The Big Deal With Big Data: New Security Tools Are Needed
|
|
- Alexina Helen Wade
- 8 years ago
- Views:
Transcription
1 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY Phone: Fax: The Big Deal With Big Data: New Security Tools Are Needed Law360, New York (July 6, 2015, 10:17 AM ET) What s the big deal with big data? In the rapidly expanding landscape of Internet-based data analytic services, the majority of companies with a significant online presence have either already asked this question or will be asking it in very near future. But what exactly is big data? Big data is defined by the Cloud Security Alliance as the massive amounts of digital information companies and governments collect about human beings and our environment. [1] More robust definitions also include the acquisition and analysis of such large and complex data sets from Internet-based technologies. Big data is typically unformatted, nonuniform and was long thought by companies to be of no value because the size and structure of the data exceeded the processing capacity of conventional database systems. Indeed, until the last few years the technology needed for companies to analyze and evaluate big data was nonexistent. Hillary Preston Recent technological advances and cloud computing services have made big data manipulation and analysis an important business tool for both large and small organizations. Big Data analytics now offer companies the opportunity to evaluate and discover patterns in diverse data types for myriad commercial purposes through a variety of platforms. What was once thought by companies to be the fragmented digital waste left over from a consumer s visit to an online website can now be used for spotting business trends, combating crime and various other predictive analytics. The total amount of big data generated by companies and governments is expected to double every two years, from 2,500 exabytes in 2012 to more 40,000 exabytes in 2020[2]. Regarding the importance of big data in today s marketplace, a May 2014 White House report entitled Big Data: Seizing Opportunities, Preserving Values, stated that, [b]ig data will become an historic driver of progress, helping our nation perpetuate the civic and economic dynamism that has long been its hallmark. As useful as the collection and analysis of big data appears for companies, consumer groups and privacy advocates have become equally concerned regarding the need for legal restrictions on its collection, use and retention. As more consumer information is digitized and collected by today s businesses, the potential for cybersecurity attacks has also increased.[3] With the growing use of cloud-based platforms and the increasing frequency of high-profile data breaches, the security of big data in the cloud is an emerging area of concern for both business and consumers alike. The May 2014 White House report
2 reflects this in emphasizing that the social and economic value created by big data should be balanced against privacy and other core values of fairness, equity and autonomy. Challenges of the Three V s : Variety, Volume, Velocity Variety, volume and velocity are three terms commonly utilized to characterize big data, each of which contribute to the security challenges companies and analytics provides face related to the management of big data. The first of the terms, variety, refers to the multiple classes or data types captured across a company s given enterprise. At any given time, a company may be simultaneously collecting and/or storing data sets from multiple business areas (e.g. confidential sales data, employee personal information, proprietary research results) in various formats. Because each set of data originates from a different source, it will also likely have its own distinct access restrictions and security policies. Thus, while the ability to collect numerous types of data increases a company s analytical capabilities, having such varied data feeds also increases the challenges faced by companies to appropriately balance security and access control measures with their need to extract and analyze meaningful data. The second V, volume, as evident from its name, is inherent in the definition of big data and references the volume of data companies collect and store in big data repositories. As previously discussed, big data often includes the collection of company data from numerous sources in various formats. While an increase in the number of distinct data sources collected by a company broadens its ability to access various analytics, such massive collections of data also potentially increases the number of targets cyberattackers can use to gain access to a company s confidential data. In other words, the more data collected the more potential targets for breach. Velocity is not just the third V of the big data trilogy, but it designates the speed at which the data is acquired. The streaming nature of data acquisition adds additional complexity to big data security. Companies and analytics service providers are not only forced to keep up with the speed of the cloud to facilitate effective product offerings, but they are also racing to stay ahead of cybercriminals and ensure data safety. Because variety, velocity and volume each drive the value of big data, all three must be considered to effectively secure data. Big Data Has Outpaced Traditional IT Security While businesses often use big data for marketing and research purposes, many do not have the security assets needed to keep such data safe. As can be imagined, large quantities of consolidated data can be extremely tempting for cybercriminals, especially when such data may contain a company s proprietary information and trade secrets or customer financial data. Data security breaches can result in serious legal consequences and reputational damage for companies, often more severe than those caused by breaches of traditional data. For example, the data breach of Target Corp., the consumer products giant, was estimated to have cost the company more than $1 billion in fines and remedial damages in addition to the unquantified damage to the company s reputation.[4] According to a 2012 "Data Breach Investigations Report" by Verizon, 91 percent of breaches led to compromises of data within days or less, where as 79 percent took a week or more to discover.[5] As evident by these statistics, the continued expansion of big data usage appears to be outpacing traditional security mechanisms and firewalls, which are designed for small-scale static data and may potentially become inadequate to thwart complex big data security treats. However, due to the infancy
