12 STEPS TO A GDPR AWARE NETWORK

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
 Our solution  Our methodology  Zeta advantage  Case study – ›Oil & Gas digitization project.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
New Data Regulation Law 201 CMR TJX Video.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
1.1 System Performance Security Module 1 Version 5.
E-Security: 10 Steps to Protect Your School’s Network NEN – the education network.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
Cyber Security. Security – It’s About Layers There’s no one stop solution to protection Each layer you add, an additional tool will be needed to pierce.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.
Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,
Appendix C: Designing an Operations Framework to Manage Security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Note1 (Admi1) Overview of administering security.
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Chapter 2 Securing Network Server and User Workstations.
Small Business Security Keith Slagle April 24, 2007.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
KTAC Security Task Force Superintendents Update April 23, 2015.
IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.
Computer Security Sample security policy Dr Alexei Vernitski.
Technical and organisational measures for protecting data and ensuring data security Simon Rice Group Manager (Technology) 29 May 2014.
SY0-401 COMPTIA Security+ Certification Exam Vcepracticetest.com.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Lecture 19 Page 1 CS 236 Online 6. Application Software Security Why it’s important: –Security flaws in applications are increasingly the attacker’s entry.
Module 5: Designing Physical Security for Network Resources
Importance of IT security ->protects data ->ensures authentication and confidentiality ->preevents data theft.
Securing Network Servers
Working at a Small-to-Medium Business or ISP – Chapter 8
Critical Security Controls
Lesson Objectives Aims You should be able to:
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Business Risks of Insecure Networks
Introduction to Networking
Security of a Local Area Network
I have many checklists: how do I get started with cyber security?
Risks & Reality Cyber Security Risks & Reality
Lesson 16-Windows NT Security Issues
IT & Security Training Skills.
Information Security Awareness
How to Mitigate the Consequences What are the Countermeasures?
Implementing Client Security on Windows 2000 and Windows XP Level 150
IS4680 Security Auditing for Compliance
Welcome to all Participants
Convergence IT Services Pvt. Ltd
Introduction to the PACS Security
6. Application Software Security
Why Cyber Security is important to SME? Useful Tips on how you protect and secure your business. By Ronald Soh from Win-Pro Consultancy Pte Ltd
Presentation transcript:

12 STEPS TO A GDPR AWARE NETWORK Technical and Organisational Measures Best Practises Neil Douglas Technical Director and GDPR Data Protection Officer at Network ROI

STEP 1: DATA CLASSIFICATION Definition and classification of data into public, restricted, confidential Every document should be marked with the appropriate classification

STEP 2: CONFIGURATION CHANGE MANAGEMENT Ensuring a change on the network doesn’t have adverse consequences for security Ensuring changes are planned and outcomes are predictable

STEP 3: ADMINISTRATOR CONTROLS AND SEPARATION OF DUTIES Removing local admin rights from users Use a separate administrator account for admin level tasks

STEP 4. REMOTE ACCESS Secure your remote access via VPN or 2 Factor Authentication Ensuring you have a mobile working policy Use mobile device management software to secure mobile devices

STEP 5. SECURE SYSTEM CONFIGURATION Change all default usernames & passwords on new devices Close all unused ports on Firewalls Disable all unused services and applications on servers and network hardware Ensure admin level access is restricted

STEP 6. VULNERABILITY MANAGEMENT Enable automatic software updates where possible Retire out-of-date network hardware, applications and Operating Systems Detect and fix security vulnerabilities on a regular basis

STEP 7. ACCESS CONTROL Don’t use shared accounts Immediately disable old accounts when people leave the company Minimise administrative accounts Review password age and password policies

STEP 8. NETWORK-BASED SEGMENTATION Separate core network functions such as the main business network, public Wi-Fi, development, Telephony and CCTV Document the network and its boundaries

STEP 9. ENCRYPTION Encrypt all personal and sensitive data wherever it is stored - such as servers, laptops, external hard drives, tablets, mobiles and USB keys. Ensure all data in transit is encrypted (i.e. via SSL)

STEP 10. DATA LOSS PREVENTION Preventing personal data leaving the network via unauthorised means such as shadow IT Monitors data movement on the network

STEP 11. USER ACTIVITY / INSIDER THREAT MONITORING We’re not interested to know how long Kevin has been on Facebook or Twitter - that’s an HR issue! Detects suspicious logins / failed logins Detects other behavioural factors from within the company network

STEP 12. DISASTER RECOVERY Make sure you have a robust backup and Disaster Recovery solution in place Make sure it is tested regularly Learn from the DR test and hone the process

STEP 13: YOUR PEOPLE YOU are the weakest link in your network. Implement a robust cyber security user awareness program – IASME or ISO 27001 Train users in secure practices Turn the weakness into your greatest strength Consider simulated attacks to benchmark user awareness

THANKS FOR YOUR TIME If you have any questions about any of the topics covered today, please come and talk to us.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.