|
|
       
|
|
|
|
|
|
assuria auditor |
|
           |
|
Regulatory and standards compliance with Assuria Auditor.Assuria AuditorIn use by hundreds of major financial, telecoms, pharmaceutical, government, defence and other commercial enterprises around the world, Assuria Auditor has been providing vital protection for critical business servers since the late 1990’s. As a critical element of the security infrastructure for these organisations, Assuria Auditor is a market leader in countering the ‘insider threat’ to business integrity. Assuria Auditor measures and manages server security policies and configurations using a host-to-network view of critical systems and servers, assessing host security, detecting and reporting system security weaknesses, recommending corrections and alerting administrators to unauthorized changes to configurations and critical system and application components. |
|
ComplianceOrganisations of all sizes and in both the public and private sector are increasingly required to be in compliance with a number of legislative and industry regulations and standards. Compliance with these regulations should be seen as part of the Information Security Management System (ISMS) or process. In the United States regulations such as SOX, FISMA, HIPPA and in Europe Basel II and privacy legislation are driving organisations to seek tools to assist and automate their compliance. The impact of some regulations, for example Sarbanes Oxley (SOX) is significant not only in the United States but globally. The Payment card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. PCI is intended to help organizations proactively protect customer credit card data. Most organisations subject to such regulations use controls from standards such as ISO 270001 and guidelines to achieve compliance. ISO 27001 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems. AN ISMS is a frameworks to design, implement, manage, maintain and enforce information security processes and controls systematically and consistently throughout the organizations.
|
|
|
Gartner Group represented (below) the relationship between regulations, control objectives and controls.
|
|
 |
|
|
Assuria Auditor is a software tool that supports the controls within an ISMS. A key issue with compliance is planning and measuring acceptable levels of compliance. With Assuria Auditor’s unique mapping of Checks to controls, control objectives and regulations it delivers a powerful tool to help achieve compliance to appropriate and applicable standards. New Assuria Auditor featuresAssuria Auditor now features regulatory and standards compliance reporting. The Assuria Auditor Console database has been updated to include, where appropriate, the mapping of each Assuria Auditor’s 2500 checks to a reference within the standard. Currently available standards are ISO 27001, ISO 27002 (formerly ISO 17799) PCI, FISMA, HIPAA, SOX and CVE and BID. Further standards, are planned.
|
|
|
|
|
An option has been added to the Assuria Auditor reporting that is to report by the selected standard. In addition the Policy Navigators for each of the supported platforms has been provided. Example report contentAn Initial-on-all report sorted by applicable PCI sections.
|
|
|
|
 |
|
Policy NavigatorsAssuria Auditor Policy Navigators are a great way to discover features and facilities on Assuria Auditor, at AutoUpdate #61 the Policy Navigators for each platform include Standards.
|
|
|
|
|
Assuria
Auditor Regulatory and Standards based reporting, part of Assuria Auditor
from Auto Update #61 released 3rd May 2007. |
