How Imperva SecureSphere Helps Address TRM Guidelines for ...

More documents

Recommendations

Info

While the TRM Guidelines themselves do not have any legal implications, the twelve newNotices of the TRM Guidelines do. Monetary Authority of Singapore considers Notices tobe regulatory instruments 3 . MAS takes breaches seriously, stating that “The approach inwhich MAS treats a breach to the Notice will be consistent with that for other breachesof regulations.” 4 While each Notice is different, and is designated for a different type offinancial institution, all Notices focus on the following components:• Establish a framework and process to identify critical systems• Provide high availability of critical systems• Establish and meet Recovery Time Objective (RTO) for critical systems• Report on incidents with specific timeframes• Deploy IT controls to protect customer informationBecause the new Notices of the TRM Guidelines take effect on July 1, 2014, it is importantthat all financial institutions conducting business in Singapore plan on meeting TRMcompliance by that deadline.Addressing the TRM Guideline RequirementsBecause the TRM Guidelines now have broader impact, legal implications, and a firmcompliance deadline, non-compliance with the TRM by financial institutions couldbe costly and damaging to an intuition’s reputation. To help fulfill TRM requirements,Monetary Authority of Singapore provided a TRM Checklist to guide financial institutionsin their compliance efforts.The TRM Checklist is comprehensive and contains over two hundred items that cover themany different attack vectors associated with security threats. While the checklist helpscreate a multi-layered defense strategy to protect financial systems and assets, financialorganizations can be challenged by the volume and depth of the requirements. Thecomplicated nature of security threats makes it difficult to meet many checklist itemswithout the use of proper security tools and solutions.To help organizations address the demands of the TRM, Imperva provides automatedsolutions that meet or exceed key TRM requirements. The included matrix identifiesImperva products that fully or partially address TRM Checklist Items.3. Classification of Instruments Issued by MAS, http://www.mas.gov.sg/Regulations-and-Financial-Stability/Regulatory-and-Supervisory-Framework/Classification-of-Instruments-Issued-by-MAS.aspx4. Response to Consultation Paper TRM Notice MAS2
MAS TRM Checklist Items Imperva Products AddressTRMSectionTRM Excerpts WAF IncapsulaWAFDAS DAM DBF URMD FAM FFW URMF SharePoint DSM4.2.4 Risk Monitoring ◦ ◦4.3.1 Risk Assessment ◦4.3.3 Risk Assessment ◦4.4.3 Risk Management ◦4.5.1 Risk Management ◦4.5.2 Risk Management ◦5.1.6 Vendor Monitoring ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦6.2.4 Vulnerability Assessment ◦6.2.5 Vendor Monitoring ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦6.3.3 Security Controls Review ◦ ◦6.3.4 Compliance Review ◦ ◦7.1.1 Change Monitoring ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦7.1.3 Risk Assessment ◦7.1.7 Log And Audit Trails ◦ ◦ ◦ ◦ ◦ ◦7.2.3 Risk Assessment ◦7.2.4 Segregation of Duties ◦ ◦ ◦ ◦ ◦7.3.3 Security Monitoring ◦ ◦ ◦ ◦ ◦ ◦7.3.12 Incident Analysis ◦ ◦ ◦ ◦7.4.2 Rights Management ◦ ◦7.4.4 Incident Analysis ◦ ◦ ◦ ◦ ◦ ◦9.0.1Datacenter SecuritySolutions• • • • • • • • • • •9.0.2Datacenter SecuritySolutions• • • • • • • • • • •9.1.1 Data Security Solutions • • • • • • • • •9.1.2 Data at Rest Protection ◦ ◦ ◦ ◦ ◦ ◦ ◦ ◦9.1.6 Access Control ◦ ◦ ◦ ◦ ◦9.3.1 Security Settings Review ◦9.4.1 Vulnerability Assessment ◦9.4.2 Vulnerability Assessment ◦9.5.1 Patching ◦ ◦ ◦ ◦9.6.1 Security Monitoring ◦ ◦ ◦ ◦ ◦ ◦• Fully addresses ◦ Partially addresses3
Page 1: PRODUCT WHITE OVERVIEW PAPERImperva
Page 9 and 10: Cutting Data Security Operational C

How Imperva SecureSphere Helps Address TRM Guidelines for ...

Create successful ePaper yourself

Delete template?

Save as template?