Data Loss Prevention. Keeping sensitive data out of the wrong hands*
|
|
- Candace Elliott
- 8 years ago
- Views:
Transcription
1 Data Loss Prevention Keeping sensitive data out of the wrong hands* September 9, 2007 Aaron Davies-Morris, Director PwC Advisory Services Zeke Jaggernauth, Manager PwC Advisory Services
2 Agenda Data Breaches Traditional Security Limitations Data Protection Program Questions and Contacts Slide 2
3 Data Breaches Slide 3
4 Interesting Statistics Federal Trade Commission More than 54% of identity related data breaches can be attributed to theft or loss of computer or transportable media. Ponemon Institute 91% of organizations lack a process of determining data ownership 76% of organizations cannot determine who can access unstructured data 72% of marketers who out-source marketing reported a data breach vs. 56% of marketers from the general survey population Slide 4
5 Examples Company Date Details Source: Privacy Rights Clearinghouse A test preparatory firm (New York, NY) August 18, 2008 The test-preparatory firm accidentally published the personal data and standardized test scores of tens of thousands of Florida students on its Web site. One file on the site contained information on about 34,000 students in the public schools in Sarasota, Fl. Another folder contained dozens of files with names and birth dates for 74,000 students in the school system of Fairfax County, Va ,000 records. A top US bank (Minneapolis, MN) August 12, 2008 The bank notified customers that hackers accessed their confidential personal data by illegally using its access codes. Personal information including names, addresses, dates of birth, Social Security numbers, driver's licence numbers and in some cases, credit account information was accessed by "unauthorised persons. - 5,000 records. A residential mortgage banking financial holding company. (Calabasas, CA) August 02, 2008 The FBI arrested a former employee and another man in an alleged scheme to steal and sell sensitive personal information, including Social Security numbers. The breach occurred over a two-year period though July. The insider was a senior financial analyst at the company. The names were being sold to people in the mortgage industry to make new pitches. - 2,000,000 records. Slide 5
6 What is Data Loss Prevention (DLP)? Data Loss Prevention refers to a combination of strategy, people, processes and technology used to detect and/or prevent any unauthorized disclosure of data resulting in compromised confidentiality of proprietary data, intellectual property and/or non-public personally identifiable customer, employee and/or business partner data. Other industry names include: Data Leakage Protection Data Leakage Prevention Information Leak Detection & Prevention Content Monitoring and Filtering Information Protection and Controls Slide 6
7 Concerns General Sensitive data transfer via unencrypted USB keys, CDs and s Collaboration through unsecured instant messaging applications Regulatory Operational Compliance with laws and regulations: GLBA HIPAA State Breach Notification European Union Directive Drivers Protecting industry specific data such as: Credit card numbers Patient health information Social security numbers New product research Movie scripts and clips Slide 7
8 Regulatory Concerns A Constantly Changing Landscape of Global Privacy Related Laws and Regulations Since 1998, over 80 laws in over 55 countries were passed: Australia Privacy Amendment (Private Sector) Act (2000) Canada Personal Information Protection & Electronics Documents Act (2000) Chile - Law for the Protection of Private Life (1999) Czech Republic Act on Protection of Personal Data (2000) EU Directive 95/46/EC - The Data Protection Directive (1995) Foreign Encryption Laws (U.S., Canada, France, Israel, Russia, China, etc.) Germany Federal Data Protection Law (1997) Hong Kong - The Personal Data (Privacy) Ordinance (1996) Hungary - Protection of Personal Data and Disclosure of Data of Public Interest (1992) Ireland Data Protection Act (1998 revised 2003) Japan Personal Data Protection Law (2003) New Zealand - Federal Privacy Act (1993) Switzerland Federal Law on Data Protection (2000) UK Financial Services Authority Systems & Controls (2002) Slide 8
9 Regulatory Concerns Global Privacy Issues and Cross Border Data Flows Various Compliance Approaches to EU Requirements. Binding Corporate Rules Intra-Group Agreements/SLAs Local Laws and Works Council Issues Model Contracts Using EU-authorized Standard Clauses Safe Harbor Certification Slide 9
10 Operational Concerns Data Breach Considerations Detection & Escalation Notification Post Notification Response Lost Business Impact to Stock Prices Customer Retention Damage to Corporate Reputation Source: National Survey on Data Security Breach Notification Ponemon Institute Slide 10
