企业安全策略和全面风险管理【企业风险管理经典】.ppt

* * * * * * * * * What is ESM? This is the definition of ESM. read first bullet It is a mature product, with 11 years on the market. * * There is no need to start from scratch. Rather than analyzing every risk, look at what others are doing. Meet standards of due care by using existing standards and industry “best practices”. Pay attention to regulations and requirements from government, industry and partners. * * Security is a key factor for the Sarbanes-Oxley Act. To comply with Sarbanes-Oxley, executives must sign-off on the accuracy of their companies’ financial statements. But without proper security control functions—which includes both internal procedures and technology systems—it is impossible for executives to verify that the data in their systems has not been compromised . In other words, before businesses can comply with the requirements of Sarbanes-Oxley, they must be able to clearly demonstrate the integrity of their financial data. * Here is a sample of the various regulatory and standards-based policies provided by ESM. Each policy is backed by Symantec research to justify the checks when audited. * * * * * * * * Symantec’s ESM: provides centralized, automated and comprehensive analysis using well over 2,000 security checks designed to prevent exploitable vulnerabilities. uses intelligent agents designed specifically for UNIX, Windows, NetWare, Linux, VMS and IBM iSeries AS/400 as well as for Web and Database applications * A visual of the 3 tier architecture. Useful to point out the scalability of this in terms of a global deployment – I.e., consoles on individual desktops or in Network Ops Centers, managers in data centers around the world and agents on all critical servers to watch reporting into a manager (I.e., an agent in an office in Chicago reporting into the manager in the east coast data center being viewed by the consoles of employees in the UK, Washington DC and San Francisco simultaneously). * 48 * One of ESM’s strengths is i