Instructor Introduction
|
|
- Pearl Cameron
- 8 years ago
- Views:
Transcription
1 Securing Big Data
2 Instructor Introduction Leighton R. Johnson, III CISA, CISSP, CISM, MBCI, CSSLP, CIFI, CFCP, CAP, CRISC SC-ISACA Chapter Instructor Member: IEEE, ACM, ASIS, ISSA, IISFA, ISACA, ISC2, CSA, BCI, InfraGard, OSE
3 Background Leighton Johnson, the CTO of ISFMT (Information Security & Forensics Management Team), has presented computer security and forensics classes and seminars all across the United States and Europe. He has over 38 years experience in Computer Security, Software Development and Communications Equipment Operations & Maintenance; Primary focus areas include computer security, information operations & assurance, software system development life cycle focused on modeling & simulation systems, systems engineering and integration activities, database administration, business process & data modeling
4 Securing Big Data Every day 2.5 exabytes of data are generated from new and traditional sources including climate sensors, social media sites, digital pictures & videos, purchase transaction records, cellphone GPS signals, and more. Big data environments allow organizations to aggregate more and more data much of which is financial, personal, intellectual property or other types of sensitive data. The data is both unstructured and structured; huge amounts exist in systems and often it is real-time live data.
5 What is Big Data? Big data is the combination of any type of data structured and unstructured such as text, sensor data, audio, video, clickstreams, log files and more
6 Areas of Interest The Big Data areas of concern to auditors and security professionals include: Sensitive data discovery and classification Data access and change controls. Real-time data activity monitoring and auditing Data protection Data loss prevention Vulnerability management Compliance management
7 Big Data Components 3 V s Velocity Volume Variety Speed of data in and out Increasing amount of data Range of data types and sources
8 How Much is Big?
9 Big Data Sources Structured Data RDBMS based Unstructured Data Real-time data feeds Social Media sources i.e. Twitter, Facebook, Reddit, etc.
10 Big Data Usage Science and research Government Corporation/Private Sector Retail Wal-Mart 1M transactions per hour Amazon 3 DBs online 7.8 TB, 18.5 TB, and 24.7 TB Healthcare Energy/Smart Grid Others
11 Big 3 Big Data Users Marketing Trend Analysis Retail Sales Analysis Security Activity Correlation Analysis
12 Big Data Impacts & Benefits Governance What Data should be Included Planning Process of collecting and organizing outcomes Utilization Becoming information mavens Assurance Data Quality Privacy Regional and National Laws
13 Big Data Security Uses Big Data Security-based analysis can be used to: Detect probable threats based on current vulnerabilities, Provide analysis of identity and access activities, Correlate events and alerts, and Provide meaningful insights into the effectiveness of remediation of security incidents Identify patterns of anomalies to normal behavioral performance, operations and configuration states, Capacity planning and forecast of IT resource utilization
14 Security of Big Data Secure data, collect it, and then aggregate to evaluate to total Obtain visibility of all data - Collection Understand the context - Integration Utilize the intelligence - Analytics
15 Security Key - Correlation
16 Big Data Security Correlation Analysis capabilities Incident Response capabilities Data Breach capabilities Data Recovery capabilities Disaster Recovery capabilities Forensics capabilities
17 Compliance and Big Data Issues Volume Complexity Lack of consistent structure Need to isolate the compliance-sensitive portions of data from total
18 Compliance Issue Example Create multiple data sets and put them in the same location, Allows technology to cross-integrate that information. Potential new information that needs new controls. For instance, List of clients and it s benign Add marketing information from a third-party Now have a new data set. Then link in other information Now possible to have PII which requires compliance and protection Accomplished through dynamic queries of data sources.
19 Statutory & Regulatory Needs Scope Location Transnational Considerations Privacy Considerations Downstream Liabilities
20 Big Data Regulatory Issues Regulatory Considerations HIPAA SOX GLBA EU rules FACTA FERPA PCI-DSS
21 Regulatory Issue Example 1 HIPAA/HITECH Consequences of non-compliance are potentially severe, including both civil and criminal penalties Two ways to control keep data secure from release Encryption Destruction
22 Regulatory Issue Example 2 PCI-DSS An industry-wide framework for protecting consumer credit card data. Any company that stores, processes or transmits credit card data must comply with PCI-DSS by properly securing and protecting the data 22
23 Big Data & Cloud Legal Issues Where is the data? Cloud server locations Legal status vary from country to country. Despite the global feel of the cloud, some countries laws will be involved when it s time to sue to get back data or to demonstrate compliance with privacy rules.