3 of the development of big data security regimes, companies are often left searching for guidance for big data management. Nevertheless, rising expectations for corporate data security in conventional data processing make understanding the collection, processing and security of personal information paramount. In February 2014, the National Institute of Standards and Technology published the Framework for Improving Critical Infrastructure Cybersecurity. While the NIST Framework provides traditional guidance for data collection and combating cybersecurity and data breaches, it does not specifically address the myriad of issues unique to big data collection and management. In the absence of mature tools for securing big data, companies should endeavor to keep all data as safe as possible. Whether self-managed or managed by a third-party provider, companies should develop internal processes to understand all data types collected and used in their business operations. In light of the lack of standardized best practices for big data management, at a minimum companies should consider the following NIST guidance when evaluating their respective data collection, use and privacy policies: Privacy and civil liberties implications may arise when personal information is used, collected, processed, maintained, or disclosed in connection with an organization s cybersecurity activities [,] activities that bear privacy or civil liberties considerations may include: cybersecurity activities that result in the over-collection or over-retention of personal information; disclosure or use of personal information unrelated to cybersecurity activities; cybersecurity mitigation activities that result in denial of service or other similar potentially adverse impacts...to address privacy implications, organizations may consider how[] their cybersecurity program might incorporate privacy principles such as: data minimization in the collection, disclosure, and retention of personal information material related to the cybersecurity incident; use limitations outside of cybersecurity activities on any information collected specifically for cybersecurity activities; transparency for certain cybersecurity activities; individual consent and redress for adverse impacts arising from use of personal information in cybersecurity activities; data quality, integrity, and security; and accountability and auditing. While companies typically collect at least limited data from their own customers, more traditional big data management and analytic services are generally provided by third-party providers. If a third party provides big data management products and/or services to a company, including collection, storage and/or analysis, it is critical for a company/subscriber to ensure that such providers have satisfactory data protections in place. Companies using cloud providers for big data management and analytics should consider at a minimum negotiating the following data safety provisions in their respective service agreements: Ownership: Contracts for big data cloud-based services should establish ownership of the data at the inception of the project. Ownership should be negotiated by the parties at the onset of the contracting process, as well as the guidelines for return or destruction of such data upon termination of the applicable services agreement. Access Control: Companies should ensure they are developing a robust access control policy that limits access to its data. While seemingly obvious, contract provisions that restrict access to a company s data to persons solely on a need to know basis are not always standard. Companies should further inquire whether access to their data is monitored in real time. To the extent feasible, companies should require such real-time data monitoring to reduce the risks of prolonged data breaches. Additionally, for both self-managed and third-party subscription-
4 based big data management, companies should ensure implementation of continuous monitoring of all users accessing their data and require rights to review such logs. Security Audits: Companies should also insist that their respective service providers perform intermittent internal security audits of their data management systems and/or allow the company to engage independent third-party auditors. Awareness of cybersecurity attacks requires continuous collection and review of audit information. As stated by the Cloud Security Alliance, [a]udit information is crucial to understanding what happened and what went wrong. It is also often necessary for a company s compliance with industry regulations. Because of the importance of security audits, some security professionals recommend including liquidated damages provisions in subscription and services agreements if appropriate security standards are not met. Companies should further require that providers enter into ongoing covenants to provide reports regarding compliance with industry-based security frameworks (e.g. ISO 27001, AICPA SOC2). In-house management of big data is often a viable option, but it too presents increasing risk. Numerous requirements ranging from compliance with multijurisdictional data privacy regulations and network and data encryption standards are just a few of the complex challenges companies must fully appreciate when self-managing big data. To mitigate these risks, companies that manage their own big data project should consider integrating and/or enhancing the following mechanisms in their big data management strategies: Data Encryption/Anonymization: Prior to data being uploaded to the cloud for storage or analysis, it should be anonymized so that any personal identifiers belonging to individuals should be removed from the data sets. A subset of big data data mining, privacy