Data-Ed Online: How Safe is Your Data? Data Security Webinar

Welcome! TITLE How Safe is Your Data? Data Security Management Webinar Date: May 15, 2012 Time: 2:00 PM ET Presenter: Dr. Peter Aiken Twitter: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 1© Copyright this and previous years by Data Blueprint - all rights reserved!

New Feature: Live Twitter Feed TITLE Join the conversation on Twitter! Follow us @datablueprint and @paiken Ask questions and submit your comments: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 2© Copyright this and previous years by Data Blueprint - all rights reserved!

New Feature: LIKE US on Facebook TITLE www.facebook.com/datablueprint Post questions and comments Find industry news, insightful content and event updates PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 3© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Meet Your Presenter: Dr. Peter Aiken • Internationally recognized thought-leader in the data management field with more than 30 years of experience • Recipient of the 2010 International Stevens Award • Founding Director of Data Blueprint (http://datablueprint.com) • Associate Professor of Information Systems at Virginia Commonwealth University (http://vcu.edu) • President of DAMA International (http://dama.org) • DoD Computer Scientist, Reverse Engineering Program Manager/ Office of the Chief Information Officer • Visiting Scientist, Software Engineering Institute/Carnegie Mellon University • 7 books and dozens of articles • Experienced w/ 500+ data management practices in 20 countries #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 4© Copyright this and previous years by Data Blueprint - all rights reserved!

How Safe Is Your Data? Dr. Peter Aiken: Data Security Management WebinarDATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 4/10/2012

TITLE Outline Tweeting now: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Outline 1. Data Management Overview Tweeting now: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Outline 1. Data Management Overview 2. What is data security management? Tweeting now: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Outline 1. Data Management Overview 2. What is data security management? 3. Why is data security important? (1) Top Data Security Concerns & Requirements (2) The Cost of Not Having Accurate Security (3) Data Security Statistics & Examples of Security Breaches Tweeting now: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Outline 1. Data Management Overview 2. What is data security management? 3. Why is data security important? (1) Top Data Security Concerns & Requirements (2) The Cost of Not Having Accurate Security (3) Data Security Statistics & Examples of Security Breaches 4. Data Security Management Building Blocks Tweeting now: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Outline 1. Data Management Overview 2. What is data security management? 3. Why is data security important? (1) Top Data Security Concerns & Requirements (2) The Cost of Not Having Accurate Security (3) Data Security Statistics & Examples of Security Breaches 4. Data Security Management Building Blocks 5. Passwords & Policy Examples Tweeting now: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Outline 1. Data Management Overview 2. What is data security management? 3. Why is data security important? (1) Top Data Security Concerns & Requirements (2) The Cost of Not Having Accurate Security (3) Data Security Statistics & Examples of Security Breaches 4. Data Security Management Building Blocks 5. Passwords & Policy Examples 6. Data Security Standards & Guiding Principles Tweeting now: #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Outline 1. Data Management Overview 2. What is data security management? 3. Why is data security important? (1) Top Data Security Concerns & Requirements (2) The Cost of Not Having Accurate Security (3) Data Security Statistics & Examples of Security Breaches 4. Data Security Management Building Blocks 5. Passwords & Policy Examples 6. Data Security Standards & Guiding Principles Tweeting now: 7. Take Aways, References & Q&A #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 6© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Data Management Functions PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 7© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Published by DAMA International Data Management Functions PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 7© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Published by DAMA International • The professional association for Data Managers (40 chapters worldwide) Data Management Functions PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 7© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Published by DAMA International • The professional association for Data Managers (40 chapters worldwide) DMBoK organized around Data Management Functions PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 7© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Published by DAMA International • The professional association for Data Managers (40 chapters worldwide) DMBoK organized around • Primary data management functions focused around data delivery to the organization Data Management Functions PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 7© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Published by DAMA International • The professional association for Data Managers (40 chapters worldwide) DMBoK organized around • Primary data management functions focused around data delivery to the organization • Organized around several environmental elements Data Management Functions PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 7© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 8© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Environmental Elements PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 8© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE The DAMA Guide to the Data Management Body of Knowledge Amazon: http:// www.amazon.com/ DAMA-Guide- Management- Knowledge-DAMA- DMBOK/dp/ 0977140083 Or enter the terms "dama dm bok" at the Amazon search engine Environmental Elements PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 8© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE What is the CDMP? • Certified Data Management Professional • DAMA International and ICCP • Membership in a distinct group made up of your fellow professionals • Recognition for your specialized knowledge in a choice of 17 specialty areas • Series of 3 exams • For more information, please visit: – http://www.dama.org/i4a/pages/ index.cfm?pageid=3399 – http://iccp.org/certification/ designations/cdmp #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 9© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Management #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 10© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Management Data Program Coordination Organizational Data Integration Data Stewardship Data Development Data Support Operations #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 11© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Management Manage data coherently. Data Program Coordination Organizational Data Integration Data Stewardship Data Development Data Support Operations #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 11© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Management Manage data coherently. Data Program Coordination Share data across boundaries. Organizational Data Integration Data Stewardship Data Development Data Support Operations #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 11© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Management Manage data coherently. Data Program Coordination Share data across boundaries. Organizational Data Integration Data Stewardship Data Development Assign responsibilities for data. Data Support Operations #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 11© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Management Manage data coherently. Data Program Coordination Share data across boundaries. Organizational Data Integration Data Stewardship Data Development Assign responsibilities for data. Engineer data delivery systems. Data Support Operations #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 11© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Management Manage data coherently. Data Program Coordination Share data across boundaries. Organizational Data Integration Data Stewardship Data Development Assign responsibilities for data. Engineer data delivery systems. Data Support Operations Maintain data availability. #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 11© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Summary: Data Security Management #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 13© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Definition: Data Security Management Planning, development and execution of security policies and procedures to provide proper authentication, authorization, access and auditing of data and information assets. #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 14© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Top Data Security Concerns #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 16© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Top Data Security Concerns 1. Confidentiality – Making sure that data is supposed to be restricted to the company #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 16© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Top Data Security Concerns 1. Confidentiality – Making sure that data is supposed to be restricted to the company 2. Integrity – Ensure that the are no changes to data except those intentional ones #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 16© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Top Data Security Concerns 1. Confidentiality – Making sure that data is supposed to be restricted to the company 2. Integrity – Ensure that the are no changes to data except those intentional ones 3. Availability – Ability to get data when it is needed #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 16© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Top Data Security Concerns 1. Confidentiality – Making sure that data is supposed to be restricted to the company 2. Integrity – Ensure that the are no changes to data except those intentional ones 3. Availability – Ability to get data when it is needed 4. Non-repudiation – Ability to prove what was sent, when, who sent it as well as what was delivered, when it was delivered and who received it #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 16© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Requirements Requirements and the procedures to meet them are categorized into 4 basic groups (the 4 As): #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 17© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Requirements Requirements and the procedures to meet them are categorized into 4 basic groups (the 4 As): 1. Authentication Validate users are who they say they are #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 17© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Requirements Requirements and the procedures to meet them are categorized into 4 basic groups (the 4 As): 1. Authentication Validate users are who they say they are 2. Authorization Identify the right individuals and grant them the right privileges to specific, appropriate views of data #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 17© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Requirements Requirements and the procedures to meet them are categorized into 4 basic groups (the 4 As): 1. Authentication Validate users are who they say they are 2. Authorization Identify the right individuals and grant them the right privileges to specific, appropriate views of data 3. Access Enable these individuals and their privileges in a timely manner #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 17© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Requirements Requirements and the procedures to meet them are categorized into 4 basic groups (the 4 As): 1. Authentication Validate users are who they say they are 2. Authorization Identify the right individuals and grant them the right privileges to specific, appropriate views of data 3. Access Enable these individuals and their privileges in a timely manner 4. Audit Review security actions and user activity