Presentation is loading. Please wait.

Presentation is loading. Please wait.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Published byGwen Bruce Modified over 8 years ago

Similar presentations

Presentation on theme: "What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal."— Presentation transcript:

1

2 What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal policies and controls? Are insiders creating vulnerabilities? Are intruders gaining access and removing data? Competitive Advantage Are insiders putting the organization at risk? Are you better able to protect your customers’ and partners’ data?

3 Data Loss is Expensive $204 Per Consumer Record $600 Billion IP Theft a Year Globally Across all industries, data loss is challenging

4 C OST OF D ATA B REACHES A VERAGE T OTAL P ER -I NCIDENT C OST Ponemon Institute 5 th Annual US Cost of Data Breach Study

5 C OST OF D ATA B REACHES C OST PER C OMPROMISED R ECORD Ponemon Institute 5 th Annual US Cost of Data Breach Study

6 Complexities Where is the Data “The big issue is knowing where the information is in the first place.“ John Geater Bridging the gap between RCM and Data Protection

7 Data Identification Actionable Auditing Policy Design Policy Implementation WEBSENSE Data Discover WEBSENSE Data Monitor Quick Start Services Policy Tuning Services Deployment Services Product Evaluation  How is my data used?  Where is my data going?  Is it violating my policies or external regulations?  How is it leaving?  Where is my data?  How much is there?  Is it at risk?  How do I enforce inline with business processes?  How do I extend policies across the network and to remote workers?

8  Executive level sponsorship and involvement to successfully protect data, change business processes and shape employee behavior  Cross-functional teams of business, legal and technical staff focused on a comprehensive program to reduce risk across the enterprise  A prioritized approach - confidential data has many forms and many locations - target the most critical data first  A trained Incident Response Team (IRT)  Clearly defined roles, responsibilities, and procedures  Employee education to enforce data protection policies

9 DLP Analysis Who are your users? Who are the data stakeholders? Who should/not use your data? Data What type of data do you have? Where is your data located? What is the value of your data? What communication channels are in use? What are your data security policies? What are good/bad data processes? People Process

10 Accuvant: Complete Data Protection Protection and Compliance Phased deployment path to complete data protection Block unauthorized devices Encrypt laptops Monitor and secure all data routes Discover and Classify Data Audit and Forensics

11 Architectural-level examination of the enterprise environment Assess current state of data security Focus on industry best practices and applicable regulations (e.g., PCI, HIPAA, GLBA, SOX) Identify potential enterprise risks and exposures Propose opportunities for improvement and mitigation Utilize DLP kit for data monitoring and analysis Understand your organization’s current exposure to data loss and then design a DLP strategy

12 Control Framework Policy and Awareness Assessments Audit Treat Risks Improve Controls Automate Controls Risk Assessment Partners/ Customers Regulations World Class Expertise  Business Need:  Understand risks to the business with regard to credit card information residing on laptops across the company.  Solution:  Accuvant found over 240,000 files containing credit card numbers and 70,000 sensitive files identified and tagged  Delivered detailed findings report (e.g., end users had sensitive information sprawled throughout disk drives)  Reduced risk by having end users delete or encrypt the sensitive files identified  Implemented a new security education program Case Study – Fortune 500 Retailer

13 Control Framework Policy and Awareness Assessments Audit Treat Risks Improve Controls Automate Controls Risk Assessment Partners/ Customers Regulations World Class Expertise  Business Need:  Driven by compliance requirements associated with SB 1386, Personally Identifiable Information (PII)  Driven by a State of CA Mandate tied specifically to Medi-Cal data  Solution:  Accuvant assisted with the vendor evaluation and proof of concept  Data lifecycle management was performed to locate critical data assets and create sensitive data classification levels  Data discovery exercise was completed to identify unknown data stores and develop data ownership matrix  Implemented a DLP solution with a phased approach, starting with network, endpoints and then data shares Case Study – Largest County in US

14 World Class Experience - Mature, very well-rounded team - Combining Information Security expertise with RCM focus - Insight into multi-vendor solutions - Industry known – authors and speakers Why Accuvant

15

Download ppt "What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal."

Similar presentations

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Automating Crosswalk between SP 800, 20 Critical Controls, and Australian Government.
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
BalaBit Shell Control Box

BalaBit Shell Control Box
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Solutions & Services to ‘Multiply your Business Performance’ 2013.

Solutions & Services to ‘Multiply your Business Performance’ 2013.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information & Communication Technologies 08 2014 NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.

Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.

Compliance in Office 365 Edge Pereira Sandy Millar From Avanade Australia OSS304.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Similar presentations

Ads by Google