Don't Be The Next Data Loss Story

Similar documents
ITAR Compliance Best Practices Guide

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Protecting personally identifiable information: What data is at risk and what you can do about it

AB 1149 Compliance: Data Security Best Practices

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

Data loss prevention and endpoint security. Survey findings

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

How To Protect Your Data From Theft

plantemoran.com What School Personnel Administrators Need to know

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

THE EXECUTIVE GUIDE TO DATA LOSS PREVENTION. Technology Overview, Business Justification, and Resource Requirements

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

2012 Endpoint Security Best Practices Survey

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

Aegis Padlock for business

How-To Guide: Cyber Security. Content Provided by

How To Secure Your Store Data With Fortinet

Data Security What are you waiting for? Lior Arbel General Manager Europe Performanta

EMC Documentum Information Rights Management

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

Research Information Security Guideline

PCI Data Security Standards (DSS)

Information Security Code of Conduct

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

Cyber/IT Risk: Threat Intelligence Countering Advanced Adversaries Jeff Lunglhofer, Principal, Booz Allen. 14th Annual Risk Management Convention

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Data Loss Prevention: Data-at-Rest vs. Data-in-Motion

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

Privilege Gone Wild: The State of Privileged Account Management in 2015

The Impact of HIPAA and HITECH

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Sample Data Security Policies

Secure Your Mobile Workplace

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

Valdosta State University. Information Resources Acceptable Use Policy

SecureAge SecureDs Data Breach Prevention Solution

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Payment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.

1. For each of the 25 questions, multiply each question response risk value (1-5) by the number of times it was chosen by the survey takers.

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

How To Protect Yourself From Cyber Threats

Prevent Security Breaches by Protecting Information Proactively

Fasoo Data Security Framework

Two Approaches to PCI-DSS Compliance

Have you ever accessed

National Cyber Security Month 2015: Daily Security Awareness Tips

Symantec DLP Overview. Jonathan Jesse ITS Partners

McAfee Data Protection Solutions

Websense Data Security Solutions

SMALL BUSINESS PRESENTATION

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Section 5 Identify Theft Red Flags and Address Discrepancy Procedures Index

Data Loss Prevention Program

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Remote Access Securing Your Employees Out of the Office

9. Information Assurance and Security, Protecting Information Resources. Janeela Maraj. Tutorial 9 21/11/2014 INFO 1500

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Building Blocks for Securing File Data

InterGuard. Incredible and True Case Studies. A whitepaper provided by: InterGuard

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

Payment Card Industry Data Security Standard

Enterprise Data Protection

Wellesley College Written Information Security Program

A Buyer's Guide to Data Loss Protection Solutions

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

Endpoint Security: Moving Beyond AV

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

Internet threats: steps to security for your small business

DHHS Information Technology (IT) Access Control Standard

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE

Transcription:

Don't Be The Next Data Loss Story

Data Breaches Don t Discriminate DuPont scientist downloaded 22,000 sensitive documents as he got ready to take a job with a competitor Royal London Mutual Insurance Society loses eight laptops and the personal details of 2,135 people SC Magazine The FSA has fined Nationwide 980,000 for a stolen laptop Personal data of 600,000 on lost laptop ChoicePoint to pay $15 million over data breach Data broker sold info on 163,000 people

Increasing Risk of Information Theft 19 people a minute become new victims of identity theft due to data breaches1 During a 3 year period, over 217 million Americans were victims of identity theft or exposure2 Each data breach costs an average of $6.3 million3 A typical Fortune 1000 company can t locate 2% of their PC s4 A typical Fortune 1000 financial institution loses 1 laptop a day5

Understanding the risk Market value of your sensitive data $980-$4,900 Trojan to steal account information $147 Birth certificate $490 Credit Card Number with PIN $78-$294 Billing data $98 Social Security card $6-$24 Credit card number $147 Driver's license $6 PayPal account logon and password

Anyone else been caught with one of these?

Full Disclosure and what s your data worth?

Is Your Data in the Wild? 80% 73% 77% of CISOs see employees as the greatest data threat of data breaches come from internal sources unable to audit or quantify loss after a data breach

The Problem is Rapidly Escalating 300% Security Breach Increase 2008-2009

Innocent But Risky Actions DID YOU EVER......Send an email to the wrong recipient? Print a confidential document on the wrong printer?...send company confidential data to your private email account? Copy data to an non-encrypted USB device?

