SlideShare a Scribd company logo

Data Security For Compliance 2

Download as PPT, PDF
Flaskdata.io
Flaskdata.io

Data security for compliance - Best practices & implementation

Economy & FinanceTechnology
1 of 84
Data security for compliance - Best practices & implementation Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com www.controlpolicy.com
Why? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object]
I. Introduction
Objectives for this talk ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What the heck is data security? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Data security technology model Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
Data security countermeasures mitigate ,[object Object],[object Object],[object Object],[object Object]
Introduction Compliance and data security
Data security regulation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PCI DSS 1.2.1 ,[object Object],[object Object],[object Object],[object Object]
PCI DSS 1.2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Grokking ,[object Object],[object Object]
PCI DSS 1.2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
ISO27000 ,[object Object],[object Object],[object Object],[object Object],[object Object]
ISO27001 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ISO27001 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Interim conclusions ,[object Object],[object Object],[object Object]
Question and Answer Where does DLP fit into compliance? ,[object Object],[object Object],[object Object]
II. Defining Project Objectives
Enforce business process ,[object Object],[object Object],[object Object],[object Object],“ If the internal control system is implemented only to prevent fraud and comply with laws and regulations, then an important opportunity is missed.“ “ The same internal controls can also be used to systematically improve businesses, particularly in regard to effectiveness and efficiency.” COSO – Industry Consortium to improve internal controls
Compliance drivers and constraints ,[object Object],[object Object],[object Object],[object Object],[object Object]
Accountability ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Examples ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Examples ,[object Object],[object Object],[object Object],[object Object]
Compliance and risk analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Risk analysis: Base classes ,[object Object],[object Object],[object Object],[object Object]
Risk analysis: data security threat model (*) Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
Provable security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Provable security ,[object Object],[object Object]
Costs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Politics IT – data security is “very important” ...Forrester Management board – fraud/data theft can maim or destroy the company ...Sarbanes-Oxley
III. Project planning and preparation
4 steps of Planning ,[object Object],[object Object],[object Object],[object Object],The Scientific Method
Typical data security implementation ,[object Object],[object Object],[object Object],[object Object],[object Object]
Why you lose control Why you lose control Why companies fail at DLP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Typical DLP project - valley of death Month 1 Month 12-18 Month 5 Logical &rational Emotional & Political IT Requirements Capabilities Presentation Compliance requirements Evaluate alternatives Close Project Meet vendors Talk to analysts Losing control
Step 1 – Define the problem ,[object Object],[object Object],[object Object],[object Object],nBusinessProceses << nDocumentFormats
Step 2 – Set a business pain hypotheses ,[object Object],[object Object],[object Object]
H1: Data loss is happening ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
H2: A cost effective solution exists ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3 – Measure data security metrics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why do we need metrics? ,[object Object],The easy part of information security (running the appliance, discovering vulnerabilities, fixing things and producing reports) Ignores the hard stuff; quantification and prioritization of your actions based on financial value of assets and measurement of threat impact Ignorance is never better than knowledge Enrico Fermi
Anything can be measured All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. Bertrand Russell
Why bother quantifying risk? ,[object Object],[object Object]
Measurement methods ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DLP Test equipment Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
Step 4 – Prove/Disprove hypotheses Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
IV. Project Implementation
Assumptions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
4 implementation layers ,[object Object],[object Object],[object Object],[object Object]
Layer 1 - Network topology ,[object Object],[object Object],[object Object],[object Object]
IT Operations - PCI DSS 1.2, HIPAA Server Land User Land 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Sensor Management Oracle SMB AD/ Open LDAP Web Mail Clients
Trusted insiders - HIPAA User Land Sensor Management The Internet Clients Facebook LinkedIn MySpace Gmail Yahoo! Proxies Blogs competitors
Customer/partner facing services Server Land Web application services PHP, ASP, JSP… Clients Sensor 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Management Oracle DB2 SMB AD Web Mail Middle tier Web server Third-party
Layer 2 – Interception points
Layer 2 – Interception guidelines ,[object Object],[object Object],[object Object],[object Object],[object Object]
Layer 3 – Policy, object view ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Layer 3 – Policy, crime view ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Policy development ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detect structured content ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Use case – PCI DSS ,[object Object],[object Object],[object Object]
Use case - HIPAA ,[object Object],[object Object]
Layer 4 - Forensics ,[object Object]
PCI DSS Forensics
V. Case study
SOX ,[object Object],[object Object]
Problem definition – SOX IT compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Project objective 1- Coherence ,[object Object],[object Object],[object Object],[object Object]
Project objective 2 - Sustainability ,[object Object],[object Object],[object Object],[object Object]
Measurement ,[object Object],[object Object],[object Object],[object Object]
Key Business processes ,[object Object],[object Object],[object Object]
Metrics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SOX Threat model ,[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object]
Questions?

