Abstract image of a woman sitting on books and studying on a laptop

The Trick to Passing Your Next Compliance Audit

S
SBWebinars

This document discusses securing mainframe data from internal threats and preparing for compliance audits. It notes that mainframes still contain a significant portion of corporate data, including sensitive information, but are at risk from insider threats. It asks attendees questions about their organizations' processes for securing mainframe data and which regulations apply. The document provides tips for audit preparation, including performing data discovery, implementing automation for security monitoring, and controlling access. It stresses that organizations should know where sensitive data resides and have a chief risk officer. Achieving compliance can provide benefits like cost reduction, increased productivity and generating trust.

Technology
1 of 14
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Modern Software Factory for Mainframe The Trick to Passing Your Next Compliance Audit What will you say when an auditor comes knocking on your door?
© 2018 CA All rights reserved. Stuart McIrvine VP of Product Management CA Technologies Today’s Speakers Mike Vizard IT Editor SecurityBoulevard.com 2
© 2018 CA All rights reserved. Your Mainframe is at Risk 3 “Big iron is still very secure…unfortunately we have this thing called people that surround the mainframe.” – Patrick Gray, Ex FBI Security Agent People Insider threats range from malicious users to well-intentioned employees making a mistake. Data 70% of today’s corporate data – including sensitive and regulated data like PII – reside on the mainframe. Systems The mainframe is increasingly connected into the digital economy – applications, mobile devices, Big Data. SecuretheMainframe
© 2018 CA All rights reserved. Question 1 4 Does your organization have formal processes in place to secure mainframe data from internal threats? A. Yes B. No C. It’s a work in progress D. I don’t know
© 2018 CA All rights reserved. Who are the involved parties? GDPR UK Data Protection Act 1998 PCI DSS EU-U.S. Privacy Shield • Prove that data is being protected • Appoint a Data Protection Officer • Fines of 4% of annual turnover • Information Commissioners Office • Wide scope • Consent • Cross-industry • Protect stored cardholder data • Encrypt transmissions • Maintain InfoSec policy • U.S. Department of Commerce and European Commission • Individual choice & control • Security The Regulatory Ecosystem 5 Know which regulations apply to your business.
© 2018 CA All rights reserved. Question 2 6 Which of the following mandates apply to your organization? (Check all that apply)  GDPR  HIPAA  PCI DSS  SOX  FIPS-42
© 2018 CA All rights reserved. Fundamentals of Regulatory Readiness 7 1 How do you prepare for an audit? 2 What tips do you suggest to organizations trying to achieve regulatory readiness? 3 What common mistakes do organizations make?
© 2018 CA All rights reserved. Data Discovery Take appropriate measures to locate, classify, and protect critical data. Automation Manage risk with on-demand security incident reporting and event forwarding. Access Control Effectively manage privileged users and secure sensitive information. Best Practices for Achieving Compliance 8
© 2018 CA All rights reserved. Question 3 9 What is the state of mainframe data management within your organization? A. We know where all our sensitive mainframe data resides. B. We know where most of our sensitive mainframe data resides. C. We know where some of our sensitive mainframe data resides. D. We don’t know where our sensitive mainframe data resides.
© 2018 CA All rights reserved. Idea Flexibility AbilityCross-Enterprise Collaboration 10 Internal Auditing Compliance Budget Culture of Compliance Organizational Structure
© 2018 CA All rights reserved. Question 4 11 Does your organization have a Chief Risk Officer? A. Yes B. No C. We’re evaluating the role D. I don’t know
© 2018 CA All rights reserved. Gain a Competitive Advantage 12 Cost Reduction Digital Trust RevenueProductivity
Thank You.
VP of Product Management Stuart.McIrvine@ca.com Stuart McIrvine @CAmainfrmae slideshare.net/CAinc www.ca.com/regulatorycompliance linkedin.com/company/ca-technologies

More Related Content

PPTX
Cloud Security: A Business-Centric Approach in 12 Steps
Omar Khawaja
 
PPTX
Smarter Security - A Practical Guide to Doing More with Less
Omar Khawaja
 
PDF
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
PDF
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
 