User is a Four Letter Word PEBKAC Problem Exists Between Keyboard And Chair (an uncomplimentary way to indicate that a computer problem is the fault of the user) 86% 26% 83% 26% Regularly forward documents via corporate email Sent customer information using web-based email such as Yahoo or Hotmail Admitted printing out customer records to remove from the business Admit regularly using USB flash drives to take confidential information out of the company...but are they IT security experts or employees?

USA Today 29 Sep 2010

1 Use Case: Insider Threat and The Internet Scenario An employee disagrees with company policy or action Has access to evidence of perceived issues or abuse Uploads this data to a web-based whistleblower site DLP can stop unauthorized uploads Set policies to protect your sensitive data or communications Either block or require explicit permission to upload such data

Data Protection Challenges Regulated Data Easily comply with multiple regulations Reduce costs associated with audit Protect reputation & reduce penalties Enabling Business 2.0 Support supply chain & partner integration Support safe, flexible use of business data Enable safe, two-way, B2B/B2C communication Sensitive Data Protect sensitive data & intellectual property Maintain competitive advantage Ensure appropriate chain of custody

Managing Risk Access + Mobility = Risk Protection needed 24/7/365 Not just during business hours Data is constantly on the move, replicating and changing organically Imperative to be both legally compliant and protect your most precious assets your data, your competitive position, and your brand Holistic thinking required Networks, laptops, mobile devices, etc.

Securing Data Requires Different Thinking

Today s Security Solution Gap Most security products don t actually secure information Anti-virus They are designed to protect networks and servers They do little to protect the confidentiality and integrity of information Authentication Clients LAN VPN Change/Patch Management Threat Detection Anti-virus Information is in constant motion making it difficult to lock down Anti-spyware Web Filtering Firewall Servers

Data Protection Requires Different Thinking Data is not static, so security cannot be static it must persist with the data itself. This is Data-Centric Protection. Encryption Strong Authentication Data Loss Prevention Device Control

Data Protection Requires Different Thinking Easy to Lose Easy to Transfer Enticing to Steal $490 $147 $147 $98 Cybercrime Black Market Value Data must be protected regardless of: Usage Location Device Access

Data Protection Platforms Network DLP Discover Endpoint Encryption Encrypted USB Network DLP Monitor Network DLP Prevent Host DLP Host DLP Device Control Encrypted USB Data-at- Rest Data-in- Motion Data-in- Use Identify, Classify, and Protect Full endpoint management and deployment Monitor, Notify, and Prevent DLP Manager Enforce, Audit, and Respond Incident and case management Workflow and reporting

What is DLP? Data Sources User Actions Policy Actions Enforced to Destination At rest Copy to device Burn to disc Encrypt Move Send via net In use Cut, copy, paste Block Post to web Print Educate In motion Email Web IM Monitor Take home

DLP - Learning and Data Mining Instant Manual

What DLP Leverages Capture Makes Data Possible Data Define Policy Mine Data Tune Rules Violations Data Analytics Capture Search Fast, accurate policy creation and rapid, in-depth investigations

DLP is the Enabler DLP integrates all data protection It is the coordinating technology of a comprehensive data protection solution DLP provides data workflow oversight It responds to events & coordinates the responses of other components DLP is the one tool that enables the safe and flexible use of data Stop having to say NO to your users and start enabling YES DLP provides integrated workflows & flexibility resulting in simplified processes, lower costs and more comprehensive protection for your business without constraining your employees!

WikiLeaks APRIL Publishes classified Baghdad airstrike video showing 2007 attacks by U.S. helicopter that killed a dozen people. JULY Publishes 91,000 documents, majority secret U.S. military files about war in Afghanistan, back to 2004 OCTOBER Releases 400,000 classified U.S. military files from Iraq War (2004-2009) NOVEMBER Releases 250,000 classified U.S. diplomatic cables with assessments of world leaders and Iran s nuclear missile program NOVEMBER Forbes reports that WikiLeaks plans to release tens of thousands of internal documents from major U.S. banks in early 2011 Julian Assange 2010 2011 DECEMBER 2 Amazon.com ceases hosting WikiLeaks website DECEMBER 7 Internet activists attack PayPal, Mastercard and Visa which have withdrawn services from WikiLeaks DECEMBER 21 Apple removes WikiLeaks apps from App Store JANUARY 8 U.S. relocates some people named in WikiLeaks cables JANUARY 17 Swiss whistleblower hands over data on hundreds of offshore bank acct. holders to WikiLeaks FEBRUARY WikiLeaks still online, but DNS records removed

Where to start? Discover data. Desktop Laptop Database NFS Web Server SharePoint Build Policies. Documentum If (ConfidentialData(){PreventSendTo() Prevent data leakage. 25

Thank you. dean_carey@mcafee.com 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information