Recommended

Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17SelectedPresentations
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMInfinIT - Innovationsnetværket for it
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 

Recommended

Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17SelectedPresentations
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMInfinIT - Innovationsnetværket for it
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItMarc Crudgington, MBA
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
DLP
DLPDLP
DLPsaurabh.sood
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security ServicesGraham Mann
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data SecurityRazor Technology
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 

More Related Content

What's hot

The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security ServicesGraham Mann
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Doeren Mayhew
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security programWilliam Godwin
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss PreventionGary Bahadur
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 

What's hot (20)

The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
DLP
DLPDLP
DLP
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security Services
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 

Viewers also liked

The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data SecurityRazor Technology
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UK2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UKGary Chambers
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscapeVladimir Matviychuk
 
Protect the data - Cyber security - Breaches - Brand/Reputation
Protect the data - Cyber security - Breaches - Brand/ReputationProtect the data - Cyber security - Breaches - Brand/Reputation
Protect the data - Cyber security - Breaches - Brand/ReputationPa Al
 
Interventional clinical trials: Procedures
Interventional clinical trials: ProceduresInterventional clinical trials: Procedures
Interventional clinical trials: ProceduresArete-Zoe, LLC
 
Cloud computing and security 03
Cloud computing and security 03Cloud computing and security 03
Cloud computing and security 03Akash Kamble
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EUArete-Zoe, LLC
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData Blueprint
 
Data Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaData Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaCaserta
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Cloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureCloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureKim Jensen
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Coastal Pet Products, Inc.
 
Big MDM Part 2: Using a Graph Database for MDM and Relationship Management
Big MDM Part 2: Using a Graph Database for MDM and Relationship ManagementBig MDM Part 2: Using a Graph Database for MDM and Relationship Management
Big MDM Part 2: Using a Graph Database for MDM and Relationship ManagementCaserta
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 

Viewers also liked (19)

The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data Security
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UK2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UK
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscape
 
Cloud computing for banking
Cloud computing for bankingCloud computing for banking
Cloud computing for banking
 
Protect the data - Cyber security - Breaches - Brand/Reputation
Protect the data - Cyber security - Breaches - Brand/ReputationProtect the data - Cyber security - Breaches - Brand/Reputation
Protect the data - Cyber security - Breaches - Brand/Reputation
 
Interventional clinical trials: Procedures
Interventional clinical trials: ProceduresInterventional clinical trials: Procedures
Interventional clinical trials: Procedures
 
Cloud banking
Cloud bankingCloud banking
Cloud banking
 
Cloud computing and security 03
Cloud computing and security 03Cloud computing and security 03
Cloud computing and security 03
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EU
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
 
Data Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaData Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with Cloudera
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
Cloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureCloud Computing for Banking - Accenture
Cloud Computing for Banking - Accenture
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 
Green banking
Green bankingGreen banking
Green banking
 
Big MDM Part 2: Using a Graph Database for MDM and Relationship Management
Big MDM Part 2: Using a Graph Database for MDM and Relationship ManagementBig MDM Part 2: Using a Graph Database for MDM and Relationship Management
Big MDM Part 2: Using a Graph Database for MDM and Relationship Management
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 

Similar to Data Security For Compliance 2

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystemkpatrickwheeler
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your InformationAIIM International
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016Ulf Mattsson
 
Is iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityIs iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityRamana K V
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to securityRaghunath G
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesAnton Chuvakin
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?Lumension
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinAnton Chuvakin
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinAnton Chuvakin
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017Joseph John
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer PlatformShanmugavel Sankaran
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 

Similar to Data Security For Compliance 2 (20)

