform Consulting Engagements Software Solutions Cylinder of Excellence View Enterprise Wide Visibility Past  Present
Custom & Manual Solutions Help Desk Leverage existing technologies Tools not suite to purpose Poor data integrity and quality Limited point-to-point integration Heavily relying on scripting, macros, kron jobs Fragile integrations Mostly manual processes Heavily relying on Excel and Word Use Help Desk tool to route workflows Document Management Excel Word Reporting Tools Data Warehouse
Purpose-Built GRC Platform Open technology stack Hot pluggable with open sourced, Oracle, IBM, ... Consistent with corporate technology strategy Purpose-built GRC platform Optimized for GRC, SOA platform vision Predefined GRC business objects / entities Simple upgrade and extension Single-point integration Simple upgrade and extension No point integration Feature-rich applications Integrated functionality, no redundancy Cross-regulation scalability Open content Global community and localized support Partner and customer friendly IT GRC Platform Dashboards, Reports, Indicators Automation & Collaboration Engines Common Control Framework Integrated GRC Data Model Open Connector Architecture  Workflow Reporting Data Integration NIST 800-53 ISO SOX
Applications Manual & automated assessment Compliance reporting & metrics Collaborative policy lifecycle mgmt. Policy distribution & compliance testing Collaborative risk definition & mapping Real time risk monitoring Compliance & impact assessments Policy awareness & incident readiness Partner classification & risk assessment Delegated administration Monitor, test & Remediate Scan, virtual scan & advanced warning Incident lifecycle Management Operational response plan  Compliance Policy Enterprise Risk Vendor Risk Threat & Vulnerability Privacy Incident
Open Connectors Connectors eSurvey Configuration Management Vulnerability Management Incident Management DB Configuration & Access Checks Identity & Access Control Checks Application Controls Checks Segregation of Duties Checks Others 28 Connectors And Growing
[object Object],[object Object],[object Object],[object Object],[object Object],Compliance Automation and Continuous Assessments integrated with existing C&A processes for FISMA requirements  ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Several Federal Agencies
[object Object],[object Object],[object Object],Automated Risk Management and Continuous Assessment for Operational Security and PII Protection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],DOD Program
Representative Customers
Role Based Dashboards
Vulnerability Database
Deficiencies & Mitigation Assessment
FIPS-199 Categorization
System Security Plan
Plan of Actions & Milestones

Weitere ähnliche Inhalte

Was ist angesagt?

Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliancesAhmadi Madi
 
Reducing Outages and Degradations With Proactive Application Performance Moni...
Reducing Outages and Degradations With Proactive Application Performance Moni...Reducing Outages and Degradations With Proactive Application Performance Moni...
Reducing Outages and Degradations With Proactive Application Performance Moni...SL Corporation
 
TalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionTalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionBaan
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMSDelaney
 
Using Custom Permissions to Simplify Security
Using Custom Permissions to Simplify SecurityUsing Custom Permissions to Simplify Security
Using Custom Permissions to Simplify SecurityDaniel Peter
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachFemi Ashaye
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementicomply
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanBill Ross
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Rui Miguel Feio
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingCitiusTech
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...Donald E. Hester
 
High lntegrity Services
High lntegrity ServicesHigh lntegrity Services
High lntegrity Servicesianthm
 
It Audit Expectations High Detail
It Audit Expectations   High DetailIt Audit Expectations   High Detail
It Audit Expectations High Detailecarrow
 
AccessPaaS by SafePaaS
AccessPaaS by SafePaaSAccessPaaS by SafePaaS
AccessPaaS by SafePaaSJane Jones
 
AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)Emma Kelly
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformWSO2
 
Advanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of IIIAdvanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of IIINextLabs, Inc.
 
RM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement ManagementRM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement ManagementChristian Sundell
 
Reducing The Time And Costs Associated With Sarbanes Oxley Compliance
Reducing The Time And Costs Associated With Sarbanes Oxley ComplianceReducing The Time And Costs Associated With Sarbanes Oxley Compliance
Reducing The Time And Costs Associated With Sarbanes Oxley ComplianceMichael Findling
 

Was ist angesagt? (20)

Aplication data security compliances
Aplication data security compliancesAplication data security compliances
Aplication data security compliances
 
Reducing Outages and Degradations With Proactive Application Performance Moni...
Reducing Outages and Degradations With Proactive Application Performance Moni...Reducing Outages and Degradations With Proactive Application Performance Moni...
Reducing Outages and Degradations With Proactive Application Performance Moni...
 
TalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management SolutionTalaTek Enterprise Compliance Management Solution
TalaTek Enterprise Compliance Management Solution
 
ClockworkISMS
ClockworkISMSClockworkISMS
ClockworkISMS
 
Using Custom Permissions to Simplify Security
Using Custom Permissions to Simplify SecurityUsing Custom Permissions to Simplify Security
Using Custom Permissions to Simplify Security
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture Approach
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
 
INFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition PlanINFOSECFORCE Risk Management Framework Transition Plan
INFOSECFORCE Risk Management Framework Transition Plan
 
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
Implementation of RBAC and Data Classification onto a Mainframe system (v1.5)
 
Demystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation TestingDemystifying Robotic Process Automation (RPA) & Automation Testing
Demystifying Robotic Process Automation (RPA) & Automation Testing
 
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...
Understanding the Risk Management Framework & (ISC)2 CAP Module 7: Select Con...
 
High lntegrity Services
High lntegrity ServicesHigh lntegrity Services
High lntegrity Services
 
It Audit Expectations High Detail
It Audit Expectations   High DetailIt Audit Expectations   High Detail
It Audit Expectations High Detail
 
AccessPaaS by SafePaaS
AccessPaaS by SafePaaSAccessPaaS by SafePaaS
AccessPaaS by SafePaaS
 
AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)AccessPaaS (SafePaaS)
AccessPaaS (SafePaaS)
 
Data Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware PlatformData Entitlement with WSO2 Enterprise Middleware Platform
Data Entitlement with WSO2 Enterprise Middleware Platform
 
Advanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of IIIAdvanced Authorization for SAP Global Deployments Part I of III
Advanced Authorization for SAP Global Deployments Part I of III
 
RM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement ManagementRM5 IdM, Centralized Entitlement Management
RM5 IdM, Centralized Entitlement Management
 
Reducing The Time And Costs Associated With Sarbanes Oxley Compliance
Reducing The Time And Costs Associated With Sarbanes Oxley ComplianceReducing The Time And Costs Associated With Sarbanes Oxley Compliance
Reducing The Time And Costs Associated With Sarbanes Oxley Compliance
 

Ähnlich wie Sage Solutions Brief.Mjo

Defense Ready Overview 10 09
Defense Ready   Overview   10 09Defense Ready   Overview   10 09
Defense Ready Overview 10 09garycirujales
 
Defense Ready Overview 10 09
Defense Ready   Overview   10 09Defense Ready   Overview   10 09
Defense Ready Overview 10 09dave_milton
 
Defense Ready Overview 10 09
Defense Ready   Overview   10 09Defense Ready   Overview   10 09
Defense Ready Overview 10 09wadeallen
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xguest879489
 
Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006guest879489
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xguest879489
 
IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Upbaselsss
 
Software Engineering Fundamentals
Software Engineering FundamentalsSoftware Engineering Fundamentals
Software Engineering FundamentalsRahul Sudame
 
Targeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise AnalyticsTargeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise AnalyticsPerficient, Inc.
 
The 4th Generation Kingland platform
The 4th Generation Kingland platformThe 4th Generation Kingland platform
The 4th Generation Kingland platformKingland
 
Defense Ready: DoD Business Applications Overview
Defense Ready: DoD Business Applications OverviewDefense Ready: DoD Business Applications Overview
Defense Ready: DoD Business Applications OverviewPermuta Technologies
 
Managed it services
Managed it servicesManaged it services
Managed it servicesGss America
 
Managed It Services
Managed It ServicesManaged It Services
Managed It ServicesGss America
 
The IQ Business Group
The IQ Business GroupThe IQ Business Group
The IQ Business Groupmbeck94
 
The IQ Business Group
The IQ Business GroupThe IQ Business Group
The IQ Business Groupkejensen810
 

Ähnlich wie Sage Solutions Brief.Mjo (20)

Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10Core.co.enterprise.deck.06.16.10
Core.co.enterprise.deck.06.16.10
 
Fix nix, inc
Fix nix, incFix nix, inc
Fix nix, inc
 
Defense Ready Overview 10 09
Defense Ready   Overview   10 09Defense Ready   Overview   10 09
Defense Ready Overview 10 09
 
Defense Ready Overview 10 09
Defense Ready   Overview   10 09Defense Ready   Overview   10 09
Defense Ready Overview 10 09
 
Defense Ready Overview 10 09
Defense Ready   Overview   10 09Defense Ready   Overview   10 09
Defense Ready Overview 10 09
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1Core optimization methodology_benefit ver 1.1
Core optimization methodology_benefit ver 1.1
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
 
Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006Sun Managed Operations Customer Presentation,09 20 2006
Sun Managed Operations Customer Presentation,09 20 2006
 
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8xSun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
Sun Managed Operations Customer Presentation,09 20 2006.Star Impress 8x
 
IO Journey All Up
IO Journey All UpIO Journey All Up
IO Journey All Up
 
HPE_Software_Portfolio_VKS2016
HPE_Software_Portfolio_VKS2016HPE_Software_Portfolio_VKS2016
HPE_Software_Portfolio_VKS2016
 
