From perimeter-based to data-centric security. Why and How we walked that way!? Christian Schmalisch, Business Development IMTF
|
|
- Whitney Marshall
- 8 years ago
- Views:
Transcription
1 From perimeter-based to data-centric security. Why and How we walked that way!? Christian Schmalisch, Business Development IMTF
2 From perimeter-based to data-centric security. Why and How we walked that way!? AGENDA 1 IMTF = information is king 2 Findings = the wall is cracking 3 Consequences = uncertainty 4 Our solution approach = data centric security 5 How our clients classify data # 2
3 IMTF`s basis for 27 years Secure Document Management solutions! competencies: promise: Compliance & Secure Document Management (DMS, CMS, LMS, RMS, Archive) 1. avaiod reputational damage 2. prevent data leaks protect client data protect personal data protect intellectual property 3. comply with regulations PRIVACY AVAILABILITY dealing with: OR/GeBüV, HaREGV, ElDI-V, ITAR, DSG, EU DPD, etc. Sarbanes Oxlex, SEC, MiFiD, Finma Annex 3, Basel II, ISchV etc. ISO QM, HIPPA, SOX, GxP, etc. # 3
4 How are we dealing with it? Our secret: within our DMS we have everything in place to fully protect information: Our EDOC format is the enterprise wide, object oriented and homogenous IMTF standard container for all information = data-centric security approach a generalized and enterprise wide model allowing meta data: Digital Signature, Encryption and Data Classification to fully protect information within our system (aligned to directives and standards reg. PCI-DSS, PII, PHI, CID, HIPPA etc.) + Information Usage Policy enforcement: Directory Services & Metadata = Authentication/Authorization, Access Control, Logging, Information Permission Management: Black Page, Print, Share, View etc. WHO can use the information WHAT can each person/group/role do with/to the information WHEN can the information be used WHERE can the information be used + Security Layer / Connector to take over external and to communicate our protection parameters to a certain extent # 4
5 # 5
6 # 6 How to replicate our data-centric / container-concept for the Outside??? in which we believed for the last 27 years.
7 what have we done? Analyses of our client needs: discussions and interviews within our network * Question: Make or Buy // Answer: Buy, cooperate and integrate High-level analysis of the market: Study of IT security concepts Study of IT security solutions Cooperation e3 AG and PWC Discussions with relevant stake holder / subject experts Detailed studies on IMTF compatibility with SB DLP, FINMA RS08/21, ISO27001 (ISMS), ISchV and ISG Incorporate an GTM # 7
8 Within our our DMS = we synonym could fully for confined protect information. and isolated, Outside our perimeter-based DMS, it was just IT environments! not our business and HYPERSUITE/5 Secure Document Management # 8
9 outside became chaotic! We saw the cracks in the wall and we saw the established solutions failing to effectively protect information. more & more business applications more & more locations more & more access & exit points changing communication processes overstrained security tools # 9
10 All concepts have certain limits, but to effectively protect information assets, we have to turn towards a data-centric security paradigm. Perimeter-centric and Exit-point Information Security Tools last line of defense too technical missing competencies in the information life cycle unreasonable monitoring burden Encrypted Gateways & Locations media- and locations-based protection only Information Right Management Platforms focus on enforcement by the author but the right data-centriy approach: WHO can use the information WHAT can each person/group do with/to the information WHEN can the information be used WHERE can the information be used # 10
11 Major issues in todays global, competitive and interconnected world to secure the most valuable asset: information Exchange of data incl. meta data compatibility with other systems Distributed IT Foundation functional differentiation vs. accurate data dispersed locations with the claim of data to be integer / accurate / up-to-date / accessible / usable / searchable / traceable etc. on a need-to-know basis Access / Exit Points have become chaotic controlling & awareness Stop the bleeding of structured and unstructured data Structured and unstructured data is growing exponentially in volume, in velocity, in variety and in complexity Daily mails, Source Radicati Group Tighter internal and external regulations compliance with more and more complex directives Average number of s received daily Average number of s sent daily s received with attachments daily # 11
12 Consequences and just some more informative facts Todays IT environments are borderless and as soon as information is created and exchanged it is exposed Once data it is generated and out of control, it is just out of control Increasing demanding responsibility for end-customers and suppliers Need to protect information throughout the entire lifecycle: creation + processing + collaboration + storage + archive + search + controlled deletion Businesses are slow and limited to self-detect breach activity the average time from initial breach to detection is 210 days (64% needed 90 days / 5% needed 3 years) Increased appreciation of IT security and data governance to protect information No or limited definition and enforcement of information security polices definition: What to be protected? Who can When and Where do What? enforcement: How to depict with which technology? # 12
13 # 13 How to replicate our data-centric / container-concept for the Outside??? our solution approach.
