Professional Documents
Culture Documents
Mark McGovern
VP Product Management
C A Te c h n o l o g i e s
13 December 2016
WELCOME
Have a question for the speaker? Text it Use the Attachments button to
find the following:
in using the Ask A Question button!
PDF of today’s presentation
Audio is streamed over your computer
Link to the Event Home Page where
Technical issues? Click the ? button
ISACA members can find the CPE Quiz
Use the Feedback button to share your
MORE information about upcoming CSX
feedback about today’s event
events
Questions or suggestions about our
MORE assets from today’s webcast
webinar series? Visit support.isaca.org
2
TODAY’S SPEAKER
Mark McGovern
VP Product Management
CA Technologies
3
What We’ll Cover Today
4
Why Analytics Are Critical Today
A Spectrum of Real World Threats and Needs
5
Enterprise Defenses are Static
SIEM IDS
6
A Proven Approach to Security
Market Leader Providing Data Science Based
Fraud Analytics To Banks
Payment Enterprise
Security Security
7
The Key Functions of Credit Card
Security
Insight &
Learning
8
Applying the Credit Card Model
to PAM
9
Step 1: Stay Focused
Ingest
Start with the critical system Parse
– your PAM system - Normalize
Synchronize
PAM
10
Enabling Insight into Users and
Behavior
11
The Entity & Relationship Graph
12
Making Risk Decisions Using True
Context
Change detected
Identities compromised by attacks Authorized user actions that pose Blind spots in how systems are
that include: serious risks: used.
Phishing Contractors Need quick responses to incidents
Detect Weak passwords Partners and SOC inquiries:
Malware Policy violators Identify users and risky activity
Compromised devices Disgruntled and departing associated with IP, devices, data
Man-in-the-middle employees assets
14
Mitigations: Automated and
Appropriate
15
Putting it all together
16
Questions or further
information:
mark.mcgovern@ca.com
THIS TRAINING CONTENT (“CONTENT”) IS PROVIDED TO YOU WITHOUT WARRANTY, “AS IS” AND “WITH ALL
FAULTS.” ISACA MAKES NO REPRESENTATIONS OR WARRANTIES EXPRESS OR IMPLIED, INCLUDING
THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR PERFORMANCE, AND NON-
INFRINGEMENT, ALL OF WHICH ARE HEREBY EXPRESSLY DISCLAIMED.
YOU ASSUME THE ENTIRE RISK FOR USE OF THE CONTENT AND ACKNOWLEDGE THAT: ISACA HAS
DESIGNED THE CONTENT PRIMARILY AS AN EDUCATIONAL RESOURCE FOR IT PROFESSIONALS AND
THEREFORE THE CONTENT SHOULD NOT BE DEEMED EITHER TO SET FORTH ALL APPROPRIATE
PROCEDURES, TESTS, OR CONTROLS OR TO SUGGEST THAT OTHER PROCEDURES, TESTS, OR
CONTROLS THAT ARE NOT INCLUDED MAY NOT BE APPROPRIATE; ISACA DOES NOT CLAIM THAT USE OF
THE CONTENT WILL ASSURE A SUCCESSFUL OUTCOME AND YOU ARE RESPONSIBLE FOR APPLYING
PROFESSIONAL JUDGMENT TO THE SPECIFIC CIRCUMSTANCES PRESENTED TO DETERMINING THE
APPROPRIATE PROCEDURES, TESTS, OR CONTROLS.
Copyright © 2016 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This
webinar may not be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or
transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise).
THANK YOU FOR ATTENDING
THIS WEBINAR