24 ISACA s 5 Key Questions for Big Data Privacy and Security Can the company trust its sources of Big Data? What information is the company collecting without exposing the enterprise to legal and regulatory battles? How will the company protect its sources, processes and decisions from theft and corruption? What policies are in place to ensure that employees keep stakeholder information confidential during and after employment? What actions are company taking that creates trends that can be exploited by its rivals?
25 Securing Big Data Focal Points Security Architecture Infrastructure Components Hardware Software Computational Algorithms Real-Time Analytics Data Itself 25
26 Questions for Securing Big Data Data Fits Into Organization How? Data is Classified How? Search Algorithms are Controlled How? Data is Accessed How and By Whom? Data is Reported Out How and To Whom? Data is Updated - How Often and By What Process? 26
27 What Data Needs Securing Structured Data Sources Unstructured Data Sources Real-time Data Feeds Time-sensitive Data Meta-Data about the Data 27
28 Structured Data Sources Local Databases Spreadsheets and Office Documents Data Warehouses Partner Data Data Brokers 28
29 Standard Database Security Data Schemas Meta-data Files, Folders, Interfaces Transaction Logs ISACA has many documents covering various RDBMS 29
30 ISACA Sources - Examples Security, Audit and Control Features Oracle Database, 3rd Edition Social Media Audit/Assurance Program Personally Identifiable Information (PII) Audit/Assurance Program MySQL Server Audit/Assurance Program Microsoft SQL Server Database Audit/Assurance Program IT Tactical Management Audit/Assurance Program 30
31 COBIT based reviews Evaluate, Direct and Monitor Align, Plan and Organize Build, Acquire and Implement Deliver, Service and Support Monitor, Evaluate and Assess
32 Structured Data Review Files and Folders Databases Spreadsheets and Office Documents Data Warehouses Type Structure
33 Structured Data - 1 Standard database security efforts Data Schemas Meta-data Transaction Logs
34 Structured Data - 2 Standard Interface reviews Logs Transactions Meta-data on files, documents, and folders
35 Database Security Auditing Can relate to the timestamps that apply to the update time of a row in a relational table being inspected and tested for validity in order to verify the actions of a database user. May also focus on identifying transactions within a database system or application that indicate evidence of wrongdoing, such as fraud.
36 Database Security Issues Change Management for schemas and formats Transaction Logging Retention Requirements
37 Unstructured Data Sources - 1 Social Media feeds Facebook, Twitter, LinkedIn, etc. Non-transactional Data structures Blogs And Chats Collaborative Environment Machine to Machine (M2M) data IoT data Sensor Data Feeds i.e. GPS Data 37
38 Unstructured Data Sources - 2 /Documents/Spreadsheets Social Media feeds Facebook, Twitter, LinkedIn, etc. News and Real-time Data feeds Log Files
39 Social Media Security Practices Authentication of social media evidence can present significant challenges Collection by screen shots, printouts or raw html feeds from an archive tool. Capture Techniques Documented Properly collected, preserved, searched and presented Metadata Search Criteria for Each Investigation Proper Chain of Custody Associated metadata is preserved Authenticity can be establish.
40 Twitter Security Twitter RSS feed Undocumented... eobama /user_timeline.rss?screen_name=michelleobama Twitter API. Every user has a unique # id: , screenname: MichelleObama Names may change! Twitter ID unique!
41 Facebook Security Facebook... Profile Information, Location, Photos... Text and Links, Checkins Friends / Close Friends / Family Apps Pages Groups Interests ***
42 Facebook Security (cont.) Why??? Criminal reasons Missing Persons Infidelity Malware Scams, Fraud, Human trafficking Child Pornography Illegal media sharing...
43 LinkedIn Security LinkedIn User Profiles LinkedIn Company Profiles LinkedIn Groups Advanced Search Premium Accounts
44 Issues Structures and Format Differences Storage Requirements Retention Practices
45 Visualization efforts Attempts to Visualize Data using various visualization techniques
46 Big Data Areas for Audits and Security Data Sources Real-time Data Feeds Time-sensitive Data Meta-Data about the Data Data Users Data Access Data Modification
47 Big Data Challenges to Security Rapid response times needs Non-consistency of data structures Lack of audit and security tools
48 How to Determine What to Secure Sources Timing Structures Compliance Needs One Way Examine Data Itself Forensically 48
49 Network Components Device Logs Transactional Logs Packet Captures
50 Security Itself Areas Within Environment Transactional Logs Network Activity Edge / Boundaries Access Attack Vectors Authentication
51 What To Look For - 1 Missing data either some or all of the data missing. Data out of range results range from A value of 300 is out of valid range. Another example is if data can vary in range, but has historically been within a particular range, a value outside that range might be reviewed. Duplicate data multiple observations for the same occurrence. Invalid data Wrong or incorrect data. Bad format data Fields that should be formatted in a particular manner are not. For example date fields that should be in ddmmyy format are recorded as ddmmmyyyy.
