1. Secure Data Sharing What is it Where is it What is the Risk – Strategic > What Policy should be enforced > How can the process be Audited > Ongoing Process of Sharing Data – Tactical > Manage Removable Media > Encrypt mobile data > Provide users with relevant Policy excerpts and Audit acceptance

2. Incident Response Threat Management Event Management Identity Management Policy Monitoring Compliance Access Control

3. Data Strategy Identify Security Drivers Define Policy & Classify Discover Data Assess Risk Identify Control Gaps Strategy

4. Discover Data Enterprise App Database Backup Disk Backup Tape Backup Disk Storage Bulk Analysis Replicated Database Disk Storage WAN Other Campuses & Data Centers LAN Exchange Server File Server Portals Disk Storage Custom App Database End PointNetworkApplicationDB/FSStorage Database instances 1 Replicated DB for DR, bulk analysis 2 Transformed data on file shares 9 Data stored on disks 3 Tape Backups 4 Disk Backups 5 Application Data 6 Transformed Data on End Points 7 Removable and Printed media 8 Transformed data emailed & on exchange srv 10 Collaboration on Portals 11 Restricted Data Internal Data Public Data Data in transit across WANs 12 Data sent/stored on public infrastructure 13 Identify Security Drivers Define Policy & Classify Discover Data Assess Risk Identify Control Gaps Internet

5. Assess Risk Enterprise App Database Backup Disk Backup Tape Backup Disk Storage Bulk Analysis Replicated Database Disk Storage WAN Other Campuses & Data Centers LAN Exchange Server File Server Portals Disk Storage Internet Disk Storage Custom App Database End PointNetworkApplicationDB/FSStorage Threat X High Risk Medium Risk Low Risk Media lost or stolen 1 Discarded media exploited 2 Packets sniffed in transit 3 Privileged User Breach DBA/FSA 4 Unintentional Distribution 6 Database/File Server Hack 5 Application Hack 8 (Semi) Trusted User Misuse 9 Privileged User Breach 7 Unintentional Distribution 10 Physical theft of media or lost media exploited 13 Trojans / Key Loggers 15 Public Infrastructure Access Hack 12 Packets sniffed in transit 3 End Point Leak print-copy-xform 14 Network Leak Email-IM-HTTP- FTP-etc. 11 Media lost or stolen 1 Discarded media exploited 2 Packets sniffed in transit 3 Privileged User Breach DBA/FSA 4 Unintentional Distribution 6 Database/File Server Hack 5 Application Hack 8 (Semi) Trusted User Misuse 9 Privileged User Breach 7 Unintentional Distribution 10 Physical theft of media or lost media exploited 13 Trojans / Key Loggers 15 End Point Leak print-copy-xform 14 Public Infrastructure Access Hack 12 Packets sniffed in transit 3 Network Leak Email-IM-HTTP- FTP-etc. 11 Identify Security Drivers Define Policy & Classify Discover Data Assess Risk Identify Control Gaps