SlideShare a Scribd company logo

2015 09-22 Is it time for a Security and Compliance Assessment?

Raffa Learning Community
Raffa Learning Community

Many executives are concerned about the security of their data and network infrastructure. Join us and learn where your organization may have security gaps or be out of state or federal compliance. In this seminar, we will discover how a combination of good policies and the implementation of good, solid solutions can help you meet compliance requirements, and protect and secure your organization or business.

Technology
1 of 29
Download to read offline
Thrive. Grow. Achieve. Is it time for a Security and Compliance Assessment? Nate Solloway & John Rice September 22, 2015
AGENDA IS IT TIME FOR A SECURITY AND COMPLIANCE ASSESSMENT? • Everyone has something to protect • Compliance Definitions • State, Federal, and Private Security and Compliance Requirements • Considerations and Actions to Improve Security and Compliance – Password Policies – Mobile Device Management & BYOD – Process and People Management • Security tools – Virus and Spam Management – Unified Threat Management and Intrusion Detection – Data Management – Encryption – Archiving and data back up • How Cloud Computing Can Help You Achieve Security and Compliance Goals? – Defense in Depth • How Raffa Can Assist You? HIPAA GLBA FISMA PCI SOX FINRA Notice of Security Breach State Laws Is it time for a Security and Compliance Assessment? Page 2
EVERYONE HAS SOMETHING TO PROTECT • Intellectual Property • Human Resources Information • Your Financial Data • Your Customer Databases • Your Customer’s Data • Marketing and Sales Data It’s not Just About compliance with state and federal regulations. It’s about protecting your company, your employees and your customers Page 3Is it time for a Security and Compliance Assessment? Financial Healthcare Legal Professional Services
COMPLIANCE DEFINITIONS Definitions are generally accepted by most states However, exceptions do exist on a state by state basis Page 4 Personal Information: An individual’s first name or first initial and last name plus one or more of the following data elements: 1. Social Security number, 2. Driver’s license number or state- issued ID card number 3. Account number, credit card number or debit card number combined with any security code, access code, PIN or password needed to access an account and generally applies to computerized data that includes personal information. Personal Information shall not include publicly available information that is lawfully made available to the general public from federal, state or local government records, or widely distributed media. In addition, Personal Information shall not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Breach of Security: The unlawful and unauthorized acquisition of personal information that compromises the security, confidentiality, or integrity of personal information. DEFINITIONS Is it Time for a Security and Compliance Assessment?
FEDERAL, STATE & PRIVATE REQUIREMENTS It is important to understand that these laws don’t only apply to health and financial institutions. Page 5 HIPAA: Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers. Developed by the Department of Health and Human Services, these new standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent a uniform, federal floor of privacy protections for consumers across the country. State laws providing additional protections to consumers are not affected by this new rule. The Gramm-Leach-Bliley Act: (GLB Act or GLBA), is a federal law enacted to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections: 1. The Financial Privacy Rule, which regulates the collection and disclosure of private financial information 2. The Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information 3. The Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses). The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices. Is it Time for a Security and Compliance Assessment?
FEDERAL, STATE & PRIVATE REQUIREMENTS The Payment Card Industry Council established rules governing how credit card data would be secured Page 6 Short for Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS is a standard that all organizations, including online retailers, must follow when storing, processing and transmitting their customer's credit card data. The Data Security Standard (DSS) was developed and the standard is maintained by The Payment Card Industry Security Standards Council (PCI SSC). To be PCI complaint companies must use a firewall between wireless networks and their cardholder data environment, use the latest security and authentication such as WPA/WPA2 and also change default settings for wired privacy keys, and use a network intrusion detection system. The PCI DSS standard, as of September 2009 (DSS v 1.2), includes 12 requirements for best security practices PRIVATE REQUIREMENTS Payment Card Industry (PCI) Data Security Standard (DSS) Is it Time for a Security and Compliance Assessment?
FEDERAL, STATE & PRIVATE REQUIREMENTS State laws may have different definitions and broader requirements than federal law Page 7 • Definition for “Personal Information” is Broader than the General Definition • Trigger Notification byAccess • Require a Risk of HarmAnalysis • Require Notice to Attorney General or State Agency • Require Notification Within a Specific Time Frame • Permit a Private Cause ofAction • Have an Encryption Safe Harbor • The Statute is Triggered By a Breach of Security in Electronic and/or Paper Records TYPES OF VARIANCES IN STATE LAWS Is it Time for a Security and Compliance Assessment?
SECURITY CONSIDERATIONS AND ACTIONS Strong password policy is the first line of defense against a data breach Page 8 STRONG PASSWORD POLICIES Risk: A poorly chosen password may result in unauthorized access and/or exploitation of company resources. In 2013 Verizon stated that 90% of successful breaches started with a weak or default password. The increasing strength of password cracking programs significantly increases the risk associated with poor or weak passwords. Benefit: Strong password policies help to reduce the risk of a breach. Policies should also provide guidance to reduce the risk of human error breaches. Strong passwords should meet these standards at a minimum: • Lower case characters • Upper case characters • Numbers • "Special characters"(@#$%^&*()_+|~-=`{}[]:";'<>/) • Contain at least 12 but preferably 15 characters. Is it Time for a Security and Compliance Assessment?
SECURITY CONSIDERATIONS AND ACTIONS If email or other company data is stored on mobile devices they must be managed. Is it Time for a Security and Compliance Assessment? Page 9 MOBILE DEVICE MANAGEMENT The solution allows for password management and the ability to wipe of all data if the device if lost or stolen. Solutions exist for laptops, tablets and smart phones. Risk: Users cannot be trusted to always do the right thing. Has the potential for conflict between employees and employers. Benefit: MDM solutions offer the ability to wipe lost or stolen assets to protect sensitive information from falling into the wrong hands. One benefit of a clearly stated policy is a reduction of possible remote wipe disagreements.
SECURITY CONSIDERATIONS AND ACTIONS A clear written policy regarding BYOD needs to be in place and acknowledged by employees. Is it Time for a Security and Compliance Assessment? Page 10 MOBILE DEVICE MANAGEMENT – BRING YOUR OWN DEVICE (BYOD) Risk: BYOD security becomes complicated since the devices are personally owned. Focus should be to restrict what employees are allowed to have on the BYOD devices. Benefit: MDM solutions offer the ability to segment BYOD devices so that it is easy to secure or delete company information off of personal devices, without affecting the user’s personal data. BYOD is becoming popular for companies as a way to reduce costs for mobile devices and keep employees happy. Companies need to have clearly-defined BYOD policies that employees need to acknowledge in writing. A clear policy must be created and communicated to all.
SECURITY CONSIDERATIONS AND ACTIONS Security is as much about people and good process and well documented policy as it is about your IT infrastructure Is it Time for a Security and Compliance Assessment? Page 11 PROCESS AND PEOPLE MANAGEMENT
SECURITY CONSIDERATIONS AND ACTIONS Security is as much about people and good process and well documented policy as it is about your IT infrastructure Is it Time for a Security and Compliance Assessment? Page 12 PROCESS AND PEOPLE MANAGEMENT • Establish a security and compliance group within the company • Put in place a clear set of company security policies • Build role-based access to applications • Create management systems for admin logins and passwords • Eliminate shared logins/accounts • Create and adhere to a stringent staff on boarding off boarding processes & checklists
TIME OUT Is it Time for a Security and Compliance Assessment? Page 13