PDF
Enterprise Data Privacy Quiz
Druva
 
PPTX
MCGlobalTech Consulting Service Presentation
William McBorrough
 
PPTX
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
PDF
Fisma compliance solutions @ cdg.io
CyberGroup
 
Cloud Security: A Business-Centric Approach in 12 Steps
Omar Khawaja
 
Smarter Security - A Practical Guide to Doing More with Less
Omar Khawaja
 
Cross border - off-shoring and outsourcing privacy sensitive data
Ulf Mattsson
 
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
 
Enterprise Data Privacy Quiz
Druva
 
MCGlobalTech Consulting Service Presentation
William McBorrough
 
10 Critical Corporate Cyber Security Risks
Heimdal Security
 
Fisma compliance solutions @ cdg.io
CyberGroup
 

What's hot (18)

PPTX
Two Peas in a Pod: Cloud Security and Mobile Security
Omar Khawaja
 
PPTX
Leveraging Compliance to “Help” Prevent a Future Breach
Kevin Murphy
 
PPTX
Protecting the Crown Jewels – Enlist the Beefeaters
Jack Nichelson
 
PPTX
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
PPT
Data Risks In A Digital Age
padler01
 
PPTX
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
Kroll
 
PPTX
Cybersecurity: What does Cyber Insurance Cover?
Next Dimension Inc.
 
PDF
Where in the world is your PII and other sensitive data? by @druva inc
Druva
 
PPTX
Data Security: Are you Protected?
The TNS Group
 
PDF
GDPR Webinar - feb
Sophos Benelux
 
PPTX
Vendor Landscape: Email Security Gateway
Info-Tech Research Group
 
PPTX
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
Tripwire
 
PPTX
Marc Crudgington Who I Am
Marc Crudgington, MBA
 
PPTX
Cybersecurity services
Vishvendra Saini
 
PDF
Network Security‬ and Big ‪‎Data Analytics‬
Allot Communications
 
PDF
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
SrikanthRaju7
 
PPTX
Robert Nichols: Cybersecurity for Government Contractors
Government Technology and Services Coalition
 
PPTX
Defensible cybersecurity-jan-25th-
IT Strategy Group
 
Two Peas in a Pod: Cloud Security and Mobile Security
Omar Khawaja
 
Leveraging Compliance to “Help” Prevent a Future Breach
Kevin Murphy
 
Protecting the Crown Jewels – Enlist the Beefeaters
Jack Nichelson
 
Cybercrime and Cyber Threats - CBLA - Eric Vanderburg
Eric Vanderburg
 
Data Risks In A Digital Age
padler01
 
SEC OCIE - Cybersecurity Focus Areas, Guidance, and Best Practices
Kroll
 
Cybersecurity: What does Cyber Insurance Cover?
Next Dimension Inc.
 
Where in the world is your PII and other sensitive data? by @druva inc
Druva
 
Data Security: Are you Protected?
The TNS Group
 
GDPR Webinar - feb
Sophos Benelux
 
Vendor Landscape: Email Security Gateway
Info-Tech Research Group
 
PCI Breach Scenarios and the Cyber Threat Landscape with Brian Honan
Tripwire
 
Marc Crudgington Who I Am
Marc Crudgington, MBA
 
Cybersecurity services
Vishvendra Saini
 
Network Security‬ and Big ‪‎Data Analytics‬
Allot Communications
 
Cybersecurity 2020: Your Biggest Threats and How You Can Prevent Them
SrikanthRaju7
 
Robert Nichols: Cybersecurity for Government Contractors
Government Technology and Services Coalition
 
Defensible cybersecurity-jan-25th-
IT Strategy Group
 
Ad

Similar to The Trick to Passing Your Next Compliance Audit (20)

PPTX
Proven Practices to Protect Critical Data - DarkReading VTS Deck
NetIQ
 
PDF
PCI Compliance Report
Holly Vega
 
PDF
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
PDF
Master Data in the Cloud: 5 Security Fundamentals
Sarah Fane
 
PDF
Key note in nyc the next breach target and how oracle can help - nyoug
Ulf Mattsson
 
