Responsible Big Data Governance: Preventing Regulatory Overreaction



Similar documents
The role of technology in optimizing operations & improving productivity Anup Sharma, Global CIO, GE Oil & Gas

IT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014

SECURITY RISK MANAGEMENT

Big Data, Big Risk, Big Rewards. Hussein Syed

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

The Promise of Industrial Big Data

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Security Controls What Works. Southside Virginia Community College: Security Awareness

IT Security & Compliance. On Time. On Budget. On Demand.

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Consolidated Audit Program (CAP) A multi-compliance approach

Cloud Security Certification

MASSIVE NETWORKS Online Backup Compliance Guidelines Sarbanes-Oxley (SOX) SOX Requirements... 2

Preemptive security solutions for healthcare

The Impact of HIPAA and HITECH

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania

UIIPA - Security Risk Management. June 2015

Microsoft s Compliance Framework for Online Services

The Next Generation of Security Leaders

<Insert Picture Here> Integrating your On-Premise Applications with Cloud Applications

DEVELOPING A CYBERSECURITY POLICY ARCHITECTURE

Cloud Security and Managing Use Risks

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Security Considerations

The Future of Work reinven1ng every industry as we know it The Future of Work reinven1ng every industry as we know it.

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cloud and Data Center Security

Design of Database Security Policy In Enterprise Systems

Optimized for the Industrial Internet: GE s Industrial Data Lake Platform

Cloud Security Trust Cisco to Protect Your Data

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

Becoming a Cloud Services Broker. Neelam Chakrabarty Sr. Product Marketing Manager, HP SW Cloud Products, HP April 17, 2013

Domain 5 Information Security Governance and Risk Management

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Securing the Microsoft Cloud

Trend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION

Key Considerations of Regulatory Compliance in the Public Cloud

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Cloud Security Alliance

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

TOOLS and BEST PRACTICES

Ensuring Cloud Security Using Cloud Control Matrix

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

Cloud Card Compliance Checklist

Strategies for Integra.ng the HIPAA Security Rule

IIA Conference. September 18, Paige Needling Director, Global Information Security Recall, Inc.

InfraStruxure TM Management Software

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

CloudCheck Compliance Certification Program

PCI Compliance for Cloud Applications

ISE Northeast Executive Forum and Awards

Self-Service SOX Auditing With S3 Control

ORACLE OPS CENTER: PROVISIONING AND PATCH AUTOMATION PACK

Securing the Microsoft Cloud Infrastructure. Reto Häni Chief Security Officer Microsoft Western Europe MEET SWISS INFOSEC!

XBRL & GRC Future opportunities?

Igniting the Next Industrial Revolution

Security solutions White paper. Acquire a global view of your organization s security state: the importance of security assessments.

Hans Bos Microsoft Nederland.

Building an Effective

The IoT Inc Business Meetup Silicon Valley

How To Ensure Financial Compliance

Security Services. A Solution for Providing BPM of Security Services within the Enterprise Environment.

Cybersecurity The role of Internal Audit

GRC Stack Research Sponsorship

Industrial Internet & Advanced Manufacturing

Compliance in the Age of Cloud

How To Get Your Computer To Comply With Pca

Industrial Dr. Stefan Bungart

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC

InfraStruxure Management Software

Transcription:

Responsible Big Data Governance: Preventing Regulatory Overreaction Paulo Pereira Chief Data Architect and Governance Leader March 22th, 2015 Imagination at work

The Industrial Internet What happened when 1B people became connected? What happens when 50B machines become connected? Entertainment is digitized Social marketing emerged Communications mobilized IT architecture virtualized Retail and ad transformed Consumer Internet Monitoring to component levels Predictive maintenance Energy and fuel efficiencies Virtualized operations technology Workforce transformation Industrial Internet

The Industrial Internet is about smart machines, it s about real-time analytics, it s about modeling performance. Think zero unplanned downtime, optimal asset performance, optimal enterprise performance. Doing those things is the next wave, we think, of productivity and profitability. 2015 General Electric Company - All rights reserved Jeff Immelt, GE Chairman and CEO

Industrial Internet The Power of 1% Note: Illustrative examples based on potential one percent savings applied across specific global industry sectors. Source: GE estimates 2015 General Electric Company - All rights reserved 4

Industrial Big Data Let s talk BIG Data generated from one of many machines at one of many plants producing a specific personal care product