SECURITY TOOLS Security tools include protection against viruses, spyware, and malware for both the network and it’s endpoints. Is it Time for a Security and Compliance Assessment? Page 14 EMAIL AV (Antivirus & Antispyware) Scans incoming email for known malicious software, spam and phishing content. Updates signatures on threats similar to traditional antimalware software. Risk: Email is the primary entry point for virus and malware, protection here is crucial to the stability of data integrity & usability. Benefit: An ounce of prevention is worth a pound of cure - solutions that block hostile emails before employees can open dangerous attachments is a smart business tool to utilize. This is focused on the prevention of malware infections or ID theft.
SECURITY TOOLS Security tools include protection against viruses, spyware, and malware for both the network and it’s endpoints. Is it Time for a Security and Compliance Assessment? Page 15 SECURITY TOOLS Antimalware/Antivirus/Anti spyware – Desktop & Server Software that searches for, removes and prevents the installation of known malicious software from desktops and laptops and servers. Risk: Not having antimalware software installed and updated is a sign of negligent business practices. Benefit: A crucial layer of protection to keep data and networks secure. Hosted based firewall A host based firewall is designed to run on individual workstations and provide rules on connecting to outside networks. Risk: Roaming laptops do not have the protection of network firewalls and other network based security controls. Benefit: Provides protection for laptops when they are not connected the corporate network.
SECURITY TOOLS A basic firewall Provides absolutely no threat detection. Firewalls allow and block traffic, and cannot respond to evolving threats Is it Time for a Security and Compliance Assessment? Page 16 ADVANCE FIREWALL + UTM (Unified Threat Management) Primary network gateway defense solution for the business community. Solutions evolved from the traditional firewall, becoming an all-inclusive security appliance that can perform multiple functions. Combines network firewalling and any of the following: antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on- appliance reporting. Risk: As malware becomes more advanced, not having the tools to identify or block attacks can leave a business open for attack. Benefit: Provides a cost-effective, yet comprehensive threat- vector protection. All-in-one solution provides tighter security tool integration.
SECURITY TOOLS A basic firewall Provides absolutely no threat detection. Firewalls allow and block traffic, and cannot respond to evolving threats Is it Time for a Security and Compliance Assessment? Page 17 IPS/IDS (Intrusion Protection System/Intrusion Detection System) Monitors networks for malicious activity; stops, blocks, and reports. Looks for patterns and matches to known vulnerabilities (included in advanced firewall and UTM platforms) Risk: As malware becomes more advanced, not having the tools to identify or block attacks can leave a business open for attack. Benefit: IPS/IDS solutions help prevent attacks from advanced threats that are able to bypass traditional firewalls and antimalware solutions.
SECURITY TOOLS Data files should be encrypted both at rest and during transport. The way data is shared has to be carefully managed. Work is an activity not a place. Is it Time for a Security and Compliance Assessment? Page 18 DATA FILE ENCRYPTION Data file encryption encrypts files and folders selected to be encrypted both on the fly and at rest. Risk: Lost or stolen assets are easy to get access to. Once an unauthorized party has access to the system, all the data on the device can be accessed if it is not encrypted. Benefit: Provides an additional layer of protection by preventing data from being accessed by unauthorized parties.
SECURITY TOOLS Policy based encryption for email ensures that email containing sensitive information are protected. Is it Time for a Security and Compliance Assessment? Page 19 EMAIL ENCRYPTION Email encryption uses either public key or private key encryption to prevent the email contents from being viewed by anyone except the intended recipients. Risk: Users routinely send files to the wrong recipients and recipients sometimes forward on files when they should not. Without encrypted email, one the email is sent, there is no way to manage who can access it. Benefit: Provides an additional layer of protection by preventing data from being accessed by unauthorized parties.
SECURITY TOOLS Compliant Email archiving provides eDiscovery and can save companies time and money Is it Time for a Security and Compliance Assessment? Page 20 EMAIL ARCHIVING The act of preserving and making searchable all email to/from an individual. Email archiving solutions capture Email content directly from the email application or during the transmission process. Risk: Depending on the industry, your company may have a legal requirement to maintain documents for a certain period of time. Benefit: In regulated industries, this helps the organization comply with applicable regulations. It also helps manage old, but possibly important emails that may need to be accessed in the future.
SECURITY TOOLS Effect data backup will allow a company to continue to operate from anywhere in the event of a disaster Is it Time for a Security and Compliance Assessment? Page 21 BACKUP DATA & RECOVERY This involves the copying and archiving of computer information for the intent of restoration. This process is also used to restore lost data following a disaster. Risk: Without a proven ability to recover from a data loss incident, a company may not be able to stay in business due to the disruption to its business operations by losing it critical data and systems. Benefit: A proper data backup and recovery solution will cover the information that a company need to survive. This includes what is an acceptable recovery time and which data is most crucial.
THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION A “layered defense” or defense in depth is the best practice for security and Compliance. Is it Time for a Security and Compliance Assessment? Page 22 “a defense-in-depth strategy can provide an effective approach to conceptualize control implementation” - FINRA Cybersecurity Report “There is no silver bullet. Therefore, the best security posture is achieved by using multiple safeguards. Security professionals refer to this as “layered defense” or “defense-in-depth.” The Cloud Solution
FROM THIS Is it Time for a Security and Compliance Assessment? Page 23
TO THIS Is it Time for a Security and Compliance Assessment? Page 24
THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION Top tier data centers provide certified enterprise quality service levels Is it Time for a Security and Compliance Assessment? Page 25 CLOUD SERVICES – SECURE & RELIABLE Top Tier Data Centers = Physical Security Top Tier data centers are fully redundant and audited to meet SSAE 16 and SOC II Type II standards. They have the following characteristics: • Fully redundant systems including power, HVAC and Tier-1 ISPs • Dedicated certified security staff • Compliant with the PCI data center security components • Closed-circuit TV monitoring • Multi-level secure controlled access policies • Provide enterprise quality service levels
THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION Top tier service providers leverage data centers to deliver world class service and reliability Is it Time for a Security and Compliance Assessment? Page 26 CLOUD SERVICES – SECURE & RELIABLE Top Tier Service Providers Deliver Secure Reliable Networks Top tier cloud service providers use best of breed industry infrastructure providers to build out highly redundant and reliable networks to support the delivery of cloud services. The infrastructure includes: • Enterprise grade servers • Full component redundancy • Fully redundant storage • Fully redundant multi-path switching • 10 gigE Network connections • Redundant, enterprise-class firewalls • Multiple Intrusion Prevention Systems (IPS) employed (host and network) • Centralized logging • Event monitoring • DDoS mitigation
THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION Top tier service providers manage software applications and the relationship of all service providers. They also provide technical support and a single point of contact for companies using the services. Is it Time for a Security and Compliance Assessment? Page 27 CLOUD SERVICES – CONTINUALLY MANAGED Top Tier Service Providers Maintain and Manage and Support Applications Service Providers and Deliver Support for All Services Top tier cloud service providers maintain and manage all services on a day to day basis. • Management and patching of Email software • Management of security software to latest versions signature files (host and network) • Management of Networks software firewalls and IDS solutions. • Platform and console management and upgrades and updates • Management of relationships and service levels for all providers
WE CAN HELP PCI COMPLIANCE SINGLE SIGN ON IT SECURITY ASSESSMENT DUAL FACTOR AUTHENTICATION IT POLICIES STAFF IT SECURITY AWARENESS TRAINING CLOUD HOSTING Is it Time for a Security and Compliance Assessment? Page 28
THANK YOU! Nate Solloway Direct: 202-730-9383 E-mail: nsolloway@raffa.com John Rice Direct: 646-225-9453 E-mail: jrice@intermedia.net Q A Is it Time for a Security and Compliance Assessment? Page 29