PDF
Who is the next target proactive approaches to data security
Ulf Mattsson
 
PPTX
David valovcin big data - big risk
IBM Sverige
 
PPT
Shariyaz abdeen data leakage prevention presentation
Shariyaz Abdeen
 
PPT
Information security management v2010
joevest
 
PPTX
Gdpr action plan - ISSA
Ulf Mattsson
 
PDF
3 guiding priciples to improve data security
Keith Braswell
 
PPTX
A holistic approach to risk management 20210210 w acfe france & cyber rea...
Judith Beckhard Cardoso
 
PDF
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
PDF
AI and Data Privacy in 2025: Global Trends
InData Labs
 
PPTX
info-sys-security3.pptx
MhndHTaani
 
PPTX
cryptography.pptx
MhndHTaani
 
PDF
Internal Audit
Nigel Robinson
 
PPSX
November 2017: Part 6
seadeloitte
 
PDF
Security Fact & Fiction: Three Lessons from the Headlines
Duo Security
 
PPTX
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
NetIQ
 
PCI Compliance Report
Holly Vega
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
Master Data in the Cloud: 5 Security Fundamentals
Sarah Fane
 
Key note in nyc the next breach target and how oracle can help - nyoug
Ulf Mattsson
 
Who is the next target proactive approaches to data security
Ulf Mattsson
 
David valovcin big data - big risk
IBM Sverige
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz Abdeen
 
Information security management v2010
joevest
 
Gdpr action plan - ISSA
Ulf Mattsson
 
3 guiding priciples to improve data security
Keith Braswell
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
Judith Beckhard Cardoso
 
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 
AI and Data Privacy in 2025: Global Trends
InData Labs
 
info-sys-security3.pptx
MhndHTaani
 
cryptography.pptx
MhndHTaani
 
Internal Audit
Nigel Robinson
 
November 2017: Part 6
seadeloitte
 
Security Fact & Fiction: Three Lessons from the Headlines
Duo Security
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
 
Ad

More from SBWebinars (20)

PDF
Securing Mobile Apps, From the Inside Out
SBWebinars
 
PPTX
SAP Concur’s Cloud Journey
SBWebinars
 
PDF
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
PPTX
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
PDF
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
PDF
Taking Open Source Security to the Next Level
SBWebinars
 
PPTX
The Next Generation of Application Security
SBWebinars
 
PDF
You're Bleeding. Exposing the Attack Surface in your Supply Chain
SBWebinars
 
PDF
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
SBWebinars
 
PDF
Top 10 Threats to Cloud Security
SBWebinars
 
PDF
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
PDF
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 
PDF
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
PDF
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
SBWebinars
 
PDF
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
PDF
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 
PDF
The State of Open Source Vulnerabilities Management
SBWebinars
 
PDF
Flow Metrics: What They Are & Why You Need Them
SBWebinars
 
PDF
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
PDF
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
 
Securing Mobile Apps, From the Inside Out
SBWebinars
 
SAP Concur’s Cloud Journey
SBWebinars
 
Top Cybersecurity Threats and How SIEM Protects Against Them
SBWebinars
 
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
Don’t Get Stuck in The Encryption Stone Age: Get Decrypted Visibility with Am...
SBWebinars
 
Taking Open Source Security to the Next Level
SBWebinars
 
The Next Generation of Application Security
SBWebinars
 
You're Bleeding. Exposing the Attack Surface in your Supply Chain
SBWebinars
 
Demystifying PCI Software Security Framework: All You Need to Know for Your A...
SBWebinars
 
Top 10 Threats to Cloud Security
SBWebinars
 
Deploying Secure Modern Apps in Evolving Infrastructures
SBWebinars
 
Reduce the Burden Of Managing SAP With Enterprise Identity Management
SBWebinars
 
Maturing DevSecOps: From Easy to High Impact
SBWebinars
 
How to Kickstart Security and Compliance for Your AWS, Azure, and GCP Clouds
SBWebinars
 
Reducing Risk of Credential Compromise at Netflix
SBWebinars
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 
The State of Open Source Vulnerabilities Management
SBWebinars
 
Flow Metrics: What They Are & Why You Need Them
SBWebinars
 
Beyond S3 Buckets - Effective Countermeasures for Emerging Cloud Threats
SBWebinars
 
Building Blocks of Secure Development: How to Make Open Source Work for You
SBWebinars
 