to ensure compliance with regulations and conformance with policy and standards #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 17© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in the News 6 Worst Data Breaches of 2011 1. Sony – Attacks compromised Sony PlayStation Network, Sony Online Entertainment, and Sony Pictures – Failure to protect 100+ user records – On-going customer relations fallout and class-action lawsuits – Recovery costs: $2+ million 2. Epsilon – Cloud-based email service provider fell victim to spear- phishing attack – Breach affected data from 75 clients who trusted Epsilon with their customers’ data – 60 million customer email addresses were breached (conservative estimate) – Largest security breach ever Source: http://www.informationweek.com/news/security/attacks/232301079?itc=edit_in_body_cross PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 18© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in the News, cont’d 6 Worst Data Breaches of 2011 3. RSA – Didn’t involve consumer information but one of the world’s most-used 2-factor authentication system – Failure to detail exactly what had been stolen by low-tech spear phishing attack – Result of this attack: Many companies retooled security and training processes to help prevent these low-cost, easy-to-execute social- engineering attacks 4. Sutter Physician Services – Thief stole desktop containing 2.2 million patients’ medical details – Security lapse on 2 levels: • (1)Data (unencrypted) • (2)Physical location (unsecured) – Failure to alert affected patients in timely manner – Class action lawsuit Source: http://www.informationweek.com/news/security/attacks/232301079?itc=edit_in_body_cross PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 19© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in the News, cont’d 6 Worst Data Breaches of 2011 5. Tricare and SAIC – Backup tapes containing unencrypted data were stolen from an employee’s personal car – 5.1 million people affected: Current and retired members of armed services and their families – Significant because victims are at risk of medical identify theft AND financial identity theft – $4.9 billion lawsuit 6. Nasdaq – Attack on Directors Desk, a cloud-based Nasdaq system designed to facilitate boardroom-level communications for 10,000 senior executives and company directors – Possible access to inside information that might have been sold to competitors or used to make beneficial stock market Source: http://www.informationweek.com/news/security/attacks/232301079?itc=edit_in_body_cross PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 20© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Cost of NOT having Accurate Security: Other Examples • 2008: Heartland Payment • 2006: Department of VA Systems – Stolen laptop exposed records – 130 million credit card numbers on 26.5 million veterans, including SSNs – $140 million recovery costs – $14 million recovery costs • 2008: Hannaford Bros. – 4.2 million credit and debit card • 2005: Card Systems numbers Solutions – Class action lawsuit – 40 million credit and debit card accounts • 2007: TJ X Co. – 45 + million credit and debit card numbers stolen – $250+ million recovery cost #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 21© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Polling Question #1 What is the cost of data security? Estimated cost per individual breach: 1. $194 2. $467 3. $855 4. $1026 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 22© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 23© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Cost of individual data breach is decreasing for the first time in 7 years Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 23© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Cost of individual data breach is decreasing for the first time in 7 years • Cost of individual data breach: – $5.5 million (2011) vs. $7.2 million (2010) Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 23© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Cost of individual data breach is decreasing for the first time in 7 years • Cost of individual data breach: – $5.5 million (2011) vs. $7.2 million (2010) • Cost per compromised record: – $194 (2011) from $215 (2010) – Exception: Breach as a result of malicious attacks average $222 per record (higher because companies need to do more after the fact) Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 23© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Cost of individual data breach is decreasing for the first time in 7 years • Cost of individual data breach: – $5.5 million (2011) vs. $7.2 million (2010) • Cost per compromised record: – $194 (2011) from $215 (2010) – Exception: Breach as a result of malicious attacks average $222 per record (higher because companies need to do more after the fact) • Costs are generally lower if organizations have Chief Information Security Officer (CISO) Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 23© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Cost of individual data breach is decreasing for the first time in 7 years • Cost of individual data breach: – $5.5 million (2011) vs. $7.2 million (2010) • Cost per compromised record: – $194 (2011) from $215 (2010) – Exception: Breach as a result of malicious attacks average $222 per record (higher because companies need to do more after the fact) • Costs are generally lower if organizations have Chief Information Security Officer (CISO) • Other declines in 2011: – Average size of data breaches declined by 16% – Abnormal customer churn decreased by 18% Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 23© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Cost of individual data breach is decreasing for the first time in 7 years • Cost of individual data breach: – $5.5 million (2011) vs. $7.2 million (2010) • Cost per compromised record: – $194 (2011) from $215 (2010) – Exception: Breach as a result of malicious attacks average $222 per record (higher because companies need to do more after the fact) • Costs are generally lower if organizations have Chief Information Security Officer (CISO) • Other declines in 2011: – Average size of data breaches declined by 16% – Abnormal customer churn