Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2013 FUJITSU LIMITED. AGENDA Mitigation Considerations 4. Data Security – Examples and Application 2. Data Security Life-Cycle 1 1. Data Management.

Published byAntonia Robinson Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright 2013 FUJITSU LIMITED. AGENDA Mitigation Considerations 4. Data Security – Examples and Application 2. Data Security Life-Cycle 1 1. Data Management."— Presentation transcript:

1 Copyright 2013 FUJITSU LIMITED

2 AGENDA Mitigation Considerations 4. Data Security – Examples and Application 2. Data Security Life-Cycle 1 1. Data Management & Security - Situation 5. Questions and Discussions 3. Shaping Tomorrow With You Copyright 2013 FUJITSU LIMITED

3 2 Data management is an overarching term that refers to all aspects of creating, housing, delivering, maintaining and retiring data with the goal of valuing data as a corporate asset. Copyright 2013 FUJITSU LIMITED TERMINOLOGY A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve financial information such as credit card or bank details and/or personal information.

4 WHERE IS MY DATA 3 Your Data Unstructured data File Systems Office documents, PDF, Vision, Audio & other Fax/Print Servers File Servers Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm/eBiz, etc.) Application Server Structured data Database Systems (SQL, Oracle, DB2, Informix, MySQL) Database Server Security & Other Systems (Event logs, Error logs Cache, Encryption keys, & other secrets) Security Systems Data Communications Eg. VoIP Systems FTP/Dropbox Server Email Servers Storage & Backup Systems Eg. SAN/NAS Backup Systems ! Data exists in different formats and in many repository. Knowing what, which, when and how to secure the “Data” is critical. Copyright 2013 FUJITSU LIMITED

5 ENOUGH PROTECTION? 4 Have plenty of security implementation: Firewalls, IPS, IDS, Proxies, Antivirus SmartCards and authentication devices Access control on your routers VPN’s for secure communications…. Attackers are getting smarter, knowledgeable, resourceful and more bold. Anyone, anywhere can be a potential attackers Criminal activity becomes more profitable Cyber-terrorism, cyber-security, etc are a real possibility …. Copyright 2013 FUJITSU LIMITED

6 DATA BREACH AND LOSSES 5Copyright 2013 FUJITSU LIMITED

7 IMPACT AND CONSEQUENCES 6 Data Store A Data Store B Data Store C,D ! Data security breaches are harmful to any organization of any size. The consequences can be serious. Data breach/loss incur: –legal fees –disclosure expenses –consulting fees –remediation expenses –credit monitoring expenses Consequences –Legal/statutory/regulatory –Reputation/image impact –Loss of customers/business –Credibility Copyright 2013 FUJITSU LIMITED

8 THOUGHT PROCESS What data will be stored Where will it be stored What controls are in place Who is responsible for security Are there third party validations Process for removing data 7Copyright 2013 FUJITSU LIMITED

9 8 DATA SECURITY LIFECYCLE Source: Security Guidance for Critical Areas of Focus in Cloud Computing V3.0, Information Management & Data Security Copyright 2013 FUJITSU LIMITED

10 9 This may also be known as Create/Update because it applies to creating or changing a data/content element, not just a document or database. Creation is the generation of new digital content, or the alteration/updating of existing content. Consideration (examples) Ownership Classification Rights Management DATA SECURITY LIFECYCLE Copyright 2013 FUJITSU LIMITED

11 10 Storing is the act committing the digital data to some sort of storage repository, and typically occurs nearly simultaneously with creation. Considerations (Examples) Access Controls Encryption Rights Management Isolation DATA SECURITY LIFECYCLE Copyright 2013 FUJITSU LIMITED

12 11 Data is viewed, processed, or otherwise used in some sort of activity Considerations (Example) Internal/External Third Parties Appropriateness Compliance DATA SECURITY LIFECYCLE Copyright 2013 FUJITSU LIMITED

13 12 Data is exchanged between users, organisations, groups and individual. Considerations (Examples) Internal/External Third Parties Purposes Compliance Locations DATA SECURITY LIFECYCLE Local Mirroring (RAID 1) Remote (Offsite) Replication (LAN,MAN,WAN) Server PrimaryReplica Copyright 2013 FUJITSU LIMITED

14 13 Data leaves active use and enters long-term storage. Considerations (Examples) Legal/Law Sites/Locations Media type Retention Ownership DATA SECURITY LIFECYCLE Copyright 2013 FUJITSU LIMITED

15 14 Data is permanently destroyed using physical or digital means (e.g., cryptoshredding). DATA SECURITY LIFECYCLE Considerations (Examples) Secure Complete Assurance Proof Content Discovery Copyright 2013 FUJITSU LIMITED

16 15 SAP Cloud Certified SAP Cloud Certified OnDemand, Elastic infrastructure consumption @ Enterprise Class Service Levels SAP IAAS Copyright 2013 FUJITSU LIMITED

17 Contractor Customer (Agency A) Vendor (Authorised by A) Customer of A Central Services Portal (Catalogue) S3 Staff A access Agency A Staff A S5 Vendor access Resource pool Servers, storage, networks, OS images Virtual Resources S6 Request S7 resources Allocate S7 Service Request S8 Automatic Provision S9 resources Allocate S10 Provision to Customer A S11 Notify Customer A S8 request S12 Authentication Authorisation Authentication Authorisation Server S2. Staff A authentication Authorisation S4. Vendor authentication Authorisation S13 Access, review accept LEVERAGING – DATA FLOW 16 Copyright 2013 FUJITSU LIMITED

18 17 APPLICATION (EXAMPLES) These are the templates that would be use for the case study: Data-Impact (useful for Data Classification)Data Security Lifecycle (useful for RACI) Copyright 2013 FUJITSU LIMITED

19 18 CASE STUDY TEMPLATE (EXAMPLE) Copyright 2013 FUJITSU LIMITED

20 19 CASE STUDY TEMPLATE (EXAMPLE) Copyright 2013 FUJITSU LIMITED

21 QUESTIONS?

22

Download ppt "Copyright 2013 FUJITSU LIMITED. AGENDA Mitigation Considerations 4. Data Security – Examples and Application 2. Data Security Life-Cycle 1 1. Data Management."

Similar presentations

Digital Edge Solutions Overview Services -2014 – Application Support.

Digital Edge Solutions Overview Services – Application Support.
Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Vormetric Data Security

Vormetric Data Security
DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.

DISASTER CENTER Study Case DEMIRBANK ROMANIA “Piata Financiara” ConferenceJanuary 29, 2002 C 2002.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.

GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.
Information Security Policies and Standards

Information Security Policies and Standards
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.

PCM2U Presentation by Paul A Cook IT SERVICES. PCM2U Our History  Our team has been providing complete development and networking solutions for over.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Similar presentations

Ads by Google