Recommended

2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 

Recommended

2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 
Privacy Safe Guarding Sensitive PII Handbook 2013
Privacy Safe Guarding Sensitive PII Handbook 2013Privacy Safe Guarding Sensitive PII Handbook 2013
Privacy Safe Guarding Sensitive PII Handbook 2013- Mark - Fullbright
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor PrivacyRaymond Cunningham
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?Raffa Learning Community
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316Eric Morehead
 
LT-Innovate OSCAR Open Standards Compliance Assessment Report Project
LT-Innovate OSCAR Open Standards Compliance Assessment Report ProjectLT-Innovate OSCAR Open Standards Compliance Assessment Report Project
LT-Innovate OSCAR Open Standards Compliance Assessment Report ProjectSerge Gladkoff
 

More Related Content

What's hot

Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010madamseane
 
Privacy Safe Guarding Sensitive PII Handbook 2013
Privacy Safe Guarding Sensitive PII Handbook 2013Privacy Safe Guarding Sensitive PII Handbook 2013
Privacy Safe Guarding Sensitive PII Handbook 2013- Mark - Fullbright
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacylgcdcpas
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber securitynsheel
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 

What's hot (20)

Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010Mass Information Security Requirements January 2010
Mass Information Security Requirements January 2010
 
Privacy Safe Guarding Sensitive PII Handbook 2013
Privacy Safe Guarding Sensitive PII Handbook 2013Privacy Safe Guarding Sensitive PII Handbook 2013
Privacy Safe Guarding Sensitive PII Handbook 2013
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
Protecting Donor Privacy
Protecting Donor PrivacyProtecting Donor Privacy
Protecting Donor Privacy
 
