How to Identify Datasets Containing PCI, PII or Other Sensitive Information

Similar documents

data express DATA SHEET OVERVIEW

How To Write An Ets Request For Proposal (Rfp)

Data Masking Secure Sensitive Data Improve Application Quality. Becky Albin Chief IT Architect

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

Required Software Product List

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

Virtualization Journey Stages

SPSS Statistics Server on Windows Detailed system requirements

Required Software Product List

SNOW LICENSE MANAGER (7.X)... 3

SNOW LICENSE MANAGER (7.X)... 3

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

Citrix XenDesktop & XenApp

IBM InfoSphere Guardium

Deploying PGP Encryption and Compression for z/os Batch Data Protection to (FIPS-140) Compliance

Altiris Inventory Solution 7.1 SP2 from Symantec User Guide

List of Supported Systems & Devices

SNOW LICENSE MANAGER (7.X)... 3

Symantec NetBackup 5000 Appliance Series

SNOW LICENSE MANAGER (8.X)... 4

Mobile, Cloud, Advanced Threats: A Unified Approach to Security

Microsoft Windows Apple Mac OS X

CA Service Desk Manager Release 12.5 Certification Matrix

Enforcive /Cross-Platform Audit

Business Application Continuity CA ARCserve Backup CA ARCserve D2D CA ARCserve Replication and High Availability

Altiris Inventory Solution 7.1 SP2 from Symantec User Guide

Managed Backup Service Supported Platforms

Microsoft Windows Apple Mac OS X

SnapServer NAS GuardianOS 6.5 Compatibility Guide May 2011

Redefining Backup for VMware Environment. Copyright 2009 EMC Corporation. All rights reserved.

VMware vrealize Operations. Management Pack for. PostgreSQL

Symantec NetBackup 7.1 What s New and Version Comparison Matrix

IBM InfoSphere Guardium for DB2 on z/os Technical Deep Dive

Module 5 Introduction to Processes and Controls

BMC Client Management - Technical Specifications. Version 12.0

z/os Curriculum Job Control Language (JCL) Curriculum JES Curriculum WebSphere Curriculum TSO/ISPF for z/os Curriculum

System Requirements Across v6 (Revision: April 29, 2015)

IBM Tivoli Application Dependency Discovery Manager

Welcome. Changes and Choices

Service Description Remote Yearly Maintenance of Dell PowerEdge Servers and PowerVault Storage

IBM INFORMATION MANAGEMENT SYSTEMS (IMS ) MIGRATION AND MODERNIZATION - CONVERSION OF HIERARCHICAL DL/1 STRUCTURES TO RDBMS

SIEMENS. Teamcenter Windows Server Installation PLM

StreamServe Persuasion SP5 Supported platforms and software

Symantec Backup Exec 2010

Shipping Products Chart. Contents

A Comparison of VMware and {Virtual Server}

Micro Focus Server Enterprise Edition

RSA ACCESS MANAGER. Web Access Management Solution ESSENTIALS SECURE ACCESS TO WEB APPLICATIONS WEB SINGLE SIGN-ON CONTEXTUAL AUTHORIZATION

VMware vsphere 5.1 Advanced Administration

MEEC Webinar Daly and EMC BRS - EMC Backup & Archive Solutions

IBM Unica Enterprise Products Version Publication Date: May 26, Recommended Software Environments and Minimum System Requirements

<Insert Picture Here> Oracle Database Security Overview

Big Data Storage in the Cloud

SnapServer NAS GuardianOS 5.2 Compatibility Guide October 2009

EMC DISK LIBRARY FOR MAINFRAME

Rehosting Mainframe Workloads

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

Symantec Client Management Suite 7.6 powered by Altiris technology

Lumension Endpoint Management and Security Suite Patch and Remediation 7.0 Service Pack 1 Migration Guide

BMC Mainframe Solutions. Optimize the performance, availability and cost of complex z/os environments

Symantec Disaster Recovery Advisor

Cisco is a registered trademark or trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.