preserving data mining, also known as PPDM, is a recently developed strategy designed to safeguard sensitive information from unsolicited or unsanctioned disclosures, while preserving the utility of the data collected from consumers. According to guidance provided by the Institute of Electrical and Electronics Engineers in its 2014 white paper entitled Information Security in Big Data, the hallmarks of PPDM includes (1) shielding sensitive raw data such as an individual s phone number and social security number from direct use in data analytics, and (2) excluding from sensitive analytical results from use if their disclosure will result in privacy violations. Companies should seek PPDM methods for data analytics when feasible. Data encryption is also essential prior to uploading and/or analyzing big data in the cloud. Network and System Encryption and Security: While encryption of internal networks and systems may appear obvious, the sheer volume of data hosted on the computers of companies who collect consumer data places additional emphasis of the need for improved security and encryption of both software and hardware systems hosted on internal company networks. At a minimum, companies should ensure that all servers hosting big data are secure, that all networked software and patches are up to date and that only secure and/or commercial versions of open-source software are used, if any. Additionally, companies should limit administrative privileges to their big data to a small group of users. Logging: Logging of user access to company data and systems is also highly recommended. It is important to recognize that cyberattacks may not always originate from outside a company s firewalls. While research suggests that most security breaches are detected by third parties and
5 not the affected companies, it has reported that up to 84 percent of such breaches could have been discovered by reviewing available systems logs.[6] Monitoring access to a company s systems by logging both internal and external users may help reduce the possibility of a data compromise. Such access logs should be audited regularly to determine if any malicious operations have been performed or if any malicious users are manipulating company data. While the above recommendations are not intended to be exhaustive, they should provide a good baseline for integrating security at the core of all big data management strategies. By Hilary Preston and Lavonne Hopkins, Vinson & Elkins LLP Hilary Preston is a partner in Vinson & Elkins' New York office. Lavonne Hopkins is an associate in the firm's Houston office. The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice. [1] Cloud Security Alliance, Expanded Top Ten Big Data Security and Privacy Challenges, April [2] [3] [4] [5] [6]
Wellesley College Written Information Security Program
Wellesley College Written Information Security Program Introduction and Purpose Wellesley College developed this Written Information Security Program (the Program ) to protect Personal Information, as
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationINFORMATION SECURITY Humboldt State University
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of
More informationThe silver lining: Getting value and mitigating risk in cloud computing
The silver lining: Getting value and mitigating risk in cloud computing Frequently asked questions The cloud is here to stay. And given its decreased costs and increased business agility, organizations
More informationWAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales
WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales The Cost of Cybercrime Sony $171m PlayStation 3 data breach (April 2011) $3 trillion
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationEthical Considerations for Lawyers Using the Cloud
Ethical Considerations for Lawyers Using the Cloud Presentation by Peter J. Guffin, Esq. Pierce Atwood LLP pguffin@pierceatwood.com (207) 791-1199 Maine State Bar Association Summer Meeting June 22, 2012
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationSecuring the Microsoft Cloud
Securing the Microsoft Cloud Securing the Microsoft Cloud Page 1 Securing the Microsoft Cloud Microsoft recognizes that trust is necessary for organizations and consumers to fully embrace and benefit from
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationIMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE
IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE Solution Brief SUMMARY New security threats demand a new approach to security management. Security teams need a security analytics architecture that can handle
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationService Schedule for CLOUD SERVICES
Service Schedule for CLOUD SERVICES This Service Schedule is effective for Cloud Services provided on or after 1 September 2013. Terms and Conditions applicable to Cloud Services provided prior to this
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More informationA Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationRMS. Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles
RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS Privacy Policy for RMS Hosting Plus and RMS(one) Guiding Principles RMS aims to provide the most secure, the most private, and
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCyber Security. Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP
Cyber Security Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly, Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationThreat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA
www.pwc.com Vulnerability Management (TVM) Protecting IT assets through a comprehensive program Chicago IIA/ISACA 2 nd Annual Hacking Conference Introductions Paul Hinds Managing Director Cybersecurity
More informationThird-Party Risk Management for Life Sciences Companies
April 2016 Third-Party Risk Management for Life Sciences Companies Five Leading Practices for Data Protection By Mindy Herman, PMP, and Michael Lucas, CISSP Audit Tax Advisory Risk Performance Crowe Horwath
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationINFORMATION SECURITY California Maritime Academy
