sponsored by Tripwire, Inc.
Posted:  25 Sep 2008
Published:  19 Sep 2008
Format:  PDF
Length:  11  Page(s)
Type:  White Paper
Language:  English
ABSTRACT:
High profile information security failures resulting in the loss of cardholder data, confidential information, and personally identifiable information (PII) have substantially increased regulatory pressure. Many organizations must now comply with standards such as PCI, regulations like SOX-404 or HIPAA, and state privacy laws. Traditional IT auditors and security assessors have been focused on the physical components of the IT infrastructure. However, virtualization technologies are increasingly being used in business processes that have IT compliance requirements.

The goal of this paper is to present the unique considerations that virtualization presents to regulatory and standards compliance, and then prescriptively describe how to mitigate those risks:

  • Discuss the different regulatory and contractual compliance objectives.
  • Explain how to achieve and demonstrate compliance.
  • Take a look at secure virtualization technologies.
  • Provide a detailed example of achieving and proving compliance with PCI.



Authors

Charu Chaubal
Senior Architect in Technical Marketing ,  Vmware
Charu is a Senior Architect in Technical Marketing at VMware, where he enables customer adoption and drives key partnerships for datacenter virtualization. His areas of expertise include virtualization security and compliance and infrastructure management. Charu has been responsible for defining and delivering VMware’s prescriptive guidance on security hardening and operations. Previously, Charu worked at Sun Microsystems, where he had over seven years experience designing and developing distributed resource management and grid infrastructure software solutions.

Anton Chuvakin
Chief Logging Evangelist ,  LogLogic
Dr. Anton Chuvakin is a recognized security expert and book author. In his current role as a Chief Logging Evangelist with LogLogic, a log management and intelligence company, he is involved with projecting LogLogic's product vision and strategy to the outside world, conducting logging research and influencing company vision and roadmap.

Gene Kim
CTO and Co-founder ,  Tripwire
Gene Kim, CISA, is the CTO and founder of Tripwire, Inc. In 1992, he co-authored Tripwire while at Purdue University with Dr. Gene Spafford. In 2004, he wrote the Visible Ops Handbook and co-founded the IT Process Institute. Recently, Gene was honored as one of the "Top 4 CTOs to Watch" by InfoWorld magazine due to his "forward-thinking and leading-edge activities. Gene is certified on both IT management and audit processes, possessing both ITIL Foundations and CISA certifications.

Chris Richter
VP and General Manager of Security Products
Chris is VP and general manager of security products and services at SAVVIS, a leading network, hosting and security services provider, where he is responsible for the managedsecurity line of business, strategy and product portfolio. He leads the effort behind implementing standardized control frameworks and risk management processes across SAVVIS’ dedicated and cloud-based services. He also is in a leadership role in working on the company’s “IT Utility,” a virtualized hosting services platform with products currently in use by thousands of enterprises worldwide.

Sean Sherman

With more than 22 years in IT, Sean has been involved in the development of complex IT systems for a variety of industries. He holds a number of technical certifications including CISSP, CISA, PMP and MCSE. He is active in a number of organizations and is currently a board member for a local ISACA Chapter. Sean’s background includes Developer, Management of IT, Manager of Consulting Services, Program and Project Management, Senior Consultant and Practice Leader for Classified Information Services.



BROWSE RELATED RESOURCES
Compliance Audits | Compliance Best Practices | Compliance Software | HIPAA | HIPAA Compliance | Security Audits | Security Infrastructure | Security Management | Storage Virtualization | Storage Virtualization Software

View All Resources sponsored by Tripwire, Inc.

About TechTarget:

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines

All Rights Reserved, Copyright 2000 - 2014, TechTarget | Read our Privacy Statement