How Mature is YourData Protection?
Today’s Agenda             Introduction             Aspects of Data Protection : The Survey Says …             A Model of ...
Today’s Panelists      Roger A. Grimes                          Ken Olsen     Security Consultant, Author           Princi...
Discovering the State of Data ProtectionData Protection Maturity Assessment Survey• Anonymous Results                     ...
Aspects of Data Protection:   The Survey Says …
Administrative Controls             What type of IT data protection policies exist?                          0%           ...
Administrative Controls: Driving Technology?         Which of the following organizational       guidelines are included i...
Technical Controls                Which of the following technologies does your organization currently use, or            ...
Technical Controls       Have you experienced any of the following incidents in the past year?     100%     90%     80%   ...
Technical Controls – Survey Results      Which of the following best describes your firms policy for      network access f...
Technical Controls – CorrelationsSeveral Correlations Existed between TechnologiesOne of the most prominent surrounded MDM...
Organizational Motivation     My organization has sufficient resources to achieve compliance with data                    ...
Organizational Motivation          Is your organization compliant with the following regulations, or do you plan100%      ...
A Data Protection Maturity Model
A Model for Data Protection Maturity15
Rising to the Challenge          Creating Policies          • Ad Hoc: Minimal or No Security Policies          • Optimal: ...
Q&A
More Information• Free Security Scanner Tools                    • Get a Quote (and more) » Application Scanner – discover...
Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumens...
Upcoming SlideShare
Loading in …5
×

How Mature is Your Data Protection? 3 Steps to Effective Data Security.

515 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
515
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

How Mature is Your Data Protection? 3 Steps to Effective Data Security.

  1. 1. How Mature is YourData Protection?
  2. 2. Today’s Agenda Introduction Aspects of Data Protection : The Survey Says … A Model of Data Protection Maturity Q&A
  3. 3. Today’s Panelists Roger A. Grimes Ken Olsen Security Consultant, Author Principal Security Engineer and Columnist ISO/IEC 27001:2005 Information Security Management System Lead Auditor3
  4. 4. Discovering the State of Data ProtectionData Protection Maturity Assessment Survey• Anonymous Results Survey Results:• Over 170 Initial Respondents How many people work at your organization?• Respondent ScreeningThree areas of focus 8%• Administrative Controls 10%• Technical Controls 33% 1 to 9 10 to 49• “Organizational Motivation” 6% 50 to 99 100 to 499 500 to 999 12% 1,000 to1,999 2,000 to 4,999 5000+ 11% 11% 9%Results of parallel, UK-targeted survey available at:http://www.lumension.com/Resources/WhitePapers/How-Mature-is-Your-Data-Protection.aspx 4
  5. 5. Aspects of Data Protection: The Survey Says …
  6. 6. Administrative Controls What type of IT data protection policies exist? 0% 6% 20% 29% Exhaustive Multiple Minimal None Other (please specify) 45%6
  7. 7. Administrative Controls: Driving Technology? Which of the following organizational guidelines are included in your employee agreements? 100% 86% 90% 80% 74% 70% 60% 47% 45% 50% 44% 40% 30% 32% 30% 20% 10% 4% 1% 0% Employee Agreement Clause Correlated Technical Controls Corporate Confidentiality Whole Disk File/Media Encryption Device /Port Control MDM Customer Confidentiality Whole Disk File/Media Encryption Mobile Device Policies MDM Whole Disk Based on Linear Correlation Analysis of Survey Data (>= +.6)7
  8. 8. Technical Controls Which of the following technologies does your organization currently use, or plan to deploy within the next 24 months?100%90%80%70%60%50% No plans40% Plan to deploy Currently deployed30%20%10% 0% Full DLP DLP Lite Port / Device DRM Whole disk Removable Mobile Email Application control encryption media or file device encryption data encryption management encryption8
  9. 9. Technical Controls Have you experienced any of the following incidents in the past year? 100% 90% 80% 70% 60% 60% 50% 42% 40% 40% 30% 27% 22% 20% 16% 17% 17% 15% 15% 10% 10% 7% 3% 4% 0%9
  10. 10. Technical Controls – Survey Results Which of the following best describes your firms policy for network access for personal devices such as smartphones and tablets? 4% 8% 12% Open access 17% Access, with education Access limited to higher level employees 17% Controlled access No current access allowed, but may in future No current access allowed, with not plans in the future 19% Dont know 22%10
  11. 11. Technical Controls – CorrelationsSeveral Correlations Existed between TechnologiesOne of the most prominent surrounded MDMTechnology Correlated TechnologiesMDM DLP DLP-Lite Device / Port Control Whole Disk File / Media Encryption Email Encryption Application Data EncryptionBased on Linear Correlation Analysis (>= +.6 )Strongest Correlations in Bold (>= +.7)11
  12. 12. Organizational Motivation My organization has sufficient resources to achieve compliance with data security policies and best practices? 4% 16% 19% Strongly agree Agree Unsure Disagree Strongly disagree 16% 44%12
  13. 13. Organizational Motivation Is your organization compliant with the following regulations, or do you plan100% to be compliant within the next 24 months? Not applicable Compliance planned 90% Currently compliant 80% 70% 60% 50% 40% 30% 20% 10% 0% PCI DSS SOX / GLBA / Red HIPAA / HITECH Data Privacy Laws Other Flag13
  14. 14. A Data Protection Maturity Model
  15. 15. A Model for Data Protection Maturity15
  16. 16. Rising to the Challenge Creating Policies • Ad Hoc: Minimal or No Security Policies • Optimal: Comprehensive & Exhaustive Enforcing Policies • Ad Hoc: Limited Technical Controls • Optimal: Robust Technical Controls Educating Staff • Ad Hoc: One-Time or No Training • Optimal: On-Going, Formal Training16
  17. 17. Q&A
  18. 18. More Information• Free Security Scanner Tools • Get a Quote (and more) » Application Scanner – discover all the apps http://www.lumension.com/ being used in your network endpoint-management-security-suite/ » Vulnerability Scanner – discover all OS and buy-now.aspx#2 application vulnerabilities on your network » Device Scanner – discover all the devices being used in your network http://www.lumension.com/Resources/ Security-Tools.aspx• Lumension® Endpoint Management and Security Suite » Demo: http://www.lumension.com/endpoint- management-security-suite/demo.aspx » Evaluation: http://www.lumension.com/endpoint- management-security-suite/free-trial.aspx18
  19. 19. Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 852551.888.725.7828info@lumension.comhttp://blog.lumension.com

×