Microsoft and Brabeion

Microsoft and Brabeion Software, leader in IT GRC solutions, have partnered to provide Microsoft customers the ability to pinpoint both where and how they are in or out of compliance with major regulations and IT control frameworks.

Brabeion's rich risk and compliance content, includes recommended baseline technical controls for the most popular Microsoft enterprise products, leveraged within Microsoft System Center Configuration Manager 2007 to provide continuous controls monitoring for key regulatory requirements, including Section 404 of the Sarbanes-Oxley Act using COBIT 4.0, European Union Data Protection Directive (EUDPD), Gramm Leach Bliley Act (GLBA), the Federal Information Security Management Act (FISMA) and Health Insurance Portability and Accountability Act (HIPAA).

The Governance, Risk and Compliance Challenge for IT

What is IT Governance, Risk and Compliance? IT organizations are called upon nearly every day to demonstrate to auditors, partners, executives, customers and employees that their IT governance, risk, compliance and security programs are protecting brand, reputation and shareholder value from theft disruption and violations. IT Governance programs focus on ensuring that risks are managed appropriately and resources managed responsibly, while aligned with strategic and tactical imperatives of the organization. Compliance programs focus on the effectiveness and relevance of IT controls put in place to meet legislative imperatives and company policies, and the risk associated with their failure. Risk and Security Management programs focus on the reduction of risk and protection of critical assets from threats that could create breaches in confidentiality, integrity or availability. However all of these programs can be compromised by insufficient controls, inefficient process, and inadequate metrics exposing companies to damage and loss of critical assets - whether they be people, processes, digital or physical assets. Microsoft's Configuration Manager, powered by Brabeion's rich risk and compliance content, eliminate these exposures ensuring governance, risk, compliance and security programs meet the requirements of business managers, auditors, partners and regulators. For the first time it's easy to know answers to questions such as: Are my Exchange and Windows Domain Controllers in compliance with SOX and FISMA regulations? Which Exchange servers are not SOX compliant? What SQL servers need to be remediated? Who changed the configuration on the server? When was the server configuration changed?

How do we meet the challenge together? There are three ways for Microsoft customers to leverage Brabeion's IT GRC solutions. Use Microsoft's Configuration Manager, out of the box, to get reports on actual baseline results, and know where and how configurations are mapped to primary regulations. Microsoft's Configuration Manager reporting dashboard demonstrates the servers which do not meet the regulation requirements. Use Microsoft Configuration Manager with Brabeion's Polaris Pathfinder to collaboratively design, review, publish and track all IT policies, procedures and controls — mapped to regulations and frameworks. Adding Brabeion's Polaris Pathfinder provides customers with closed loop policy, procedure and controls life cycle management, supported by a web-based awareness portal for policy enforcement and tracking. Use Microsoft Configuration Manager with Brabeion's Polaris Navigator to eliminate critical exposures in governance, compliance and security programs with role-based dashboards, continuous risk and compliance assessments, risk scores on assets, and comprehensive reporting. Adding Brabeion's Polaris Navigator allows customers to compare stated policies and controls from Brabeion Polaris Pathfinder with the current status of your IT environment, including all Microsoft configurations, in order to identify and prioritize remediation requirements to ensure regulatory compliance.