ArcSight Compliance Family - Information Technology

ArcSight Compliance Insight Package for IT Governance: Compliance-Relevant Log Review for IT Governance

The ArcSight Compliance Insight package for IT Governance quickly provides organizations that are implementing an IT governance program with a comprehensive foundation for log review based on best practices.

Highlights:

• Clarifies confusing compliance log reviews through a comprehensive, best practice approach.

• Alleviates time consuming audit tasks through automatically generated compliance information.

• Delivers all information the current standards-based ISO/IEC 27002:2005 and NIST 800-53 relevant format.

Growing Compliance Complexity
The increase in government regulation over the confidentiality, integrity and availability of sensitive information has drastically affected the operating requirements of security departments. These new requirements have forced security departments to spend an inordinate amount of time collecting, organizing, monitoring and reporting on event logs to detect and manage control-related activity. It’s no surprise that companies across all industries are searching for technology to automate this necessary but taxing process.

Ease the Compliance Burden
The ArcSight Compliance Insight package for IT Governance is ideal for organizations that are implementing an IT Governance Program either independently or as the foundation of their regulatory compliance initiative. This easily customizable package contains a host of ready-to-use technical and business level checks in accordance with the reporting structure for the ISO/IEC 27002:2005 and NIST 800-53 standards. The ArcSight Compliance Insight Package for IT Governance combined with ArcSight ESM provides companies and government organizations with the ability to automatically identify and assess the effectiveness of internal controls in an IT Governance relevant context. Key to compliance adherence is ensuring that controls for information systems are effectively implemented, monitored and maintained. The ArcSight Compliance Insight Package for IT Governance provides a comprehensive set of analytics, dashboards and reports to provide easily customizable log review program based on the updated ISO/IEC 27002:2005 and the NIST 800-53 frameworks. These two standards are recommended by security experts as a firm basis for regulatory compliance initiatives and strong IT governance.

Strong Multi-Standards Approach
Designed around best practices, the ArcSight Compliance Insight Package for IT Governance leverages the NIST 800-53 (FIPS 200) standard to provide a comprehensive system for the implementation, assessment and monitoring of internal controls, including access control changes, administrative activity, log-in monitoring, as well as change and risk management. The ArcSight Compliance Insight Package for IT Governance automatically maps these technical checks to the ISO/IEC 27002:2005 standard to place them in policy and risk-relevant operational context, allowing organizations to focus on key services and business processes within the enterprise and address critical audit points. The ArcSight Compliance Insight Package for IT Governance brings these two security standards together to deliver the most relevant and comprehensive set of compliance content in the SIM market today.

Benefits of ArcSight Compliance Insight Packages

• Comprehensive report templates assess the effectiveness of internal controls: The ArcSight Compliance Insight Package for IT Governance provides over 85 easily customizable reports, dashboards, correlation rules and data monitors to measure and report on the effectiveness of controls through both technical checks and business process activity review. These views provide a real-time status of issues against specific compliance requirements, as well as comprehensive reporting on historical data which can be used for benchmarking efforts.
  
• Real-time compliance oversight: The ArcSight Compliance Insight Package for IT Governance real-time monitoring, detection and reporting of compliance breaches, providing the ability to proactively address compliance violations before they are identified by auditors. Real-time reporting and dashboards provide application users and security professional a means of assessing compliance, as well as demonstrating to management and auditors the organization is effectively demonstrating compliance oversight.
  
• Focused tracking of administrative activity delivers effective separation of duties: A common audit point is the requirement to separately review administrative activity that relates to the access controls for regulated systems. The ArcSight Compliance Insight Package for IT Governance automatically tracks all administrative users and their activity via a unique active list functionality to easily fulfill separation of duties requirements for security monitoring.
  
• Real-time identification of compliance activity: The ArcSight Compliance Insight Package is tuned to identify and monitor compliance activity in real-time to identify gaps in the compliance effort that present a risk to the confidentiality, integrity and availability of regulated information and launch appropriate remediation actions to demonstrate full compliance management.

ArcSight Compliance Insight Packages Family
ArcSight Compliance Insight Package for IT Governance is part of the ArcSight Compliance Insight Package Family. This suite of content offerings delivers log review and security monitoring based on security and audit best practices to help organizations meet regulatory compliance requirements and institute a strong IT governance program.