robert drobish - 1velocity network compliance lunch

Copyright Pinnacle Technology, LLC 2007-2008

Robert Drobish

Pinnacle Technology


Today’s IT Compliance LandscapeIT Compliance has added additional

requirements on IT departments!!


What can you do???The real questions should be ‘Why should you

want to be compliant with so many different standards/regulations?’

The answer:4)Better operations of your IT department and

hopefully this will translate into your business operations.

5)Good corporate citizen for your company, employees and stakeholders.


What does compliance mean to me!!Compliance from a 20,000ft level is:2. Develop ADEQUATE policies and

procedures respective of the particular compliance area.

3. Follow these policies and procedures.


Compliance Areas and me..IT compliance high level overview…Payment Card Industry (PCI) – Is your credit card data

controlled? Is credit card information managed, encrypted, secured? Do you get annual penetration tests?

Health Insurance Portability and Accountability Act (HIPAA) - Is the personal health care data managed, secured, and monitored?

Sarbanes Oxley (SOX) - Is your financial data managed, secured, and monitored?

SAS70 - Is your financial and/or IT data managed, secured, and monitored?


Compliance Areas and me..IT compliance high level overview…Nevada Gaming Control Board Standards - IT (NGCB) -

Is your gaming user and financial data managed, secured, and monitored?

ISO Standards (9001, 17025) - Is your process and test data managed, secured, and monitored?


What does Adequate mean to me and who determines what ‘Adequate’ is?

Adequate policies and procedures are:2. Respective of the particular compliance area

(SOX, PCI, HIPAA, NGCB MICS, etc.).3. Follow a published standard (CobIT, COSO,

ITIL, ISO, etc.)4. Respective of your particular business

requirements


What does ‘Respective of your particular business requirements’ mean?

It’s your business and how you operate it, within certain compliance, or guidelines, is up to you!!

Being compliant doesn’t mean ‘Change your business’, it means ‘Prove to outside entities that you are following a set of adequate standards’.


Compliance and my ITIT compliance, on many fronts and standards,

means ‘Can you prove you (your company)..2)Are protecting the data (user access privileges, backups,

layers of security, etc.)?3)Understand at a management and employee level what is

expected and watching your operations and react if needed?

4)Know the data being used is: followed; managed; valid?5)Employ diversity, both in backups and transmission paths

and that they are truly redundant, validated and not co-dependant?


Standards, standards, standards..The different compliance standards and

requirements are different ways you can show to your employees, management, stockholders, and the international community that you are watching your ‘house’ through accepted standards and are a

Good Corporate Citizen


Extra BenefitsMeeting one, or more, compliance standards has

extra benefits, other than the auditors that visit regularly and bring gifts…

2)Your IT department often runs more efficiently and effectively allowing you to do more with the same resources, and usually reduce, drastically in some cases, problems.

3)IT has a transparency to the company as well as has additional leverage to get expenditures.


Final Thoughts

COMPLIANCEIS

GREAT

(WELL, MAYBE JUST REALLY GOOD)


Thank You.

robert drobish - 1velocity network compliance lunch

Technology

different compliance

compliance areas

itit compliance

certain compliance

particular compliance

iso standards

financial data

accepted standards