Information Security It's All About Compliance
Information Security It's All About ComplianceInformation Security It's All About Compliance
Information Security It's All About Compliance
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Emerging Trends in Information Security and Privacy
Emerging Trends in Information Security and PrivacyEmerging Trends in Information Security and Privacy
Emerging Trends in Information Security and Privacy
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Enterprise cyber security
Enterprise cyber securityEnterprise cyber security
Enterprise cyber security
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 

Viewers also liked

Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316Eric Morehead
 
LT-Innovate OSCAR Open Standards Compliance Assessment Report Project
LT-Innovate OSCAR Open Standards Compliance Assessment Report ProjectLT-Innovate OSCAR Open Standards Compliance Assessment Report Project
LT-Innovate OSCAR Open Standards Compliance Assessment Report ProjectSerge Gladkoff
 
Regulatory Change Management
Regulatory Change ManagementRegulatory Change Management
Regulatory Change Management360factors
 
Risk assessment for_small_business_-_be_smart
Risk assessment for_small_business_-_be_smartRisk assessment for_small_business_-_be_smart
Risk assessment for_small_business_-_be_smartRana Daniyal
 
Creating a compliance assessment program on a tight budget
Creating a compliance assessment program on a tight budgetCreating a compliance assessment program on a tight budget
Creating a compliance assessment program on a tight budgetAshley Deuble
 
Compliance Effectiveness Assessments
Compliance Effectiveness AssessmentsCompliance Effectiveness Assessments
Compliance Effectiveness AssessmentsPYA, P.C.
 
Thana arabic food only 4 types and 4 things inside
Thana arabic food only 4 types and 4 things insideThana arabic food only 4 types and 4 things inside
Thana arabic food only 4 types and 4 things insideThana74
 
Compliance Capability
Compliance CapabilityCompliance Capability
Compliance Capabilitynikatmalik
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesContinuity Control
 

Viewers also liked (11)

Scce webinar assessment_061316
Scce webinar assessment_061316Scce webinar assessment_061316
Scce webinar assessment_061316
 
LT-Innovate OSCAR Open Standards Compliance Assessment Report Project
LT-Innovate OSCAR Open Standards Compliance Assessment Report ProjectLT-Innovate OSCAR Open Standards Compliance Assessment Report Project
LT-Innovate OSCAR Open Standards Compliance Assessment Report Project
 
Regulatory Change Management
Regulatory Change ManagementRegulatory Change Management
Regulatory Change Management
 
Human Rights Compliance Assessment Presentation
Human Rights Compliance Assessment PresentationHuman Rights Compliance Assessment Presentation
Human Rights Compliance Assessment Presentation
 
Risk assessment for_small_business_-_be_smart
Risk assessment for_small_business_-_be_smartRisk assessment for_small_business_-_be_smart
Risk assessment for_small_business_-_be_smart
 
Creating a compliance assessment program on a tight budget
Creating a compliance assessment program on a tight budgetCreating a compliance assessment program on a tight budget
Creating a compliance assessment program on a tight budget
 
Compliance Effectiveness Assessments
Compliance Effectiveness AssessmentsCompliance Effectiveness Assessments
Compliance Effectiveness Assessments
 
Thana arabic food only 4 types and 4 things inside
Thana arabic food only 4 types and 4 things insideThana arabic food only 4 types and 4 things inside
Thana arabic food only 4 types and 4 things inside
 
Compliance Capability
Compliance CapabilityCompliance Capability
Compliance Capability
 
Vendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto SeriesVendor Management - Compliance Checklist Manifesto Series
Vendor Management - Compliance Checklist Manifesto Series
 
Compliance Risk Assessment
Compliance Risk AssessmentCompliance Risk Assessment
Compliance Risk Assessment
 

Similar to 2015 09-22 Is it time for a Security and Compliance Assessment?

CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxAdarsh748147
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guideAdilsonSuende
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT AssessmentRachel Caldwell
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Data Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsData Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsTrustArc
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 

Similar to 2015 09-22 Is it time for a Security and Compliance Assessment? (20)

CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
2018-11-15 IT Assessment
2018-11-15 IT Assessment2018-11-15 IT Assessment
2018-11-15 IT Assessment
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptx
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdfCDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Responsible for information
Responsible for informationResponsible for information
Responsible for information
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
 
2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment2017 06-27 Time for an IT Assessment
2017 06-27 Time for an IT Assessment
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Data Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & AcquisitionsData Privacy: The Hidden Beast within Mergers & Acquisitions
Data Privacy: The Hidden Beast within Mergers & Acquisitions
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 

More from Raffa Learning Community

2018-11-8 The Changing Role of Today's CIO
2018-11-8 The Changing Role of Today's CIO2018-11-8 The Changing Role of Today's CIO
2018-11-8 The Changing Role of Today's CIORaffa Learning Community
 
2018 09-13 it essentials disaster recovery vs. business continuity
2018 09-13 it essentials disaster recovery vs. business continuity2018 09-13 it essentials disaster recovery vs. business continuity
2018 09-13 it essentials disaster recovery vs. business continuityRaffa Learning Community
 
2018-09-20 Accounting Systems Comparison Seminar
2018-09-20 Accounting Systems Comparison Seminar2018-09-20 Accounting Systems Comparison Seminar
2018-09-20 Accounting Systems Comparison SeminarRaffa Learning Community
 
2018-09-06 FASB ASC 606 - Revenue Recognition
2018-09-06 FASB ASC 606 - Revenue Recognition2018-09-06 FASB ASC 606 - Revenue Recognition
2018-09-06 FASB ASC 606 - Revenue RecognitionRaffa Learning Community
 
2018-07 Systems Integration Best Practices for Integrating Your Business Appl...
2018-07 Systems Integration Best Practices for Integrating Your Business Appl...2018-07 Systems Integration Best Practices for Integrating Your Business Appl...
2018-07 Systems Integration Best Practices for Integrating Your Business Appl...Raffa Learning Community
 
