Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Data Security For Compliance 2
1. Data security for compliance - Best practices & implementation Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com www.controlpolicy.com
7. Data security technology model Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
36. Risk analysis: data security threat model (*) Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
37.
38.
39.
40. Politics IT – data security is “very important” ...Forrester Management board – fraud/data theft can maim or destroy the company ...Sarbanes-Oxley
45. Typical DLP project - valley of death Month 1 Month 12-18 Month 5 Logical &rational Emotional & Political IT Requirements Capabilities Presentation Compliance requirements Evaluate alternatives Close Project Meet vendors Talk to analysts Losing control
46.
47.
48.
49.
50.
51.
52. Anything can be measured All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. Bertrand Russell
53.
54.
55. DLP Test equipment Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
56. Step 4 – Prove/Disprove hypotheses Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
61. IT Operations - PCI DSS 1.2, HIPAA Server Land User Land 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Sensor Management Oracle SMB AD/ Open LDAP Web Mail Clients
62. Trusted insiders - HIPAA User Land Sensor Management The Internet Clients Facebook LinkedIn MySpace Gmail Yahoo! Proxies Blogs competitors
63. Customer/partner facing services Server Land Web application services PHP, ASP, JSP… Clients Sensor 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Management Oracle DB2 SMB AD Web Mail Middle tier Web server Third-party