14 From perimeter-based to data-centric information protection approach its all about the first step: Classification! But how to classify data!? A Generic context B Parameter context goal: avaiod data leakage What to be protected? - Information types - Assets - etc. Why to be protected? - Regulations - Intelectual Properties - Defence - Reputation - etc. Protective Mechanism? Source? - Employees - Business units - Applications - Locations - etc. Consideration to End-User? Processes/ Use Cases? Final destination? - - Repositories - etc. structured approach DLP tools IRM platforms Classification 2 Processes 1 end-point encryption IAM labeling context # 14
15 We truly believe that Data-Centric-Security is all about embedding security and usage policy within the information itself because then, the information (metadata) itself can trigger suitable protection mechanisms! RMS / IRM 100% accurate LifeCycle Classification flexible & dynamic considering context automatic to manual = protecting vs teaching To derive suitable protection mechanism 100% Secure Creation & Access Points Open Creation & Access Points technical processes Information Protection Open Creation & Access Points Secure Creation & Access Points Open Creation & Access Points Secure Creation & Access Points perimeter # 15
16 Summary and discussion points Classification is the basis for a data-centric security approach and needs to be taken in two steps: 1. Theory = knowledge of processes & methods * 2. Technology = Classification Technology needs to be integrated into IRM platforms and Perimeter-based solutions To effectively protect and govern information assets from a technology perspective, we truly believe in the combination of: IRM platforms + DLP systems + Classification solutions Classification needs to be dynamic and flexible to adapt the life cycle of information. # 16
17 # 17 Q&A
18 # 18 Informatique-MTF SA Christian Schmalisch, Business Development
Securing Content Management Systems
Securing Content Management Systems The Next Frontier in Leakage Prevention 1 Terms and Definitions 2 Leakage/Loss Prevention (DLP) Technology, products, or services that prevent sensitive information
More informationData-centric Security
Data-centric Security Rui Melo Biscaia rui.biscaia@watchfulsoftware.com Watchful Software Director, Product Management Dead Horse Wisdom Graham, Texas Beat the horse faster, in an attempt to make it go
More informationRightsWATCH. Data-centric Security.
RightsWATCH. Data-centric Security. Rui Melo Biscaia, Watchful Software www.watchfulsoftware.com Director of Product Management rui.biscaia@watchfulsoftware.com The Perimeter Paradigm Well Meant Insider
More informationTITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud
Business Brief TITUS Data Security for Cloud Email Identify and Control Sensitive Data Sent to the Cloud Nine out of 10 businesses cite security as the top obstacle for cloud adoption. - IDC Control Data
More informationTrue Information Security only a click away for anyone"
True Information Security only a click away for anyone" Webinar, Tuesday 22nd July 2014 7/22/2014 WEBINAR on "True Information Security only a click away for anyone" 1 Agenda Where the industry is going
More informationGuide to Information Governance: A Holistic Approach
E-PAPER DECEMBER 2014 Guide to Information Governance: A Holistic Approach A comprehensive strategy allows agencies to create more reliable processes for ediscovery, increase stakeholder collaboration,
More informationInformation Rights Management for Banking Seclore FileSecure Provides Intelligent Document & Data Protection that Extends Beyond Enterprise Borders
Information Rights Management for Banking Seclore FileSecure Provides Intelligent Document & Data Protection that Extends Beyond Enterprise Borders A Seclore White Paper In an era where outsourcing, cloud
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationClassify, Protect, Audit: New Approach to SAP Data Security. Aparna Jue, SECUDE
Classify, Protect, Audit: New Approach to SAP Data Security Aparna Jue, SECUDE About SECUDE SECUDE is an innovarve global provider of IT data protecron solurons for SAP customers. Our user- friendly solurons
More informationWhite Paper. Managing Risk to Sensitive Data with SecureSphere