52 What to Look For 2 Unformatted data Data that should have been recorded in a particular format, such as an address where the street name and number goes in one area, the city goes in another, the country in still another and the post or zip code in yet another. If all the information is combined in one field, this makes processing difficult. Incomplete data files or records within a file that have missing fields or periods of coverage.
53 What To Look For - 3 Patterns of anomalies to normal behavioral performance, IT operations and configuration states, Capacity and forecast of IT resources
54 Securing Big Data - What To Do Access Controls Encryption Controls Audit Controls Governance Controls
55 What To Do - Access Internal and external authentication Object permission management in Structured Databases Extra controls for AC in data feeds Multifactor Authentication
56 What To Do - Encryption Transparent data encryption for all objects and data File-level and block-level encryption ETE Encryption for all moving data Robust key management
57 What To Do - Audit Auditing of all user activity/changes Watch the Input for Malicious or Inadvertent alterations Log Management criteria who can change what, under what circumstances, and when?
58 What To Do - Governance Data Security Laws in Location possible compliance issues ensure policies cover this Who is watching the watchers? Have a monitoring activity in place Reporting to Senior Executives and BOD especially for risks
59 What To Do - Summary Watch the Input for Malicious or Inadvertent alterations Change of Audit Logs is red flag Oversight in Privacy and Compliance areas have significant legal results watch these closely
60 Summary Identify redundant, obsolete, and trivial data in gathered data locations Detect personal data where possible Exercise classification and processing activities on a data set Activate forensics actions when and where needed Review which data files will be affected by a Compliance requirement
61 QUESTIONS
IBM Software Top tips for securing big data environments
IBM Software Top tips for securing big data environments Why big data doesn t have to mean big security challenges 2 Top Comprehensive tips for securing data big protection data environments for physical,
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationALERT LOGIC FOR HIPAA COMPLIANCE
SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More informationEmpowering Your Business in the Cloud Without Compromising Security
Empowering Your Business in the Cloud Without Compromising Security Cloud Security Fabric CloudLock offers the cloud security fabric for the enterprise that helps organizations protect their sensitive
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationCYBERSECURITY: ISSUES AND ISACA S RESPONSE
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures Mobile devices Social media Cloud services
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationSarbanes-Oxley Compliance for Cloud Applications
Sarbanes-Oxley Compliance for Cloud Applications What Is Sarbanes-Oxley? Sarbanes-Oxley Act (SOX) aims to protect investors and the general public from accounting errors and fraudulent practices. For this
More informationNiara Security Intelligence. Overview. Threat Discovery and Incident Investigation Reimagined
Niara Security Intelligence Threat Discovery and Incident Investigation Reimagined Niara enables Compromised user discovery Malicious insider discovery Threat hunting Incident investigation Overview In
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationAudit Logging. Overall Goals
Audit Logging Security Training by Arctec Group (www.arctecgroup.net) 1 Overall Goals Building Visibility In Audit Logging Domain Model 2 1 Authentication, Authorization, and Auditing 3 4 2 5 6 3 Auditing
More informationHealth & Life sciences breach security program. David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences
Health & Life sciences breach security program David Houlding MSc CISSP CIPP Healthcare Privacy & Security Lead Intel Health and Life Sciences Overview 1. Healthcare Security Research / Directions 2. Healthcare
More informationSecuring Big Data Learning and Differences from Cloud Security
Securing Big Data Learning and Differences from Cloud Security Samir Saklikar RSA, The Security Division of EMC Session ID: DAS-108 Session Classification: Advanced Agenda Cloud Computing & Big Data Similarities
More informationOCIE Technology Controls Program
OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationKEY TRENDS AND DRIVERS OF SECURITY
CYBERSECURITY: ISSUES AND ISACA S RESPONSE Speaker: Renato Burazer, CISA,CISM,CRISC,CGEIT,CISSP KEY TRENDS AND DRIVERS OF SECURITY Consumerization Emerging Trends Continual Regulatory and Compliance Pressures
More informationBig Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data
Big Data in Action: Behind the Scenes at Symantec with the World s Largest Threat Intelligence Data Patrick Gardner VP Engineering Sourabh Satish Distinguished Engineer Symantec Vision 2014 - Big Data
More informationHow To Manage Security On A Networked Computer System
Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More informationLog Management How to Develop the Right Strategy for Business and Compliance. Log Management
Log Management How to Develop the Right Strategy for Business and Compliance An Allstream / Dell SecureWorks White Paper 1 Table of contents Executive Summary 1 Current State of Log Monitoring 2 Five Steps
More informationOver 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit.