2018-07 FSG BI360 Improve Your Annual Budget Seminar
2018-07 FSG BI360 Improve Your Annual Budget Seminar 2018-07 FSG BI360 Improve Your Annual Budget Seminar
2018-07 FSG BI360 Improve Your Annual Budget Seminar Raffa Learning Community
 
2018 06-27 How to Accelerate the Month-End Close
2018 06-27 How to Accelerate the Month-End Close2018 06-27 How to Accelerate the Month-End Close
2018 06-27 How to Accelerate the Month-End CloseRaffa Learning Community
 
2018 5-8 IT Security - What You Need to Know
2018 5-8 IT Security - What You Need to Know2018 5-8 IT Security - What You Need to Know
2018 5-8 IT Security - What You Need to KnowRaffa Learning Community
 
4-25 18 Blind Spots: The Art of Self Awareness
4-25 18 Blind Spots: The Art of Self Awareness4-25 18 Blind Spots: The Art of Self Awareness
4-25 18 Blind Spots: The Art of Self AwarenessRaffa Learning Community
 
2018 4-23 The Changing Role of Today's CIO
2018 4-23 The Changing Role of Today's CIO2018 4-23 The Changing Role of Today's CIO
2018 4-23 The Changing Role of Today's CIORaffa Learning Community
 
2018 04-17 How Much Should My Nonprofit Target for Reserves?
2018 04-17 How Much Should My Nonprofit Target for Reserves?2018 04-17 How Much Should My Nonprofit Target for Reserves?
2018 04-17 How Much Should My Nonprofit Target for Reserves?Raffa Learning Community
 
2018 03-27 Effective Corporate Performance Management Best Practices
2018 03-27 Effective Corporate Performance Management Best Practices2018 03-27 Effective Corporate Performance Management Best Practices
2018 03-27 Effective Corporate Performance Management Best PracticesRaffa Learning Community
 
2018 3-14 The Changing Role of Today's CIO
2018 3-14 The Changing Role of Today's CIO2018 3-14 The Changing Role of Today's CIO
2018 3-14 The Changing Role of Today's CIORaffa Learning Community
 
2018 3-13 Federal Funding - What You Don't Know Can Hurt You!
2018 3-13 Federal Funding - What You Don't Know Can Hurt You!2018 3-13 Federal Funding - What You Don't Know Can Hurt You!
2018 3-13 Federal Funding - What You Don't Know Can Hurt You!Raffa Learning Community
 

More from Raffa Learning Community (20)

2018-11-29 Intacct for Nonprofits
2018-11-29 Intacct for Nonprofits2018-11-29 Intacct for Nonprofits
2018-11-29 Intacct for Nonprofits
 
2018-11-15 Compliance Issues
2018-11-15 Compliance Issues2018-11-15 Compliance Issues
2018-11-15 Compliance Issues
 
2018-11-8 The Changing Role of Today's CIO
2018-11-8 The Changing Role of Today's CIO2018-11-8 The Changing Role of Today's CIO
2018-11-8 The Changing Role of Today's CIO
 
2018-9-26 Federal Funding
2018-9-26 Federal Funding2018-9-26 Federal Funding
2018-9-26 Federal Funding
 
2018-09-25 Sage Intacct for Nonprofits
2018-09-25 Sage Intacct for Nonprofits2018-09-25 Sage Intacct for Nonprofits
2018-09-25 Sage Intacct for Nonprofits
 
2018 09-13 it essentials disaster recovery vs. business continuity
2018 09-13 it essentials disaster recovery vs. business continuity2018 09-13 it essentials disaster recovery vs. business continuity
2018 09-13 it essentials disaster recovery vs. business continuity
 
2018-09-20 Accounting Systems Comparison Seminar
2018-09-20 Accounting Systems Comparison Seminar2018-09-20 Accounting Systems Comparison Seminar
2018-09-20 Accounting Systems Comparison Seminar
 
2018-09-06 FASB ASC 606 - Revenue Recognition
2018-09-06 FASB ASC 606 - Revenue Recognition2018-09-06 FASB ASC 606 - Revenue Recognition
2018-09-06 FASB ASC 606 - Revenue Recognition
 
2018-07 Systems Integration Best Practices for Integrating Your Business Appl...
2018-07 Systems Integration Best Practices for Integrating Your Business Appl...2018-07 Systems Integration Best Practices for Integrating Your Business Appl...
2018-07 Systems Integration Best Practices for Integrating Your Business Appl...
 
2018-07 FSG BI360 Improve Your Annual Budget Seminar
2018-07 FSG BI360 Improve Your Annual Budget Seminar 2018-07 FSG BI360 Improve Your Annual Budget Seminar
2018-07 FSG BI360 Improve Your Annual Budget Seminar
 
2018 06-27 How to Accelerate the Month-End Close
2018 06-27 How to Accelerate the Month-End Close2018 06-27 How to Accelerate the Month-End Close
2018 06-27 How to Accelerate the Month-End Close
 
2018 06-12 The Changing Role of the CIO
2018 06-12 The Changing Role of the CIO2018 06-12 The Changing Role of the CIO
2018 06-12 The Changing Role of the CIO
 
2018-05-31 A New Look for Nonprofits
2018-05-31 A New Look for Nonprofits2018-05-31 A New Look for Nonprofits
2018-05-31 A New Look for Nonprofits
 
2018 5-8 IT Security - What You Need to Know
2018 5-8 IT Security - What You Need to Know2018 5-8 IT Security - What You Need to Know
2018 5-8 IT Security - What You Need to Know
 
4-25 18 Blind Spots: The Art of Self Awareness
4-25 18 Blind Spots: The Art of Self Awareness4-25 18 Blind Spots: The Art of Self Awareness
4-25 18 Blind Spots: The Art of Self Awareness
 
2018 4-23 The Changing Role of Today's CIO
2018 4-23 The Changing Role of Today's CIO2018 4-23 The Changing Role of Today's CIO
2018 4-23 The Changing Role of Today's CIO
 
2018 04-17 How Much Should My Nonprofit Target for Reserves?
2018 04-17 How Much Should My Nonprofit Target for Reserves?2018 04-17 How Much Should My Nonprofit Target for Reserves?
2018 04-17 How Much Should My Nonprofit Target for Reserves?
 
