Presentation is loading. Please wait.

Presentation is loading. Please wait.

12 STEPS TO A GDPR AWARE NETWORK

Published byMariah Arnold Modified over 5 years ago

Similar presentations

Presentation on theme: "12 STEPS TO A GDPR AWARE NETWORK"— Presentation transcript:

1

2 12 STEPS TO A GDPR AWARE NETWORK
Technical and Organisational Measures Best Practises Neil Douglas Technical Director and GDPR Data Protection Officer at Network ROI

3 STEP 1: DATA CLASSIFICATION
Definition and classification of data into public, restricted, confidential Every document should be marked with the appropriate classification

4 STEP 2: CONFIGURATION CHANGE MANAGEMENT
Ensuring a change on the network doesn’t have adverse consequences for security Ensuring changes are planned and outcomes are predictable

5 STEP 3: ADMINISTRATOR CONTROLS AND SEPARATION OF DUTIES
Removing local admin rights from users Use a separate administrator account for admin level tasks

6 STEP 4. REMOTE ACCESS Secure your remote access via VPN or 2 Factor Authentication Ensuring you have a mobile working policy Use mobile device management software to secure mobile devices

7 STEP 5. SECURE SYSTEM CONFIGURATION
Change all default usernames & passwords on new devices Close all unused ports on Firewalls Disable all unused services and applications on servers and network hardware Ensure admin level access is restricted

8 STEP 6. VULNERABILITY MANAGEMENT
Enable automatic software updates where possible Retire out-of-date network hardware, applications and Operating Systems Detect and fix security vulnerabilities on a regular basis

9 STEP 7. ACCESS CONTROL Don’t use shared accounts
Immediately disable old accounts when people leave the company Minimise administrative accounts Review password age and password policies

10 STEP 8. NETWORK-BASED SEGMENTATION
Separate core network functions such as the main business network, public Wi-Fi, development, Telephony and CCTV Document the network and its boundaries

11 STEP 9. ENCRYPTION Encrypt all personal and sensitive data wherever it is stored - such as servers, laptops, external hard drives, tablets, mobiles and USB keys. Ensure all data in transit is encrypted (i.e. via SSL)

12 STEP 10. DATA LOSS PREVENTION
Preventing personal data leaving the network via unauthorised means such as shadow IT Monitors data movement on the network

13 STEP 11. USER ACTIVITY / INSIDER THREAT MONITORING
We’re not interested to know how long Kevin has been on Facebook or Twitter - that’s an HR issue! Detects suspicious logins / failed logins Detects other behavioural factors from within the company network

14 STEP 12. DISASTER RECOVERY
Make sure you have a robust backup and Disaster Recovery solution in place Make sure it is tested regularly Learn from the DR test and hone the process

15 STEP 13: YOUR PEOPLE YOU are the weakest link in your network.
Implement a robust cyber security user awareness program – IASME or ISO 27001 Train users in secure practices Turn the weakness into your greatest strength Consider simulated attacks to benchmark user awareness

16 THANKS FOR YOUR TIME If you have any questions about any of the topics covered today, please come and talk to us.

Download ppt "12 STEPS TO A GDPR AWARE NETWORK"

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University

Data Security Issues in IR Eileen Driscoll Institutional Planning and Research Cornell University
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
 Our solution  Our methodology  Zeta advantage  Case study – ›Oil & Gas digitization project.

 Our solution  Our methodology  Zeta advantage  Case study – ›Oil & Gas digitization project.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

Similar presentations

Ads by Google