customer examples
TRANSCRIPT
-
8/18/2019 Customer Examples
1/13
drive
BMC Sarbanes-OxleyControl Automation:
Customer CaseStudies
December 7, 200
-
8/18/2019 Customer Examples
2/13
Sarbanes Audit Overvie!
-
8/18/2019 Customer Examples
3/13
"ar#e $etail %ranc&ise: Asset 'C&an#e Mana#ement
(ssue› Single system of record (Finance, IT, HR, Stores – 2500+)
5,000 !oc"et !#s, $,000 %or"stations, ser&er''
ccommodate y*ergrotac-.isitions (/e #ain in 200 – 200+ stores)
› 1aimi3e .*time Red.ce im*act of &ir.ses, tecno *o4ic .sers, eld s.**ort, lo lin" 4andidt
› 6icense #om*liance (*.rcased &s de*loyed) Identify 7 eliminate .na.tori3ed installations› Sec.rity
Red.ce n.m4er of .na.tori3ed canges (clean .*roll4ac")
Restrict o can target at to om d.ring 8 times
#om*reensi&e In&entory
› Re*orting (Sced.le, 9mail, cc.racyIntegrity) Identify, eliminate, red.ce ris"s
BMC Solutions
› 1arim4a :es"to*, Ser&er, :e&ice and !atc 1anagement
-
8/18/2019 Customer Examples
4/13
Sarbanes Oxley )alue
Only Aut&ori*ed So+t!are› 1arim4a #ong.ration :isco&ery – ,000 (**lications)› #ategori3e (:angero.s, ;nanted, lloed, .tori3ed)
:angero.s softare immediately .ninstalled .*on detection
› Ins.re nti system Re*ort re*eat o?enders&iolators
Scanner 9tension a.tomatically sends email en reg scanneridenties &ir.s 4y denition le@
› 6icense com*lianceAsset Mana#ement
› System of record› 6icense Trac"ing (#ong :isco&ery for real time a.dits)› 9asily etensi4le Re*orting
-
8/18/2019 Customer Examples
5/13
"ar#e %inancial (nstitution: Asset' C&an#e Mana#ement
(ssue› Single system of record (Finance, IT, HR)› 1aimi3e .*time (A0,000 or"stations, $0,000 ser&ers, 5,000 T1s)
Red.ce time in -.e.e for don systems
Increase *roacti&e ser&ice management (!atc, Softare :istri4.tion)
Red.ce im*act to reso.rces (Tellers, Bro"ers, 6oan oCcers, Systems)
Tra&erse sec.re netor" en&ironment – 6o 6in"s (200)› 6icense #om*liance (*.rcased &s de*loyed)› Sec.rity
Red.ce n.m4er of .na.tori3ed canges (clean .*roll4ac")
Restrict o can target at to om d.ring 8 times
› Re*orting (Sced.le, 9mail, cc.racyIntegrity)
BMC Solutions
› Remedy Hel*:es" 7 #ange 1anagement› R Ser&er Re*ository%or"Do› 1arim4a :es"to*, Ser&er and !atc 1anagement
-
8/18/2019 Customer Examples
6/13
(nventory )alue stablis&in# a system o+record
So+t!are Delivery› Target s.4sets of yo.r en&ironment (collections)› Re*ort s.ccess rate of deli&eries
Asset Mana#ement› #om*reensi&e so.rce of information› 9asily etensi4le
"icense Com.liance› Softare deli&ery standard softare com*liance
standard
› Target s.4sets for a**lication remo&al
-
8/18/2019 Customer Examples
7/13
Arc&itectural Overvie!
-
8/18/2019 Customer Examples
8/13
Arc&itectural Overvie!-Data Collection
-
8/18/2019 Customer Examples
9/13
$e.ortin# /rocess Controlled $e.orts
-
8/18/2019 Customer Examples
10/13
$e.ortin# /rocess Controlled Access
-
8/18/2019 Customer Examples
11/13
$e.ortin# /rocess Controlled ' O.en Access
-
8/18/2019 Customer Examples
12/13
(nventory Best /ractices ' /it+alls-Sc&edulin# (nventory Scans
Pacific Inventory Scans
12:00 AM Servers
1:00 AM Servers ATMs
2:00 AM Branch Workstations Servers ATMs
3:00 AM Branch Workstations ATMs
4:00 AM Branch Workstations ATMs
5:00 AM Branch Workstations
6:00 AM
7:00 AM Corp Workstations
8:00 AM Corp Workstations:00 AM Corp Workstations
10:00 AM Corp Workstations
11:00 AM
12:00 !M
1:00 !M Corp Workstations
2:00 !M Corp Workstations
3:00 !M Corp Workstations
4:00 !M Corp Workstations
5:00 !M
6:00 !M
7:00 !M
8:00 !M Maintenance
:00 !M
10:00 !M
11:00 !M Servers
-
8/18/2019 Customer Examples
13/13
Assessing the Readiness of IT:
$@ :oes te SE8 #ommittee .nderstand te ris"s in IT systems it com*liance to 0
2@ :oes IT .nderstand te nancial re*orting *rocess and its s.**orting systems
@ :oes #IE .nderstand ty*es of IT controls needed to s.**ort nancial *rocessing
@ re *olicies go&erning sec.rity, a&aila4ility and *rocessing integrity esta4lised,doc.mented and comm.nicated to all mem4ers of te IT organi3ation
5@ re ITGs roles and res*onsi4ilities related to Section 0 .nderstood 4y 66 sta?
@ :o mem4ers IT .nderstand teir roles, do tey *ossess s"ills to *erform o4 res*onsi4ilities relating to internal control, and
are tey s.**orted it a**ro*riate s"ill de&elo*ment
A@ Is yo.r assessment *rocess integrated com*anyGs ris" assessment *rocess fornancial re*orting
J@ :oes IT doc.ment, e&al.ate and remediate IT controls related to nancial re*ortingann.ally