IT Auditor’s Guide to Security Controls and Risk Compliance
Governance, Risk and Compliance professionals face multiple challenges. They must, of course, ensure that their organizations are meeting the minimum requirements of the appropriate standards. Many organizations must comply with multiple standards covering privacy, corporate financial data, Protected Health Information and credit card data. Fortunately, the overlapping standards agree on a single concept; implementing appropriate security controls to protect information from improper disclosure.
However, GRC requirements do not exist in a vacuum. Organizational objectives must also be supported. Critical functions can be disrupted if business needs are not considered when establishing compliance activities. In addition, providing evidence that the appropriate controls are in place and enforced is a requirement of any audit. Investing in selecting the right policies, controls and solutions leads to more successful audits and security that is more reliable.
VMware Carbon Black’s approach to compliance is simple. Organizations should include relevant stakeholders in building Compliance Control Policies to meet regulatory standards while supporting business goals. Control Policies dictate which assets are covered by each Standard and what actions users can execute for each asset. By grouping similar classes of assets and users, policies can be logical to users, enforcement is automatic and audits are simplified. This paper will review creating Compliance Control Policies and six key controls supported by VMware Carbon Black.