SlideShare a Scribd company logo

A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats

Download as PPTX, PDF
K
Kirsty Donovan

With the ever-increasing frequency and sophistication of security threats to organisations, business leaders need to have a comprehensive data security strategy to protect themselves. Information security practitioners have to think and plan beyond existing protection capabilities that are aimed at preventing threats only. In this Information Security presentation, you can find out what actions can be taken to identify your most critical information assets, and how a modern day cyber security model needs to focus on prevention and detection of a data breach, and how to respond to a breach in order to reduce damage to brand and reputation. You can also find the full briefing paper on 'Data Leakage Prevention' at https://www.securityforum.org/research/data-leakage-prevention-briefing-paper/

Technology
1 of 37
Copyright 2018 © Information Security Forum Limited ISF Presentation 1 A Data Breach Prevention, Detection & Response Strategy to Combat Today's Threats Nick Frost, Principal Consultant Information Security Forum (ISF)
Copyright 2018 © Information Security Forum Limited ISF Presentation 2 An international association of over 400 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the ISF
Copyright 2018 © Information Security Forum Limited ISF Presentation 3 ISF Security Model
Copyright 2018 © Information Security Forum Limited ISF Presentation 4 Agenda Setting the scene1 Identifying critical information assets to protect2 Developing a pragmatic DLP strategy for todays threat landscape3 Questions?5 Implementing a DLP strategy4
Copyright 2018 © Information Security Forum Limited ISF Presentation 5 1. Setting the scene
Copyright 2018 © Information Security Forum Limited ISF Presentation 6 What is Data Leakage Prevention (DLP)? Definition: DLP can be defined as the practice of detecting and preventing the unauthorised disclosure of data. Data Loss Prevention Data Loss ProtectionData Leakage Prevention Purpose: the main purpose of DLP is to ensure that specific sensitive data is not leaked.
Copyright 2018 © Information Security Forum Limited ISF Presentation 7 Data Breaches This year we have over 53,000 incidents and 2,216 confirmed data breaches
Copyright 2018 © Information Security Forum Limited ISF Presentation 8 Data Breaches today http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Copyright 2018 © Information Security Forum Limited ISF Presentation 9 Data Breaches – What did 2008 look like? https://www.forbes.com/2008/11/21/data-breaches-cybertheft-identity08-tech-cx_ag_1121breaches_slide/ 12.5 million customers 4.2 million customers 1.2 million customers
Copyright 2018 © Information Security Forum Limited ISF Presentation 10
Copyright 2018 © Information Security Forum Limited ISF Presentation 11 Operations - Information relating to delivery of the organisation’s products and services - Logistical arrangements/operational information - Manufacturing specifications - Production costs - Pre-programmed commands IT infrastructure - Infrastructure information (including information regarding the hardware, software, network and facilities) - Cryptographic information/private encryption keys//licensing and activation keys - Network topology - Password files Financial - Unannounced financial results - Information relating to the financial management of the organisation - Cost structure and price calculations - Profit margin strategy - Contractual agreements Sales and marketing - Product pipeline/market strategy - Brand / logos (protected legally) - Business intelligence/market analysis - Market research and analysis - Information relating to promoting and selling an organisation’s products and services - Competitor analysis - Sales pipeline - Customer information / leads - Non-competition agreements Personal - Information or details relating directly to an individual, such as employees, customers or citizens - Personally identifiable information (PII) - Financial/customer information - Sensitive personal information - Customer lists/master files/price lists - Medical records - Tax records - User credentials External party - Information belonging to individuals or external parties, such as suppliers, business partners or customers. - Distribution plans - Software source code - Non-competition agreements Regulated - Information subject to or covered by legal or regulatory requirements - Customer profile database (containing PII) - Cryptographic algorithms (subject to export control) - Blueprints or designs for new aircraft Business and governance - Information relating to current and future trading - Board papers and resolutions - Mergers, acquisitions & divestment details - Business strategy/plans - Business negotiations/bidding details - Contractual details - Cost structure, margin strategy, price calculations Research and development - Early phase research for new products/results of studies or investigations - Ideas and concepts relating to possible and planned future products and services, which are generated, modelled and developed - Trade secrets - Patent applications/registered designs - Pre-patent/legally protected information - Prototype details - Unregistered engineering designs/product blueprints and schematics - Algorithms/source code/formulas/techniques - Planned exploration locations - Development plans/technology roadmaps Intellectual property - Original information solely generated and owned by the organisation - Proprietary algorithms - Trade secrets - Unregistered/pre-patent information Examples of information / data types