2018 03-27 Effective Corporate Performance Management Best Practices
2018 03-27 Effective Corporate Performance Management Best Practices2018 03-27 Effective Corporate Performance Management Best Practices
2018 03-27 Effective Corporate Performance Management Best Practices
 
2018 3-14 The Changing Role of Today's CIO
2018 3-14 The Changing Role of Today's CIO2018 3-14 The Changing Role of Today's CIO
2018 3-14 The Changing Role of Today's CIO
 
2018 3-13 Federal Funding - What You Don't Know Can Hurt You!
2018 3-13 Federal Funding - What You Don't Know Can Hurt You!2018 3-13 Federal Funding - What You Don't Know Can Hurt You!
2018 3-13 Federal Funding - What You Don't Know Can Hurt You!
 

Recently uploaded

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

2015 09-22 Is it time for a Security and Compliance Assessment?

  • 1. Thrive. Grow. Achieve. Is it time for a Security and Compliance Assessment? Nate Solloway & John Rice September 22, 2015
  • 2. AGENDA IS IT TIME FOR A SECURITY AND COMPLIANCE ASSESSMENT? • Everyone has something to protect • Compliance Definitions • State, Federal, and Private Security and Compliance Requirements • Considerations and Actions to Improve Security and Compliance – Password Policies – Mobile Device Management & BYOD – Process and People Management • Security tools – Virus and Spam Management – Unified Threat Management and Intrusion Detection – Data Management – Encryption – Archiving and data back up • How Cloud Computing Can Help You Achieve Security and Compliance Goals? – Defense in Depth • How Raffa Can Assist You? HIPAA GLBA FISMA PCI SOX FINRA Notice of Security Breach State Laws Is it time for a Security and Compliance Assessment? Page 2
  • 3. EVERYONE HAS SOMETHING TO PROTECT • Intellectual Property • Human Resources Information • Your Financial Data • Your Customer Databases • Your Customer’s Data • Marketing and Sales Data It’s not Just About compliance with state and federal regulations. It’s about protecting your company, your employees and your customers Page 3Is it time for a Security and Compliance Assessment? Financial Healthcare Legal Professional Services
  • 4. COMPLIANCE DEFINITIONS Definitions are generally accepted by most states However, exceptions do exist on a state by state basis Page 4 Personal Information: An individual’s first name or first initial and last name plus one or more of the following data elements: 1. Social Security number, 2. Driver’s license number or state- issued ID card number 3. Account number, credit card number or debit card number combined with any security code, access code, PIN or password needed to access an account and generally applies to computerized data that includes personal information. Personal Information shall not include publicly available information that is lawfully made available to the general public from federal, state or local government records, or widely distributed media. In addition, Personal Information shall not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. Breach of Security: The unlawful and unauthorized acquisition of personal information that compromises the security, confidentiality, or integrity of personal information. DEFINITIONS Is it Time for a Security and Compliance Assessment?
  • 5. FEDERAL, STATE & PRIVATE REQUIREMENTS It is important to understand that these laws don’t only apply to health and financial institutions. Page 5 HIPAA: Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers. Developed by the Department of Health and Human Services, these new standards provide patients with access to their medical records and more control over how their personal health information is used and disclosed. They represent a uniform, federal floor of privacy protections for consumers across the country. State laws providing additional protections to consumers are not affected by this new rule. The Gramm-Leach-Bliley Act: (GLB Act or GLBA), is a federal law enacted to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections: 1. The Financial Privacy Rule, which regulates the collection and disclosure of private financial information 2. The Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information 3. The Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses). The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices. Is it Time for a Security and Compliance Assessment?
  • 6. FEDERAL, STATE & PRIVATE REQUIREMENTS The Payment Card Industry Council established rules governing how credit card data would be secured Page 6 Short for Payment Card Industry (PCI) Data Security Standard (DSS), PCI DSS is a standard that all organizations, including online retailers, must follow when storing, processing and transmitting their customer's credit card data. The Data Security Standard (DSS) was developed and the standard is maintained by The Payment Card Industry Security Standards Council (PCI SSC). To be PCI complaint companies must use a firewall between wireless networks and their cardholder data environment, use the latest security and authentication such as WPA/WPA2 and also change default settings for wired privacy keys, and use a network intrusion detection system. The PCI DSS standard, as of September 2009 (DSS v 1.2), includes 12 requirements for best security practices PRIVATE REQUIREMENTS Payment Card Industry (PCI) Data Security Standard (DSS) Is it Time for a Security and Compliance Assessment?
  • 7. FEDERAL, STATE & PRIVATE REQUIREMENTS State laws may have different definitions and broader requirements than federal law Page 7 • Definition for “Personal Information” is Broader than the General Definition • Trigger Notification byAccess • Require a Risk of HarmAnalysis • Require Notice to Attorney General or State Agency • Require Notification Within a Specific Time Frame • Permit a Private Cause ofAction • Have an Encryption Safe Harbor • The Statute is Triggered By a Breach of Security in Electronic and/or Paper Records TYPES OF VARIANCES IN STATE LAWS Is it Time for a Security and Compliance Assessment?
