SECURITY IMPLICATIONS OF CROSS- AGENCY BIG DATA APPROACHES FOR TAX COMPLIANCE

Size: px
Start display at page:

Download "SECURITY IMPLICATIONS OF CROSS- AGENCY BIG DATA APPROACHES FOR TAX COMPLIANCE"

Transcription

1 SECURITY IMPLICATIONS OF CROSS- AGENCY BIG DATA APPROACHES FOR TAX COMPLIANCE Les McMonagle (CISSP, CISA, ITIL) Director & Principal Consultant Teradata InfoSec COE July 2013

2 Agenda Defining The Problem Defining The Solution Leveraging Information Avoid Common Mistakes Wrap-Up / Q & A 2 Confidential Do Not Distribute Without Permission

3 Dilbert and Big Data 3 Confidential Do Not Distribute Without Permission

4 Big Data: Exponential Growth in Data User Generated Content CDR (phone call records) Mobile Web User Click Stream BIG DATA Geo-location data NetFlow / IPFIX Data External Reference Sources Web logs Internet A/B testing Business Data Feeds DLP Logs Dynamic Routing HD Video Network Dynamic Routing Tables Affiliate Networks Search marketing VOIP Speech to Text Host ARP Data Behavioral Targeting Sensor data Access Logs LogOnOff Logs Static Routing Tables DNS Logs DHCP Logs Firewall Logs IDS/IPS Logs SMS/MMS SIEM Logs Increasing data variety and complexity 4 Confidential Do Not Distribute Without Permission

5 Closing The Tax Gap Is Crucial The IRS estimates that at the Federal level, the tax gap is 15% to 17% Electronic filings introduce new fraud opportunity Fraud Is Very Easy & Widespread Today Even incarcerated felons are in on it! Not just a US Federal or State issue 5 Confidential Do Not Distribute Without Permission

6 Fraud Is Very Easy & Widespread Today Electronic filing, which was introduced to speed up delivery of refunds, has made the system more vulnerable to fraud Delays in comparing W2 s to 1040 s "We will not be prosecuting our way out of this 6 Confidential Do Not Distribute Without Permission

7 Big Data Analytics involves many data sources Data from multiple disparate sources needs to be combined to provide required insight and machine intelligence Additional data sources may contain sensitive or restricted data Getting approvals for access to data sources from other agencies can be a challenge Poor Data Governance programs impede data sharing Intelligent Security can ENABLE these Analytics Opportunities 7 Confidential Do Not Distribute Without Permission

8 Trends impacting Data Privacy Three trends in Big Data Analytics and Enterprise Data Warehousing today are raising privacy concerns and increasing business risk 1. Proliferation of Personally Identifiable Information (PII) 2. Persistence/Pervasiveness of PII in Gov/Corp data 3. Consolidating data sources into a single, central repository Only one can be controlled and leveraged to reduce risk 8 Confidential Do Not Distribute Without Permission 8

9 Aligning Data Governance Strategy with emerging technology trends Applying Protection at the data layer become more critical Privacy not Technology becomes the limiting factor Active data warehouse Last year s Historical data PII Personally Identifiable Information, PHI Private Health Information, IP Intellectual Property 9 Confidential Do Not Distribute Without Permission 9

10 Access to Alternative Data Sources Structured and Unstructured Data Dept of Health Dept of Human Services Child and Spousal Support Payments Dept of Labor Generate Audit and Fraud Investigation Leads Dept of Justice Dept of Revenue Alignment with W2 Data Professional Licenses DMW Vehicle Registrations/value 10 Confidential Do Not Distribute Without Permission

11 Data Security Issues With Cross-Agency Data Sharing Defining The Problem Defining The Solution Leveraging Information Avoid Common Mistakes Wrap-Up / Q & A 11 Confidential Do Not Distribute Without Permission

12 Getting Access Without Getting Access Leverage native database Semantic Layer Security Controls to provide only required access to other sensitive data sources The Security of Inclusion versus The Security of Exclusion Grease the Data Sharing Wheels 12 Confidential Do Not Distribute Without Permission

