SlideShare a Scribd company logo

Data Security For Compliance 2

Download as PPT, PDF
Flaskdata.io
Flaskdata.io

Data security for compliance - Best practices & implementation

Economy & FinanceTechnology
1 of 84
Data security for compliance - Best practices & implementation Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com www.controlpolicy.com
Why? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Agenda ,[object Object],[object Object],[object Object],[object Object]
I. Introduction
Objectives for this talk ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What the heck is data security? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Data security technology model Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
Data security countermeasures mitigate ,[object Object],[object Object],[object Object],[object Object]
Introduction Compliance and data security
Data security regulation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PCI DSS 1.2.1 ,[object Object],[object Object],[object Object],[object Object]
PCI DSS 1.2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Grokking ,[object Object],[object Object]
PCI DSS 1.2 ,[object Object],[object Object],[object Object],[object Object],[object Object]
ISO27000 ,[object Object],[object Object],[object Object],[object Object],[object Object]
ISO27001 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ISO27001 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Sarbanes-Oxley ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
HIPAA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Interim conclusions ,[object Object],[object Object],[object Object]
Question and Answer Where does DLP fit into compliance? ,[object Object],[object Object],[object Object]
II. Defining Project Objectives
Enforce business process ,[object Object],[object Object],[object Object],[object Object],“ If the internal control system is implemented only to prevent fraud and comply with laws and regulations, then an important opportunity is missed.“ “ The same internal controls can also be used to systematically improve businesses, particularly in regard to effectiveness and efficiency.” COSO – Industry Consortium to improve internal controls
Compliance drivers and constraints ,[object Object],[object Object],[object Object],[object Object],[object Object]
Accountability ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Examples ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Examples ,[object Object],[object Object],[object Object],[object Object]
Compliance and risk analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Risk analysis: Base classes ,[object Object],[object Object],[object Object],[object Object]
Risk analysis: data security threat model (*) Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
Provable security ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Provable security ,[object Object],[object Object]
Costs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Politics IT – data security is “very important” ...Forrester Management board – fraud/data theft can maim or destroy the company ...Sarbanes-Oxley
III. Project planning and preparation
4 steps of Planning ,[object Object],[object Object],[object Object],[object Object],The Scientific Method
Typical data security implementation ,[object Object],[object Object],[object Object],[object Object],[object Object]
Why you lose control Why you lose control Why companies fail at DLP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Typical DLP project - valley of death Month 1 Month 12-18 Month 5 Logical &rational Emotional & Political IT Requirements Capabilities Presentation Compliance requirements Evaluate alternatives Close Project Meet vendors Talk to analysts Losing control
Step 1 – Define the problem ,[object Object],[object Object],[object Object],[object Object],nBusinessProceses << nDocumentFormats
Step 2 – Set a business pain hypotheses ,[object Object],[object Object],[object Object]
H1: Data loss is happening ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
H2: A cost effective solution exists ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Step 3 – Measure data security metrics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Why do we need metrics? ,[object Object],The easy part of information security (running the appliance, discovering vulnerabilities, fixing things and producing reports) Ignores the hard stuff; quantification and prioritization of your actions based on financial value of assets and measurement of threat impact Ignorance is never better than knowledge Enrico Fermi
Anything can be measured All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. Bertrand Russell
Why bother quantifying risk? ,[object Object],[object Object]
Measurement methods ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DLP Test equipment Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
Step 4 – Prove/Disprove hypotheses Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
IV. Project Implementation
Assumptions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
4 implementation layers ,[object Object],[object Object],[object Object],[object Object]
Layer 1 - Network topology ,[object Object],[object Object],[object Object],[object Object]
IT Operations - PCI DSS 1.2, HIPAA Server Land User Land 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Sensor Management Oracle SMB AD/ Open LDAP Web Mail Clients
Trusted insiders - HIPAA User Land Sensor Management The Internet Clients Facebook LinkedIn MySpace Gmail Yahoo! Proxies Blogs competitors
Customer/partner facing services Server Land Web application services PHP, ASP, JSP… Clients Sensor 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Management Oracle DB2 SMB AD Web Mail Middle tier Web server Third-party
Layer 2 – Interception points
Layer 2 – Interception guidelines ,[object Object],[object Object],[object Object],[object Object],[object Object]
Layer 3 – Policy, object view ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Layer 3 – Policy, crime view ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Policy development ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detect structured content ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Use case – PCI DSS ,[object Object],[object Object],[object Object]
Use case - HIPAA ,[object Object],[object Object]
Layer 4 - Forensics ,[object Object]
PCI DSS Forensics
V. Case study
SOX ,[object Object],[object Object]
Problem definition – SOX IT compliance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Project objective 1- Coherence ,[object Object],[object Object],[object Object],[object Object]
Project objective 2 - Sustainability ,[object Object],[object Object],[object Object],[object Object]
Measurement ,[object Object],[object Object],[object Object],[object Object]
Key Business processes ,[object Object],[object Object],[object Object]
Metrics ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SOX Threat model ,[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object]
Questions?