11 Operational Concerns Enterprises are subject to key operational challenges involving intellectual property and/or other sensitive information. Specific industry sector concerns around intellectual property and other sensitive data may include: Industry Financial Services Pharmaceutical/Health Care Entertainment Challenges Customer credit card information Customer non-public PII Outsourced data processing Drug formulae Patent pending research Strategic business plans Movie scripts Movie clips (digital dailies) leaking along the content supply chain Slide 11
12 Operational Concerns Enterprises are subject to key operational challenges involving intellectual property and/or other sensitive information. Specific industry sector concerns around intellectual property and other sensitive data may include: Retail Other Industry Challenges Compromise of PCI data Marketing plans, customer trend information ERP financial data Complex data privacy requirements (global regulatory structure) Loss of intellectual property through external mass media (USB keys, removable storage) Slide 12
13 Traditional Security Limitations Slide 13
14 Traditional Security Limitations The focus has not been on actual content within files Regulatory centric vs. balanced regulatory and operational approach Keep the bad guys out (Firewalls/Antivirus/IDS/IPS/etc.) Reduced emphasis on insider threats Slide 14
15 Data Protection Program Slide 15
16 What is a Data Protection Program? A data protection program refers to a combination of strategy, people, processes and technology used to discover, inventory, classify and protect information based on it value to the organization. Such a program seeks to provide assurances that: We only collect the information we need We clearly define what data is confidential We know how it is protected We know how it is used We know how it moves We know where it is stored We know how it is destroyed Slide 16
17 What is a Data Protection Program? Governance Policies and Standards Risk Assessment Data Lifecycle Management Data Architecture Technical Safeguards Device Encryption Data in Motion Data at Rest Data at the Endpoint Information Rights Management Slide 17
18 What is a Data Protection Program? Process Controls Classification Discovery Encryption Monitoring Awareness and Training Slide 18
19 The Three Vectors of Data Loss Prevention Governance Policies & Standards Risk Assessment Data Lifecycle Management Data Architecture Technical Safeguards Process Controls Awareness & Training Technical Safeguards Device Encryption DIM DAR DAE Info Rights Mgmt Data in Motion (DIM) - Network Data at Rest (DAR) - Servers Data at the Endpoint (DAE) - Laptop computers/mass media storage Slide 19
20 The Three Vectors of Data Loss Prevention Data in Motion Data in motion refers to data that is electronically transmitted outside an organization s network through the use of , IM/chat, web pages, files transfers, etc.). Solutions that address data in motion related risks monitor and filter network traffic. Specifically, these solutions are designed to focus on sensitive data, as it travels through the network. Once identified, the solution can block the identified data or re-route it to an encryption server prior to exiting the network. Image Source: Symantec Slide 20
21 The Three Vectors of Data Loss Prevention Data in Motion Benefits Does not interfere with enduser workstations Combats data leakage All traffic routed through the servers can be monitored for sensitive data Challenges Does not encrypt data at source Does not monitor endpoints Does not monitor or control handheld devices, WiFi devices, screen captures, storage media, or printing of sensitive data Slide 21
22 The Three Vectors of Data Loss Prevention Data at Rest Data at rest refers to data that typically resides within stationary repositories (e.g. File Systems, Databases, etc.). Solutions that address data at rest related risks focus on scanning repositories across server farms to determine unauthorized locations for intellectual property and/or PII. Image Source: Symantec Slide 22
23 The Three Vectors of Data Loss Prevention Data at Rest Benefits Gain visibility into where confidential data is stored Gain insight into who has access to intellectual property/customer information or unauthorized copies thereof. Challenges Clearly defining what is considered intellectual property and the authorized locations Coordinating the scanning of highavailability systems with low utilization time windows. Identify broken business processes. Slide 23
24 The Three Vectors of Data Loss Prevention Data at the Endpoint Data at the endpoint refers to data stored on laptop computers and portable storage devices (e.g. USB drives, CD/DVDs, ipods, etc.). Solutions that address data at the endpoint related risks focus on those data storage locations through the use of agents. An agent is a piece of software that enforces security policies, behind the scenes, on a system. Depending on the technology, the solution can monitor the activity of sensitive data activity at the operating system and the application levels. Image Source: Symantec Slide 24