13 Leverage Semantic Layer Security Controls Routine Application Standard View Single-Row Access Consumer Access Macro DBA/System Administrator Analytic User/Application Database Infrastructure Anonymized View Views Macros Marketing Application. Customer Base Tables Privacy Infrastructure Data Protection Security Admin Officer Disclosure Application Opt-out View Opt-out/ Anonymized View Databases/Tables Views, Macros User Profiles Logs Audit Reports 13 Confidential Do Not Distribute Without Permission

14 Perform Complex Analytics on Multiple Data Sources Path Analysis Clickstream led to a fraudulent filing Common Precursors to fraudulent activity Data Visualization Dashboards 14 Confidential Do Not Distribute Without Permission

15 Semantic Layer Security Controls Different types or combinations of Views can be applied to limit access to only required data Fraud Investigation Team View(s) Anonymized View(s) 15 Confidential Do Not Distribute Without Permission

16 Use sensitive data source without direct access Human Services Labor Health Vehicle Registrations Revenue Macro INTEGRATED DATA WAREHOUSE Standard Reports Output Stored Procedure Suspected Fraud Yes Initiate Audit or Investigation No Drop 16 Confidential Do Not Distribute Without Permission

17 Row Level Security (RLS) Controls 17 Confidential Do Not Distribute Without Permission

18 Monitoring/Detecting Internal Misuse of Data Improved Understanding from Internal Network Traffic Most network conversations (malicious and benign) have their origins in the intent of a human actor The Analysts job is really to infer the intent of the human actor by looking at the packets they generate Actor True Intent What we really care about Network Conversations Sessions Packets What we have to work with 18 Confidential Do Not Distribute Without Permission

19 Analytics Helps with ALL Compliance Issues Intended Fraud (External hackers) Innocent Mistakes Different paths, but same revenue impact! Employee misuse or abuse of data access Lack of understanding of requirements 19 Confidential Do Not Distribute Without Permission

20 Agenda Defining The Problem Defining The Problem Defining The Opportunity Defining The Solution Analytics For Compliance Leverage Information Analytics For Efficiency Avoid Common Mistakes Wrap-Up / Q & A Wrap-Up / Q & A 20 Confidential Do Not Distribute Without Permission

21 Advanced Analytic Capabilities Advanced Analytics (Predictive) Traditional Analytics (Reactive) 21 Confidential Do Not Distribute Without Permission

22 Leverage what private industry is already doing Intelligent Credit Card Authorization Checks Retailers immediately detect fraudulent product return patterns by comparing and analyzing more data sources prior to providing a refund (has this product, person, card been used recently for a similar refund?) Financial institutions for example have highly sophisticated fraud processes built off of a wide range of data and tools No need for Tax to reinvent the wheel 22 Confidential Do Not Distribute Without Permission

23 Leverage Cross-Agency Data Sharing Sources State tax and revenue agencies today utilize any or all of the following: All internal tax systems data Federal IRS data Department of Labor Unemployment data Workforce Commission data Department of Motor Vehicle (DMW) Driver s License, Vehicle Registrations Professional Licenses Customs data Secretary of State US-CIS (immigration, work permits and Visas) HHSC data, all agency data from DOL not just a subset as done today, etc. 23 Confidential Do Not Distribute Without Permission

24 Other potential external/reference data sources External reference data source include the following: Source IP Address Physical Address or neighborhood matching Multiple returns from the same source IP Address that is not equal to the tax payer address or location Credit Score Data? Clickstream data from on-line submissions subjected to path analysis to detect consistent fraudulent submission patterns Death Notifications Fish and Game Licenses FAA Others? Some reference data may be sensitive or regulated 24 Confidential Do Not Distribute Without Permission

25 Leverage what private industry is already doing Utilize many common data analytic tools and algorithms with minimal adaptation or modification Employees looking at neighbors, family members, VIP s or other acquaintances tax records or data Tagging IRS provided data to ensure compliance with IRS-1075 (Data Classification follows the data) Monitoring data access for anomalous or inappropriate access patterns or usage 25 Confidential Do Not Distribute Without Permission

26 Agenda Defining Defining The The Problem Problem Defining Defining The The Solution Opportunity Leverage Analytics Information For Compliance Avoid Analytics Common For Efficiency Mistakes Wrap-Up / Q & A Wrap-Up / Q & A 26 Confidential Do Not Distribute Without Permission