  • 8. SECURITY CONSIDERATIONS AND ACTIONS Strong password policy is the first line of defense against a data breach Page 8 STRONG PASSWORD POLICIES Risk: A poorly chosen password may result in unauthorized access and/or exploitation of company resources. In 2013 Verizon stated that 90% of successful breaches started with a weak or default password. The increasing strength of password cracking programs significantly increases the risk associated with poor or weak passwords. Benefit: Strong password policies help to reduce the risk of a breach. Policies should also provide guidance to reduce the risk of human error breaches. Strong passwords should meet these standards at a minimum: • Lower case characters • Upper case characters • Numbers • "Special characters"(@#$%^&*()_+|~-=`{}[]:";'<>/) • Contain at least 12 but preferably 15 characters. Is it Time for a Security and Compliance Assessment?
  • 9. SECURITY CONSIDERATIONS AND ACTIONS If email or other company data is stored on mobile devices they must be managed. Is it Time for a Security and Compliance Assessment? Page 9 MOBILE DEVICE MANAGEMENT The solution allows for password management and the ability to wipe of all data if the device if lost or stolen. Solutions exist for laptops, tablets and smart phones. Risk: Users cannot be trusted to always do the right thing. Has the potential for conflict between employees and employers. Benefit: MDM solutions offer the ability to wipe lost or stolen assets to protect sensitive information from falling into the wrong hands. One benefit of a clearly stated policy is a reduction of possible remote wipe disagreements.
  • 10. SECURITY CONSIDERATIONS AND ACTIONS A clear written policy regarding BYOD needs to be in place and acknowledged by employees. Is it Time for a Security and Compliance Assessment? Page 10 MOBILE DEVICE MANAGEMENT – BRING YOUR OWN DEVICE (BYOD) Risk: BYOD security becomes complicated since the devices are personally owned. Focus should be to restrict what employees are allowed to have on the BYOD devices. Benefit: MDM solutions offer the ability to segment BYOD devices so that it is easy to secure or delete company information off of personal devices, without affecting the user’s personal data. BYOD is becoming popular for companies as a way to reduce costs for mobile devices and keep employees happy. Companies need to have clearly-defined BYOD policies that employees need to acknowledge in writing. A clear policy must be created and communicated to all.
  • 11. SECURITY CONSIDERATIONS AND ACTIONS Security is as much about people and good process and well documented policy as it is about your IT infrastructure Is it Time for a Security and Compliance Assessment? Page 11 PROCESS AND PEOPLE MANAGEMENT
  • 12. SECURITY CONSIDERATIONS AND ACTIONS Security is as much about people and good process and well documented policy as it is about your IT infrastructure Is it Time for a Security and Compliance Assessment? Page 12 PROCESS AND PEOPLE MANAGEMENT • Establish a security and compliance group within the company • Put in place a clear set of company security policies • Build role-based access to applications • Create management systems for admin logins and passwords • Eliminate shared logins/accounts • Create and adhere to a stringent staff on boarding off boarding processes & checklists
  • 13. TIME OUT Is it Time for a Security and Compliance Assessment? Page 13
  • 14. SECURITY TOOLS Security tools include protection against viruses, spyware, and malware for both the network and it’s endpoints. Is it Time for a Security and Compliance Assessment? Page 14 EMAIL AV (Antivirus & Antispyware) Scans incoming email for known malicious software, spam and phishing content. Updates signatures on threats similar to traditional antimalware software. Risk: Email is the primary entry point for virus and malware, protection here is crucial to the stability of data integrity & usability. Benefit: An ounce of prevention is worth a pound of cure - solutions that block hostile emails before employees can open dangerous attachments is a smart business tool to utilize. This is focused on the prevention of malware infections or ID theft.
  • 15. SECURITY TOOLS Security tools include protection against viruses, spyware, and malware for both the network and it’s endpoints. Is it Time for a Security and Compliance Assessment? Page 15 SECURITY TOOLS Antimalware/Antivirus/Anti spyware – Desktop & Server Software that searches for, removes and prevents the installation of known malicious software from desktops and laptops and servers. Risk: Not having antimalware software installed and updated is a sign of negligent business practices. Benefit: A crucial layer of protection to keep data and networks secure. Hosted based firewall A host based firewall is designed to run on individual workstations and provide rules on connecting to outside networks. Risk: Roaming laptops do not have the protection of network firewalls and other network based security controls. Benefit: Provides protection for laptops when they are not connected the corporate network.
  • 16. SECURITY TOOLS A basic firewall Provides absolutely no threat detection. Firewalls allow and block traffic, and cannot respond to evolving threats Is it Time for a Security and Compliance Assessment? Page 16 ADVANCE FIREWALL + UTM (Unified Threat Management) Primary network gateway defense solution for the business community. Solutions evolved from the traditional firewall, becoming an all-inclusive security appliance that can perform multiple functions. Combines network firewalling and any of the following: antivirus (AV), gateway anti-spam, VPN, content filtering, load balancing, data leak prevention and on- appliance reporting. Risk: As malware becomes more advanced, not having the tools to identify or block attacks can leave a business open for attack. Benefit: Provides a cost-effective, yet comprehensive threat- vector protection. All-in-one solution provides tighter security tool integration.
  • 17. SECURITY TOOLS A basic firewall Provides absolutely no threat detection. Firewalls allow and block traffic, and cannot respond to evolving threats Is it Time for a Security and Compliance Assessment? Page 17 IPS/IDS (Intrusion Protection System/Intrusion Detection System) Monitors networks for malicious activity; stops, blocks, and reports. Looks for patterns and matches to known vulnerabilities (included in advanced firewall and UTM platforms) Risk: As malware becomes more advanced, not having the tools to identify or block attacks can leave a business open for attack. Benefit: IPS/IDS solutions help prevent attacks from advanced threats that are able to bypass traditional firewalls and antimalware solutions.
