Security, Privacy, Compliance

Similar documents
Data Masking: A baseline data security measure

Data Masking Best Practices

Data Privacy: The High Cost of Unprotected Sensitive Data 6 Step Data Privacy Protection Plan

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Application Security Center overview

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Penetration Testing //Vulnerability Assessment //Remedy

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Test Data Management for Security and Compliance

8 Steps to Holistic Database Security

How To Manage Security On A Networked Computer System

Protecting What Matters Most. Bartosz Kryński Senior Consultant, Clico

2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Making Database Security an IT Security Priority

Analyzing Logs For Security Information Event Management Whitepaper

Five Ways to Use Security Intelligence to Pass Your HIPAA Audit

Analyzing Logs For Security Information Event Management Whitepaper

Oracle Database Security

1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information

Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking

74% 96 Action Items. Compliance

White Paper. Managing Risk to Sensitive Data with SecureSphere

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

whitepaper Ten Essential Steps for Achieving Continuous Compliance: A Complete Strategy for Compliance

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

Analyzing Logs For Security Information Event Management

What Data? I m A Trucking Company!

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Vulnerability Management

Why Add Data Masking to Your IBM DB2 Application Environment

Client Security Risk Assessment Questionnaire

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

PCI: The Dark Side. May 2012 Roanoke, VA

Security Information & Event Management A Best Practices Approach

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Everything You Wanted to Know about DISA STIGs but were Afraid to Ask

Tech Brief. Choosing the Right Log Management Product. By Michael Pastore

File Integrity Monitoring: A Critical Piece in the Security Puzzle. Challenges and Solutions

Effective Software Security Management

The Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Enterprise PrivaProtector 9.0

Cisco Comprehensive Payments Solution

plantemoran.com What School Personnel Administrators Need to know

Security Controls What Works. Southside Virginia Community College: Security Awareness

AdRem Software s HIPAA Compliance. An AdRem Software White Paper

InfoGard Healthcare Services InfoGard Laboratories Inc.

WHITEPAPER. How a DNS Firewall Helps in the Battle against Advanced Persistent Threat and Similar Malware

ACE Advantage PRIVACY & NETWORK SECURITY

An Oracle White Paper June Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

<Insert Picture Here> Oracle Database Security Overview

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS

Executive s Guide to Cloud Access Security Brokers

ScienceLogic vs. Open Source IT Monitoring

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

2012 Data Breach Investigations Report

Symantec Enterprise Vault

Private vs. Public Cloud Solutions

Test Data Management Concepts

Enterprise Security Solutions

Criticial Need for Stronger Network Security. QualysGuard SaaS-based Vulnerability Management for Stronger Security and Verification of Compliance

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

Information Security and Risk Management

Defining, building, and making use cases work

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

The Onslaught of Cyber Security Threats and What that Means to You

Passing PCI Compliance How to Address the Application Security Mandates

eguide: Designing a Continuous Response Architecture Executive s Guide to Windows Server 2003 End of Life

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Did you know your security solution can help with PCI compliance too?

HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

Is Your IT Environment Secure? November 18, Sarah Ackerman, Greg Bernard, Brian Matteson Clark Schaefer Consulting

Transcription:

Security, Privacy, Compliance Tech-Security Conference Chicago, IL January 19, 2012 Vitaly Dubravin, CTO f r o m i n f o r m a t i o n t o i n t e l l i g e n c e

Premium IT Services Boutique Information Management Specialists Insuring better governance, easing compliance and improving security. Information Security and Compliance Data Warehousing and Business Intelligence Expert IT staffing for with BI, DW and Data security 2012 GRT Corporation 2

Exponential Data Growth "The toxic terabyte: How data-dumping threatens business efficiency." (Global Technical Services whitepaper) 2012 GRT Corporation 3

Recent Data Leaks Source: http://datalossdb.org 2012 GRT Corporation 4

Sony Disaster Source: http://databreaches.net 2012 GRT Corporation 5

Emerging Enterprise Technologies Known benefits : Instant distribution Destination unknown Global coverage Too readily available 2012 GRT Corporation 6

What? 2011 Data Breach Investigations Report Who is behind data breaches? 92 % 92 % stemmed from external agents (+22%) 17 % implicated insiders (-31%) <1 % resulted from business partners (-10%) 9 % involved multiple parties (-18%) securityblog.verizonbusiness.com What commonalities exist? 83 % of victims were targets of opportunity (<>) 92 % of attacks were not highly difficult (+7%) 50 % How do breaches occur? 50 % utilized some form of hacking (+22%) 49 % incorporated malware (+10%) 29 % Involved physical attacks (+14%) 17 % resulted from privilege misuse (-31%) 11 % employed social tactics (-17%) 76 % of all data was compromised from servers (-22%) 86 % were discovered by a third party (+25%) 96 % of breaches were avoidable through simple or intermediate controls (<>) 76 % 89 % of victims subject to PCI-DSS had not achieved compliance (+10%) 2012 GRT Corporation 7