decreased by 18% • Interesting fact: in 2011 39% of data breaches were caused by negligent insiders and 24% by system glitches Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 23© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 24© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Breaches caused by malicious attacks increased: 37% (2011) from 31% (2010) – 50% malware – 33% malicious insiders – 28% device theft – 28% SQL injection – 22% phishing attacks – 17% social engineering attacks Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 24© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Breaches caused by malicious attacks increased: 37% (2011) from 31% (2010) – 50% malware – 33% malicious insiders – 28% device theft – 28% SQL injection – 22% phishing attacks – 17% social engineering attacks • Businesses’ detection costs decreased by 6%: $428,330 (2011) from $455,670 (2010) – Companies are more efficient in investigating breaches and organizing around response plans Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 24© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Statistics (2011) • Breaches caused by malicious attacks increased: 37% (2011) from 31% (2010) – 50% malware – 33% malicious insiders – 28% device theft – 28% SQL injection – 22% phishing attacks – 17% social engineering attacks • Businesses’ detection costs decreased by 6%: $428,330 (2011) from $455,670 (2010) – Companies are more efficient in investigating breaches and organizing around response plans • Notification costs increased by 10% $561,495 (2011) – Failure to accurately determine # of individuals affected can result in notifying more people than necessary, which leads to higher churn and other cost- increasing factors – Balance of being timely and accurate at the same time Source: http://www.informationweek.com/news/security/attacks/232602891 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 24© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Costs Related to Data Security Breaches #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 25© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Costs Related to Data Security Breaches • Customer churn (replacing lost customers with new ones) #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 25© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Costs Related to Data Security Breaches • Customer churn (replacing lost customers with new ones) • Value of stolen data #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 25© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Costs Related to Data Security Breaches • Customer churn (replacing lost customers with new ones) • Value of stolen data • Cost of protecting affected victims #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 25© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Costs Related to Data Security Breaches • Customer churn (replacing lost customers with new ones) • Value of stolen data • Cost of protecting affected victims • Cost of remedial security measures #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 25© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Costs Related to Data Security Breaches • Customer churn (replacing lost customers with new ones) • Value of stolen data • Cost of protecting affected victims • Cost of remedial security measures • Fines/Lawsuits #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 25© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Costs Related to Data Security Breaches • Customer churn (replacing lost customers with new ones) • Value of stolen data • Cost of protecting affected victims • Cost of remedial security measures • Fines/Lawsuits • Loss of good will and reputation #dataed PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 25© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Examples of Security Breaches Organization Type of Security Breach Medical Records thrown in trash Boulder Hospital exposing 14 patients 1,000 patients radiology studies data Griffin Hospital stolen Stolen backup tapes expose unknown Proxima Alfa Investments number of clients’ names, addresses, LLC SSNs, bank and tax numbers and copies of passports Data of 3,300,000 names, addresses, Educational Credit DoB and SSNs exposed on stolen Management Corporation portable media device Northwestern Memorial 250 patients’ files stolen from unlocked Hospital cabinets by cleaning crew Source: http://dataloss.db.org/; David Schlesinger PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 26© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Other Examples, cont’d Organization Type of Security Breach Evergreen, Vancouver, 5,000 employee’s information, including Washington Schools back account information, SSNs and Information Cooperative birth dates are compromised Names, addresses and SSNs of 11,000 Connecticut Office of Policy rebate applications are stolen and Management Stolen laptop exposes 9,500 clients’ Thrivent Financial for names, addresses, SSNs and health Lutherans information Data of 100 million gamers exposed when hackers broke into PC games Sony Online Entertainment network, including names, addresses, user names, passwords, credit card information Source: http://dataloss.db.org/; David Schlesinger PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 27© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Polling Question #2 How much time should be committed to data security? 1. 1 day per week 2. Ongoing activity 3. 1 hour per day 4. 