ERP Infrastructure Guide APPENDIX B

Veritas Cluster Server from Symantec

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Backup Exec 15 Agents and Options

FDR/UPSTREAM INNOVATION Data Processing Providing a Long Line of Solutions

The operating system requirements listed in this document include the most current patches and service packs.

SEP sesam Backup & Disaster Recovery Overview

Novell ZENworks Asset Management 7.5

Technical Specification Data 1

CA SiteMinder. Implementation Guide. r12.0 SP2

Backup Exec System Recovery Management Solution 2010 FAQ

Shipping Products Chart. Contents

VMWARE VSPHERE 5.0 WITH ESXI AND VCENTER

PUBLISH YOUR COLLECTIONS TO THE WEB

$45.00 per VM per month base cost, plus $4.50 per virtual CPU (vcpu) per month. $0.16 per GB Disk Storage per month

Real-Time Database Protection and. Overview IBM Corporation

Installing and Administering VMware vsphere Update Manager

Backup Exec 2010 Deduplication Protect More, Store Less, Save More

Replicating Mainframe Tape Data for DR Best Practices Session #10929

STRATEGIC PLANNING ASSUMPTION(S)

CA Telon Application Generator r5.1

File Manager base component

Protecting your Data in a New Generation Virtual and Physical Environment

Practical DLP Deployment

License table for Microsoft Action Pack partners

ACCELERATE YOUR VIRTUALIZATON JOURNEY WITH BACKUP BUILT FOR VMWARE

Enhancing Lotus Domino search

Transcription:

How to Identify Datasets Containing PCI, PII or Other Sensitive Information David Wade CIO/EVP Primerica, Inc. david.wade@primerica.com February 5, 2013 Session 12943

Primerica: Who We Are Life Insurance and Investments Middle-income families Main Street, not Wall Street Entrepreneurial business model 4.3 million lives insured 2 million investment clients Publicly traded PRI 2

Infrastructure Architecture Applications Field Registration & Licensing Field Compensation Field Technology Life Administration Image Technology Securities Administration National Benefit Life PeopleSoft / Cognos TM1 HR Administrative Systems Application Infrastructure Support Presentation Layer MS Internet Explorer, Firefox, Safari, Chrome IBM Websphere Application Server v6.1 & v7.0 IBM Transaction Server v4.2 (CICS) Transaction Gateway v7.2 IBM TSO/E v1.12 MS.NET Framework v4.0 Tomcat v6 Database Management Information Security Telecom Operating Systems Platforms Disaster Recovery IBM DB2 v10 for z/os IBM Security Server v1.12 (RACF) Diverse, AT&T Multi-link 155/100 Mbps Internet Access PR/SM IBM Mainframe Z/OS v1.12 Mature Recovery Plans Oracle 11g IBM DB2 for LUW v9.7 Native UNIX & CA etrust v8 AT&T OC48 SONET Metropolitan Area Network Power VM IBM Unix-AIX v5.3/6.1 End-to-End Application Testing Microsoft SQL Server for Integrated 3 rd Party Application Novell v6.5 edirectory v8.7 Single & Multi-Mode Fiber & CAT 5e Wiring VMWare Vsphere 4 Microsoft Windows 2003/2008 Network Connectivity VSAM QSAM MS Active Directory 2003 Siemens 9751 PBXs SUSE V10 SP3 Edirectory v8.8 and Novell v6.5 Edirectory v8.7 IBM Out of Region Recovery Center NAS MySQL v5.5 CISCO 65xx & 72xx Equipment Red Hat v6 Update 2 Business Recovery Center - Hembree 3

DataSniff What s in your mainframe? Finding PCI, PII and other sensitive information in your legacy mainframe 4

Mainframe Legacy 30+ years of legacy data Production data classified manually End user and Test data not classified Structured Data VSAM DB2 (includes user-owned tables) Unstructured Data (Disk and Tape) QSAM / Sequential, GDG PDS, PDSE Packed Decimal DFHSM ML1 / ML2 5

Data Loss Prevention Initiative Effective DLP Programs Utilize a Multitude of People, Process and Technology Data Governance Policies and Standards Identification Risk Assessment Classification Architecture Quality 6 Source: Ernst & Young, LLP, Data Loss Prevention, Keeping your sensitive data out of the public domain