Managing Risk to Sensitive Data with SecureSphere White Paper Sensitive information is typically scattered across heterogeneous systems throughout various physical locations around the globe. The rate
More informationHow To Implement Data Loss Prevention
Data Loss Prevention Implementation Initiatives THE HITACHI WAY White Paper By HitachiSoft America Security Solutions Group September, 2009 HITACHI SOFTWARE ENGINEERING AMERICA, LTD. Executive Summary
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationBackground. Liwei Ren. Trend Micro
Securing Your Data for the Journey to the Clouds Liwei Ren, Ph.D, Trend Micro April, 2015, SNIA DSI 2015, Santa Clara, California Copyright 2011 Trend Micro Inc. 1 Background Liwei Ren Research interests
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More information10 Building Blocks for Securing File Data
hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm
More informationData Loss Prevention. Keeping sensitive data out of the wrong hands*
Data Loss Prevention Keeping sensitive data out of the wrong hands* September 9, 2007 Aaron Davies-Morris, Director PwC Advisory Services Zeke Jaggernauth, Manager PwC Advisory Services Agenda Data Breaches
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationNextLabs Rights Management Platform
KuppingerCole Report EXECUTIVE VIEW by Martin Kuppinger October 2015 Comprehensive Rights Management solution including information classification, based on a well thought-out policy management model supporting
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationAdopting Cloud Apps? Ensuring Data Privacy & Compliance. Varun Badhwar Vice President of Product Strategy CipherCloud
Adopting Cloud Apps? Ensuring Data Privacy & Compliance Varun Badhwar Vice President of Product Strategy CipherCloud Agenda Cloud Adoption & Migration Challenges Introduction to Cloud Computing Cloud Security
More informationProtecting Business Information With A SharePoint Data Governance Model. TITUS White Paper
Protecting Business Information With A SharePoint Data Governance Model TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws
More informationWhite paper. Why Encrypt? Securing email without compromising communications
White paper Why Encrypt? Securing email without compromising communications Why Encrypt? There s an old saying that a ship is safe in the harbour, but that s not what ships are for. The same can be said
More informationSecurity Bootcamp 2012-28,29,30/12/2012
Security Bootcamp 2012-28,29,30/12/2012 Microsoft SharePoint Most Valuable Professional (2011,2012) Author, Writer, Trainer & Public Speaker Founder & Editor in Chief of SharePointVN Publisher Focus on
More informationFasoo Data Security Framework
Fasoo Data Security Framework Needs for New Security Framework Significant data breach related news is continuously making headlines, and organizations involved in such breaches have suffered irreplaceable
More informationand ediscovery Peter Pepiton ediscovery Product Manager CA Information Governance
Electronic Record Retention and ediscovery Peter Pepiton ediscovery Product Manager CA Information Governance Agenda What is all this ediscovery buzz? Email is major focus of ESI Impact of New FRCP rules
More informationA Practical Guide to Data Classification
A Practical Guide to Data Classification or There and Back Again Michael A. Morabito Cardinal Health Agenda Demographics quiz Where we started Why bother? Buckets and labels Two pronged attack Overlap
More informationDesign of Database Security Policy In Enterprise Systems
Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of
More informationVAULTIVE & MICROSOFT: COMPLEMENTARY ENCRYPTION SOLUTIONS. White Paper
COMPLEMENTARY ENCRYPTION SOLUTIONS White Paper Table of Contents Section I: Vaultive & Microsoft: Complementary Encryption Solutions... 2 Section II: Vaultive is a Microsoft ISV Partner... Appendix A:
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationKelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan
The Truth about Data Loss Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors
More information10 Things IT Should be Doing (But Isn t)