25 The Three Vectors of Data Loss Prevention Data at the Endpoint Benefits Policy rules defined by the software can identify abnormal behavior on the system and take appropriate action Monitors and blocks traffic from the client side Prevents unauthorized use of mass media storage devices Challenges The system hardware or existing software might not be compatible with the agent The application storing, processing, or transmitting sensitive data may not be compatible with the solution Cost of seat/agent for deploying to the entire enterprise Slide 25
26 Maturity Models Think of your organization. Dimension Strategy Level 1 Ad Hoc? Level 2 Repeatable? Level 3 Defined? Level 4 Managed? Level 5 Optimized? People Process Technology??????????????? Slide 26
27 Maturity Models Dimension Level 1 Ad Hoc Strategy Limited or no strategy for implementing effective DLP solution No incorporation of privacy policy into the DLP implementation People Limited or no trained DLP resources Process Limited or no use of DLP related processes and/or procedures No linkage to other security processes Technology Default vendor embedded reporting used Trial/Evaluation installation of DLP components No automation of reporting/monitoring Slide 27
28 Maturity Models Dimension Level 2 Repeatable Strategy Limited or no strategy for implementing effective DLP solution DLP strategy is understood but not defined DLP follows privacy policy, but no explicit coverage for DLP in policy People Technical staff are able to operate DLP devices No education of employees on security policies enforced by DLP Process Events are reviewed on a quasi-periodic basis Linkage to other security processes considered but not implemented Technology Limited use of DLP across all data states (Data in Motion, Data at Rest, Data at the Endpoint Slide 28
29 Maturity Models Dimension Level 3 Defined Strategy DLP strategy is defined in minimal form DLP is addressed in privacy policy, but may not be effective People Technical staff understand technology and train new staff Employees are exposed to security policies related to DLP, but are not aware Process SLA defined in policies for regular review and remediation of DLP events DLP linked loosely to a few security processes Technology Full architecture and monitoring rules are defined Monitoring rules have been refined to meet technical requirements Slide 29
30 Maturity Models Dimension Level 4 Managed Strategy DLP strategy has been implemented and reviewed/updated on a periodic basis DLP is included in privacy policy and is effective People Technical staff are able to deploy devices across all data states Employees are aware of security policies enforced by DLP Process Sporadic reporting to stakeholders Regular review of events and management of incidents DLP connected to other security processes regularly Technology Scope of monitoring rules is refined to meet business objectives Linkage to other security infrastructure in place Automated response to defined incidents Slide 30
31 Maturity Models Dimension Level 5 Optimized Strategy DLP strategy has been refined to align with security, compliance, and legal objectives DLP is well-aligned to privacy strategy and supports policy effectively People Technical staff are able to manage complex architecture Employees are widely educated on policy and DLP tools Process Regular KPI reporting to key stakeholders Formal remediation process for managing incidents Full integration with other security processes Technology Data is protected across all three data states and across enterprise Linkage to other security infrastructure in place Automated response with no impact to false positives Slide 31
32 Maturity Models The Market Dimension Strategy Level 1- Ad Hoc Level 2 Repeatable Level 3 Defined Level 4 Managed Level 5 Optimized People Process Technology Slide 32
33 5 Key Elements of a Successful Data Protection Program Slide 33
34 5 Key Elements of a Successful Data Protection Program Conduct Risk Assessment Determine Privacy/Operational Requirements and Design the Data Classification Schema Design and Implement Processes Deploy and/or Integrate Technologies Optimize Program Slide 34
35 1. Conduct Risk Assessment Conduct evaluations based on business and privacy requirements to identify instances of unprotected data on insecure storage or leaving the enterprise on the wire. The result enables management to determine the current level of exposure to data leakage and quickly identify broken processes. Slide 35
36 1. Conduct Risk Assessment Slide 36
37 2. Determine Privacy/Operational Requirements and Design the Data Classification Schema Review the data loss monitoring program objectives and requirements against laws and regulations, including crossborder dataflow analysis. Create data classification schema. Slide 37