27 Avoid Common Mistakes Collecting an enormous amount of activity log and other security log data and never use it Data is then reduced to a basic forensic value only without proactive reporting and alerting on anomalous activity Mixing together different data sensitivities (Data Classification follows most sensitive data) Not leveraging activity log data to monitor data access and detect anomalous or inappropriate access patterns or usage 27 Confidential Do Not Distribute Without Permission

28 Leading Misuse of Data or Data Access Random curiosity browsing of data Looking at neighbors, family members, VIP s, other acquaintance data Mixing or co-mingling of IRS data with other sources (Data Classification follows the data) Poor application of standard information security best practices Such as Least Privilege and Need to Know basis for granting access Monitor user activity to ensure correct or appropriate use 28 Confidential Do Not Distribute Without Permission

29 Privacy Principles One 1/2 Accountability requires that the entity define, document, communicate, and assign accountability for its privacy polices and procedures and be accountable for PII under its control. Notice requires that the entity provide notice about its privacy policies and procedures and identify the purpose for which personal information is collected, used, retained, and disclosed. Choice and Consent requires that the entity describe the choices available to the individual and obtain implicit or explicit consent with respect to the collection, use, and disclosure of personal information. Collection Limitation requires that the entity collect personal information only for the purposes identified in the notice. Use Limitation requires that the entity limit the use of personal information to the purpose identified in the notice and for which the individual has provided implicit or explicit consent. Comparable lists from: International Security, Trust and Privacy Alliance (ISTPA) Association of Insurance Compliance Professionals (AICP) 29 Confidential Do Not Distribute Without Permission 29

30 Privacy Principles Two 2/2 Access requires that the entity provide individuals with access to their personal information for review and update. Disclosure requires that the entity disclose personal information to third parties only for the purposes identified in the notice and only with the implicit or explicit consent of the individual. Security requires that the entity protect personal information against unauthorized access or alteration (both physical and logical). Data Quality requires an entity maintain accurate, complete, and relevant personal information for the purposes identified in the notice. Enforcement requires that the entity monitor compliance with its privacy policies and procedures and have procedures to address privacy-related inquiries and disputes. These must be captured in business/technical requirements 30 Confidential Do Not Distribute Without Permission 30

31 Proven Data Privacy Methodology Convergence of existing Data Privacy Principles Centralized EDW s processing/protecting broadly acquired PII Experienced data privacy consultants to advise & assist (International experience, ISTPA, CHP, CISA, CISSP certifications) Reduce costs by protecting data in a single, secure repository Standardize processes to meet common requirements Solicit help from external Subject Matter Experts (SME) where appropriate 31 Confidential Do Not Distribute Without Permission 31

32 Conclusions State Tax authorities behind the curve in efforts to apply big data analytics to the tax fraud/tax gap problem Sharing data in a controlled and consistent way while applying consistent, policy and regulation compliant security controls is easier within a single, centralized data repository or EDW Reduce data hosting, data sharing, security controls and other operational costs by consolidating data from multiple DataMarts Provide only the minimum access to sensitive information assets required to support each specific business process (Least-Privilege, Need-to-Know basis) Ensure original data classification follows the data 32 Confidential Do Not Distribute Without Permission

33 Q & A 33 Confidential Do Not Distribute Without Permission

34 Les McMonagle Director & Principal Consultant - Information Security COE Les McMonagle is an information security consultant leading the Teradata InfoSec COE He has over 20 years of experience in the development and implementation of information security architectures During his career he has specialized in computer training, E-Commerce applications, IT Operations, information security architecture, processes, audits and Corporate Risk Management Les holds CISSP, CISA, ITIL and other relevant industry certifications He has participated in the development of the BITS Financial Institution Shared Assessment Program and delivered executive level presentations on Data Privacy and Security Les is also playing a lead role in developing Les McMonagle (CISSP, CISA, ITIL) Teradata s Cyber Security solution strategy and Mobile: (617) how to leverage Teradata s Unified Data Architecture (UDA) for CyberSecurity solutions 34 Confidential Do Not Distribute Without Permission