Recommended

Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Ulf Mattsson
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
SelectedPresentations
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
Graham Mann
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
DLT Solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
Jack Nichelson
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
InfinIT - Innovationsnetværket for it
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
Marc Crudgington, MBA
 

Recommended

Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Ulf Mattsson
 
Spo2 t17
Spo2 t17Spo2 t17
Spo2 t17
SelectedPresentations
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
Graham Mann
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
DLT Solutions
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
Jack Nichelson
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
InfinIT - Innovationsnetværket for it
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
Marc Crudgington, MBA
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
DLP
DLPDLP
DLP
saurabh.sood
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
Matthew Rosenquist
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security Services
Graham Mann
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
EQS Group
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
thinkASG
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
Eryk Budi Pratama
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
Jessica Santamaria
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Doeren Mayhew
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
Gary Bahadur
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data Security
Razor Technology
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 

More Related Content

What's hot

Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
EQS Group
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Doeren Mayhew
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
William Godwin
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 

What's hot (20)

The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
DLP
DLPDLP
DLP
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security Services
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3Aicpa tech+panel presentation t6 managing risks and security 2014 v3
Aicpa tech+panel presentation t6 managing risks and security 2014 v3
 
Business case for information security program
Business case for information security programBusiness case for information security program
Business case for information security program
 
5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention5 Myths About Data Loss Prevention
5 Myths About Data Loss Prevention
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 

Viewers also liked

Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
Priyanka Aash
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscape
Vladimir Matviychuk
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EU
Arete-Zoe, LLC
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data Blueprint
 

Viewers also liked (19)

The State of Data Security
The State of Data SecurityThe State of Data Security
The State of Data Security
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UK2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UK
 
Insights on it risks evolving it landscape
Insights on it risks evolving it landscapeInsights on it risks evolving it landscape
Insights on it risks evolving it landscape
 
Cloud computing for banking
Cloud computing for bankingCloud computing for banking
Cloud computing for banking
 
Protect the data - Cyber security - Breaches - Brand/Reputation
Protect the data - Cyber security - Breaches - Brand/ReputationProtect the data - Cyber security - Breaches - Brand/Reputation
Protect the data - Cyber security - Breaches - Brand/Reputation
 
Interventional clinical trials: Procedures
Interventional clinical trials: ProceduresInterventional clinical trials: Procedures
Interventional clinical trials: Procedures
 
Cloud banking
Cloud bankingCloud banking
Cloud banking
 
Cloud computing and security 03
Cloud computing and security 03Cloud computing and security 03
Cloud computing and security 03
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Personal data protection in the EU
Personal data protection in the EUPersonal data protection in the EU
Personal data protection in the EU
 
Data-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security WebinarData-Ed Online: How Safe is Your Data? Data Security Webinar
Data-Ed Online: How Safe is Your Data? Data Security Webinar
 
Data Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with ClouderaData Governance, Compliance and Security in Hadoop with Cloudera
Data Governance, Compliance and Security in Hadoop with Cloudera
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
Cloud Computing for Banking - Accenture
Cloud Computing for Banking - AccentureCloud Computing for Banking - Accenture
Cloud Computing for Banking - Accenture
 
Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title) Big Data, Security Intelligence, (And Why I Hate This Title)
Big Data, Security Intelligence, (And Why I Hate This Title)
 
Green banking
Green bankingGreen banking
Green banking
 
Big MDM Part 2: Using a Graph Database for MDM and Relationship Management
Big MDM Part 2: Using a Graph Database for MDM and Relationship ManagementBig MDM Part 2: Using a Graph Database for MDM and Relationship Management
Big MDM Part 2: Using a Graph Database for MDM and Relationship Management
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 

Similar to Data Security For Compliance 2

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
Ulf Mattsson
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
Ulf Mattsson
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
Anton Chuvakin
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
Joseph John
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 

Similar to Data Security For Compliance 2 (20)

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
 
How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016How can i find my security blind spots in Oracle - nyoug - sep 2016
How can i find my security blind spots in Oracle - nyoug - sep 2016
 
Is iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-securityIs iso 27001-an-answer-to-security
Is iso 27001-an-answer-to-security
 
Is iso 27001, an answer to security
Is iso 27001, an answer to securityIs iso 27001, an answer to security
Is iso 27001, an answer to security
 
PCI 2010: Trends and Technologies
PCI 2010: Trends and TechnologiesPCI 2010: Trends and Technologies
PCI 2010: Trends and Technologies
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton ChuvakinPCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
PCI DSS-based Security: Is This For Real? by Dr. Anton Chuvakin
 
Spirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton ChuvakinSpirit of PCI DSS by Dr. Anton Chuvakin
Spirit of PCI DSS by Dr. Anton Chuvakin
 
CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017CRS Company Overview -Feb 6 2017
CRS Company Overview -Feb 6 2017
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 