38 2. Determine Privacy/Operational Requirements and Design the Data Classification Schema Slide 38
39 2. Determine Privacy/Operational Requirements and Design the Data Classification Schema Slide 39
40 3. Design and Implement Processes Create operational, exception handling and reporting processes and/or supplement existing processes. Slide 40
41 4. Deploy and/or Integrate Technologies Integrate data loss prevention and monitoring tools with the existing infrastructure. Create and tune monitoring rules to enhance effectiveness of the overall data loss prevention program. Slide 41
42 5. Optimize Program Conduct tests to evaluate whether the data loss monitoring and prevention processes and technologies operate effectively. Fine tune processes and technology configurations as needed. Slide 42
43 Questions and Contacts Aaron Davies-Morris (949) Esekiel Jaggernauth (213) Slide 43
44 2008. All rights reserved. refers to LLP (US) or, as the context requires, the global network or other member firms of the network, each of which is a separate and independent legal entity.
How To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationRSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief
RSA Solution Brief RSA Managing Data Loss the Lifecycle of Prevention Encryption Suite Keys with Uncover your risk, establish control. RSA Key Manager RSA Solution Brief 1 Executive Summary RSA Data Loss
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationSymantec DLP Overview. Jonathan Jesse ITS Partners
Symantec DLP Overview Jonathan Jesse ITS Partners Today s Agenda What are the challenges? What is Data Loss Prevention (DLP)? How does DLP address key challenges? Why Symantec DLP and how does it work?
More informationWebsense Data Security Solutions
Data Security Suite Data Discover Data Monitor Data Protect Data Endpoint Data Security Solutions What is your confidential data and where is it stored? Who is using your confidential data and how? Protecting
More informationBest Practices for DLP Implementation in Healthcare Organizations
Best Practices for DLP Implementation in Healthcare Organizations Healthcare organizations should follow 4 key stages when deploying data loss prevention solutions: 1) Understand Regulations and Technology
More informationTaking a Data-Centric Approach to Security in the Cloud
Taking a Data-Centric Approach to Security in the Cloud Bob West Chief Trust Officer CipherCloud 2014 CipherCloud All rights reserved 1 Taking a Data-Centric Approach to Cloud Data Protection Bob West
More informationISEC Seminar : Protecting Personal Data in the Electronic Media Personal Data Security @ JPMorgan Micky Lo March 2007 1 Agenda Data Theft Incidence & Industry Figures Threats and Vulnerabilities Data Protection
More informationGlobal Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister Presenter Miriam Wugmeister Morrison & Foerster LLP New York
More informationUnderstanding and Selecting a DLP Solution. Rich Mogull Securosis
Understanding and Selecting a DLP Solution Rich Mogull Securosis No Wonder We re Confused Data Loss Prevention Data Leak Prevention Data Loss Protection Information Leak Prevention Extrusion Prevention
More informationTHE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements
THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION Technology Overview, Business Justification, and Resource Requirements Introduction to Data Loss Prevention Intelligent Protection for Digital Assets Although
More informationData Loss Prevention and HIPAA. Kit Robinson Director kit.robinson@vontu.com
Data Loss Prevention and HIPAA Kit Robinson Director kit.robinson@vontu.com ID Theft Tops FTC's List of Complaints For the 5 th straight year, identity theft ranked 1 st of all fraud complaints. 10 million
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationProtecting Data-at-Rest with SecureZIP for DLP
Protecting Data-at-Rest with SecureZIP for DLP TABLE OF CONTENTS INTRODUCTION 3 PROTECTING DATA WITH DLP 3 FINDING INDIVIDUAL AND SHARED INFORMATION-AT-REST 4 METHODS FOR REMEDIATION 4 ENCRYPTING UNPROTECTED
More informationData Loss Prevention Program
Data Loss Prevention Program Safeguarding Intellectual Property Author: Powell Hamilton Senior Managing Consultant Foundstone Professional Services One of the major challenges for today s IT security professional
More informationData Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide
Data Loss Prevention Best Practices to comply with PCI-DSS An Executive Guide. Four steps for success Implementing a Data Loss Prevention solution to address PCI requirements may be broken into four key
More informationStrategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP
Strategies and Best Practices to Implement a Successful Data Loss Prevention Program Sebastian Brenner, CISSP Principal Systems Engineer Symantec LAMC Agenda 1 What DLP is and its purpose 2 Challenges
More informationAdopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.