35 Contact Information If you have further questions or comments: Les McMonagle (CISSP, CISA, ITIL) Teradata Information Security, Data Privacy and Regulatory Compliance COE (617) Cell Les Arnold (512) Office 35 Confidential Do Not Distribute Without Permission

LEVERAGING BIG DATA & ANALYTICS TO IMPROVE EFFICIENCY. Bill Franks Chief Analytics Officer Teradata July 2013

LEVERAGING BIG DATA & ANALYTICS TO IMPROVE EFFICIENCY. Bill Franks Chief Analytics Officer Teradata July 2013 LEVERAGING BIG DATA & ANALYTICS TO IMPROVE EFFICIENCY Bill Franks Chief Analytics Officer Teradata July 2013 Agenda Defining The Problem Defining The Opportunity Analytics For Compliance Analytics For

More information

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence

Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing

More information

MANAGING CROSS-AGENCY DATA IN TAX COMPLIANCE JIM BLAIR TERADATA SR. CONSULTANT

MANAGING CROSS-AGENCY DATA IN TAX COMPLIANCE JIM BLAIR TERADATA SR. CONSULTANT MANAGING CROSS-AGENCY DATA IN TAX COMPLIANCE JIM BLAIR TERADATA SR. CONSULTANT Agenda Defining The Problem Cross Agency Opportunity Governance for Cross Agency Use case Wrap-Up / Q & A 2 Confidential Do

More information

Data Security as a Business Enabler Not a Ball & Chain. Big Data Everywhere May 21, 2015

Data Security as a Business Enabler Not a Ball & Chain. Big Data Everywhere May 21, 2015 Data Security as a Business Enabler Not a Ball & Chain Big Data Everywhere May 21, 2015 Les McMonagle Protegrity - Director Data Security Solutions Les has over twenty years experience in information security.

More information

D. Grzetich 6/26/2013. The Problem We Face Today

D. Grzetich 6/26/2013. The Problem We Face Today Ideas on Using Asset Criticality Inference (ACI) Through Gathering and Processing of Asset Contextual Utilizing Analytical Models and Processing Rules D. Grzetich 6/26/2013 The Problem We Face Today Security

More information

Metrics that Matter Security Risk Analytics

Metrics that Matter Security Risk Analytics Metrics that Matter Security Risk Analytics Rich Skinner, CISSP Director Security Risk Analytics & Big Data Brinqa rskinner@brinqa.com April 1 st, 2014. Agenda Challenges in Enterprise Security, Risk

More information

Security Analytics for Smart Grid

Security Analytics for Smart Grid Security Analytics for Smart Grid Dr. Robert W. Griffin Chief Security Architect RSA, the Security Division of EMC robert.griffin@rsa.com blogs.rsa.com/author/griffin @RobtWesGriffin 1 No Shortage of Hard

More information

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management

PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their

More information

Data Security as a BDM Best Practice

Data Security as a BDM Best Practice Data Security as a BDM Best Practice David Loshin, President, Knowledge Integrity Robert Shields, CISSP, Director, PMM Data Security Group May 23, 2016 About the Speaker David Loshin President, Knowledge

More information

Johnson Controls Privacy Notice

Johnson Controls Privacy Notice Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal

More information

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data

More information

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: Large organizations have spent millions of dollars on security

More information

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY POLICY Name Of Policy: Security Audit Logging Policy Domain: Security Date Issued: 05/23/11 Date

More information

FairWarning Mapping to PCI DSS 3.0, Requirement 10

FairWarning Mapping to PCI DSS 3.0, Requirement 10 FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are

More information

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical

More information

IBM SECURITY QRADAR INCIDENT FORENSICS

IBM SECURITY QRADAR INCIDENT FORENSICS IBM SECURITY QRADAR INCIDENT FORENSICS DELIVERING CLARITY TO CYBER SECURITY INVESTIGATIONS Gyenese Péter Channel Sales Leader, CEE IBM Security Systems 12014 IBM Corporation Harsh realities for many enterprise

More information

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer.