1 hour per month PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 28© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE And in this corner we have Dave! PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 29© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Management Overview                             #dataed Illustration from The DAMA Guide to the Data Management Body of Knowledge p. 37 © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 31©36 Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Goals and Principles from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 32© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Goals and Principles 1. Enable appropriate, and prevent inappropriate access and change to data assets from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 32© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Goals and Principles 1. Enable appropriate, and prevent inappropriate access and change to data assets 2. Meet regulatory requirements for privacy and confidentiality from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 32© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Goals and Principles 1. Enable appropriate, and prevent inappropriate access and change to data assets 2. Meet regulatory requirements for privacy and confidentiality 3. Endure the privacy and confidentiality needs of all stakeholders are met from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 32© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Potentially Competing Concerns #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 33© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Potentially Competing Concerns 1. Stakeholder Concerns • Clients, patients, students, citizens, suppliers, partners #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 33© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Potentially Competing Concerns 1. Stakeholder Concerns • Clients, patients, students, citizens, suppliers, partners 2. Government Regulations • Restricting access to information • Openness, transparency and accountability #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 33© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Potentially Competing Concerns 1. Stakeholder Concerns • Clients, patients, students, citizens, suppliers, partners 2. Government Regulations • Restricting access to information • Openness, transparency and accountability 3. Proprietary Business Concerns • Competitive advantage, IP, intimate knowledge of customer needs/relationships #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 33© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Potentially Competing Concerns 1. Stakeholder Concerns • Clients, patients, students, citizens, suppliers, partners 2. Government Regulations • Restricting access to information • Openness, transparency and accountability 3. Proprietary Business Concerns • Competitive advantage, IP, intimate knowledge of customer needs/relationships 4. Legitimate Access Needs • Strategy, rules, processes #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 33© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy • Define Data Security Standards from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy • Define Data Security Standards • Classify Information Confidentiality from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy • Define Data Security Standards • Classify Information Confidentiality • Audit Data Security from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy • Define Data Security Standards • Classify Information Confidentiality • Audit Data Security • Define Data Security Controls and Procedures from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy • Define Data Security Standards • Classify Information Confidentiality • Audit Data Security • Define Data Security Controls and Procedures • Manage Users, Passwords, and Group Membership – Password standards and procedures from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy • Define Data Security Standards • Classify Information Confidentiality • Audit Data Security • Define Data Security Controls and Procedures • Manage Users, Passwords, and Group Membership – Password standards and procedures • Manage Data Access Views and Permissions from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Activities • Understand Data Security Needs and Regulatory Requirements – Business requirements – Regulatory requirements • Define Data Security Policy • Define Data Security Standards • Classify Information Confidentiality • Audit Data Security • Define Data Security Controls and Procedures • Manage Users, Passwords, and Group Membership – Password standards and procedures • Manage Data Access Views and Permissions • Monitor User Authentication and Access Behavior from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 34© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views • Document Classifications from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views • Document Classifications • Data Security Audits from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views • Document Classifications • Data Security Audits • Data Security Controls from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views • Document Classifications • Data Security Audits • Data Security Controls • Data Privacy and Confidentiality Standards from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views • Document Classifications • Data Security Audits • Data Security Controls • Data Privacy and Confidentiality Standards • User Profiles, Passwords and Memberships from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views • Document Classifications • Data Security Audits • Data Security Controls • Data Privacy and Confidentiality Standards • User Profiles, Passwords and Memberships • Data Security Permissions from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Primary Deliverables • Data Security Policies • Data Access Views • Document Classifications • Data Security Audits • Data Security Controls • Data Privacy and Confidentiality Standards • User Profiles, Passwords and Memberships • Data Security Permissions • Authentication and Access History from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 35© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Roles and Responsibilities from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 36© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Roles and Responsibilities Suppliers: • Data Stewards • IT Steering Committee • Data Stewardship Council • Government • Customers from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 36© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Roles and Responsibilities Suppliers: Consumers: • Data Stewards • Data Producers • IT Steering Committee • Knowledge Workers • Data Stewardship Council • Managers • Government • Executives • Customers • Customers • Data Professionals from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 36© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Roles and Responsibilities Suppliers: Consumers: • Data Stewards • Data Producers • IT Steering Committee • Knowledge Workers • Data Stewardship Council • Managers • Government • Executives • Customers • Customers • Data Professionals Participants: • Data Stewards • Data Security Administrators • Database Administrators • BI Analysts • Data Architects • CIO/CTO • Help Desk Analysts from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 36© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Polling Question #4 Who is responsible for data security? 