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
 
Is iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityIs iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-security
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to security
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and Technologies
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 

More from Flaskdata.io

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata.io
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?Flaskdata.io
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure codeFlaskdata.io
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedFlaskdata.io
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2Flaskdata.io
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemFlaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015Flaskdata.io
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcareFlaskdata.io
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Flaskdata.io
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devicesFlaskdata.io
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetFlaskdata.io
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachFlaskdata.io
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkFlaskdata.io
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security TechnologyFlaskdata.io
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickFlaskdata.io
 

More from Flaskdata.io (19)

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical data
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trials
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeed
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC system
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcare
 
The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devices
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based Approach
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest link
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security Technology
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stick
 

Recently uploaded

VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...dipikadinghjn ( Why You Choose Us? ) Escorts
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Call Girls in Nagpur High Profile
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...dipikadinghjn ( Why You Choose Us? ) Escorts
 
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Delhi Call girls
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfGale Pooley
 
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...priyasharma62062
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Call Girls in Nagpur High Profile
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...dipikadinghjn ( Why You Choose Us? ) Escorts
 
Indore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfIndore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfSaviRakhecha1
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfGale Pooley
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfGale Pooley
 
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...dipikadinghjn ( Why You Choose Us? ) Escorts
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdfAdnet Communications
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptxFinTech Belgium
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure servicePooja Nehwal
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...dipikadinghjn ( Why You Choose Us? ) Escorts
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...ssifa0344
 

Recently uploaded (20)

VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
VIP Call Girl in Mumbai 💧 9920725232 ( Call Me ) Get A New Crush Everyday Wit...
 
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
02_Fabio Colombo_Accenture_MeetupDora&Cybersecurity.pptx
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
 
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
 
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
Call Girls in New Friends Colony Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escort...
 
The Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdfThe Economic History of the U.S. Lecture 20.pdf
The Economic History of the U.S. Lecture 20.pdf
 
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
Mira Road Memorable Call Grls Number-9833754194-Bhayandar Speciallty Call Gir...
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
 
Indore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdfIndore Real Estate Market Trends Report.pdf
Indore Real Estate Market Trends Report.pdf
 
The Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdfThe Economic History of the U.S. Lecture 17.pdf
The Economic History of the U.S. Lecture 17.pdf
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdf
 
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 
00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx00_Main ppt_MeetupDORA&CyberSecurity.pptx
00_Main ppt_MeetupDORA&CyberSecurity.pptx
 
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure serviceWhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
WhatsApp 📞 Call : 9892124323 ✅Call Girls In Chembur ( Mumbai ) secure service
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
 
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 

Data Security For Compliance 2

  • 1. Data security for compliance - Best practices & implementation Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com www.controlpolicy.com
  • 2.
  • 3.
  • 5.
  • 6.
  • 7. Data security technology model Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
  • 8.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. II. Defining Project Objectives
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36. Risk analysis: data security threat model (*) Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
  • 37.
  • 38.
  • 39.
  • 40. Politics IT – data security is “very important” ...Forrester Management board – fraud/data theft can maim or destroy the company ...Sarbanes-Oxley
  • 41. III. Project planning and preparation
  • 42.
  • 43.
  • 44.
  • 45. Typical DLP project - valley of death Month 1 Month 12-18 Month 5 Logical &rational Emotional & Political IT Requirements Capabilities Presentation Compliance requirements Evaluate alternatives Close Project Meet vendors Talk to analysts Losing control
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52. Anything can be measured All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. Bertrand Russell
  • 53.
  • 54.
  • 55. DLP Test equipment Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
  • 56. Step 4 – Prove/Disprove hypotheses Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
  • 58.
  • 59.
  • 60.
  • 61. IT Operations - PCI DSS 1.2, HIPAA Server Land User Land 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Sensor Management Oracle SMB AD/ Open LDAP Web Mail Clients
  • 62. Trusted insiders - HIPAA User Land Sensor Management The Internet Clients Facebook LinkedIn MySpace Gmail Yahoo! Proxies Blogs competitors
  • 63. Customer/partner facing services Server Land Web application services PHP, ASP, JSP… Clients Sensor 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Management Oracle DB2 SMB AD Web Mail Middle tier Web server Third-party
  • 64. Layer 2 – Interception points
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.