THE 2014 THREAT DETECTION CHECKLIST. Six ways to tell a criminal from a customer. THE 2014 THREAT DETECTION CHECKLIST Six ways to tell a criminal from a customer. Telling criminals from customers online isn t getting any easier. Attackers target the entire online user lifecycle from

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

Big Data, Big Risk, Big Rewards. Hussein Syed

Big Data, Big Risk, Big Rewards. Hussein Syed Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data

More information

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS

CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS CYBER4SIGHT TM THREAT INTELLIGENCE SERVICES ANTICIPATORY AND ACTIONABLE INTELLIGENCE TO FIGHT ADVANCED CYBER THREATS PREPARING FOR ADVANCED CYBER THREATS Cyber attacks are evolving faster than organizations

More information

Zubi Advertising Privacy Policy

Zubi Advertising Privacy Policy Zubi Advertising Privacy Policy This privacy policy applies to information collected by Zubi Advertising Services, Inc. ( Company, we or us ), on our Latino Emoji mobile application or via our Latino Emoji

More information

White paper. Ensuring Big Data Security with Identity and Access Management

White paper. Ensuring Big Data Security with Identity and Access Management White paper Ensuring Big Security with Identity and Access Management Summary: Enterprises today are collecting more data than ever before, from a huge variety of sources. This Big presents both an opportunity

More information

IBM QRadar Security Intelligence April 2013

IBM QRadar Security Intelligence April 2013 IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence

More information

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst

The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst ESG Brief The Growing Need for Real-time and Actionable Security Intelligence Date: February 2014 Author: Jon Oltsik, Senior Principal Analyst Abstract: ESG data indicates that many enterprise organizations

More information

Privacy Policy Last Modified: April 3, 2015 1

Privacy Policy Last Modified: April 3, 2015 1 Privacy Policy Last Modified: April 3, 2015 1 Introduction Jamberry Nails, LLC, a Utah limited liability company, U.S.A., (referred to herein as Jamberry, we, us and our ) understands the importance of

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Privacy Impact Assessment

Privacy Impact Assessment Privacy Impact Assessment For: Education Investigative Tracking System (EDITS) Date: April 10, 2013 Point of Contact: Hui Yang System Owner: Wanda A. Scott Author: William Hamel Office of Inspector General

More information

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach

August 2011. Investigating an Insider Threat. A Sensage TechNote highlighting the essential workflow involved in a potential insider breach August 2011 A Sensage TechNote highlighting the essential workflow involved in a potential insider breach Table of Contents Executive Summary... 1... 1 What Just Happened?... 2 What did that user account

More information

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA Advanced Visibility Moving Beyond a Log Centric View Matthew Gardiner, RSA & Richard Nichols, RSA 1 Security is getting measurability worse Percent of breaches where time to compromise (red)/time to Discovery

More information

Data Classification Technical Assessment

Data Classification Technical Assessment Data Classification Update: February 13th, 2015 Statement of Confidentiality This Confidential Information is being provided to Customer ABC as a deliverable of this consulting engagement. The sole purpose

More information

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF

Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk

More information

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com

Incident Response. Six Best Practices for Managing Cyber Breaches. www.encase.com Incident Response Six Best Practices for Managing Cyber Breaches www.encase.com What We ll Cover Your Challenges in Incident Response Six Best Practices for Managing a Cyber Breach In Depth: Best Practices

More information

Making critical connections: predictive analytics in government

Making critical connections: predictive analytics in government Making critical connections: predictive analytics in government Improve strategic and tactical decision-making Highlights: Support data-driven decisions using IBM SPSS Modeler Reduce fraud, waste and abuse

More information

Privacy Policy and Notice of Information Practices

Privacy Policy and Notice of Information Practices Privacy Policy and Notice of Information Practices Effective Date: April 27, 2015 BioMarin Pharmaceutical Inc. ("BioMarin") respects the privacy of visitors to its websites and online services and values

More information

Cyber Defense & Breach Response Privacy Issues

Cyber Defense & Breach Response Privacy Issues Cyber Defense & Breach Response Privacy Issues Kevin Boyle Partner 17 November 2014 Latham & Watkins is the business name of Latham & Watkins (London) LLP, a registered limited liability partnership organised

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Cyber Security Metrics Dashboards & Analytics

Cyber Security Metrics Dashboards & Analytics Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics

More information

Analytics, Big Data, & Threat Intelligence: How Security is Transforming

Analytics, Big Data, & Threat Intelligence: How Security is Transforming Analytics, Big Data, & Threat Intelligence: How Security is Transforming Jason Sloderbeck Director, Product Management RSA Web Threat Detection 1 Presentation Overview The Largest Threat How Can Big Data

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Optum Website Privacy Policy

Optum Website Privacy Policy Optum Website Privacy Policy 1 Privacy Website Privacy Policy Introduction We recognize that the privacy of your personal information is important. The purpose of this policy is to let you know how we

More information

Information Technology Policy

Information Technology Policy Information Technology Policy Security Information and Event Management Policy ITP Number Effective Date ITP-SEC021 October 10, 2006 Category Supersedes Recommended Policy Contact Scheduled Review RA-ITCentral@pa.gov

More information

Online Lead Generation: Data Security Best Practices

Online Lead Generation: Data Security Best Practices Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:

More information

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA

Leading The World Into Connected Security. Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA Leading The World Into Connected Security Dipl.-Inform., CISSP, S+ Rolf Haas Enterprise Technology Specialist Content Lead EMEA History of Defining Largest Dedicated Delivering a Next Generation Architecture

More information

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats

Cyber4sight TM Threat. Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Cyber4sight TM Threat Intelligence Services Anticipatory and Actionable Intelligence to Fight Advanced Cyber Threats Preparing for Advanced Cyber Threats Cyber attacks are evolving faster than organizations

More information

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst ESG Brief IBM: An Early Leader across the Big Data Security Analytics Continuum Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: Many enterprise organizations claim that they already

More information

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC

Threat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat

More information

March 2012 www.tufin.com

March 2012 www.tufin.com SecureTrack Supporting Compliance with PCI DSS 2.0 March 2012 www.tufin.com Table of Contents Introduction... 3 The Importance of Network Security Operations... 3 Supporting PCI DSS with Automated Solutions...

More information

IDT Financial Services Limited. Prime Card Privacy Policy

IDT Financial Services Limited. Prime Card Privacy Policy IDT Financial Services Limited Prime Card Privacy Policy Effective and Updated April 7, 2014 General IDT Financial Services Limited and its affiliates ( IDT, us, we, our ) are committed to protecting the

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector

ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector ACCESS RIGHTS MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments

More information

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice

Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Unified Cyber Security Monitoring and Management Framework By Vijay Bharti Happiest Minds, Security Services Practice Introduction There are numerous statistics published by security vendors, Government

More information

Breach Found. Did It Hurt?

Breach Found. Did It Hurt? ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many

More information

Q1 Labs Corporate Overview

Q1 Labs Corporate Overview Q1 Labs Corporate Overview The Security Intelligence Leader Who we are: Innovative Security Intelligence software company One of the largest and most successful SIEM vendors Leader in Gartner 2011, 2010,

More information

Nexed s Privacy Policy tells you what information we use, collect or disclose to third parties about our users.

Nexed s Privacy Policy tells you what information we use, collect or disclose to third parties about our users. ANSWERABLES BETA VERSION PRIVACY POLICY Effective Date: August 30, 2013 This Privacy Policy applies to the Answerables software, associated services and website located at www.nexed.com, its sub-domains

More information

Security and Privacy of Electronic Medical Records

Security and Privacy of Electronic Medical Records White Paper Security and Privacy of Electronic Medical Records McAfee SIEM and FairWarning team up to deliver a unified solution Table of Contents Executive Overview 3 Healthcare Privacy and Security Drivers

More information

Amalgamated Life Privacy Statement

Amalgamated Life Privacy Statement Amalgamated Life Privacy Statement Effective Date: June 26, 2015 This privacy statement applies to AmalgamatedLife.com and the Amalgamated Family of Companies websites, portals, products and services that

More information

H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles

H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles Privacy Notice H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles Protecting your information is important to us. The following guidelines set forth our

More information

2011 Cyber Security and the Advanced Persistent Threat A Holistic View

2011 Cyber Security and the Advanced Persistent Threat A Holistic View 2011 Cyber and the Advanced Persistent Threat A Holistic View Thomas Varney Cybersecurity & Privacy BM Global Business Services 1 31/10/11 Agenda The Threat We Face A View to Addressing the Four Big Problem