Security solutions To support your IT objectives Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services. Highlights Balance effective security with
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationWhite paper. Five Key Considerations for Selecting a Data Loss Prevention Solution
White paper Five Key Considerations for Selecting a Data Loss Prevention Solution What do you need to consider before selecting a data loss prevention solution? There is a renewed awareness of the value
More informationEnterprise Security Solutions
Enterprise Security Solutions World-class technical solutions, professional services and training from experts you can trust ISOCORP is a Value-Added Reseller (VAR) and services provider for best in class
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationIdentifying Broken Business Processes
Identifying Broken Business Processes A data-centric approach to defining, identifying, and enforcing protection of sensitive documents at rest, in motion, and in use 6/07 I www.vericept.com Abstract The
More informationDISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com
DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention symantec.com One of the interesting things we ve found is that a lot of the activity you d expect to be malicious
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
More informationMcAfee Data Protection Solutions
McAfee Data Protection Solutions Tamas Barna System Engineer CISSP, Security+ Eastern Europe The Solution: McAfee Data Protection McAfee Data Loss Prevention Full control and absolute visibility over user
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationWebsense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration
Websense Data Security Suite and Cyber-Ark Inter-Business Vault The Power of Integration Websense Data Security Suite Websense Data Security Suite is a leading solution to prevent information leaks; be
More information10 Building Blocks for Securing File Data
hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationData Security - Trends and Remedies
1 Overvie w of Data Anonymiz ation Points to Ponder What is data anonymization? What are the drivers for data anonymization? Here are some startling statistics on security incidents and private data breaches:
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationProtecting Regulated Information in Cloud Storage with DLP
Protecting Regulated Information in Cloud Storage with DLP Protection of Regulated Information in cloud storage can be provided by an appropriate Data Loss Prevention, DLP, solution. The steps involved
More informationMore Expenses. Only this time the Telegraph will have to pay them after their recent data breech
More Expenses Only this time the Telegraph will have to pay them after their recent data breech What is an Identity? Wiki Definition Digital identity refers to the aspect of digital technology that is
More informationAlways Worry About Cyber Security. Always. Track 4 Session 8
Always Worry About Cyber Security. Always. Track 4 Session 8 Mark Stevens SVP, Global Services and Support Digital Guardian MStevens@DigitalGuardian.com 781-902-7818 www.digitalguardian.com 2 Abstract
More informationDLP Vendors 8/8/2011. Data Loss Prevention: What We ve Learned from WikiLeaks TECH 15. A Few Good Questions
Data Loss Prevention: What We ve Learned from WikiLeaks TECH 15 Aubrey Turner Fishnet Security Pat Archbold - IntApp A Few Good Questions Do you know where your sensitive data resides and its current controls?
More informationAddressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications
Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications Varun Badhwar Co-Founder; VP of Products & Solution Engineering 1 2013 CipherCloud All rights reserved. Agenda Introduction
More informationBuilding a Security Program that Protects an Organizations Most Critical Assets
Building a Security Program that Protects an Organizations Most Critical Assets ABOUT BEW GLOBAL WHAT WE WILL COVER TODAY What is a Critical Asset Protection Program Data Loss Prevention & Other Technology
More informationData Loss Prevention: Data-at-Rest vs. Data-in-Motion
Data Loss Prevention: vs. Data-in-Motion Despite massive security efforts in place today by large organizations, data breaches continue to occur and identity theft is on the rise. Something has to change.