  • 18. SECURITY TOOLS Data files should be encrypted both at rest and during transport. The way data is shared has to be carefully managed. Work is an activity not a place. Is it Time for a Security and Compliance Assessment? Page 18 DATA FILE ENCRYPTION Data file encryption encrypts files and folders selected to be encrypted both on the fly and at rest. Risk: Lost or stolen assets are easy to get access to. Once an unauthorized party has access to the system, all the data on the device can be accessed if it is not encrypted. Benefit: Provides an additional layer of protection by preventing data from being accessed by unauthorized parties.
  • 19. SECURITY TOOLS Policy based encryption for email ensures that email containing sensitive information are protected. Is it Time for a Security and Compliance Assessment? Page 19 EMAIL ENCRYPTION Email encryption uses either public key or private key encryption to prevent the email contents from being viewed by anyone except the intended recipients. Risk: Users routinely send files to the wrong recipients and recipients sometimes forward on files when they should not. Without encrypted email, one the email is sent, there is no way to manage who can access it. Benefit: Provides an additional layer of protection by preventing data from being accessed by unauthorized parties.
  • 20. SECURITY TOOLS Compliant Email archiving provides eDiscovery and can save companies time and money Is it Time for a Security and Compliance Assessment? Page 20 EMAIL ARCHIVING The act of preserving and making searchable all email to/from an individual. Email archiving solutions capture Email content directly from the email application or during the transmission process. Risk: Depending on the industry, your company may have a legal requirement to maintain documents for a certain period of time. Benefit: In regulated industries, this helps the organization comply with applicable regulations. It also helps manage old, but possibly important emails that may need to be accessed in the future.
  • 21. SECURITY TOOLS Effect data backup will allow a company to continue to operate from anywhere in the event of a disaster Is it Time for a Security and Compliance Assessment? Page 21 BACKUP DATA & RECOVERY This involves the copying and archiving of computer information for the intent of restoration. This process is also used to restore lost data following a disaster. Risk: Without a proven ability to recover from a data loss incident, a company may not be able to stay in business due to the disruption to its business operations by losing it critical data and systems. Benefit: A proper data backup and recovery solution will cover the information that a company need to survive. This includes what is an acceptable recovery time and which data is most crucial.
  • 22. THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION A “layered defense” or defense in depth is the best practice for security and Compliance. Is it Time for a Security and Compliance Assessment? Page 22 “a defense-in-depth strategy can provide an effective approach to conceptualize control implementation” - FINRA Cybersecurity Report “There is no silver bullet. Therefore, the best security posture is achieved by using multiple safeguards. Security professionals refer to this as “layered defense” or “defense-in-depth.” The Cloud Solution
  • 23. FROM THIS Is it Time for a Security and Compliance Assessment? Page 23
  • 24. TO THIS Is it Time for a Security and Compliance Assessment? Page 24
  • 25. THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION Top tier data centers provide certified enterprise quality service levels Is it Time for a Security and Compliance Assessment? Page 25 CLOUD SERVICES – SECURE & RELIABLE Top Tier Data Centers = Physical Security Top Tier data centers are fully redundant and audited to meet SSAE 16 and SOC II Type II standards. They have the following characteristics: • Fully redundant systems including power, HVAC and Tier-1 ISPs • Dedicated certified security staff • Compliant with the PCI data center security components • Closed-circuit TV monitoring • Multi-level secure controlled access policies • Provide enterprise quality service levels
  • 26. THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION Top tier service providers leverage data centers to deliver world class service and reliability Is it Time for a Security and Compliance Assessment? Page 26 CLOUD SERVICES – SECURE & RELIABLE Top Tier Service Providers Deliver Secure Reliable Networks Top tier cloud service providers use best of breed industry infrastructure providers to build out highly redundant and reliable networks to support the delivery of cloud services. The infrastructure includes: • Enterprise grade servers • Full component redundancy • Fully redundant storage • Fully redundant multi-path switching • 10 gigE Network connections • Redundant, enterprise-class firewalls • Multiple Intrusion Prevention Systems (IPS) employed (host and network) • Centralized logging • Event monitoring • DDoS mitigation
  • 27. THE CLOUD AS AN EFFECTIVE SECURITY AND COMPLIANCE SOLUTION Top tier service providers manage software applications and the relationship of all service providers. They also provide technical support and a single point of contact for companies using the services. Is it Time for a Security and Compliance Assessment? Page 27 CLOUD SERVICES – CONTINUALLY MANAGED Top Tier Service Providers Maintain and Manage and Support Applications Service Providers and Deliver Support for All Services Top tier cloud service providers maintain and manage all services on a day to day basis. • Management and patching of Email software • Management of security software to latest versions signature files (host and network) • Management of Networks software firewalls and IDS solutions. • Platform and console management and upgrades and updates • Management of relationships and service levels for all providers
  • 28. WE CAN HELP PCI COMPLIANCE SINGLE SIGN ON IT SECURITY ASSESSMENT DUAL FACTOR AUTHENTICATION IT POLICIES STAFF IT SECURITY AWARENESS TRAINING CLOUD HOSTING Is it Time for a Security and Compliance Assessment? Page 28
  • 29. THANK YOU! Nate Solloway Direct: 202-730-9383 E-mail: nsolloway@raffa.com John Rice Direct: 646-225-9453 E-mail: jrice@intermedia.net Q A Is it Time for a Security and Compliance Assessment? Page 29