More information

www.hcltech.com Get Ready for Tomorrow, Today. Redefine Your Security Intelligence

www.hcltech.com Get Ready for Tomorrow, Today. Redefine Your Security Intelligence www.hcltech.com Get Ready for Tomorrow, Today. Redefine Your Security Intelligence Balancing Accessibility and Risk The challenge before enterprises is to provide accessibility and protect their online

More information

1. Collection and Use of Personal Information

1. Collection and Use of Personal Information MyMuCo Privacy Policy Effective Date: July 1, 2014 Welcome to MyMuCo a community for musicians and music students. Your privacy is important to MyMuCo, so we ve developed a Privacy Policy that covers how

More information

DailyMailz may collect and process the following personal information about you:

DailyMailz may collect and process the following personal information about you: Privacy Policy DailyMailz is committed to preserving the privacy of all visitors to its website www.dailymailz.nl ("Website"). This privacy policy along with DailyMailz s terms and conditions of use and

More information

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE

More information

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Seven Things To Consider When Evaluating Privileged Account Security Solutions Seven Things To Consider When Evaluating Privileged Account Security Solutions Contents Introduction 1 Seven questions to ask every privileged account security provider 4 1. Is the solution really secure?

More information

FOUR BLOCK FOUNDATION, INC. PRIVACY POLICY November 6, 2015

FOUR BLOCK FOUNDATION, INC. PRIVACY POLICY November 6, 2015 FOUR BLOCK FOUNDATION, INC. PRIVACY POLICY November 6, 2015 At Four Block Foundation, Inc. ( Four Block, we, us, or our ), our fundamental philosophy is "site visitors first." That value powers all of

More information

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec

Introduction. Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec Introduction Jason Lawrence, MSISA, CISSP, CISA Manager, EY Advanced Security Center Atlanta, Georgia jason.lawrence@ey.com Twitter: @ethical_infosec More than 20 years of experience in cybersecurity specializing

More information

CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link

CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link CASRO Digital Research Conference Data Security: Don t Risk Being the Weak Link Peter Milla CASRO Technical Consultant/CIRQ Technical Advisor peter@petermilla.com Background CASRO and Standards CASRO takes

More information

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen 14th Annual Risk Management Convention New York, New York March 13, 2013 Today s Presentation 1)

More information

1. Understanding Big Data

1. Understanding Big Data Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems

IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity

More information

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS

POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. KEY SOLUTION HIGHLIGHTS ADVANCED CYBER THREAT ANALYTICS POWERFUL SOFTWARE. FIGHTING HIGH CONSEQUENCE CYBER CRIME. Wynyard Advanced Cyber Threat Analytics (ACTA) is a Pro-active Cyber Forensics solution that helps protect organisations

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Empowering Your Business in the Cloud Without Compromising Security

Empowering Your Business in the Cloud Without Compromising Security Empowering Your Business in the Cloud Without Compromising Security Cloud Security Fabric CloudLock offers the cloud security fabric for the enterprise that helps organizations protect their sensitive

More information

Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall.

Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall. Web Analytics Understand your web visitors without web logs or page tags and keep all your data inside your firewall. 5401 Butler Street, Suite 200 Pittsburgh, PA 15201 +1 (412) 408 3167 www.metronomelabs.com

More information

Privacy Policy Last Updated September 10, 2015

Privacy Policy Last Updated September 10, 2015 Privacy Policy Last Updated September 10, 2015 Tanger Properties Limited Partnership d/b/a Tanger Outlets or Tanger Outlet Centers ("Tanger," "we" or us ), which includes affiliated companies owned or

More information

Privacy Policy Version 1.0, 1 st of May 2016

Privacy Policy Version 1.0, 1 st of May 2016 Privacy Policy Version 1.0, 1 st of May 2016 THIS PRIVACY POLICY APPLIES TO PERSONAL INFORMATION COLLECTED BY GOCIETY SOLUTIONS FROM USERS OF THE GOCIETY SOLUTIONS APPLICATIONS (GoLivePhone and GoLiveAssist)

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

GOOD PRACTICE GUIDE 13 (GPG13)

GOOD PRACTICE GUIDE 13 (GPG13) GOOD PRACTICE GUIDE 13 (GPG13) GPG13 - AT A GLANCE Protective Monitoring (PM) is based on Good Practice Guide 13 Comprises of 12 sections called Proactive Monitoring Controls 1-12 Based on four Recording

More information

ITAR Compliance Best Practices Guide

ITAR Compliance Best Practices Guide ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations

More information

What is Security Intelligence?