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationEric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas. Dallas, Texas
Eric Moriak - CISSP, CISM, CGEIT, CISA, CIA Program Manager - IT Audit Children s Medical Center Dallas Dallas, Texas Objectives The purpose of this presentation is to develop a general awareness of DLP/SIEM
More informationopinion piece Fragmenting DLP assessment, implementation, and management is counter-intuitive
opinion piece Fragmenting DLP assessment, implementation, and management is counter-intuitive Contents Introduction 01 Having the cake and eating it 01 Holistic = end to end 01 The devil is in the detail
More informationThe Pros and Cons of DLP Tools
Risks and Rewards of Using Data Loss Prevention Technology in Information Security Programs reprinted with permission of Margaret P. Eisenhauer, Esq., CIPP Companies spend substantial time and money developing
More informationPOLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.
POLICIES Campus Data Security Policy Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central Policy Statement Policy In the course of its operations, Minot State University
More informationThe Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard
The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers
More informationCompromises in Healthcare Privacy due to Data Breaches
Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationThreat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA
www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationInformation & Asset Protection with SIEM and DLP
Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the
More informationImproving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec
Improving Unstructured Data Governance Ryan Jancaitis Product Management Symantec Agenda 1 2 3 4 Overview Data Management Data Protection and Compliance Summary Unstructured Information Growth Leads to
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationKelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan
The Truth about Data Loss Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan RSA Data Loss Prevention Data Breaches Overview RSA DLP Solution Five Critical Factors
More informationData Protection McAfee s Endpoint and Network Data Loss Prevention
Data Protection McAfee s Endpoint and Network Data Loss Prevention Dipl.-Inform. Rolf Haas Principal Security Engineer, S+, CISSP rolf@mcafee.com January 22, 2013 for ANSWER SA Event, Geneva Position Features
More informationA Buyer's Guide to Data Loss Protection Solutions
A Buyer's Guide to Data Loss Protection Solutions 2010 Websense, Inc. All rights reserved. Websense is a registered trademark of Websense, Inc. in the United States and certain international markets. Websense
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationSecurity in Fax: Minimizing Breaches and Compliance Risks
Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information
More informationCan Cloud Providers Guarantee Data Privacy & Sovereignty?
Can Cloud Providers Guarantee Data Privacy & Sovereignty? Andrew Bartlam, VP EMEA Business Development Cloud Exo Europe 11 th Marcg 2015 2014 CipherCloud All rights reserved. 2014 CipherCloud All rights
More informationIBM Data Security Services for endpoint data protection endpoint encryption solution
Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such
More informationSecuring Content Management Systems
Securing Content Management Systems The Next Frontier in Leakage Prevention 1 Terms and Definitions 2 Leakage/Loss Prevention (DLP) Technology, products, or services that prevent sensitive information
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationInformation Security & Privacy Solutions Enabling Information Governance
Information Security & Privacy Solutions Enabling Information Governance LYNDA KEITANY IM SALES SPECIALIST July 11, 2012 What s at Stake? Damage to company reputation Brand equity damage; negative publicity
More informationTrend Micro Data Protection
Trend Micro Data Protection Solutions for privacy, disclosure and encryption A Trend Micro White Paper I. INTRODUCTION Enterprises are faced with addressing several common compliance requirements across
More informationProtecting What Matters Most. Bartosz Kryński Senior Consultant, Clico
Protecting What Matters Most Bartosz Kryński Senior Consultant, Clico Cyber attacks are bad and getting Leaked films and scripts Employee lawsuit Media field day There are two kinds of big companies in
More informationon Data and Identity Theft*
on Data and Identity Theft* What you need to know about emerging topics essential to your business. Brought to you by PricewaterhouseCoopers. October 2008 A collaborative business world s Achilles heel
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationDon't Be The Next Data Loss Story
Don't Be The Next Data Loss Story Data Breaches Don t Discriminate DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor Royal London Mutual Insurance Society