Copyright 2018 © Information Security Forum Limited ISF Presentation 12 Types of data ISF Members protect using DLP Based on 147 participants
Copyright 2018 © Information Security Forum Limited ISF Presentation 13 Information as an asset “Our employees are our most valuable asset” CEO
Copyright 2018 © Information Security Forum Limited ISF Presentation 14 Benefits of a DLP programme Supporting compliance Visibility of the usage of sensitive data Improving security awareness and behaviour Detecting exfiltration of data by external threats DLP 77% of surveyed ISF Members implement DLP to reduce the frequency and magnitude of accidental data leakage; almost the same implemented DLP to mitigate malicious data leakage (76%)
Copyright 2018 © Information Security Forum Limited ISF Presentation 15 2. Identifying critical information assets to protect
Copyright 2018 © Information Security Forum Limited ISF Presentation 16 The format of information
Copyright 2018 © Information Security Forum Limited ISF Presentation 17 The life cycle of information
Copyright 2018 © Information Security Forum Limited ISF Presentation 18 The footprint of an information asset
Copyright 2018 © Information Security Forum Limited ISF Presentation 19
Copyright 2018 © Information Security Forum Limited ISF Presentation 20 Identify mission critical assets - Merger and acquisition details - Early phase research - Trade secrets - Manufacturing specifications - Logistics information - Cryptographic information - Registered designs / patents - Market analysis - Non-competition agreements - Pre-programmed commands - Unregistered / pre-patent data - Infrastructure information - Financial results - Prototype information
Copyright 2018 © Information Security Forum Limited ISF Presentation 21 3. Developing a pragmatic DLP strategy for todays threat landscape
Copyright 2018 © Information Security Forum Limited ISF Presentation 22 Core activities that make up a DLP strategy
Copyright 2018 © Information Security Forum Limited ISF Presentation 23 Identify mission critical assets Fingerprinting (indexing) Described content matching Optical character recognition (Image recognition) Machine learning (Statistical analysis)
Copyright 2018 © Information Security Forum Limited ISF Presentation 24 Monitor data leakage channels
Copyright 2018 © Information Security Forum Limited ISF Presentation 25 Coverage of data leakage channels Based on 147 participants
Copyright 2018 © Information Security Forum Limited ISF Presentation 26 Actions taken in response Act to prevent data from leaking
Copyright 2018 © Information Security Forum Limited ISF Presentation 27 Actions taken in response “Start with monitoring and detecting before implementing any protective controls”
Copyright 2018 © Information Security Forum Limited ISF Presentation 28 DLP tools and policies • Technical DLP policies provide a set of rules governing the handling of data • The rules in the policy determine the action to initiate when the conditions are met • Different rules depend on the level of risk (transfer of 20 or 20000 records)
Copyright 2018 © Information Security Forum Limited ISF Presentation 29 DLP tools and policies
Copyright 2018 © Information Security Forum Limited ISF Presentation 30 Main types of action Notifying BlockingLogging violations Hard block Soft block
Copyright 2018 © Information Security Forum Limited ISF Presentation 31 Actions taken in response to policy violations Based on 147 participants
Copyright 2018 © Information Security Forum Limited ISF Presentation 32 4. Implementing a DLP strategy
Copyright 2018 © Information Security Forum Limited ISF Presentation 33 Actions taken in response to policy violations Governance Preparation Implementation
Copyright 2018 © Information Security Forum Limited ISF Presentation 34 Actions taken in response to policy violations – Obtain executive support – Define DLP programme objectives – Assign roles and responsibilities Governance Preparation Implementation – Involve business stakeholders – Prioritise what data to protect – Select DLP tools – Integrate DLP tools into existing environment – Improve security awareness of data leakage – Determine how to respond to policy violations – Deploy DLP incrementally
Copyright 2018 © Information Security Forum Limited ISF Presentation 35 Summary
Copyright 2018 © Information Security Forum Limited ISF Presentation 36 Key messages from this presentation • Increasing adoption of collaboration platforms, cloud services and social media has introduced a host of new ways for sensitive data to leak • Media headlines are making organisations aware of the importance of taking a systematic, structured approach to detect and prevent the leakage of sensitive data • DLP tools alone cannot prevent the leakage of all types of sensitive data across every possible channel • A prerequisite of a successful DLP programme is support from executive management and ongoing collaboration with business representatives Get the ‘Data Leakage Prevention’ briefing paper at www.securityforum.org/research/data- leakage-prevention-briefing-paper/
Copyright 2018 © Information Security Forum Limited ISF Presentation 37 Nick Frost Principal Consultant, ISF nick.frost@securityforum.org UK: +44 (0)7584 756212 Web: www.securityforum.org ISF Twitter: @securityforum ISF LinkedIn: linkedin.com/groups/760947 ISF Webcasts available on demand: https://www.brighttalk.com/channel/9923/isf-managing-cyber- security-for-cisos ISF Podcasts available on: www.securityforum.org/podcasts-videos/ or download on iTunes: www.itunes.apple.com/gb/podcast/isf- podcasts/id1180646163?mt=2