CYBERSECURITY: ISSUES AND ISACA S RESPONSE June 2014 BILL S BIO Over 20 years experience in Information Security Management, Risk Management, Third Party Oversight and IT Audit. Vice President Controls
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationSecurity Information Lifecycle
Security Information Lifecycle By Eric Ogren Security Analyst, April 2006 Copyright 2006. The, Inc. All Rights Reserved. Table of Contents Executive Summary...2 Figure 1... 2 The Compliance Climate...4
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationSolution Brief for HIPAA HIPAA. Publication Date: Jan 27, 2015. EventTracker 8815 Centre Park Drive, Columbia MD 21045
Publication Date: Jan 27, 2015 8815 Centre Park Drive, Columbia MD 21045 HIPAA About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationHIPAA and HITECH Compliance for Cloud Applications
What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationSecurity management solutions White paper. IBM Tivoli and Consul: Facilitating security audit and compliance for heterogeneous environments.
Security management solutions White paper IBM Tivoli and Consul: Facilitating security audit and March 2007 2 Contents 2 Overview 3 Identify today s challenges in security audit and compliance 3 Discover
More informationWhite Paper Achieving HIPAA Compliance through Security Information Management. White Paper / HIPAA
White Paper Achieving HIPAA Compliance through Security Information Management White Paper / HIPAA Contents Executive Summary... 1 Introduction: Brief Overview of HIPAA... 1 The HIPAA Challenge: Protecting
More informationWhite Paper Achieving SOX Compliance through Security Information Management. White Paper / SOX
White Paper Achieving SOX Compliance through Security Information Management White Paper / SOX Contents Executive Summary... 1 Introduction: Brief Overview of SOX... 1 The SOX Challenge: Improving the
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationCloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC
Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationNIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT
NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT OVERVIEW The National Institute of Standards of Technology Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework) is a
More informationProtecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11
Protecting What Matters Most Terry Ray Chief Product Strategist Trending Technologies Session 11 Cyber attacks are bad and getting Significant economic Stock price fell by 14% Impacted profits by 46% Total
More informationLOG INTELLIGENCE FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF uugiven today s environment of sophisticated security threats, big data security intelligence solutions and regulatory compliance demands, the need for a log intelligence solution has become
More informationLogging the Pillar of Compliance
WHITEPAPER Logging the Pillar of Compliance Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 Open-eyed management 4 ISO 27001 5 PCI DSS 5 Sarbanes
More informationBIG DATA ANALYTICS REFERENCE ARCHITECTURES AND CASE STUDIES
BIG DATA ANALYTICS REFERENCE ARCHITECTURES AND CASE STUDIES Relational vs. Non-Relational Architecture Relational Non-Relational Rational Predictable Traditional Agile Flexible Modern 2 Agenda Big Data
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationThe webinar will begin shortly
The webinar will begin shortly An Introduction to Security Intelligence Presented by IBM Security Chris Ross Senior Security Specialist, IBM Security Agenda The Security Landscape An Introduction to Security
More informationNitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring
NitroView Unified Security and Compliance Unmatched Speed and Scale Application Data Monitoring Database Monitoring Log Management Content Aware SIEM TM IPS Today s security challenges demand a new approach
More informationSecurity in Fax: Minimizing Breaches and Compliance Risks
Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information
More informationProfessional. Compliance & Ethics. 19 The seven deadly sins of unethical organizations. 49 Anti-corruption and global supply chains
Compliance & Ethics April 2014 Professional a publication of the society of corporate compliance and ethics www.corporatecompliance.org Meet Tyrell J. Campbell Investigator Pinnacle Investigations, Inc.
More informationThe Big Data Paradigm Shift. Insight Through Automation
The Big Data Paradigm Shift Insight Through Automation Agenda The Problem Emcien s Solution: Algorithms solve data related business problems How Does the Technology Work? Case Studies 2013 Emcien, Inc.
