Cyber Security Compliance



Similar documents
HEC Security & Compliance

Ecom Infotech. Page 1 of 6

05.0 Application Development

Cloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Cyber Security - What Would a Breach Really Mean for your Business?

Information Security Program CHARTER

Security Officer s Checklist in a Sourcing Deal

UIIPA - Security Risk Management. June 2015

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported

Cloud Security Who do you trust?

Address C-level Cybersecurity issues to enable and secure Digital transformation

APIs The Next Hacker Target Or a Business and Security Opportunity?

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015

Incident Handling in the Cloud and Audit s Role

Services. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

Cloud, security and the mobile enterprise: An end-to-end manageability challenge

Utica College. Information Security Plan

Cloud Computing and Records Management

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Cyber Security From product to system solution

1. Understanding Big Data

ICANWK616A Manage security, privacy and compliance of cloud service deployment

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Information Security Management Systems

Data Security as a Business Enabler Not a Ball & Chain. Big Data Everywhere May 12, 2015

IBM QRadar as a Service

Information & Asset Protection with SIEM and DLP

Dokument Nr. 521.dw Ausgabe Februar 2013, Rev Seite 1 von d Seite 1 von 11

The CERT Top 10 List for Winning the Battle Against Insider Threats

Privileged User Abuse & The Insider Threat

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Cyber Security key emerging risk Q3 2015

persistent security in a changing world.

Third Party Security Guidelines. e-governance

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

How RSA has helped EMC to secure its Virtual Infrastructure

Cybersecurity Strategic Consulting

Governance and Management of Information Security

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

INFORMATION TECHNOLOGY SECURITY STANDARDS

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Mata : Garuda An advanced Network Monitoring System The S.L.A.D Network Security Framework. FIRST Conference Berlin, 19 June 2015

Raytheon Oakley Systems

Draft Information Technology Policy

What REALLY matters in Cloud Security? RE: Internet of things sensors, data, security and beyond!

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Analyzing HTTP/HTTPS Traffic Logs

What happens when you sign up to the ZoneFox Service?

The STAGEnet Security Model

Cloud Security Who do you trust?

Big Data, Big Risk, Big Rewards. Hussein Syed

Cyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013

managing the risks of virtualization

and Deployment Roadmap for Satellite Ground Systems

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Cloud Computing Security Considerations

Service Children s Education

Safeguarding the cloud with IBM Dynamic Cloud Security

John Essner, CISO Office of Information Technology State of New Jersey

How-To Guide: Cyber Security. Content Provided by

Securing and protecting the organization s most sensitive data

Network Resource Management Policy

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Cloud Security Trust Cisco to Protect Your Data

NSW Government. Data Centre & Cloud Readiness Assessment Services Standard. v1.0. June 2015

Access Control Policy

Architecture for ACSI33 security requirements. Implementation using janusseal and Clearswift MIMEsweeper

ISO 27002:2013 Version Change Summary

State of Security Monitoring of Public Cloud

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

8070.S000 Application Security

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

CONSULTING IMAGE PLACEHOLDER

Identifying and Managing Third Party Data Security Risk

HIPAA: Compliance Essentials

Information Security Program

Logging In: Auditing Cybersecurity in an Unsecure World

Network Security: Policies and Guidelines for Effective Network Management

Vertrauen in Cloud Dienste schaffen

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

McAfee Security Architectures for the Public Sector

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

Transcription:

www.pwc.ch/cybersecurity Cyber Security Compliance How to protect enterprise data appropriately? Digital Transformation, Cyber Security & Compliance 3. May 2016

What I will cover in this «Afterwork Event»: The current Megatrends: The digital future: The Challenges: My tasks for enablement: Apply to your enterprise Digital Transformation Misuse of services and data More data My personnel digital assistant The Internet of Things (IoT) What data to protect? Threats? Increase in regulation Digital Privacy Verify process, classification Cyber threat analysis Apply appropriate measures Adapt to my situation Adapt to my environment Ready for the digital future 2

