Build & Automate for the Future Leverage Familiar & Flexible tools Build ‘End to End’ into the Every Day.
Download ReportTranscript Build & Automate for the Future Leverage Familiar & Flexible tools Build ‘End to End’ into the Every Day.
Build & Automate for the Future Leverage Familiar & Flexible tools Build ‘End to End’ into the Every Day Case Study – Microsoft IT Streamlines Compliance http://msdn.microsoft.com/en-us/library/dd537744.aspx Compliance – Reaching all parts of the organization “Make sure that we comply so that we can focus on Board of Dir./CEO Audit Committee Regulatory Requirements the business …without an obscene cost” Board of Dir./CEO Audit Committee “Based on a bewildering collection of reports, I must “It’s too hard to interpret new regulations and sort Regulatory Certification certify if we are compliant. It’s my butt on the line” out overlaps to set policy across functions “ CIO/CSO Business Objectives & Policies “Every quarter I learn how non-compliant we have “Each business change brings new IT compliance been last month – it’s like ‘whack a mole’, how do I requirements. 80% are duplicative, but we review it get ahead of these issues and risk” Auditor Reports CIO/CSO all, delaying response and increasing cost. Requirement Definition “System changes require regulation specific ITDM “These periodic audits kill me. What detail will the procedures slowing our response … Do we need more System Management IT Pro System Operations Audit Requirements & Design ITDM auditor want to check up on this time?” software to manage IT compliance?” “Checking log files, re-confirming settings, “Configuring and monitoring local and distributed documenting processes is a waste of time when I have servers and PCs for compliance is so time consuming” truly critical things to do” How do we interpret and test IT compliance across a vast enterprise? 8 IT Pro Review Log Files, Confirm settings IT Pro Get through the confusion http://msdn.microsoft.com/en-us/library/bb421526.aspx (at the moment!!!) Security Hardening Data Governance Regulatory Compliance • Security Compliance Manager • Data Classification Toolkit • Information Security • IT GRC Process Management Pack • Compliance Management Libraries Accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft technologies. Knowledge • Establish Classification Taxonomy • Provide Information governance policies IT GRC PMP Integration • Map to compliance requirements • New Control Activities added • Demonstrate IT data governance & compliance for audits Reporting Multiple File Server Support • Maintain Consistency across file Servers • Reduce manual labor • Aggregated Reporting Identify and protect sensitive documents on file servers Compliment manual RMS protection with automated server side IT policies for complete ownership of security infrastructure and prevention of inadvertent data leakage 4 2 3 1 c FCI Classify Mgmt Task: RMS Protect c User creates a file “marketing.docx” on Windows server 2008 R2 file server Full Time Employee can access “marketing.docx” 5 File Classification Infrastructure (FCI) Automated File Management Task classifies file as “sensitive” based on invokes RMS protection to restrict content including “Confidential” and access to “Full Time Employees” only “Internal only” A malicious user getting access to the file through unintentional leak is not able to access file content Data Classification Toolkit (Knowledge + Multiple File Server) IT GRC Process Management Pack File Server Classification (File Server) 21 A Systems view of Compliance – Translating Regulations to Action Compliance Requirements SOX Board of Dir./CEO PCI Audit Committee COBIT EUDPP ISO Board of Dir./CEO Internal Policies Audit Committee IT GRC Process Management Pack Business Objectives & Policies Microsoft Control library CIO/CSO Control Objectives CIO/CSO Control Activities Compliance Control Testing Procedures Status ITDM ITDM System Management Operational Systems CMDB DW IT Pro Active Directory Comply/ Authority Reports Incident/ Issue Reports Residual Risk IT Pro System Operations NonMicrosoft (Partner) Audit (Authority Document View) Available Roadmap Partner System Center Service Manager for IT GRC The Power is in the Integration Simplification Visibility CIO/CSO “I have visibility into our cross organizational compliance programs and status” ITDM IT Pro “We have simplified our IT compliance processes and reduced cost and burden of audits” “I have automated configuration and monitoring testing and focus on higher value activities” Compliance and Risk Management Incident and Problem Change Workflows Compliance Knowledge Base CMDB • Program Management and Automation (Risks, Controls, Assertions, & Reports) • GRC Incident Management (Remediation) • Excel integration (data migration & bulk updates) Knowledge: Data Warehouse • Over 400 WW Authority Docs supported based on UCF • Control Objectives mapped to Authority Docs • Control Activities (Manual & Automated) Win 7, Win 2008, Win 2008 R2, & System Center CONNECTORS Partners Automation Active Directory Extensibility: • • • Customization - Forms, data, & reports Interoperability – Microsoft products and IT Services Partners extensions (e.g. SAP, Linux, etc) GRC Architecture Overview Svc Mgr Console Compliance Managers Partner GRC LOB Packs Partner GRC Infra Packs Linux, Unix, Etc SM Data Warehouse Control Activity Control ActivityLibrary Library Policy Library Policy Library Test Automation Framework Test Automation Framework Risk Library Risk Library IT GRC Process Management Pack Document Management Knowledge Library Microsoft Control Library Incident Management Connector SAP, Oracle, etc Compliance Users IT Compliance Management Library (Microsoft & Partner Products) IT Compliance Management Library (Microsoft Products) Connectors (Linking Fx) Target Hosts (Computers) MS GRC Config Packs SharePoint Portal Control Activity Libraries Problem Management Doc Types: Authority Docs Policy Docs Change Management Control Management GRC Incident Management Risk Management Program Management Compliance and Risk Reports Configuration Management System Center IT GRC PMP MS IT CML Library Partner Library Build & Automate for the Future Leverage Familiar & Flexible tools Build ‘End to End’ into the Every Day Build & Automate for the Future Leverage Familiar & Flexible tools Build ‘End to End’ into the Every Day Go Download Security Compliance Manager and start using it. Go Download Service Manager and the IT GRC PMP. Watch for and when available, download the Data Classification Toolkit. Day Tuesday Wednesday Wednesday Wednesday Thursday Thursday Monday Thursday Wednesday Tuesday Time 2:15pm 11:45am 10:15am 10:15am 10:15am 10:15am 4:30pm 2:30pm 4:00pm 10:15am Session Title BB13 – Simplifying and Automating IT Governance, Risk & Compliance BB14 – System Center Service Manager: A Deep Dive into Automating ITIL and MOF BB15 – System Center Service Manager 2010 R2 Overview BB20 – Monitoring IT as a Service with System Center BB25 – System Center Service Manager 2010: Troubleshooting and Notes from the Field BB32 – Showtime for System Center: Management of the Common Platform BB34 – System Center Service Manager: Intro to Implementing your IT Processes BB35 – Extending System Center Service Manager: Modeling your Business Process BB52 – Service Manager & Opalis – Automation and Compliance in Action BG01 – Using System Center Service Manager for Incident, Change & Problem Management IB09 ILL: Automating IT Processes on Service Manager 2010 IB10 ILL: Incident and Change Management in Service Manager 2010 IB11 ILL: Service Manager 2010 Data Warehousing and Reporting LB09 HOL: Automating IT Processes on Service Manager 2010 LB11 HOL: Service Manager 2010 Data Warehouse and Reporting LB12 HOL: Service Manager Integration with System Center LB13 HOL: IT Governance, Risk & Compliance Configuration in Service Manager 2010 [email protected]