Recommended

The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)Kirsty Donovan
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysDigital Guardian
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 

Recommended

The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)Kirsty Donovan
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysDigital Guardian
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
DLP
DLPDLP
DLPsaurabh.sood
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security cultureIT Governance Ltd
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtInfosecurity2010
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...TrustArc
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceDataWorks Summit
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallSplunk
 

More Related Content

What's hot

Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Dr. Ahmed Al Zaidy
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Dr. Ahmed Al Zaidy
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security cultureIT Governance Ltd
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Dr. Ahmed Al Zaidy
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtInfosecurity2010
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...TrustArc
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Dr. Ahmed Al Zaidy
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 

What's hot (20)

Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
 
DLP
DLPDLP
DLP
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 

Similar to A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats

GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceDataWorks Summit
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallSplunk
 
Keep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachKeep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachNagib Aouini
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference BriefingJesse Wilkins
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresDATAVERSITY
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2Redazione InnovaPuglia
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
 
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]TrustArc
 
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DCUnderstanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DCAdam Levithan
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresDATAVERSITY
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18japijapi
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Enterprise Management Associates
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerCapgemini
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsEnterprise Management Associates
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceCloudera, Inc.
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
 

Similar to A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats (20)

GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to compliance
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
 
Keep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachKeep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approach
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
 
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DCUnderstanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 

