Mailing in a Secure World

Similar documents
CONTENTS. Security Policy

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Small Business IT Risk Assessment

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

Security and Data Center Overview

Logging In: Auditing Cybersecurity in an Unsecure World

Hosted Exchange. Security Overview. Learn More: Call us at

Payment Card Industry Data Security Standard

Security Controls What Works. Southside Virginia Community College: Security Awareness

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

PCI DSS COMPLIANCE DATA

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Understanding Sage CRM Cloud

Tenzing Security Services and Best Practices

plantemoran.com What School Personnel Administrators Need to know

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Xerox Litigation Services. In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk

Client Security Risk Assessment Questionnaire

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Supplier Information Security Addendum for GE Restricted Data

Approved By: Agency Name Management

SECURITY OVERVIEW FOR MY.ENDNOTE.COM. In line with commercial industry standards, Thomson Reuters employs a dedicated security team to protect our

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

Payment Card Industry Compliance

I.T. Security Specialists. Cyber Security Solutions and Services. Caretower Corporate Brochure

Security aspects of e-tailing. Chapter 7

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between

How to Secure Your Environment

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

PCI-DSS Compliance. Ron Dinwiddie Chief Technology Officer J. Spargo & Associates

Research Information Security Guideline

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, Published May An Osterman Research Executive Brief

HC3 Draft Cloud Security Assessment

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

Powering the Cloud Desktop: OS33 Data Centers

Level I - Public. Technical Portfolio. Revised: July 2015

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

INFORMATION SECURITY SPECIFIC VENDOR COMPLIANCE PROGRAM (VCP) ACME Consulting Services, Inc.

Project Title slide Project: PCI. Are You At Risk?

The Education Fellowship Finance Centralisation IT Security Strategy

StratusLIVE for Fundraisers Cloud Operations

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

PCI Compliance. Top 10 Questions & Answers

HIPAA ephi Security Guidance for Researchers

Faster, Smarter, More Secure: IT Services Geared for the Health Care Industry A White Paper by CMIT Solutions

Tenzing Security Services and Best Practices

HOSTING. Managed Security Solutions. Managed Security. ECSC Solutions

Independent Service Auditor s Report

More Expenses. Only this time the Telegraph will have to pay them after their recent data breech

F G F O A A N N U A L C O N F E R E N C E

Auditing Cloud Computing and Outsourced Operations

How To Protect Your Data From Being Hacked

Klickstart Business Solutions & Services

End-user Security Analytics Strengthens Protection with ArcSight

PCI DSS Requirements - Security Controls and Processes

How To Ensure Your Supplier Is Secure

74% 96 Action Items. Compliance

PCI Requirements Coverage Summary Table

Overcoming PCI Compliance Challenges

How To Protect Research Data From Being Compromised

Privacy + Security + Integrity

FormFire Application and IT Security. White Paper

Payment Card Industry (PCI) Compliance. Management Guidelines

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

Information Security Plan effective March 1, 2010

BRAND-NAME is What COUNTS!!!

HIPAA Compliance Evaluation Report

Laptops, Tablets, Smartphones and HIPAA: An Action Plan to Protect your Practice

DATA AND PAYMENT SECURITY PART 1

Data Management Policies. Sage ERP Online

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

Hengtian Information Security White Paper

ECSA EuroCloud Star Audit Data Privacy Audit Guide

Andrews University Payment Card Acceptance Policies & Procedures. Prepared by Financial Administration

Information Security Addressing Your Advanced Threats

SNAP WEBHOST SECURITY POLICY

Leveraging Regulatory Compliance to Improve Cyber Security

Secure Mobile Shredding and. Solutions

How To Implement Data Loss Prevention

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

HIPAA Compliance Log Reporting

Security April Solving the data security challenge with our enhanced private and hybrid cloud services

VOLICO. Colocation Hosting. Enterprise Hosting Solutions

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

SAP Cloud: Data Center Security SAP Cloud Data Center Strategy and Security Whitepaper

Hosted Exchange Services

Data Security Considerations for Research

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Information Security It s Everyone s Responsibility

VMware vcloud Air Security TECHNICAL WHITE PAPER

10 Smart Ideas for. Keeping Data Safe. From Hackers

INFORMATION SECURITY FOR YOUR AGENCY

Wellesley College Written Information Security Program

Focus on your business and leave the disaster recovery planning to us. Data and server restoration from Green Cloud Technologies.

Transcription:

Mailing in a Secure World Glen Swyers! Manager - Mailing & Fulfillment! Classic Graphics, an Imagine! Print Solutions Company! The Positive! Data Breaches generate a lot of direct mail notifications. 1!

What happened?! Security in its infancy was protecting your IT Infrastructure from the latest virus or malware.! Now? One of the biggest threats is your employees themselves either through a malicious action or, much more likely, inadvertent error.! New reality! Your Clients or Organization now conduct vulnerability assessments, penetration tests, application security assessments! Your vocabulary now includes! PCI DSS, SANS, SOC, or ISO 27001! Compliance trumps ROI on new investments.! 2!