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationSecurity for the Cloud of Clouds
Security for the Cloud of Clouds Ramy Houssaini. Vice President, BT Security Europe. RamyHoussaini strategicleadership About BT Security BT s end to end Security portfolio integrates classic perimeter
More informationBUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION S MOST CRITICAL ASSETS
BUILDING A SECURITY PROGRAM THAT PROTECTS AN ORGANIZATION S MOST CRITICAL ASSETS ABOUT BEW GLOBAL Founded 2002 Global Service Delivery Focused Expertise Quality Management S O L U T I O N O F F E R I N
More informationData Loss Prevention: Keeping sensitive data out of the wrong hands*
Advisory Services Security Data Loss Prevention: Keeping sensitive data out of the wrong hands* Photo goes here *connectedthinking pwc Table of contents The heart of the matter 2 Data security breaches
More informationSample Data Security Policies
This document provides three example data security policies that cover key areas of concern. They should not be considered an exhaustive list but rather each organization should identify any additional
More informationEnterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
More informationHCCA Compliance Institute 2013 Privacy & Security
HCCA Compliance Institute 2013 Privacy & Security 704 Conducting a Privacy Risk Assessment A Practical Guide to the Performance, Evaluation and Response April 23, 2013 Presented By Eric Dieterich Session
More informationAB 1149 Compliance: Data Security Best Practices
AB 1149 Compliance: Data Security Best Practices 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: AB 1149 is a new California
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationEmpowering Your Business in the Cloud Without Compromising Security
Empowering Your Business in the Cloud Without Compromising Security Cloud Security Fabric CloudLock offers the cloud security fabric for the enterprise that helps organizations protect their sensitive
More informationA CPA recounts exponential growth in Compliance. Mary Ellen McLaughlin
Compliance TODAY September 2015 a publication of the health care compliance association www.hcca-info.org A CPA recounts exponential growth in Compliance an interview with Patricia Bickel Compliance and
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationINFORMATION SECURITY FOR YOUR AGENCY
INFORMATION SECURITY FOR YOUR AGENCY Presenter: Chad Knutson Secure Banking Solutions, LLC CONTACT INFORMATION Dr. Kevin Streff Professor at Dakota State University Director - National Center for the Protection
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationWhite paper. Why Encrypt? Securing email without compromising communications
White paper Why Encrypt? Securing email without compromising communications Why Encrypt? There s an old saying that a ship is safe in the harbour, but that s not what ships are for. The same can be said
More informationData Classification Technical Assessment
Data Classification Update: February 13th, 2015 Statement of Confidentiality This Confidential Information is being provided to Customer ABC as a deliverable of this consulting engagement. The sole purpose
More informationTNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business
TAKING OUR CUSTOMERS BUSINESS FORWARD The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment
More informationIBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationHIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help
HIPAA Omnibus Compliance How A Data Loss Prevention Solution Can Help The Health Information Portability and Accountability Act (HIPAA) Omnibus Rule which will begin to be enforced September 23, 2013,
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationManaging your data processors: legal requirements and practical solutions
Managing your data processors: legal requirements and practical solutions Peggy Eisenhauer Privacy & Information Management Services This article has been published in the August 2007 issue of BNAI s World
More informationViva la Cloud IAPP Privacy Academy 2013
Viva la Cloud IAPP Privacy Academy 2013 Speaker Intros Chris Zoladz Founder Varun Badhwar VP of Product Strategy -2- Basic Premises for this Session Use of the cloud will continue to explode Security and
More informationERNW Newsletter 29 / November 2009
ERNW Newsletter 29 / November 2009 Dear Partners and Colleagues, Welcome to the ERNW Newsletter no. 29 covering the topic: Data Leakage Prevention A Practical Evaluation Version 1.0 from 19th of november
More informationCybersecurity and internal audit. August 15, 2014
Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices
More informationExecutive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:
Executive Summary Texas state law requires that each state agency, including Institutions of Higher Education, have in place an Program (ISP) that is approved by the head of the institution. 1 Governance
More information