Recently uploaded (20)

PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PPTX
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PPT
Geologic Time for studying geology for geologist
ssuser738f5a
 
PDF
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
PPTX
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
Custom Battery Pack Design Considerations for Performance and Safety
Epec Engineered Technologies
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Five Habits of High-Impact Board Members
OnBoard
 
Geologic Time for studying geology for geologist
ssuser738f5a
 
Credit Without Borders: AI and Financial Inclusion in Bangladesh
Ehsan Tanim
 
AI IN MARKETING- PRESENTED BY ANWAR KABIR 1st June 2025.pptx
HiraJay1
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
What is a Computer? Input Devices /output devices
GulJan8
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
The influence of sentiment analysis in enhancing early warning system model f...
IAESIJAI
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 

The Trick to Passing Your Next Compliance Audit

  • 1. Modern Software Factory for Mainframe The Trick to Passing Your Next Compliance Audit What will you say when an auditor comes knocking on your door?
  • 2. © 2018 CA All rights reserved. Stuart McIrvine VP of Product Management CA Technologies Today’s Speakers Mike Vizard IT Editor SecurityBoulevard.com 2
  • 3. © 2018 CA All rights reserved. Your Mainframe is at Risk 3 “Big iron is still very secure…unfortunately we have this thing called people that surround the mainframe.” – Patrick Gray, Ex FBI Security Agent People Insider threats range from malicious users to well-intentioned employees making a mistake. Data 70% of today’s corporate data – including sensitive and regulated data like PII – reside on the mainframe. Systems The mainframe is increasingly connected into the digital economy – applications, mobile devices, Big Data. SecuretheMainframe
  • 4. © 2018 CA All rights reserved. Question 1 4 Does your organization have formal processes in place to secure mainframe data from internal threats? A. Yes B. No C. It’s a work in progress D. I don’t know
  • 5. © 2018 CA All rights reserved. Who are the involved parties? GDPR UK Data Protection Act 1998 PCI DSS EU-U.S. Privacy Shield • Prove that data is being protected • Appoint a Data Protection Officer • Fines of 4% of annual turnover • Information Commissioners Office • Wide scope • Consent • Cross-industry • Protect stored cardholder data • Encrypt transmissions • Maintain InfoSec policy • U.S. Department of Commerce and European Commission • Individual choice & control • Security The Regulatory Ecosystem 5 Know which regulations apply to your business.
  • 6. © 2018 CA All rights reserved. Question 2 6 Which of the following mandates apply to your organization? (Check all that apply)  GDPR  HIPAA  PCI DSS  SOX  FIPS-42
  • 7. © 2018 CA All rights reserved. Fundamentals of Regulatory Readiness 7 1 How do you prepare for an audit? 2 What tips do you suggest to organizations trying to achieve regulatory readiness? 3 What common mistakes do organizations make?
  • 8. © 2018 CA All rights reserved. Data Discovery Take appropriate measures to locate, classify, and protect critical data. Automation Manage risk with on-demand security incident reporting and event forwarding. Access Control Effectively manage privileged users and secure sensitive information. Best Practices for Achieving Compliance 8
  • 9. © 2018 CA All rights reserved. Question 3 9 What is the state of mainframe data management within your organization? A. We know where all our sensitive mainframe data resides. B. We know where most of our sensitive mainframe data resides. C. We know where some of our sensitive mainframe data resides. D. We don’t know where our sensitive mainframe data resides.
  • 10. © 2018 CA All rights reserved. Idea Flexibility AbilityCross-Enterprise Collaboration 10 Internal Auditing Compliance Budget Culture of Compliance Organizational Structure
  • 11. © 2018 CA All rights reserved. Question 4 11 Does your organization have a Chief Risk Officer? A. Yes B. No C. We’re evaluating the role D. I don’t know
  • 12. © 2018 CA All rights reserved. Gain a Competitive Advantage 12 Cost Reduction Digital Trust RevenueProductivity
  • 14. VP of Product Management Stuart.McIrvine@ca.com Stuart McIrvine @CAmainfrmae slideshare.net/CAinc www.ca.com/regulatorycompliance linkedin.com/company/ca-technologies