This document discusses securing call center recordings and personally identifiable information (PII). It outlines threats like data breaches and inadequate security that jeopardize call center data. It recommends best practices like encryption and access control. Technologies from TantaComm and SafeNet that employ encryption, key management and access control are presented as ways to offset threats and meet compliance requirements.

1. You Never Know Who Is Listening: Securing Call Center Recordings & Personally Identifiable Information (PII)

3. What threats exist today that jeopardize the security of call center recordings Ginney McAdams Vice President of Business Development TantaComm

4. 2008 Data Breaches Soar ITRC Reports 47% Increase over 2007 According to ITRC reports, only 2.4% of all breaches had encryption or other strong protection methods in use. Posted 1/5/09 on idthreatcenter.org 2008 - # of Breaches 2008 2007 2006 Business 240 36.6% 28.9% 21% Educational 131 20% 24.8% 28% Government/Military 110 16.8% 24.6% 30%

5. 2008 Data Breaches Soar ITRC Reports 47% Increase over 2007 For 2008 Financial Business Education Gvt/Military Medical Insider Theft 2.4% 5.6% 1.8% 3.4% 2.4% Hacking 3.5% 6.1% 2.7% 0.8% 0.8% Data on the Move 1.7% 7.3% 3% 4.3% 4.4%

7. Best practice strategies for taking an encryption approach to security and compliance Trisha Paine Board of Directors PCI Security Alliance

11. Assess risks  Classify critical assets based on business impact  Perform on-going Risk Assessments to identify threats and vulnerabilities  Implement controls based on policy and standards Monitor and adjust controls  Perform ongoing monitoring of controls  Analyze and mitigate threats  Identify and correct vulnerabilities  Adjust controls based on changing business needs Communicate  Provide reports and metrics to key stakeholders  Verify and validate controls are in place and performing Best Practices Bottom Line

12. Technologies that offset threats and meet compliance by securing call center recordings and PII Ginney McAdams Vice President of Business Development TantaComm

14. Securing your Recordings

16. Technologies that offset threats and meet compliance by securing call center recordings and PII Andrew Dillon Director of Product Management SafeNet, Inc.

17. DataSecure and Enterprise Data Protection An Integrated Suite of Data-Centric Security Solutions to Protect Data and Achieve Compliance Remote Location Data Center Databases SafeNet DataSecure Mainframe SafeNet ProtectDrive SafeNet ProtectFile SafeNet Authentication SafeNet ProtectDB SafeNet DataSecure Toolkit SafeNet DataSecure Toolkit SafeNet EdgeSecure File Servers Application and Web Servers SafeNet ProtectFile Laptop/Mobile Handset

18. Why DataSecure? Secure  Hardware-based, centralized key and policy management  FIPS/CC certified  Granular access privileges and separation of duties Fast  High performance encryption offload, over 100k TPS  Batch processing for massive amounts of data Flexible  Support for heterogeneous environments (app, db, file)  Support for open standards and APIs Simple  Intuitive administration  Centralized policy creation and enforcement  Granular logging/auditing

19. Questions?

20. Thank You Trisha Paine PCI Security Alliance [email_address] For more information: Ginney McAdams Vice President, TantaComm [email_address] Andrew Dillon Product Manager, SafeNet [email_address]