Recently uploaded

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats

  • 1. Copyright 2018 © Information Security Forum Limited ISF Presentation 1 A Data Breach Prevention, Detection & Response Strategy to Combat Today's Threats Nick Frost, Principal Consultant Information Security Forum (ISF)
  • 2. Copyright 2018 © Information Security Forum Limited ISF Presentation 2 An international association of over 400 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the ISF
  • 3. Copyright 2018 © Information Security Forum Limited ISF Presentation 3 ISF Security Model
  • 4. Copyright 2018 © Information Security Forum Limited ISF Presentation 4 Agenda Setting the scene1 Identifying critical information assets to protect2 Developing a pragmatic DLP strategy for todays threat landscape3 Questions?5 Implementing a DLP strategy4
  • 5. Copyright 2018 © Information Security Forum Limited ISF Presentation 5 1. Setting the scene
  • 6. Copyright 2018 © Information Security Forum Limited ISF Presentation 6 What is Data Leakage Prevention (DLP)? Definition: DLP can be defined as the practice of detecting and preventing the unauthorised disclosure of data. Data Loss Prevention Data Loss ProtectionData Leakage Prevention Purpose: the main purpose of DLP is to ensure that specific sensitive data is not leaked.
  • 7. Copyright 2018 © Information Security Forum Limited ISF Presentation 7 Data Breaches This year we have over 53,000 incidents and 2,216 confirmed data breaches
  • 8. Copyright 2018 © Information Security Forum Limited ISF Presentation 8 Data Breaches today http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • 9. Copyright 2018 © Information Security Forum Limited ISF Presentation 9 Data Breaches – What did 2008 look like? https://www.forbes.com/2008/11/21/data-breaches-cybertheft-identity08-tech-cx_ag_1121breaches_slide/ 12.5 million customers 4.2 million customers 1.2 million customers
  • 10. Copyright 2018 © Information Security Forum Limited ISF Presentation 10
  • 11. Copyright 2018 © Information Security Forum Limited ISF Presentation 11 Operations - Information relating to delivery of the organisation’s products and services - Logistical arrangements/operational information - Manufacturing specifications - Production costs - Pre-programmed commands IT infrastructure - Infrastructure information (including information regarding the hardware, software, network and facilities) - Cryptographic information/private encryption keys//licensing and activation keys - Network topology - Password files Financial - Unannounced financial results - Information relating to the financial management of the organisation - Cost structure and price calculations - Profit margin strategy - Contractual agreements Sales and marketing - Product pipeline/market strategy - Brand / logos (protected legally) - Business intelligence/market analysis - Market research and analysis - Information relating to promoting and selling an organisation’s products and services - Competitor analysis - Sales pipeline - Customer information / leads - Non-competition agreements Personal - Information or details relating directly to an individual, such as employees, customers or citizens - Personally identifiable information (PII) - Financial/customer information - Sensitive personal information - Customer lists/master files/price lists - Medical records - Tax records - User credentials External party - Information belonging to individuals or external parties, such as suppliers, business partners or customers. - Distribution plans - Software source code - Non-competition agreements Regulated - Information subject to or covered by legal or regulatory requirements - Customer profile database (containing PII) - Cryptographic algorithms (subject to export control) - Blueprints or designs for new aircraft Business and governance - Information relating to current and future trading - Board papers and resolutions - Mergers, acquisitions & divestment details - Business strategy/plans - Business negotiations/bidding details - Contractual details - Cost structure, margin strategy, price calculations Research and development - Early phase research for new products/results of studies or investigations - Ideas and concepts relating to possible and planned future products and services, which are generated, modelled and developed - Trade secrets - Patent applications/registered designs - Pre-patent/legally protected information - Prototype details - Unregistered engineering designs/product blueprints and schematics - Algorithms/source code/formulas/techniques - Planned exploration locations - Development plans/technology roadmaps Intellectual property - Original information solely generated and owned by the organisation - Proprietary algorithms - Trade secrets - Unregistered/pre-patent information Examples of information / data types
  • 12. Copyright 2018 © Information Security Forum Limited ISF Presentation 12 Types of data ISF Members protect using DLP Based on 147 participants
  • 13. Copyright 2018 © Information Security Forum Limited ISF Presentation 13 Information as an asset “Our employees are our most valuable asset” CEO
  • 14. Copyright 2018 © Information Security Forum Limited ISF Presentation 14 Benefits of a DLP programme Supporting compliance Visibility of the usage of sensitive data Improving security awareness and behaviour Detecting exfiltration of data by external threats DLP 77% of surveyed ISF Members implement DLP to reduce the frequency and magnitude of accidental data leakage; almost the same implemented DLP to mitigate malicious data leakage (76%)