Contents Overview...1 Top Ten Things IT Should be Doing...2 Audit Data Access... 2 Inventory Permissions and Directory Services Group Objects... 2 Prioritize Which Data Should Be Addressed... 2 Remove
More informationHow To Secure Cloud Computing
A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationENABLING ENTERPRISE AVEPOINT ONLINE SERVICES. For Microsoft Office 365 COLLABORATION. For how you work, where you work
ENABLING ENTERPRISE COLLABORATION For how you work, where you work AVEPOINT ONLINE SERVICES For Microsoft Office 365 1 AVEPOINT ONLINE SERVICES FOR MICROSOFT OFFICE 365 Microsoft Office 365 gives users
More informationWHITE PAPER. Deficiencies in Traditional Information Management
WHITE PAPER Deficiencies in Traditional Information Management Table of Contents 3 Abstract 3 Information Management Defined 7 Problems with Traditional Approaches 8 Conclusion Table of Figures 5 Figure
More informationCloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security
Russ Dietz Vice President & Chief Technology Officer Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security By Russ Dietz Vice President & Chief
More informationWHITE PAPER. Stay ahead (of data leak) with Data Classification and Data Loss Prevention
WHITE PAPER Stay ahead (of leak) with Data Classification and Data Loss Prevention STAY AHEAD (OF DATA LEAK) WITH RIGHTSWATCH AND DLP 2 Executive Summary Information breaches resulting from the disclosure
More informationITRC Forum 2014 萬 雲 皆 有 險 : 雲 計 算 的 安 全 怎 影 響 你 的 管 理 概 念
ITRC Forum 2014 萬 雲 皆 有 險 : 雲 計 算 的 安 全 怎 影 響 你 的 管 理 概 念 How Cloud Computing Can Rain on Your IT Management Strategy By Roger Lee Presentation for ITRC Forum 2014 11 Dec 2014 (Thu) Agenda Response to
More informationWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud - Practical advice for cloud data security Ulf Mattsson CTO, Protegrity Ulf.Mattsson@protegrity.com Ulf Mattsson, Protegrity CTO Cloud Security Alliance
More informationWebsense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration
Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be
More informationWhite paper. Four Best Practices for Secure Web Access
White paper Four Best Practices for Secure Web Access What can be done to protect web access? The Web has created a wealth of new opportunities enabling organizations to reduce costs, increase efficiency
More informationHP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015
Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Atalla Data-Centric Security & Encryption Solutions Jean-Charles
More informationProtecting Data-at-Rest with SecureZIP for DLP
Protecting Data-at-Rest with SecureZIP for DLP TABLE OF CONTENTS INTRODUCTION 3 PROTECTING DATA WITH DLP 3 FINDING INDIVIDUAL AND SHARED INFORMATION-AT-REST 4 METHODS FOR REMEDIATION 4 ENCRYPTING UNPROTECTED
More informationEmail Archiving can prevent average business cost increases of
Email Archiving Complete Computers Email Archiving helps preserve information, facilitate compliance, and speeds ediscovery with a service that s fast, scalable and secure. Business Costs Email Archiving
More informationT 410 585 9505 E TMcDonough@AInfoSys.com W www.ainfosys.com VARONIS DATA GOVERNANCE SUITE
T 410 585 9505 E TMcDonough@AInfoSys.com W www.ainfosys.com VARONIS DATA GOVERNANCE SUITE VARONIS DATA GOVERNANCE SUITE Features and Benefits FULLY INTEGRATED SOLUTIONS Varonis DatAdvantage for Windows
More informationSAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE
Information is an organization s most important strategic asset the lifeblood of the organization s knowledge, processes, transactions, and decisions. With information continuing to grow exponentially,
More informationChristine M. Frye, CIPP/US, CIPM, Chief Privacy Officer, Bank of America
Christine M. Frye, CIPP/US, CIPM, Chief Privacy Officer, Bank of America Dana Simberkoff, JD, CIPP/US, Vice President, Risk Management and Compliance, AvePoint The Landscape Prevention and Response Planning
More informationUser Driven Security. 5 Critical Reasons Why It's Needed for DLP. TITUS White Paper
User Driven Security 5 Critical Reasons Why It's Needed for DLP TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws is the responsibility
More informationhow can I comprehensively control sensitive content within Microsoft SharePoint?