Where we currently are on the crossroad to lose control over our digital data Industry 4.0 / IoT Cyber Abuse / Crime (I 1 ) Identity (I 2 ) Infrastructure End Point Server, Database Machin, Sensor Network @ (I 3 ) Information Megatrends influencing your enterprise Business Process of your enterprise Your Enterprise Appropriate protection of digital data Privacy Regulatory Compliance Cyber Security 3

Regulation is increasing incompliance is a big risk GDPR (EU) has a maximum fine of 4% of global turnover Strategy Policy Framework Regulatory requirements to consider: Data Protection Law (CH/ EU GDPR) Business Law (GeBüV / MwSt. ElDI-V) FINMA (Financlial Services) Industry Standards (egov, ehealth, etc.) PCI-DSS Etc Applied Abgebildet in den Business Prozessen ihrer Firma Where are my crown jewels along my business processes? Employee Data (standard, enhanced protection, profile) Client / Partner Identifiable Data Intellectual property, corporate confidential 4

The 80 20 rule how to find the sensitive data? «appropriate» means to understand the business impact on data loss Business Process Vison Mission Values Data Governance Data classification policy Data ownership Risk management & appetite IT & Security Architecture IT applications IT system & platforms Network & Interfaces Information At rest (end point, cloud) In transit Processed 5

I 3 Identity Infrastructure Information Data analytics to detect incompliance and misuse Identity IT Infrastructure Information Identity & Access Management User who wants to access Device used to access Hardware, Software, Platform, Application and Network with eco systems used to manage Universe of enterprise data and lake of security and management data Who Person (Employee, Client, Partner) Role (User, Admin, etc.) Device How Trusted / untrusted? Person, Device / Application Purpose Is there a legitimate use case behind? HW, SW, Eco-System, Management Interconnects components Data security measures Accountability (log files) Processed At rest In Transit 6

Approach: «Digital Trust & Compliance by design» integrated in the business process not amended Process Trust & Compliance Measure Measure Measure Data Access Data Process Data Transaction Data Data Analytics/BIG DATA Process integrated Compliance Reports Guiding Principles: 1. Design a process in a way, that only permissible transactions are possible 2. Process steps include measures and enforcement of boundaries and collect meaningful data to monitor effectiveness 3. Data analytics and continuous auditing enable compliance relevant data is collected, processed and monitored 7

Step by step approach to protect enterprise data appropriately: 1. Identify «Crown jewels» in your enterprise in particular: Personally, Client Identifiable Data, Intellectual Property 2. Create and maintain an asset register to have a clear view what application / platforms process and store PID / CID and who has access to that data 3. Nominate a Data Owner responsible for classification and protection measures according regulation and risk appetite 4. Risk register of 10-15 cyber threat scenarios along 5-8 business processes where sensitive data are processed 5. Draft an overarching Security Architecture with coordinated security measures operated by a motivated and skilled team 6. Establish a SOC with: Monitoring, Event Management, Incident Management and Response Process 8

Kontakte Lorenz Neher Zürich Senior Manager lorenz.neher@ch.pwc.com Tel. +41 58 792 47 85 Reto Häni Bern Partner reto.haeni@ch.pwc.com Tel. +41 58 792 75 12 9

Applied Digital Trust & Compliance erfordert das Sammeln und Aufbereiten von relevanten Daten People, Processes, Technology Governance & Control Framework Infrastructure, Device, Data Mgmt. User and devices trusted? Compliant? Compliance Layer 1: user and device identification ICT Infrastructure on premise, outsourced or in the cloud Compliance Layer 2: Infrastructure and data access Compliance Layer 3: Gateways and zone transitions Digital Data classified, separated in trust-domains @ Compliance Mgmt. Regulation & Standards Requirements & policies Data analytics (SIEM, etc.) Strategy and risk appetite Security, Privacy, Compliance Information (big data) Compliance & Security Dashboard(s) 10

General Data Protection Regulation (GDPR): 11

Was kann passieren, wenn ich meine Aufgabe als Compliance Officer / CISO nicht wahrnehme? Slide 12

Personendaten klar unterscheiden und angemessen schützen Gesetz und Verordnung VDSG (Verordnung zum DSG) Slide 13

Security Management und Daten Governance Slide 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information