Data Loss Prevention Initiative Data Control Key Focus Areas for DLP Controls Data in Motion Perimeter security Network monitoring Internet access control Data collection and exchange Messaging (Email, IM) Remote access Structured data Data in Use Privileged user monitoring Access/Usage monitoring Data anonymisation Use of test data Data redaction Export/Save control Data at Rest EndPoint security Host Resident/Encryption Mobile device protection Network/Intranet storage Physical media control Disposal and destruction 7 Unstructured data Source: Ernst & Young, LLP, Data Loss Prevention, Keeping your sensitive data out of the public domain

Data Loss Prevention Initiative Supporting Information Security Processes Identity/Access Management Security information/event management Configuration management Vulnerability management Digital rights management Incident response Physical security Training and awareness Asset management Data privacy/document protection Employee screening and vetting Third-party management and assurance Business continuity Disaster recovery Regulatory compliance management Change management/sdlc 8 Source: Ernst & Young, LLP, Data Loss Prevention, Keeping your sensitive data out of the public domain

If You Can t Measure It You Can t Manage It! 9

The Task at Hand Classify all mainframe data files Who owns them? What do they contain? Where is the confidential, PII, PCI or other sensitive information? 10

DataSniff by XBridge Systems Data Discovery Tool Runs on the mainframe Automated, native scanning of mainframe data Schedule by Media Type Analytical Engine Appliance or Windows-based Browser-based User Interface Schedule scans Manage reporting 11

DataSniff Evaluation Identify and secure Payment Card Numbers (PCN) Personally Identifiable Information (PII) especially Social Security/Tax ID numbers, home address Support all Mainframe data structures DB2 databases VSAM KSDS & ESDS QSAM, GDG files on both disk and tape PDS & PDSE DFHSM ML1 & ML2 on tape Packed decimal data 12

Features Evaluated Locate SSN/PCN format data in DB2 tables, QSAM/VSAM, & PDS(E)s Selection of data using regular expressions User control of mainframe resources HSM re-migration User-written regular expressions Results reporting Impact on mainframe performance 13

14 Management Console

15 Management Console

16 Management Console

Successes PCN/SSN data located with minimum of false positives User-defined selection filters Scanned all required data structures: DB2, VSAM, Sequential / QSAM, PDS/PDSE, HSM migrated data sets Scanned packed decimal structures Controlled use of scarce mainframe resources (tape, disk) HSM migrated files automatically recalled and re-migrated to original migration level (ML1, ML2) Scanned large numbers of data stores with no performance impact 17

Issues Resolved during evaluation Dynamic allocation of HSM migration control dataset caused contention with HSM CDS reorgs. Excessive runtimes for PDS/PDSE scans. Fix has been developed. 18

Performance Quick data analysis; select group of datastores Test LPAR Prod LPAR Total Files Scanned 34,960 225,195 By File Type: PDS/E 669 1,804 QSAM 5,049 176,852 VSAM 28,447 37,112 DB2 Tables 795 9,428 By Media Type: DASD (non-migrated) 32,169 67,812 Tape 115 41,905 Migrated (ML1/ML2) 2,676 115,478 Minimal mainframe resource usage User-controlled mainframe resources: Tape HSM recalls 19

Custom Regular Expressions Identify SSNs with specific state codes Addresses and zip+4 s in the form xxxxx-xxxx. Example of SSN regular expression (?:[0-6]\d{2} 7[0-6]\d 77[0-2])(?: {0,2}(?(-)(?:-\ {0,2})))(?:\d{2})(?: {0,2}(?(-)(?:-\ {0,2})))(?:\d{4}) ((253 263 260)[0-9]{6}) ((253 260 263)-[0-9]{2}-[0-9]{4}) 20

Conclusion Data identification and classification Mainframe data at rest Easy to use Quick and efficient Little or no impact to the operational environment DataSniff is a valuable part of Primerica s comprehensive DLP program. 21

XBridge Systems, Inc. Mountain View, CA www.xbridgesystems.com Primerica, Inc. Duluth, GA www.primerica.com 22