O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Bridging the Gap between Privacy and Security: Using Technology to Manage Complex Breach Disclosure Regulations

349 visualizações

Publicada em

Data breach and Cybersecurity incident reporting regulations are becoming more widespread. The introduction of GDPR in May 2018, with its 72-hour reporting requirement, resulted in organizations having to review their incident response processes and more regional and industry-specific regulations are being introduced all the time. Security Operations and Privacy teams need to be aligned to meet these new requirements. Technology such as Security Orchestration and Automation is also being adopted to collaborate on the investigation and remediation of security incidents.

This webinar, hosted by Privacy experts from Ovum and IBM, will look at how technology can close the gap between Privacy and Security to reduce the time to contain incidents and maintain compliance with complex breach laws.

View the recording: https://event.on24.com/wcc/r/1930112/BE462033358FFF36C4B27F76C9755753?partnerref=LI

Publicada em: Tecnologia
  • Seja o primeiro a comentar

  • Seja a primeira pessoa a gostar disto

Bridging the Gap between Privacy and Security: Using Technology to Manage Complex Breach Disclosure Regulations

  1. 1. Bridging the Gap between Privacy and Security: Using Technology to Manage Complex Breach Disclosure Regulations
  2. 2. 2 IBM Security Next-Generation SOAR Platform with Intelligent Orchestration IBM Resilient: The Market Leader in Incident Response Largest and most trusted install base in the world More than 350 customers globally Customers in more than 30 countries Part of the largest enterprise security organization in the world Resilient is the hub of IBM Security’s Immune System Expanding customer support and services resources Only incident response platform with built-in intelligent orchestration IBM Resilient Partner Ecosystem delivered through IBM Security App Exchange Technology-agnostic platform delivers enterprise-grade integrations with IT and security tools Includes orchestration and automation capabilities
  3. 3. 3 IBM Security Our Speakers Monica Dubeau, CIPP/US Privacy Program Director - Resilient, IBM Alan Rodger Senior Analyst, Ovum
  4. 4. Using Technology to Manage Complex Breach Disclosure Regulations Alan Rodger Senior Analyst Ovum 27 February 2019
  5. 5. Ovum | TMT intelligence | informa5 Copyright © Informa PLC Double danger - damaging breaches + escalating consequences Dealing with breaches effectively, as a business How solutions can help (Ovum Market Radar report) Agenda
  6. 6. Ovum | TMT intelligence | informa6 Copyright © Informa PLC What constitutes a breach? How common are they? Many potential sources of data breaches: • Cybersecurity attack • Lost device • Inadequate password protection • Unauthorized use of data 59,000 data breaches reported in EU countries (Source: DLA Piper survey results - 25 May ‘18 thru January ’19): • NL – 15,400 (also highest per capita) • DE – 12,600 • UK – 10,600 • Even small countries’ regulators are being notified of breaches (Lichtenstein, Iceland and Cyprus)
  7. 7. Ovum | TMT intelligence | informa7 Copyright © Informa PLC ▪ Regulations are increasing the penalties ▪ In GDPR, up to 4% of global turnover, or EUR20M ▪ Timescale limitations add to the challenge ▪ We may see political ‘competition’ across regulatory jurisdictions ▪ These add to other direct and indirect financial impacts (internal and external): ▪ Operational costs ▪ Tying up expertise ▪ Delays to plans ▪ Trust and reputation ▪ Relationships and supply chain Consequences of data breaches
  8. 8. Ovum | TMT intelligence | informa8 Copyright © Informa PLC Information security is still a fundamental challenge Source: Ovum ICT Enterprise Insights 2018/19 – Global: ICT Drivers and Technology Priorities
  9. 9. Ovum | TMT intelligence | informa9 Copyright © Informa PLC ▪ Complex operational planning, and commitment to compliance ▪ Access to right types (and levels) of expertise: ▪ DPO ▪ Legal / compliance (relationship with supervisory authorities, compliance oversight) ▪ HR (policy; training; employee issues, roles, and personal data) ▪ Marketing (customer relationship ‘owner’) ▪ Comms (media liaison, PR) ▪ IT (advisory on data, security, applications, and architecture) Dealing with breaches effectively, as a business ▪ Awareness of responsibilities ▪ Leadership team ‘skin in the game’
  10. 10. Ovum | TMT intelligence | informa10 Copyright © Informa PLC Solution schematic and value Breach reporting: - supervisory authority - citizens affected Processes / capabilities Information / insight / expertise Stakeholders • Incidents • Security logs • Regulation context/advice • Legal / compliance • HR • Marketing / comms • Senior leadership • IT • Partners / service providers • Organizational workflows • Approvals • Roles and contacts • Scheduling / alerts • Visibility / auditability • Risk analysis • Data integration • Testing / modelling • Visual design • Templates • Multiple supervisory contacts • Digital submission
  11. 11. Ovum | TMT intelligence | informa11 Copyright © Informa PLC ▪ An early-stage market (with some mature solutions – but very few competing) ▪ Widespread adoption expected within a few years ▪ Alternatives (spreadsheets, checklists, manual processes) are inadequate ▪ Awareness will grow of non-compliance consequences Ovum’s findings on Data Breach Management/Reporting solution market ▪ Our recommendations: ▪ Follow up earlier GDPR programs by spreading awareness of breach-reporting non-compliance risks, and the options available ▪ A successful compliance capability must: ▪ Ensure commitment of resources from across the organization, and external parties where needed ▪ Use a data breach management and reporting solution fully to maximize benefits ▪ Ensure that all parties are aware of their roles and responsibilities, should a data breach occur
  12. 12. Ovum | TMT intelligence | informa12 Copyright © Informa PLC Thank you alan.rodger@ovum.com
  13. 13. Privacy Module Monica Dubeau February 27, 2019 Privacy Program Director
  14. 14. 14 IBM Security What is IBM Resilient Intelligent Orchestration?What is IBM Resilient Intelligent Orchestration?
  15. 15. 15 IBM Security Over 160 global regulations in product to help customers to remain compliant with the complex breach notification requirements Privacy Module Capabilities Integrated breach notification with the wider Cyber Security Incident Response plan – one central place of incident management Full simulation and table-top capabilities to train Privacy & IR teams on consistent, repeatable procedures Reporting tools provide a clear picture of the specific threats facing the organization – helping to identify gaps
  16. 16. 16 IBM Security How It Works Select data types lost
  17. 17. 17 IBM Security How It Works Select applicable jurisdictions
  18. 18. 18 IBM Security Demonstrate a Consistent Process for Assessing Risk Text box to document conclusion Guidance that helps user assess risk
  19. 19. 19 IBM Security Meet Short Notification Timelines The breach notification timeline is already set and counting down Tasks can be assigned to team members for accountability
  20. 20. 20 IBM Security Notify in Phases
  21. 21. 21 IBM Security Maintain Required Documentation
  22. 22. 22 IBM Security Dashboards & Reporting
  23. 23. Q&A
  24. 24. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. FOLLOW US ON: THANK YOU