SOLUTION BRIEF Information Lifecycle Control for Sharepoint how can I comprehensively control sensitive content within Microsoft SharePoint? agility made possible CA Information Lifecycle Control for SharePoint
More informationProtective Marking for UK Government
Protective Marking for UK Government WHITE PAPER Contents Introduction 3 Regulatory Requirements 3 Government Protective Marking System (GPMS) 3 The Value Beyond Regulatory Requirements 4 Leveraging Other
More informationImproving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec
Improving Unstructured Data Governance Ryan Jancaitis Product Management Symantec Agenda 1 2 3 4 Overview Data Management Data Protection and Compliance Summary Unstructured Information Growth Leads to
More informationTerrence Coan, CRM - Baker Robbins & Company 1
Life Cycle Management of Records in a Matter Centric Environment ILTA Records Management Peer Group Terrence Coan, CRM Orlando, Florida 2006 Baker Robbins & Company Agenda Current reality Why manage the
More informationData-Centric Security. A Study in Intersections
Data-Centric Security A Study in Intersections DATA SECURITY City of the Port of Seattle Airport, Seaport, Marinas, Fishing Terminals ~32 Miles Long 1,400 Employees ~$500M Annual Revenue Leading Services
More informationData Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide
Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide. Four steps for success Implementing a Data Loss Prevention solution to address PCI requirements may be broken into four key
More informationDISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com
DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationILM et Archivage Les solutions IBM
Information Management ILM et Archivage Les solutions IBM Dr. Christian ARNOUX Consultant Information Management IBM Suisse, Software Group 2007 IBM Corporation IBM Strategy for Enterprise Content Compliance
More informationAPT Protection Via Data-Centric Security. Alan Kessler President and CEO Vormetric
APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric Protect What Matters APT Protection Via Data-Centric Security Alan Kessler President and CEO Vormetric Data Breach Retrospective
More informationApproach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera
Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help
More informationSecuring Big Data Learning and Differences from Cloud Security
Securing Big Data Learning and Differences from Cloud Security Samir Saklikar RSA, The Security Division of EMC Session ID: DAS-108 Session Classification: Advanced Agenda Cloud Computing & Big Data Similarities
More informationSeven Things To Consider When Evaluating Privileged Account Security Solutions
Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationInformation Obfuscation (Data Masking)
Information Obfuscation (Data Masking) Protecting Corporate Data-Assets Presented by Michael Jay Freer Michael Jay Freer - Presenter Bio Michael Jay Freer - Information Management professional providing
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More information3 MUST-HAVES IN PUBLIC SECTOR INFORMATION GOVERNANCE
EXECUTIVE SUMMARY Information governance incorporates the policies, controls and information lifecycle management processes organizations and government agencies utilize to control cost and risk. With
More informationImage Gateway for Apeos 2.0
IGA2.0 Image Gateway for Apeos 2.0 Business Process Solutions Business Process Optimisation Versatility of the multi-function device (MFD) is an often-touted benefit by all the major office equipment manufacturers,
More informationTitus and Cisco IronPort Integration Guide Improving Outbound and Inbound Email Security. Titus White Paper
Titus and Cisco IronPort Integration Guide Improving Outbound and Inbound Email Security Titus White Paper Information in this document is subject to change without notice. Complying with all applicable
More informationFight fire with fire when protecting sensitive data
Fight fire with fire when protecting sensitive data White paper by Yaniv Avidan published: January 2016 In an era when both routine and non-routine tasks are automated such as having a diagnostic capsule
More informationInformation Security Management. Dipl.-Ing. (FH) Frank Wagner
Information Security Management Dipl.-Ing. (FH) Frank Wagner Agenda Importance of Information Security (IT-Security vs. Information Security) Information Security Policy Information Security Organization
More informationSecuring Data At Rest And Data In Motion - Strategic Data-Centric Security. 9 th March 2012
Securing Data At Rest And Data In Motion - Strategic Data-Centric Security 9 th March 2012 PKWARE Main Benefits Setting The Scene Project Management Triangle Scope Time Cost Security Triangle Security
More informationData Storage Security, Cloud Computing and Virtualization
Data Storage Security, Cloud Computing and Virtualization What You Think You Know Can Hurt You 1 The 8 Fallacies of Distributed Computing 1. The network is reliable 2. Latency is zero 3. Bandwidth is infinite
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationThe Evolving Security Landscape. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com
The Evolving Security Landscape Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Security and Compliance Trends Technology Overview and Business Drivers