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY California Maritime Academy Audit Report 14-54 April 8, 2015 Senior Director: Mike Caldera IT Audit Manager:
More informationFebruary 17, 2011. Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580
February 17, 2011 Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Re: A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework
More informationPCI Compliance for Cloud Applications
What Is It? The Payment Card Industry Data Security Standard (PCIDSS), in particular v3.0, aims to reduce credit card fraud by minimizing the risks associated with the transmission, processing, and storage
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationCybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act
In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee
More informationCorporate Perspectives On Cybersecurity: A Survey Of Execs
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey
More informationAnatomy of a Cloud Computing Data Breach
Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations
More informationManaging data security and privacy risk of third-party vendors
Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected
More informationPart A OVERVIEW...1. 1. Introduction...1. 2. Applicability...2. 3. Legal Provision...2. Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...
Part A OVERVIEW...1 1. Introduction...1 2. Applicability...2 3. Legal Provision...2 Part B SOUND DATA MANAGEMENT AND MIS PRACTICES...3 4. Guiding Principles...3 Part C IMPLEMENTATION...13 5. Implementation
More informationTO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel
AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationCyber Security Management
Cyber Security Management Focusing on managing your IT Security effectively. By Anthony Goodeill With the news cycles regularly announcing a recurrently theme of targets of hacker attacks and companies
More informationWhat The OMB Cybersecurity Proposal Does And Doesn't Do
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com What The OMB Cybersecurity Proposal Does And Doesn't
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationA Channel Company White Paper. Online Security. Beyond Malware and Antivirus. Brought to You By:
A Channel Company White Paper Online Security Beyond Malware and Antivirus Brought to You By: Abstract Security has always encompassed physical and logical components. But in the face of Bring Your Own
More informationDATA SECURITY AGREEMENT. Addendum # to Contract #
DATA SECURITY AGREEMENT Addendum # to Contract # This Data Security Agreement (Agreement) is incorporated in and attached to that certain Agreement titled/numbered and dated (Contract) by and between the
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationPrivacy Impact Assessment (PIA) Consular Affairs Enterprise Service Bus (CAESB) 01.00.00. Last Updated: May 1, 2015
United States Department of State (PIA) Consular Affairs Enterprise Service Bus (CAESB) 01.00.00 Last Updated: May 1, 2015 Bureau of Administration 1. Contact Information A/GIS/IPS Director Bureau of Administration
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationDOD Takes Data-Centric Approach To Contractor Cybersecurity
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com DOD Takes Data-Centric Approach To Contractor Cybersecurity
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationTOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT
TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT Would you rather know the presumed status of the henhouse or have in-the-moment snapshots of the fox? If you prefer to use a traditional
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationTHE BLUENOSE SECURITY FRAMEWORK
THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationNetwork & Information Security Policy
Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk
More information{Moving to the cloud}
{Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have
More informationInfor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security
Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationData Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan
WHITE PAPER Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan Introduction to Data Privacy Today, organizations face a heightened threat landscape with data
More information1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationThe Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations
The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors
More informationAnalyzing HTTP/HTTPS Traffic Logs
Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that
More informationSIEM is only as good as the data it consumes
SIEM is only as good as the data it consumes Key Themes The traditional Kill Chain model needs to be updated due to the new cyber landscape A new Kill Chain for detection of The Insider Threat needs to
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside Out Latest Innovations in Oracle Database 12c Jukka Männistö Database Architect Oracle Nordic Coretech Presales The 1995-2014 Security Landscape Regulatory Landscape HIPAA, SOX (2002),
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More information5.5. Penetration Tests. Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council
Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council 5.5 For the Year Ended December 31, 2013 Penetration Tests 5.5. Penetration Tests Table
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationEXECUTIVE STRATEGY BRIEF. Securing the Cloud Infrastructure. Cloud. Resources
EXECUTIVE STRATEGY BRIEF Securing the Cloud Infrastructure Cloud Resources 01 Securing the Cloud Infrastructure / Executive Strategy Brief Securing the Cloud Infrastructure Microsoft recognizes that trust
More information08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview
Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationSecurity Incident Response Process. Category: Information Security and Privacy. The Commonwealth of Pennsylvania
Security Incident Response Process Category: Information Security and Privacy The Commonwealth of Pennsylvania Executive Summary The Commonwealth of Pennsylvania is a trusted steward of citizen information.