Software Engineering Fundamentals
Software Engineering FundamentalsSoftware Engineering Fundamentals
Software Engineering Fundamentals
 
Targeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise AnalyticsTargeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
Targeted Analytics: Using Core Measures to Jump-Start Enterprise Analytics
 
The 4th Generation Kingland platform
The 4th Generation Kingland platformThe 4th Generation Kingland platform
The 4th Generation Kingland platform
 
Defense Ready: DoD Business Applications Overview
Defense Ready: DoD Business Applications OverviewDefense Ready: DoD Business Applications Overview
Defense Ready: DoD Business Applications Overview
 
Managed it services
Managed it servicesManaged it services
Managed it services
 
Managed It Services
Managed It ServicesManaged It Services
Managed It Services
 
The IQ Business Group
The IQ Business GroupThe IQ Business Group
The IQ Business Group
 
The IQ Business Group
The IQ Business GroupThe IQ Business Group
The IQ Business Group
 

Sage Solutions Brief.Mjo

  • 1. Solution Overview National Continuity Solutions Platform Michael J. O’Dell CBCP – Sage Management
  • 2.
  • 3. Continuous Assessment and Monitoring Analyze & Prioritize Point-In-Time Audit Test Monitor & Alert Define Policy & Risk Translate Map Assess Collect Remediate Dashboard
  • 4. Solution Architecture 8500.2 CNSSI 1253 800-53 ISO 800-66 Content Packs GRC Platform Connectors Integrated GRC Data Model Organizations Policies Assets Configurations Controls Risks Mappings Evidences Engines Workflow Collaboration Analytics What-If Risk Calculator Correlation Common Controls Assessment Business Interfaces Reports Dashboards Notification Tasks Office Integration Application Builder UI Configuration Key Indicators Middleware Workflow Reporting Data Integration Content Management Applications Policy Risk Compliance Vendor Threat Privacy Incident
  • 5. Compliance Solution Market Trends Manual Processes Automation Compliance Driven Business & Risk Driven Custom Controls Standard Controls Compliance and Risk Silos Common Control Framework Fragmented Tools Integrated Solution Periodic Audits Continuous Monitoring Internally Developed Tools Purpose-Built Platform Consulting Engagements Software Solutions Cylinder of Excellence View Enterprise Wide Visibility Past Present
  • 6. Custom & Manual Solutions Help Desk Leverage existing technologies Tools not suite to purpose Poor data integrity and quality Limited point-to-point integration Heavily relying on scripting, macros, kron jobs Fragile integrations Mostly manual processes Heavily relying on Excel and Word Use Help Desk tool to route workflows Document Management Excel Word Reporting Tools Data Warehouse
  • 7. Purpose-Built GRC Platform Open technology stack Hot pluggable with open sourced, Oracle, IBM, ... Consistent with corporate technology strategy Purpose-built GRC platform Optimized for GRC, SOA platform vision Predefined GRC business objects / entities Simple upgrade and extension Single-point integration Simple upgrade and extension No point integration Feature-rich applications Integrated functionality, no redundancy Cross-regulation scalability Open content Global community and localized support Partner and customer friendly IT GRC Platform Dashboards, Reports, Indicators Automation & Collaboration Engines Common Control Framework Integrated GRC Data Model Open Connector Architecture Workflow Reporting Data Integration NIST 800-53 ISO SOX
  • 8. Applications Manual & automated assessment Compliance reporting & metrics Collaborative policy lifecycle mgmt. Policy distribution & compliance testing Collaborative risk definition & mapping Real time risk monitoring Compliance & impact assessments Policy awareness & incident readiness Partner classification & risk assessment Delegated administration Monitor, test & Remediate Scan, virtual scan & advanced warning Incident lifecycle Management Operational response plan Compliance Policy Enterprise Risk Vendor Risk Threat & Vulnerability Privacy Incident
  • 9. Open Connectors Connectors eSurvey Configuration Management Vulnerability Management Incident Management DB Configuration & Access Checks Identity & Access Control Checks Application Controls Checks Segregation of Duties Checks Others 28 Connectors And Growing
  • 10.
  • 11.
  • 18. Plan of Actions & Milestones

Hinweis der Redaktion

  1. The automated fusion and correlation of the data produced by the multiple technologies forming the technical control framework will allow COM to maximize the return on investment for the technology. Additionally, an automated solution serves as a force multiplier that does not require the typical headcount associated with the manual collection, correlation and analysis of the data gathered during an average assessment and/or monitoring window. The automated solution is able to determine enterprise risk and compliance status while providing a comprehensive dashboard and reporting capability to ensure that stakeholders at every level are provided a means to monitor and measure what matters most to them.
  2. In the beginning, people use existing general purpose tools to built semi-automated GRC solutions. Not scalable, not integrated Not a big issue when you only need 1 to 2 solutions