More informationWhite paper. Ensuring Big Data Security with Identity and Access Management
White paper Ensuring Big Security with Identity and Access Management Summary: Enterprises today are collecting more data than ever before, from a huge variety of sources. This Big presents both an opportunity
More informationBusiness Risk Assessment - A Primer
The Evolving Security Landscape: Technology Overview and Business Drivers Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Technology Overview and
More informationM-Files QMS. Out-of-the-Box Solution for Daily Quality Management
M-Files QMS Out-of-the-Box Solution for Daily Quality Management Topics How we see Quality Management Benefits of a dedicated QMS M-Files QMS system essentials Built-in electronic and digital signing QMS
More informationThe SharePoint Customer Journey Turn SharePoint into a Broadly Adopted Compliance and Security Asset
The SharePoint Customer Journey Turn SharePoint into a Broadly Adopted Compliance and Security Asset Eric Darbe Vice President of Marketing HiSoftware Agenda What if? The compliance and security case for
More informationLogging the Pillar of Compliance
WHITEPAPER Logging the Pillar of Compliance Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 Open-eyed management 4 ISO 27001 5 PCI DSS 5 Sarbanes
More informationCloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com
Cloud Computing Risks & Reality Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com What is Cloud Security The quality or state of being secure to be free from danger & minimize risk To be protected from
More informationRSA SIEM and DLP Infrastructure and Information Monitoring in One Solution
RSA SIEM and DLP Infrastructure and Information Monitoring in One Solution David Mateju RSA Sales Consultant, RSA CSE david.mateju@rsa.com Adding an information-centric view Infrastructure Information
More informationV1.4. Spambrella Email Continuity SaaS. August 2
V1.4 August 2 Spambrella Email Continuity SaaS Easy to implement, manage and use, Message Continuity is a scalable, reliable and secure service with no set-up fees. Built on a highly reliable and scalable
More informationLDAP Authentication Configuration Appendix
1 Overview LDAP Authentication Configuration Appendix Blackboard s authentication technology is considered a focal point in the company s ability to provide true enterprise software. Natively, the Blackboard
More informationSan Francisco Chapter. Presented by Mike O. Villegas, CISA, CISSP
Presented by Mike O. Villegas, CISA, CISSP Agenda Information Security (IS) Vision at Newegg.com Typical Issues at Most Organizations Information Security Governance Four Inter-related CoBIT Domains ISO
More information9 REALITIES OF PORTABLE AND PERSISTENT DATA PROTECTION IN THE 21 ST CENTURY
9 REALITIES OF PORTABLE AND PERSISTENT DATA PROTECTION IN THE 21 ST CENTURY INTRODUCTION Over the past decade, major data breaches have made headlines, resulting in significant brand damage, costly fines,
More informationEMAIL ARCHIVING SERVICES SERVICE DEFINITION
Complete IT Support for Business Westgate IT Email Archiving Services: Service Definition Service Name Email Archiving Services Overview of Service Westgate IT s Email Archiving Services provide a reliable
More informationCA Technologies Data Protection
CA Technologies Data Protection can you protect and control information? Johan Van Hove Senior Solutions Strategist Security Johan.VanHove@CA.com CA Technologies Content-Aware IAM strategy CA Technologies
More informationProtect your organization s sensitive information and reputation with high-risk data discovery
www.pwc.com Protect your organization s sensitive information and reputation with high-risk data discovery Locate, identify, and classify sensitive data to reduce data privacy risks, lower potential data
More informationMcAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course
McAfee Host Data Loss Prevention Administration Intel Security Education Services Administration Course The McAfee Host Data Loss Prevention (DLP) Administration course provides attendees with in-depth
More informationArnab Roy Fujitsu Laboratories of America and CSA Big Data WG
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation
More informationUnderstanding and Selecting a DLP Solution. Rich Mogull Securosis
Understanding and Selecting a DLP Solution Rich Mogull Securosis No Wonder We re Confused Data Loss Prevention Data Leak Prevention Data Loss Protection Information Leak Prevention Extrusion Prevention
More informationDigital Documents, Compliance and the Cloud
A Perspective on Navigating the Complexities Associated with Digital Document Transmission and Security for the Modern Enterprise. What are Digital (Electronic) Documents The Rise of the e-document Definition
More informationInformation audits in a perimeter-less world
Information audits in a perimeter-less world Jayesh Kamat Practice Head Risk Advisory services Seclore Partner The Business Challenge Information Value Some day, on the corporate balance sheet, there will
More informationEmail Archiving Services
Email Archiving Services A reliable offsite and secure storage facility for your emails G-Cloud 5 Service Definition CONTENTS Overview of Service... 2 Effortless Protection... 3 Optional legacy Email Import...
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More information