How Much Does Personal Information Cost? Your information is being sold by data brokers to companies and agencies everyday Address - $0.50 Past Address - $9.95 Marriage/Divorce - $7.95 Education Background - $12.00 Employment History - $13.00 Phone Number - $0.25 Unpublished Phone Number - $17.50 Cell Phone Number - $10.00 Social Security Number - $8.00 Credit History - $9.00 Bankruptcy Information - $26.50 Business Ownership - $9.95 Shareholder - $1.50 Felony - $16.00 Lawsuit History $2.95 Sex Offender - $13.00 Drivers License - $3.00 Voter Registration - $0.25 Source: http://www.turbulence.org Source: http://dilbert.com/strips/comic/2010-10-14/ 2012 GRT Corporation 8

Who Can Access Your Medical Records? Source: http://patientprivacyrights.org/ 2012 GRT Corporation 9

Complexity of Legislative Response 2012 GRT Corporation 10

Payment Card Industry Data Security Standard 2012 GRT Corporation 11

Consequences of Data Leaks Risk factors associated with data leaks and unauthorized access: Civil Lawsuits Legal Fines Personal Risks Loss of Clients 2012 GRT Corporation 12

Traditional Security Measures Access Tokens, Digital Certificates VPNs, DMZs Physical Access Restrictions Firewalls with Intrusion Detection Sensitive Fields Encryption User Identity Management Security Audits Security Policy Management Role-based Access Rules Backup Protection 2012 GRT Corporation 13

Data Losses as a result of Business Processes Data Snapshots for Offshore Development Legacy LOB Applications Test Datasets for System Upgrade Data Exports for 3rd-party Marketing Agency Not Yet Addressed Regulatory Requirements Training Facility Databases Homegrown Data Protection Solution Bugs in Application Security 2012 GRT Corporation 14

Data Privacy is NOT a Moonlight Project Management significantly underestimates Data Privacy complexity DBAs spend an average 4-6 weeks per source implementing in-house data masking solutions source: Camouflage Software, Inc 2012 GRT Corporation 15

What is Data Masking? Data masking is the process of obscuring (masking) specific data elements within data stores. It ensures that sensitive data is replaced with realistic but not real data. (Wikipedia) 2012 GRT Corporation 16

Use Case Total Comp Project Ron needs new Total Comp report for his team and asked Rochelle to make a template for it. Corporate Policy: Managers can not retrieve compensation details for people with a higher salary grade. Rochelle Li IT Lead Ron Reddy Dpt. Mgr. 2012 GRT Corporation 17

Use Case Total Comp Project Ron s full view Rochelle s masked view 2012 GRT Corporation 18

Three Pillars of Data Masking Discovery Masking Subsetting 2012 GRT Corporation 19

Automated Discovery Automated search & classification Repeatable process Significant time and cost savings Increases accuracy, reducing human error Facilitates compliance, reduces risk Reduces manual effort Integrates with data masking Prepackaged Templates (PCI, HIPAA, etc.) 2012 GRT Corporation 20

Subsetting Reduces data footprint, storage and bandwidth Repeatable process Advanced filtering capabilities Increases accuracy, reducing human error Graphically view and configure rules Significant time and cost savings Integrates with data masking Maintains application and database integrity 2012 GRT Corporation 21

Data Masking High quality data, realistic data Facilitates compliance, reduces risk Maintains application and database integrity Increases accuracy, reducing human error Earlier detection of application defects Significant time and cost savings Repeatable process Reduces QA effort 2012 GRT Corporation 22

Available Data Transformations Generators Account Numbers, Birth Dates, Credit Card Expiry Dates, Credit Card Numbers, Social Security Numbers Data Load Names, Part Numbers, Street Addresses, Table Filter Custom Email Addresses, Free Form Text, XML Documents Mutators Account Numbers, Birth Dates, Credit Card Expiry Dates, Names, Street Addresses Algorithmic Enumeration, Salaries, Serial Numbers, Telephone Numbers 2012 GRT Corporation 23

Static Data Masking Source Data Masked Data 2012 GRT Corporation 24

Dynamic Data Masking in the Enterprise 2012 GRT Corporation 25

Dynamic Data Masking Proxy Internals 2012 GRT Corporation 26

Data Masking Implementation Impediments Show Stoppers Application Integrity Database Integrity More Challenges to Consider: Relationship Discovery Transformation Repeatability Centralized Rule Definition Multiplatform Support 2012 GRT Corporation 27

Data Masking DIY Project Easy 15-20 minutes to install Discovery using predefined templates Includes library of prebuilt transformations Hard: Masking strategy Transformation tuning Custom transformations Complex dependencies Best practices 2012 GRT Corporation 28

Why Data Masking? "The entire point of data masking is to protect yourself from your own employees," says Joseph Feiman, a security analyst at Gartner Research. "Attacks are coming from the outside, yes, that's true, but also from the inside. And it's hard to tell which type is more serious." 2012 GRT Corporation 29

Q&A www.grtcorp.com Thank You GRT Corporation www.facebook.com/grtcorp www.twitter.com/grtcorp 2012 GRT Corporation 30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information