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationCybercrime & Cybersecurity: the Ongoing Battle International Hellenic University
Cybercrime & Cybersecurity: the Ongoing Battle International Hellenic University Andreas Athanasoulias, CISM, CISSP Information Security Officer & Security Consultant Brief introduction My career path
More informationRSA Security Analytics Security Analytics System Overview
RSA Security Analytics Security Analytics System Overview Copyright 2010-2015 RSA, the Security Division of EMC. All rights reserved. Trademarks RSA, the RSA Logo and EMC are either registered trademarks
More informationCloudy Privacy Computing
Cloudy Privacy Computing Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI Final Draft for December 2008 CSI Alert Is cloud computing cumulous or cirrus? At Thanksgiving dinner, some of my relatives (none
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationPrivilege Gone Wild: The State of Privileged Account Management in 2015
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationNiara Security Analytics. Overview. Automatically detect attacks on the inside using machine learning
Niara Security Analytics Automatically detect attacks on the inside using machine learning Automatically detect attacks on the inside Supercharge analysts capabilities Enhance existing security investments
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationKeeping watch over your best business interests.
Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation
More informationSecurity Practices for Online Collaboration and Social Media
Cisco IT Best Practice Collaboration Security Cisco on Cisco Best Practice Security Practices for Online Collaboration and Social Media January 2012 2013 Cisco and/or its affiliates. All rights reserved.
More informationTechnology Risk Management
1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More information2H 2015 SHADOW DATA REPORT
2H 20 SHADOW DATA REPORT Shadow Data Defined: All potentially risky data exposures lurking in cloud apps, due to lack of knowledge of the type of data being uploaded and how it is being shared. Shadow
More informationThe Education Fellowship Finance Centralisation IT Security Strategy
The Education Fellowship Finance Centralisation IT Security Strategy Introduction This strategy outlines the security systems in place to optimise, manage and protect The Education Fellowship data and
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationHow To Protect Data From Attack On A Computer System
Information Management White Paper Understanding holistic database security 8 steps to successfully securing enterprise data sources 2 Understanding holistic database security News headlines about the
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationSplunk Company Overview
Copyright 2015 Splunk Inc. Splunk Company Overview Name Title Safe Harbor Statement During the course of this presentation, we may make forward looking statements regarding future events or the expected
More informationNitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers
NitroView Enterprise Security Manager (ESM), Enterprise Log Manager (ELM), & Receivers The World's Fastest and Most Scalable SIEM Finally an enterprise-class security information and event management system
More informationTRIPWIRE NERC SOLUTION SUITE
CONFIDENCE: SECURED SOLUTION BRIEF TRIPWIRE NERC SOLUTION SUITE TAILORED SUITE OF PRODUCTS AND SERVICES TO AUTOMATE NERC CIP COMPLIANCE u u We ve been able to stay focused on our mission of delivering
More informationFight fire with fire when protecting sensitive data
Fight fire with fire when protecting sensitive data White paper by Yaniv Avidan published: January 2016 In an era when both routine and non-routine tasks are automated such as having a diagnostic capsule
More informationBig Data Analytics: 14 November 2013
www.pwc.com CSM-ACE 2013 Big Data Analytics: Take it to the next level in building innovation, differentiation and growth 14 About me Data analytics in the UK Forensic technology and data analytics in
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationPCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:
PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationA TECHNICAL WHITE PAPER ATTUNITY VISIBILITY
A TECHNICAL WHITE PAPER ATTUNITY VISIBILITY Analytics for Enterprise Data Warehouse Management and Optimization Executive Summary Successful enterprise data management is an important initiative for growing
More informationMusic Recording Studio Security Program Security Assessment Version 1.1
Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND
More informationThrough the Security Looking Glass. Presented by Steve Meek, CISSP
Through the Security Looking Glass Presented by Steve Meek, CISSP Agenda Presentation Goal Quick Survey of audience Security Basics Overview Risk Management Overview Organizational Security Tools Secure
More informationAssuria from ZeroDayLab
Passionate about Total Security Management Assuria from ZeroDayLab Forensic Log Management SIM/SIEM2 As one of Europe s leading IT Security Consulting companies, ZeroDayLab has been carrying out Security
More informationENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT
ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT IS THIS ebook RIGHT FOR ME? Not sure if this is the right ebook for you? Check the following qualifications to make
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationTake the Red Pill: Becoming One with Your Computing Environment using Security Intelligence
Take the Red Pill: Becoming One with Your Computing Environment using Security Intelligence Chris Poulin Security Strategist, IBM Reboot Privacy & Security Conference 2013 1 2012 IBM Corporation Securing
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationHow to Develop a Log Management Strategy
Information Security Services Log Management: How to develop the right strategy for business and compliance The purpose of this whitepaper is to provide the reader with guidance on developing a strategic
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More information