  • 15. Copyright 2018 © Information Security Forum Limited ISF Presentation 15 2. Identifying critical information assets to protect
  • 16. Copyright 2018 © Information Security Forum Limited ISF Presentation 16 The format of information
  • 17. Copyright 2018 © Information Security Forum Limited ISF Presentation 17 The life cycle of information
  • 18. Copyright 2018 © Information Security Forum Limited ISF Presentation 18 The footprint of an information asset
  • 19. Copyright 2018 © Information Security Forum Limited ISF Presentation 19
  • 20. Copyright 2018 © Information Security Forum Limited ISF Presentation 20 Identify mission critical assets - Merger and acquisition details - Early phase research - Trade secrets - Manufacturing specifications - Logistics information - Cryptographic information - Registered designs / patents - Market analysis - Non-competition agreements - Pre-programmed commands - Unregistered / pre-patent data - Infrastructure information - Financial results - Prototype information
  • 21. Copyright 2018 © Information Security Forum Limited ISF Presentation 21 3. Developing a pragmatic DLP strategy for todays threat landscape
  • 22. Copyright 2018 © Information Security Forum Limited ISF Presentation 22 Core activities that make up a DLP strategy
  • 23. Copyright 2018 © Information Security Forum Limited ISF Presentation 23 Identify mission critical assets Fingerprinting (indexing) Described content matching Optical character recognition (Image recognition) Machine learning (Statistical analysis)
  • 24. Copyright 2018 © Information Security Forum Limited ISF Presentation 24 Monitor data leakage channels
  • 25. Copyright 2018 © Information Security Forum Limited ISF Presentation 25 Coverage of data leakage channels Based on 147 participants
  • 26. Copyright 2018 © Information Security Forum Limited ISF Presentation 26 Actions taken in response Act to prevent data from leaking
  • 27. Copyright 2018 © Information Security Forum Limited ISF Presentation 27 Actions taken in response “Start with monitoring and detecting before implementing any protective controls”
  • 28. Copyright 2018 © Information Security Forum Limited ISF Presentation 28 DLP tools and policies • Technical DLP policies provide a set of rules governing the handling of data • The rules in the policy determine the action to initiate when the conditions are met • Different rules depend on the level of risk (transfer of 20 or 20000 records)
  • 29. Copyright 2018 © Information Security Forum Limited ISF Presentation 29 DLP tools and policies
  • 30. Copyright 2018 © Information Security Forum Limited ISF Presentation 30 Main types of action Notifying BlockingLogging violations Hard block Soft block
  • 31. Copyright 2018 © Information Security Forum Limited ISF Presentation 31 Actions taken in response to policy violations Based on 147 participants
  • 32. Copyright 2018 © Information Security Forum Limited ISF Presentation 32 4. Implementing a DLP strategy
  • 33. Copyright 2018 © Information Security Forum Limited ISF Presentation 33 Actions taken in response to policy violations Governance Preparation Implementation
  • 34. Copyright 2018 © Information Security Forum Limited ISF Presentation 34 Actions taken in response to policy violations – Obtain executive support – Define DLP programme objectives – Assign roles and responsibilities Governance Preparation Implementation – Involve business stakeholders – Prioritise what data to protect – Select DLP tools – Integrate DLP tools into existing environment – Improve security awareness of data leakage – Determine how to respond to policy violations – Deploy DLP incrementally
  • 35. Copyright 2018 © Information Security Forum Limited ISF Presentation 35 Summary
  • 36. Copyright 2018 © Information Security Forum Limited ISF Presentation 36 Key messages from this presentation • Increasing adoption of collaboration platforms, cloud services and social media has introduced a host of new ways for sensitive data to leak • Media headlines are making organisations aware of the importance of taking a systematic, structured approach to detect and prevent the leakage of sensitive data • DLP tools alone cannot prevent the leakage of all types of sensitive data across every possible channel • A prerequisite of a successful DLP programme is support from executive management and ongoing collaboration with business representatives Get the ‘Data Leakage Prevention’ briefing paper at www.securityforum.org/research/data- leakage-prevention-briefing-paper/
  • 37. Copyright 2018 © Information Security Forum Limited ISF Presentation 37 Nick Frost Principal Consultant, ISF nick.frost@securityforum.org UK: +44 (0)7584 756212 Web: www.securityforum.org ISF Twitter: @securityforum ISF LinkedIn: linkedin.com/groups/760947 ISF Webcasts available on demand: https://www.brighttalk.com/channel/9923/isf-managing-cyber- security-for-cisos ISF Podcasts available on: www.securityforum.org/podcasts-videos/ or download on iTunes: www.itunes.apple.com/gb/podcast/isf- podcasts/id1180646163?mt=2

Editor's Notes

  1. 1
  2. 2
  3. 4
  4. 5
  5. 6
  6. 7
  7. 8
  8. 9
  9. 12
  10. 15
  11. 19
  12. 21
  13. 22
  14. 24
  15. 25
  16. 26
  17. 27
  18. 28
  19. 29
  20. 30
  21. 31
  22. 32
  23. 33
  24. 34
  25. 35