What is Security Intelligence? 2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the

More information

Information Security: A Perspective for Higher Education

Information Security: A Perspective for Higher Education Information Security: A Perspective for Higher Education A By Introduction On a well-known hacker website, individuals charged students $2,100 to hack into university and college computers for the purpose

More information

FitCause Privacy Policy

FitCause Privacy Policy FitCause Privacy Policy EFFECTIVE DATE: June 19, 2013 FuelGooder Inc. d/b/a FitCause ( FitCause ) values your privacy. FitCause is a social fundraising platform empowering individuals to turn their exercising

More information

Managing the Insider Threat: Real-time Monitoring of Access Patterns to ephi

Managing the Insider Threat: Real-time Monitoring of Access Patterns to ephi Managing the Insider Threat: Real-time Monitoring of Access Patterns to ephi Mac McMillan (CynergisTek, HIMSS) Jennings Aske (Partners Healthcare) Mike Terra (Oracle Corp.) Daniel Fabbri (U. Michigan)

More information

Department of State SharePoint Server PIA

Department of State SharePoint Server PIA 1. Contact Information A/GIS/IPS Director Department of State SharePoint Server PIA Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information

More information

Qlik Sense Enabling the New Enterprise

Qlik Sense Enabling the New Enterprise Technical Brief Qlik Sense Enabling the New Enterprise Generations of Business Intelligence The evolution of the BI market can be described as a series of disruptions. Each change occurred when a technology

More information

Combating a new generation of cybercriminal with in-depth security monitoring

Combating a new generation of cybercriminal with in-depth security monitoring Cybersecurity Services Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored.

More information

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT Would you rather know the presumed status of the henhouse or have in-the-moment snapshots of the fox? If you prefer to use a traditional

More information

Ganzheitliches Datenmanagement

Ganzheitliches Datenmanagement Ganzheitliches Datenmanagement für Hadoop Michael Kohs, Senior Sales Consultant @mikchaos The Problem with Big Data Projects in 2016 Relational, Mainframe Documents and Emails Data Modeler Data Scientist

More information

Quorum Privacy Policy

Quorum Privacy Policy Quorum Privacy Policy Quorum Analytics Inc. ( Quorum") has created this website (the "Website" or the "Site") to provide an online analytical tool that Subscribers can use to generate Derived Analytics

More information

McZeely Coterie, LLC Privacy Notice. Effective Date of this Privacy Notice: February 11, 2015.

McZeely Coterie, LLC Privacy Notice. Effective Date of this Privacy Notice: February 11, 2015. McZeely Coterie, LLC Privacy Notice Effective Date of this Privacy Notice: February 11, 2015. We at McZeely Coterie, LLC, the company that proudly brings you Plan Z by Zola ( Plan Z ), respect your concerns

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

CONNECTING DATA WITH BUSINESS

CONNECTING DATA WITH BUSINESS CONNECTING DATA WITH BUSINESS Big Data and Data Science consulting Business Value through Data Knowledge Synergic Partners is a specialized Big Data, Data Science and Data Engineering consultancy firm

More information

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number

More information

Network Security Policy

Network Security Policy Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus

More information

IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk

IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk Amir Jaibaji - Product Management Program Director IBM Information Lifecycle Governance IBM Unstructured Data Identification & Management An on ramp to reducing information costs and risk Enterprise big

More information

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations

HIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards

More information

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center

Combating a new generation of cybercriminal with in-depth security monitoring. 1 st Advanced Data Analysis Security Operation Center Combating a new generation of cybercriminal with in-depth security monitoring 1 st Advanced Data Analysis Security Operation Center The Challenge Don t leave your systems unmonitored. It takes an average

More information