Compliance Evaluator Single-View Overall Compliance Reports

1
Compliance EvaluatorSingle-View Overall
Compliance Reports
2
Part 1 Overview
3
Overview

• The iSecurity Compliance Evaluator enables
  managers to quickly check the compliance of their
  systems with industry and corporate policies
  based on customizable user-friendly reports.

4
Getting PCI Compliant with Compilance Evaluator
5
Features

• Network-wide compliance status at a glance
• PCI, SOX, etc. compliance checks
• Results in colorful Excel spreadsheet
• Results can be emailed directly from AS/400
• Automatic scheduling
• Single general score per system and specific
  scores per topic
• Each item topic can receive individual
  importance
• All scores displayed as percentages
• Several report templates, with different levels
  of detail
• Unlimited number of reports
• Detailed or summary data
• Ready-made customizable checks
• User-friendly GUI

6
Part 2 Screens
7
iSecurity Activity Tree
Compliance Evaluator on the iSecurity activity
tree
8
Product Supplied Plans
Product supplied plans including SOX, HIPAA and
PCI specific Compliance Evaluator plans
Plans can be Run, Displayed, Renamed, etc. See
following slides.
9
Running Definitions
Run SAMPLE_REP definitions. Choice of Output
templates on left.
10
Emailed Report
Report sent to e-mail as attachment.
11
Emailed Report
Requested report as presented in Excel
12
Sample Reports
Note correlation of Item Importance (in Excel)
for Sample User Profile Reports with definition
below. Note correlation of Topic Importance with
bold entries under Importance below. Relative
Importance above will always be normalized to
total 100 (in this example, not
necessary). (This example not in synch with
report in slide 6.)
13
Report Details
This part of the report shows, for each of the 2
systems, the Current Value, the Optimal Value,
and the Score assigned to this item.
Optimal Value can be different for different
systems. .
14
All Network Attribute Values Screen
Clicking on All Network Attribute Values above,
gives definition screen on the right. ZT_ALL is
the appropriate report.
15
All System Values Screen
Clicking on All System Values Information above,
gives definition screen on the right. ZS_ALL is
the appropriate report.
16
All System Values Screen
Detailed Network Attributes and System Values
screens above. Note that definition for System
Value QABNORMSW appears twice, once for system
S44K1246 and once for all other systems.
17
Analyzing Definitions for Reports
Now well analyze the definitions for each of the
3 reports in the Sample User Profile Reports
counts area.
18
Relative Importance for Different Values
Note the relative importance for each report, the
Query name, as well as the Scores assigned for
the various Value ranges.
19
Defining Scores
The definition for system S44K1246 assigned a
Score of 100 when this report returns a value
between 0 and 15 other systems will return 100
for values between 0 and 25. S44K1246 could be
the sites Production system.
20
Various Reports for PCI
The PCI plan is composed of numerous reports
each section is preceded by a header called
Topic (of Counts) which points to the relevant
PCI paragraph.
21
Thank You!
Please visit us at www.razlee.com