More from Flaskdata.io

The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
Flaskdata.io
 

More from Flaskdata.io (19)

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical data
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trials
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeed
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC system
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcare
 
The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devices
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
 
Data Security Metricsa Value Based Approach
Data Security Metricsa Value Based ApproachData Security Metricsa Value Based Approach
Data Security Metricsa Value Based Approach
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest link
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security Technology
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stick
 

Recently uploaded

Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...
Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...
Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...
priyasharma62062
 
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
roshnidevijkn ( Why You Choose Us? ) Escorts
 
(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7
(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7
(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7
jayawati511
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
priyasharma62062
 
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
priyasharma62062
 
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
priyasharma62062
 
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
amitlee9823
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Call Girls in Nagpur High Profile
 
Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
dipikadinghjn ( Why You Choose Us? ) Escorts
 

Recently uploaded (20)

Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...
Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...
Vasai-Virar High Profile Model Call Girls📞9833754194-Nalasopara Satisfy Call ...
 
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Mumbai 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
 
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
Call Girls Service Pune ₹7.5k Pick Up & Drop With Cash Payment 9352852248 Cal...
 
(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7
(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7
(Sexy Sheela) Call Girl Mumbai Call Now 👉9920725232👈 Mumbai Escorts 24x7
 
Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...
Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...
Kopar Khairane Russian Call Girls Number-9833754194-Navi Mumbai Fantastic Unl...
 
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbaiVasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
Vasai-Virar Fantastic Call Girls-9833754194-Call Girls MUmbai
 
Webinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech BelgiumWebinar on E-Invoicing for Fintech Belgium
Webinar on E-Invoicing for Fintech Belgium
 
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 
Stock Market Brief Deck (Under Pressure).pdf
Stock Market Brief Deck (Under Pressure).pdfStock Market Brief Deck (Under Pressure).pdf
Stock Market Brief Deck (Under Pressure).pdf
 
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
Navi Mumbai Cooperetive Housewife Call Girls-9833754194-Natural Panvel Enjoye...
 
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
 
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
VIP Independent Call Girls in Mira Bhayandar 🌹 9920725232 ( Call Me ) Mumbai ...
 
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
Kharghar Blowjob Housewife Call Girls NUmber-9833754194-CBD Belapur Internati...
 
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Banaswadi Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
 
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Sinhagad Road ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Dighi ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
call girls in Sant Nagar (DELHI) 🔝 >༒9953056974 🔝 genuine Escort Service 🔝✔️✔️
 
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
VIP Independent Call Girls in Taloja 🌹 9920725232 ( Call Me ) Mumbai Escorts ...
 

Data Security For Compliance 2

  • 1. Data security for compliance - Best practices & implementation Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com www.controlpolicy.com
  • 2.
  • 3.
  • 5.
  • 6.
  • 7. Data security technology model Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
  • 8.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28. II. Defining Project Objectives
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36. Risk analysis: data security threat model (*) Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
  • 37.
  • 38.
  • 39.
  • 40. Politics IT – data security is “very important” ...Forrester Management board – fraud/data theft can maim or destroy the company ...Sarbanes-Oxley
  • 41. III. Project planning and preparation
  • 42.
  • 43.
  • 44.
  • 45. Typical DLP project - valley of death Month 1 Month 12-18 Month 5 Logical &rational Emotional & Political IT Requirements Capabilities Presentation Compliance requirements Evaluate alternatives Close Project Meet vendors Talk to analysts Losing control
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52. Anything can be measured All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. Bertrand Russell
  • 53.
  • 54.
  • 55. DLP Test equipment Data Warehouse Document Server Session Detection point Decoders Policies Interception Countermeasures Management Provisioning Events Reporting Policies Forensics Received: from [172.16.1.35] (-80-230-224- Message ID:<437C5FDE.9080> “Send me more files today .
  • 56. Step 4 – Prove/Disprove hypotheses Metrics Asset value, Threat damage to asset, Threat probability Value at Risk =Threat Damage to Asset x Asset Value x Threat Probability (*) PTA -Practical threat analysis risk model
  • 58.
  • 59.
  • 60.
  • 61. IT Operations - PCI DSS 1.2, HIPAA Server Land User Land 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Sensor Management Oracle SMB AD/ Open LDAP Web Mail Clients
  • 62. Trusted insiders - HIPAA User Land Sensor Management The Internet Clients Facebook LinkedIn MySpace Gmail Yahoo! Proxies Blogs competitors
  • 63. Customer/partner facing services Server Land Web application services PHP, ASP, JSP… Clients Sensor 10.1.1.x 192.168.5.x 10.1.2.x 192.168.4.x Management Oracle DB2 SMB AD Web Mail Middle tier Web server Third-party
  • 64. Layer 2 – Interception points
  • 65.
  • 66.
  • 67.
  • 68.
  • 69.
  • 70.
  • 71.
  • 72.
  • 75.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.