Presentation is loading. Please wait.

Presentation is loading. Please wait.

Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.

Published byJacob Mathews Modified over 9 years ago

Similar presentations

Presentation on theme: "Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304."— Presentation transcript:

1

2 Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304

3

4 Source: Gartner Report: IT Governance, Risk, and Compliance Management Solutions, http://www.gartner.com/resId=1884814

5

6

7

8 Levels and activities are driven by many factors For example Public or private sector Industry vertical Business activities Geography Laws or regulation

9

10 Built-in Office 365 capabilities (global compliance) Customer controls for compliance for internal policies Access Control Auditing and Logging Continuity Planning Incident Response Risk Assessment Communications Protection Identification and Authorisation Information Integrity Awareness and Training Data Loss Prevention Archiving eDiscovery Encryption S/MIME Legal Hold Rights Management

11

12

13 It is all about customer controls! Remembering “A control is a process, function, in fact anything that supports maintaining compliance”

14 IdentifyMonitorProtectEducate

15

16 “Data loss/leak prevention solution is a system that is designed to detect potential data breach / data ex-filtration transmissions and prevent them by monitoring, detecting and blocking sensitive data while in-use (endpoint actions), in-motion (network traffic), and at-rest (data storage).“ [1] [1] http://en.wikipedia.org/wiki/Data_loss_prevention_software “Quotation...” Good definition http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

17

18

19

20 CountryPIIFinancialHealth USA US State Security Breach Laws, US State Social Security Laws, COPPA GLBA & PCI-DSS (Credit, Debit Card, Checking and Savings, ABA, Swift Code) Limited Investment: US HIPPA, UK Health Service, Canada Health Insurance card Rely on Partners and ISVs Germany EU data protection, Drivers License, Passport National Id EU Credit, Debit Card, IBAN, VAT, BIC, Swift Code UK Data Protection Act, UK National Insurance, Tax Id, UK Driver License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Canada PIPED Act, Social Insurance, Drivers License Credit Card, Swift Code France EU data protection, Data Protection Act, National Id (INSEE), Drivers License, Passport EU Credit, Debit Card, IBAN, BIC, VAT, Swift Code Japan PIPA, Resident Registration, Social Insurance, Passport, Driving License Credit Card, Bank Account, Swift Code

21 Australian sensitive information types provided by Microsoft Bank Account Number Driver's License Number Medicare Account Number Passport Number Tax File Number

22

23 Protect communications Basic level of built-in anti-malware and enhanced spam filtering to help protect your email environment from threats Enforce policy Data loss prevention (DLP) controls that can detect sensitive data in email before it is sent and automatically block, hold or notify the sender Simplify management Unified administration of anti-spam, anti-malware and data loss prevention within Exchange

24

25 [2] Wikipedia (http://en.wikipedia.org/wiki/Electronic_discovery)

26 Find relevant content (documents, emails, Lync conversions) DISCOVERY PRESERVATION Place content on legal hold to prevent content modification and/or removal Collect and send relevant content for processing Prepare files for review PRODUCTION REVIEW Lawyers determine which content will be supplied to opposition Provide relevant content to opposition COLLECTION PROCESSING

27

28 Provide a high level of immutability by: Preserving data in source Protecting from deletion Protecting from tampering Provides easy management via: Rich query, location and time based content target Across Exchange, Lync and SharePoint Using Exchange Admin or eDiscovery Centres

29

30

31

32

33

34

35

36 Comprehensive view of DLP policy performance Downloadable Excel workbook Drill into specific departures from policy to gain business insights

37

38

39

40

41

42 Protect communications

43

44

45

46

47 Additional Slides

48 DLP extensibility points

49 Content analysis process Joseph F. Foster Visa: 4485 3647 3952 7352 Expires: 2/2012 Get Content 4485 3647 3952 7352  a 16 digit number is detected RegEx Analysis 1.4485 3647 3952 7352  matches checksum 2.1234 1234 1234 1234  does NOT match Function Analysis 1.Keyword Visa is near the number 2.A regular expression for date (2/2012) is near the number Additional Evidence 1.There is a regular expression that matches a check sum 2.Additional evidence increases confidence Verdict

50

51

52

Download ppt "Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304."

Similar presentations

2 DLP helps to identify monitor protect sensitive data through deep content analysis.

2 DLP helps to identify monitor protect sensitive data through deep content analysis.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Risk: Got anything to worry about? You probably don’t need to be here if.

Risk: Got anything to worry about? You probably don’t need to be here if.
Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
System glitches Malicious intentOops! 39% 24% 37% 97% avoidable! Online Trust Alliance: 2013 Data Protection and Breach Readiness Guide.

System glitches Malicious intentOops! 39% 24% 37% 97% avoidable! Online Trust Alliance: 2013 Data Protection and Breach Readiness Guide.
Security Controls – What Works

Security Controls – What Works
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
Microsoft Ignite /17/2017 2:11 PM

Microsoft Ignite /17/2017 2:11 PM
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.

Why Compliance Legal and Regulatory requirements Organizational governance requests Internal and external threats Today’s Challenges Duplicate solutions.
What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.

What’s New in Exchange Online. Disclaimer This presentation contains preliminary information that may be changed substantially prior to final commercial.
Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.

Welcome to the Exchange 2013 Webcast Archiving, eDiscovery, & Data Loss Prevention.
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.

Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.

Partnering For Profitability Growing your business with Microsoft Forefront Security Solutions Mark Hassall Director Security & Access BG Microsoft Corporation.
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
“ “ Accidental email with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “

“ “ Accidental with attachment exposed hundreds of individuals’ names and Social Security Numbers… “ “
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Similar presentations

Ads by Google