Pointing the finger! Who should be held liable when there s a massive data breach at a big company? This was one of the hot topics discussed in the 2015 State of the Union Address.! Dilemma! Organizations that do not implement reasonable security protections should be liable for resulting harm, economic or otherwise. But if we try to hold them responsible at the same time that we are trying to figure out what those reasonable protections are, it becomes that much more difficult to learn from incidents.! 3!

So am I liable?! I am not a lawyer - and I don't play one on TV.! BUT if you don't have a plan - history is telling us that the less you do to prevent an incident the more potentially liable you may be.! Printer-related security breaches affect 63% of enterprises! Clearly businesses are not doing enough to protect their printing environment, exposing themselves to the potential financial and legal ramifications of print-related breaches,! Pull Printing - use code to get your documents.! http://www.infosecurity-magazine.com/news/ printer-related-security-breaches-affect-63-of/! 4!

So do we have your attention?! Data security is a good idea! We touched a little on the why! Let's discuss what companies that are in the data/mailing business should be doing to reduce risk.! 5!

Step 1! Admit that you have a problem.! If there is no clear consensus on the team that data security is a priority:!! You will fail! Step 2! Develop a Plan! As we discussed, having a plan is almost more important than the plan itself.! 6!

Step 3! Execute the Plan! Remember - A good plan violently executed now is better than a perfect plan executed next week.! General George S. Patton! Step 4! Go back to Step 1 and repeat.! The process never stops.! Rules are always evolving.! Threats don't take a break - neither do we! 7!

the classic story! We have come a long way! Started in 600 square feet by two friends in college.! Now in the top 1% of all printers in the USA.! 8!

Keys to Classic Success! I will not bore you with all the details! Key focus today is our approach to data security and how we have addressed our clients needs and concerns.! Classic : Step 1! Our recognition that there was need in the market place for data security was a direct result of our clients requests.! They needed a partner to quickly respond to direct mail changes - but the information needed to drive the campaigns in raw form was sensitive data.! 9!

Classic : Step 2! We invested in smart people and excellent technology! One without the other - just leads to frustration.! Plan components! Badge access to the plant, adding turnstiles to reduce tailgating! Data room: second tier restricted badge access including alarm system with restricted hours.! Data center: 2 person minimum access with man trap, 3 factor authentication including biometrics! Data server: hosts secure data with restricted access! Redundancy in RTP! Input Folder for Sales! File Server: hosts working image files (only composed PDF - no raw data)! Secure proofs stored on data server! 10!

Plan components! Moved VDP in to the Data secure room! Employees: background checks, Ethics policy and Social Media Policy.! File Transfer: Secure FTP, Secure Email! Gone? Dropbox, Skype, and Thumb Drives (Thanks, Snowden)! Audits - First and Last record, Longest and Shortest, 1 each version, and post on Secure FTP.! Process never stops! In the last year have added! cameras on each rack cabinet! badge access to rack cabinets! cages in shipping areas for delivery drivers! 2 factor authentication for any remote access! and so much more...! 11!

Process never stops! Currently adding! DLP system (Data loss prevention)! NAC (Network access control)! Prevention of any use of external storage devices (USB Flash drives, etc.)! Turnstiles at each entrance! Important topics! Encryption - all data is encrypted at rest, data is processed directly on data server NOT on desktop, desktops are encrypted as a failsafe.! Archives:! - How Long?! - More important than ever! - Can you destroy every copy including backups?! - Secure destruction tools to auto execute at X number of days.! Lock box for Secure Waste (crosscut shredded and logged)! 12!

ISO 27001! With multiple frameworks and certifications in the market, there is a lot of confusion about what can attest to the security of a system.! ISO 27001 certification is proof of an organization s ability to maintain an effective Information Security Management System. It s comparable to getting a house inspected.! Need to raise the bar even higher? Add SSAE16, Type 2.! Why did Classic choose ISO 27001?! Classic has been ISO 9001 certified since 1998! ISO is part of our culture! 27001 was a natural progression building on our 9001 foundation.! 13!

What has 27001 meant to our clients?! Before ISO27001! Annual inspection took days! After ISO27001! Clear understanding of our standards! Inspection has been reduced to hours onsite or not required.! How ISO 27001 has helped! It provides a framework for the management of information security risks, which ensures you take into account your legal, contractual and regulatory requirements.! 14!

Benefits of ISO 27001! Supports compliance with relevant laws and regulations! Reduces likelihood of facing prosecution and fines! Can help you gain status as a preferred supplier! Other stories! Small Mailer in Orlando - PCI Only! $10,000! Mid-Size Mailer in South East - SOC! $30,000 for consultant! 15!

Summary! Data Security is no longer an optional item! It takes more than just IT to execute! The important thing is to start! http://bit.ly/1l7j5sv! 16!

Questions?! Mailing in a Secure World Glen Swyers! Manager - Mailing & Fulfillment! Classic Graphics, an Imagine! Print Solutions Company! 17!

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information