You want to put in place an enterprise-class Security Information Management and compliance solution that can address a broad range of regulatory compliance requirements. You also want such a solution to have superior flexibility, functionality, scalability and ease of use. Yet, you do not want it to burn a hole in your pocket. There are so many offerings in the market…but which one is the best suited for you. How to choose the right one? Confused...Following is a list of evaluation best practices that would assist you in making the right choice…J compliance, take time to understand exactly how each product can make your department more effective by proactively helping you manage your compliance efforts on an ongoing basis. It is not enough to be compliant, you must also prove it. Ensure that workflow and the richness of audit trail are carefully evaluated. A common point includes proving processes have been followed and controls have been executed. The ability to execute and report on a closed loop workflow and the ability to retrieve information from the audit trail in an ad-hoc manner is critical. Compliance best practices and audit procedures are constantly evolving. Make sure that Your SIM system can adapt to new compliance requirements easily and can grow with your organization. Place a premium on data collection. The system must be able to collect all the data from events that are relevant for compliance purposes and must support quite a large number and varied sources of data. It is important to understand what approach your vendor has taken with pre-developed compliance solutions, the granularity of the methodology that has been used to ensure best practices and the level of research that they have applied to the solution. Look for a system that can be deployed quickly with out-of –the box intelligence and collection capabilities to deliver immediate results. This will save you a lot of your consulting dollars. Compliance should improve security. Choose a system that not only enables you to achieve compliance but also protects your business at the same time. Correlation is the key to compliance. A robust solution should have both pre-configured correlation rules as well as customizable rules that meld to your compliance policies. Focus on the regulated Business process. The solution must be able to map your technical information and log data to your regulated business processes, and then map your business process to your specific regulations. A compliance program should address your unique needs. The solution should consider the uniqueness of your organization including how you exchange information, what technology architecture you use for your networks and systems and how your IT security organization is arranged. |
The points mentioned above are our understanding abstracted from TOP 10 Regulatory Compliances by ARCSIGHT.
No comments:
Post a Comment