1. Everyone 2. CIO 3. Data Stewards 4. Data Security Officer PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 37© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology • Database Management System #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology • Database Management System • Business Intelligence Tools #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology • Database Management System • Business Intelligence Tools • Application Frameworks #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology • Database Management System • Business Intelligence Tools • Application Frameworks • Identify Management Technologies #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology • Database Management System • Business Intelligence Tools • Application Frameworks • Identify Management Technologies • Change Control Systems #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology • Database Management System • Business Intelligence Tools • Application Frameworks • Identify Management Technologies • Change Control Systems • Practices & Techniques #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Technology • Database Management System • Business Intelligence Tools • Application Frameworks • Identify Management Technologies • Change Control Systems • Practices & Techniques • Organization & Culture #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 38© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Polling Question #3 • What is the most common password? 1. 123456 2. password 3. asdf123 4. dragon PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 40© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Passwords Pointers • Contains at least 8 characters • Contains an uppercase letter and a numeral • Not the same as the username • Note be the same as the previous 5 passwords used • Not contain complete dictionary words in any language • Not be incremental (password1, password2, etc.) • Not have two characters repeated sequentially • Not use adjacent characters on the keyboard • Incorporate a space (if possible) • Changed every 45 to 60 days from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 41© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Information Confidentially Classifications from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 42© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Information Confidentially Classifications • For general audiences – Default from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 42© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Information Confidentially Classifications • For general audiences – Default • Internal use only – Minimal risk if shared – not to be copied outside of the organization from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 42© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Information Confidentially Classifications • For general audiences – Default • Internal use only – Minimal risk if shared – not to be copied outside of the organization • Confidential – Not shared outside of the organization from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 42© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Information Confidentially Classifications • For general audiences – Default • Internal use only – Minimal risk if shared – not to be copied outside of the organization • Confidential – Not shared outside of the organization • Restricted Confidential – Only shown to individuals within the organization who "need to know" from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 42© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Information Confidentially Classifications • For general audiences – Default • Internal use only – Minimal risk if shared – not to be copied outside of the organization • Confidential – Not shared outside of the organization • Restricted Confidential – Only shown to individuals within the organization who "need to know" • Registered Confidential – Shared only with the existence of a legal agreement from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 42© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Policies • Americans with Disabilities Act (ADA) • Cable Communications Policy Act of 1984 (Cable Act) • California Senate Bill 1386 (SB 1386) • Children’s Internet Protection Act of 2001 (CIPA) • Children’s Online Privacy Protection Act of 1998 (COPPA) • Communications Assistance for Law Enforcement Act of 1994 (CALEA) • Computer Fraud and Abuse Act of 1986 (CFAA) • Computer Security Act of 1987 – (Superseded by the Federal Information Security Management Act FISMA) • Consumer Credit Reporting Reform Act of 1996 (CCRRA) – Modifies the Fair Credit Reporting Act (FCRA) • Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003 • Electronic Funds Transfer Act (EFTA) • Fair and Accurate Credit Transactions Act (FACTA) of 2003 • Fair Credit Reporting Act PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 43© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Policies, cont’d • Federal Information Security Management Act (FISMA) • Federal Trade Commission Act (FTCA) • Drivers Privacy Protection Act of 1994 • Electronic Communications Privacy Act of 1986 (ECPA) • Electronic Freedom of Information Act of 1996 ( E-FOIA) • Fair Credit Reporting Act of 1999 (FCRA) • Family Education Rights and Priacy Act of 1974 (FERPA; also known as Buckley Amendment) • Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA) • Privacy Act of 1974 • Privacy Protection Act of 1980 (PPA) • Right to Financial Privacy Act of 1978 (RFPA) • Telecommunications Act of 1996 • Telephone Consumer Protection Act of 1991 (TCPA) • Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act) • Video Privacy Protection Act of 1988 PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 44© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in an Outsourced World from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 45© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in an Outsourced World • Any form of outsourcing increases risk to the organization from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 45© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in an Outsourced World • Any form of outsourcing increases risk to the organization • Data security risk is escalated to the outsource vendor from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 45© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in an Outsourced World • Any form of outsourcing increases risk to the organization • Data security risk is escalated to the outsource vendor • Transferring control (but not accountability) requires tighter risk management and control mechanisms from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 45© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security in an Outsourced World • Any form of outsourcing increases risk to the organization • Data security risk is escalated to the outsource vendor • Transferring control (but not accountability) requires tighter risk management and control mechanisms • Some mechanisms include: – Service level agreements – Limited liability provisions in the outsourcing contract – Right-to-audit clauses in the contract – Clearly defined consequences to breaching contractual obligations – Frequent data security reports from the service vendor – Independent monitoring of vendor system activity – More frequent and thorough data security auditing from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 45© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines • Data transmission requirements #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines • Data transmission requirements • Documentation requirements #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines • Data transmission requirements • Documentation requirements • Remote access standards #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines • Data transmission requirements • Documentation requirements • Remote access standards • Security breach reporting #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines • Data transmission requirements • Documentation requirements • Remote access standards • Security breach reporting • Using mobile devices #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines • Data transmission requirements • Documentation requirements • Remote access standards • Security breach reporting • Using mobile devices • Storage of data on portable devices (laptops, phones, iPads) BYOD #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Data Security Standards • Tools for data security • Encryption standards/mechanisms • Access guidelines • Data transmission requirements • Documentation requirements • Remote access standards • Security breach reporting • Using mobile devices • Storage of data on portable devices (laptops, phones, iPads) BYOD • Disposal of devices #dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 47© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Security Role Hierarchy Diagram from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 48© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 49© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles 1. Be a responsible data trustee (governance) from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 49© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles 1. Be a responsible data trustee (governance) 2. Understand and comply with pertinent regulations and guidelines from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 49© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles 1. Be a responsible data trustee (governance) 2. Understand and comply with pertinent regulations and guidelines 3. Use data-to-process and data-to-role matrices to document needs and guide role groups and permissions from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 49© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles 1. Be a responsible data trustee (governance) 2. Understand and comply with pertinent regulations and guidelines 3. Use data-to-process and data-to-role matrices to document needs and guide role groups and permissions 4. Defining data security requirements and policies is a collaborative effort from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 49© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles 1. Be a responsible data trustee (governance) 2. Understand and comply with pertinent regulations and guidelines 3. Use data-to-process and data-to-role matrices to document needs and guide role groups and permissions 4. Defining data security requirements and policies is a collaborative effort 5. Define security requirements in conjunction with development projects from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 49© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles, cont’d from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 50© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles, cont’d 6. Classify enterprise data against a confidentiality classification schema from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 50© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles, cont’d 6. Classify enterprise data against a confidentiality classification schema 7. Follow strong password guidelines from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 50© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles, cont’d 6. Classify enterprise data against a confidentiality classification schema 7. Follow strong password guidelines 8. Create role groups, define privileges by role; grant privileges to users by role – where possible restrict users to one role from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 50© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles, cont’d 6. Classify enterprise data against a confidentiality classification schema 7. Follow strong password guidelines 8. Create role groups, define privileges by role; grant privileges to users by role – where possible restrict users to one role 9. Formally manage the requests and approvals for initial authorizations and changes