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationAccess is power. Access management may be an untapped element in a hospital s cybersecurity plan. January 2016. kpmg.com
Access is power Access management may be an untapped element in a hospital s cybersecurity plan January 2016 kpmg.com Introduction Patient data is a valuable asset. Having timely access is critical for
More informationSarbanes-Oxley Compliance for Cloud Applications
Sarbanes-Oxley Compliance for Cloud Applications What Is Sarbanes-Oxley? Sarbanes-Oxley Act (SOX) aims to protect investors and the general public from accounting errors and fraudulent practices. For this
More informationA New Approach To Contract Due Diligence In M&A
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com A New Approach To Contract Due Diligence In M&A Law360,
More informationwww.pwc.com Third Party Risk Management 12 April 2012
www.pwc.com Third Party Risk Management 12 April 2012 Agenda 1. Introductions 2. Drivers of Increased Focus on Third Parties 3. Governance 4. Third Party Risks and Scope 5. Third Party Risk Profiling 6.
More informationWeb Protection for Your Business, Customers and Data
WHITE PAPER: WEB PROTECTION FOR YOUR BUSINESS, CUSTOMERS............ AND.... DATA........................ Web Protection for Your Business, Customers and Data Who should read this paper For security decision
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationEnhancing Cybersecurity with Big Data: Challenges & Opportunities
Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationPassword Management Evaluation Guide for Businesses
Password Management Evaluation Guide for Businesses White Paper 2016 Executive Summary Passwords and the need for effective password management are at the heart of the rise in costly data breaches. Various
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationNavigating the New MA Data Security Regulations
Navigating the New MA Data Security Regulations Robert A. Fisher, Esq. 2009 Foley Hoag LLP. All Rights Reserved. Presentation Title Data Security Law Chapter 93H Enacted after the TJX data breach became
More informationDHS Plans to Target Large Data Projects
Report from the Technology Subcommittee to the Data Privacy and Integrity Advisory Committee Task On January 27, 2014, the DHS Data Privacy and Integrity Advisory Committee (DPIAC) received a request from
More informationSecure Cloud Hosting for Healthcare Organizations
Secure Cloud Hosting for Healthcare Organizations OUR MISSION FIREHOST MISSION Our core is an unshakable, no compromise commitment to protect our customer's digital assets with integrity and innovation
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationState of Security Survey GLOBAL FINDINGS
2011 State of Security Survey GLOBAL FINDINGS CONTENTS Introduction... 4 Methodology... 6 Finding 1: Cybersecurity is important to business... 8 Finding 2: The drivers of security are changing... 10 Finding
More informationTask. DPIAC Recommendations. As Approved in Public Session September 22, 2014
Report 2014-02 of the Data Privacy and Integrity Advisory Committee on Privacy Recommendations regarding Auditing and Oversight of the DHS Data Framework Task As Approved in Public Session September 22,
More informationBalancing Cloud-Based Email Benefits With Security. White Paper
Balancing Cloud-Based Email Benefits With Security White Paper Balancing Cloud-Based Email Benefits With Security Balancing Cloud-Based Email Benefits With Security CONTENTS Trouble Spots in Cloud Email
More informationTestimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy
Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More information