Unfortunately, the overlapping standards agree on a single concept: implementing appropriate security controls to protect information from improper disclosure. However, Governance, Risk, and Compliance (GRC) requirements do not exist in a vacuum. Organizational objectives must also be supported. Critical functions can be disrupted if business needs are not considered when establishing compliance activities. In addition, providing evidence that the appropriate controls are in place and enforced is a requirement of any audit. Investing in selecting the right policies, controls, and solutions leads to more successful audits and security that is more reliable.
Carbon Blacks’s approach to compliance is simple. Organizations should include relevant stakeholders in building compliance control policies to meet regulatory standards while supporting business goals. Control policies dictate which assets are covered by each standard and what actions users can execute for each asset. By grouping similar classes of assets and users, policies can be logical to users, enforcement is automatic, and audits are simplified.
This paper will review creating compliance control policies and six key controls supported by Carbon Black:
- Configuration change monitoring and chain of custody
- File integrity control and monitoring
- Malware prevention and continuous compliance visibility
- Compliance risk analysis and measurement
- Security policy awareness, enforcement, and audit
- Portable device usage and control