from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 50© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Guiding Principles, cont’d 6. Classify enterprise data against a confidentiality classification schema 7. Follow strong password guidelines 8. Create role groups, define privileges by role; grant privileges to users by role – where possible restrict users to one role 9. Formally manage the requests and approvals for initial authorizations and changes 10. Centrally manager user identities and group memberships from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 50© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE How safe is your data? • Do you feel that your data is: a.Trustably safe? b.Safe enough? c. Not safe? d.Dangerous to our organization PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 52© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Summary: Data Security Management from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 53© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Who would be interested in a more in-depth version of this webinar? How many times has your organization admitted to not knowing where / what their data is? What about an incident where data is lost and you cannot identify how many records or customers were affected? The problems ARE common in corporate America, but more importantly, they are symptomatic of a greater deficiency. This deficiency can be seen throughout the countless articles associated with lost data or miscalculated financials. The root cause of these deficiencies has forced our data managers and our GRC managers to develop a common understanding of all things data; this is your primary corporate asset! Most corporate leaders know that corporations require a solid Enterprise Governance, Risk and Compliance Program. Leaders also understand the need for a good Data Governance Program, but how do the two overlap and how do I achieve both in my organization? Our approach is designed to provide quantitative gains in your organization and answer the following tough questions: • How do I minimize F.U.D. and R.O.T.? • What are the intersecting points between data governance and GRC? • How do I turn my corporate data into a protected and managed asset? By consolidating your efforts between your Data Owner and the protectors of said Data, you save money and eliminate R.O.T and F.U.D. from your enterprise. This solution also provides a simplified way to have discussions between the CISO and the CIO whom typically own these respective functions. Let this framework guide you to a managed environment and repeatable processes, all whilst producing measurable results in managing controls. • I would be interested in the more in-depth version of this webinar – Yes PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 54© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE References PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 55© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Additional References • http://www.dispatch.com/live/content/business/stories/2011/05/09/fbi-probing-consumer-data-breach-at- sony.html?sid=101 • http://sanfrancisco.cbslocal.com/2011/05/06/sony-ceo-apologizes-for-massive-playstation-data-breach/ • http://www.pcworld.com/article/226357/sony_playstation_network_personal_user_data_stolen.html • http://www.reuters.com/article/2011/05/05/us-sony-insurance-idUSTRE74472120110505 • http://wiki.answers.com/Q/What_are_the_common_data_security_concerns_for_a_business • http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/ US_Ponemon_CODB_09_012209_sec.pdf • http://www.informationweek.com/news/198701100 • http://blog.mpecsinc.ca/2010/05/update-heartland-payment-systems-breach.html • http://blog.mpecsinc.ca/2010/05/update-heartland-payment-systems-breach.html • http://www.computerworld.com/s/article/9070281/ Hannaford_hit_by_class_action_lawsuits_in_wake_of_data_breach_disclosure • Todd Newton: What Every Company Should Know About Data Security and Electronic Discovery PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 56© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Additional References • http://www.dispatch.com/live/content/business/stories/2011/05/09/fbi-probing-consumer-data-breach-at- sony.html?sid=101 • http://sanfrancisco.cbslocal.com/2011/05/06/sony-ceo-apologizes-for-massive-playstation-data-breach/ • http://www.pcworld.com/article/226357/sony_playstation_network_personal_user_data_stolen.html • http://www.reuters.com/article/2011/05/05/us-sony-insurance-idUSTRE74472120110505 • http://wiki.answers.com/Q/What_are_the_common_data_security_concerns_for_a_business • http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/ US_Ponemon_CODB_09_012209_sec.pdf • http://www.informationweek.com/news/198701100 • http://blog.mpecsinc.ca/2010/05/update-heartland-payment-systems-breach.html • http://blog.mpecsinc.ca/2010/05/update-heartland-payment-systems-breach.html • http://www.computerworld.com/s/article/9070281/ Hannaford_hit_by_class_action_lawsuits_in_wake_of_data_breach_disclosure • Todd Newton: What Every Company Should Know About Data Security and Electronic Discovery PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 57© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Questions? + = It’s your turn! Use the chat feature or Twitter (#dataed) to submit your questions to Peter now. PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 58© Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE Upcoming Events June Webinar: Master Data Management: Quality is not an Option but a Requirement June 12, 2012 @ 2:00 PM ET/11:00 AM PT July Webinar: Practical Applications for Data Warehousing, Analytics, BI, and Meta-Integration Technologies July 10, 2012 @ 2:00 PM ET/11:00 AM PT Sign up here: • www.datablueprint.com/webinar-schedule • www.Dataversity.net Brought to you by: PRODUCED BY CLASSIFICATION DATE SLIDE DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 59© Copyright this and previous years by Data Blueprint - all rights reserved!

Data-Ed Online: How Safe is Your Data? Data Security Webinar

by Data Blueprint on May 21, 2012

Accessibility

Categories

Upload Details

Usage Rights

1 Embed 1,037

Statistics

Data-Ed Online: How Safe is Your Data? Data Security Webinar Presentation Transcript