Industrial Big Data Fast and Vast BEFORE 1 KB / FLIGHT 30 PARAMETERS 3 SNAPSHOTS / FLIGHT Takeoff (average diagnostics) Cruise (average diagnostics) Landing (average diagnostics) NOW 500 GB / FLIGHT 5,000 PARAMETERS 1 SNAPSHOT / SEC Air Speed Calibrated Altitude Cooling Valve Position Exhaust Gas Temperature Fuel Flow Ground Speed and more

With Business Opportunity Comes Data Regulation Electronic Transmission Protection Laws Data Breach Notification Laws* Federal Regulations HIPPA, PCI, SOX, Threats Vulnerabilities Risks Confidentiality Integrity Accountability Internal Policies Audit Trail Tracking *As of Jan/15 Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted data breach notification legislation GE operates in over 160 Countries 7

CSA Cloud Controls Version 3.0.1 Example of Data Lifecycle Management Controls Control Domain* CCM V3.0 Control ID Control Specification Scope Applicability** Data Security & Information Lifecycle Management DSI-01 Data and objects containing data shall be assigned a classification by the data owner based on data type, value, sensitivity, and criticality to the organization. AICPA 2009 TCM, AICPA 2014 TCM BITS Shared Assessments COBIT 4.1/5.0 95/46/EC - European Union Data Protection Directive FedRAMP Security Controls GAPP HIPAA / HITECH Act ISO/IEC 27001-2005 ISO/IEC 27001-2013 PCI DSS v2.0/v3.0 <several additional refer to CCM V3.0 doc> * The CCM covers several additional relevant domains such as Application & Interface Security; Audit Assurance & Compliance; Business Continuity Management & Operational Resilience; Change Control & Configuration Management; Datacenter Security Asset Management; Encryption & Key Management; Data Governance and Risk Management; Human Resources; Mobile Device Management; Identity & Access Management; Infrastructure & Virtualization Security; <several additional refer to CCM V3.0 doc> ** The CCM v3.0 specifies the articles in each regulation that each controls covers

Standardization of Controls CSA - Cloud Controls Version 3.0.1 Provides fundamental security principles to guide cloud vendors and to assist cloud customers in assessing the overall security risk of a cloud provider Strengthens information security control environments by delineating control guidance by service provider and consumer, and by differentiating according to cloud model type and environment Provides a controls framework in 16 domains that are cross-walked to other industry-accepted security standards, regulations, and controls frameworks to reduce audit complexity Seeks to normalize security expectations, cloud taxonomy and terminology, and security measures implemented in the cloud

Compliance Process for Big Data Compliance Objectives Embed regulatory and security controls into the process and infrastructure automated compliance Monitoring and tracking of regulatory changes and automation of rules affective data compliance Areas to Consider Approach Support Data Transfer / Encryption Data Storage and Retention Policy Contractual Requirements Privacy Requirements Data Access and Controls Sensitive Data/Classified Data Data Inventory Review current rules and storage Apply Data Classification standards Risk Assessment Identify Legal and Regulatory Requirements Audit Teams Business Legal/Security Compliance External legal providers Process owners Industrial teams New Technologies

Why a Graph Database? Impact Data Domain Which regulations affect data controls and business outcomes Analysis Audit Controller System Alert Model The questions we want answered required traversal of tree structures. Inventory Ops Outcomes Work Order Schedule Factory

Delivering an Integrated View in Context UX Perspectives Business Technical Legal Infrastructure to integrate and manage information inventory Graph Technology Applications Framework Workflow Engine Metadata captured/maintained Automatically Semi-automatically Manually Requirements Regulations Roles Identity Technology Documents Outputs Data Security Processes Audits Context

Understanding Regulatory Impacts in Business Outcomes Business Catalog Parties Depende ncies Business Outcomes Business Process Projects and Initiatives Business Context Impact What-If Constraints 13

Key Takeaways The scope for transformation in the Industrial Internet is tremendous The potential impact of Industrial Internet technologies spans almost half of the global economy and more than half of the world s energy flows The industry has a responsibility to protect this growth area by using data responsibly Big Data is part of this paradigm shift Due diligence is key in selection of vendors/products and interoperability to support your governance goals New technologies have to be leverage to deal with the increasing regulatory pressures Simplification and Automation will Determine Your Growth Speed Companies should invest in new processes and technology to quickly determine impacts and implement changes Consider virtualization, standardization of controls and cloud methods to drive process innovation 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information