Information security: importance of having defined policy & process
SSI Data Protection Solutions
1. SSI Data Protection Solutions
O:99 Staff FoldersolaSSI CorpSSI Data Protection Solutions v0.1.ppt
2. SSI
Security Software International Content
1. Understanding Data Protection
2. What is Data Leakage Prevention?
3. How SSI can help – Protecting Data throughout its cycle
- SSI Capabilities & Solutions
4. Summary – Partnerships - Contacts
3. SSI
Security Software International Understanding Data Protection
Did you know?
The impact of security breaches on well Established
brands in recent years has resulted in huge financial
losses, meaning:
IP losses of $4.6B worldwide in 2008
Data losses worldwide reportedly topped $1 trillion in 2008
Two in three Australian organizations experienced a serious data
breach in the last twelve months
Over 900 flash drives collected by dry cleaner in ANZ in 2008
12000 laptops/week lost in US airports
Sources:
January 2009 MacAfee findings for Davos World Economic Forum
www.ponemon.org
www.ironkey.com
4. SSI
Security Software International What is Data Leakage Prevention?
• Data Leakage Prevention (DLP) is a computer security term referring
to systems that identify, monitor, and protect data in use (e.g.,
endpoint actions), data in motion (e.g., network actions), and data at
rest (e.g., data storage).
• Regulatory compliance - Data Mandatory Disclosure Law
HIPAA in health and benefits,
GLBA and BASEL II in finance
Payment Card Industry DSS standards.
In the US, UK and EU Data Mandatory Disclosure Law required
an organization to inform their customers of any loss of their
personal information. The right to data privacy is heavily
regulated and rigidly enforced particularly in Europe. However,
as we speak, the Australian Law Reform Commission is looking
at some 300 changes to Federal privacy laws, which includes
data disclosure.
5. SSI
Security Software International Data Leakage - compelling examples
• 2007 NAB Melbourne: 598 names and account numbers of 397
people sent to wrong addresses.
• 2007 HSBC Sydney: More than 100 HSBC Australian customers had
their banking details, names and home addresses as well as other
personal financial information exposed.
• In 2008, an Australian Pharmaceutical Company was getting
complaints of adverse patient reactions from geography they had
minuscule sales. Counterfeit drugs were being manufactured and sold
in that geography under the same brand name.
Sources
Information Age October/November 2009
6. SSI
Security Software International
Data Leakage Prevention –
It does not apply to me!
Very few organizations take into account the threat from the average
employee leaking data. Denial kicks in and “it does not apply to me”, becomes
the preferred answer.
Well consider these 2 questions:
1. Assuming that most of your employees in your
organization including yourself use laptops and/or
PDAs, what kind of data is stored on these and what is
its value?
2. How do you monitor what users are doing with
sensitive data and how do you control what users can
install or introduce onto their computers, for example
iPod, iPhone or USB devices?
7. SSI
Security Software International How SSI can help
Data Leakage will become an ever-larger concern, especially with the
increasing use of mobile technologies.
Many countries have introduced strict disclosure laws, or will soon do so.
Then ask yourself this question, are you ready for it?
At SSI, we are passionate about sharing our experience and
expertise by helping businesses better understand and address:
What data is most sensitive to their business and where it
resides?
What are the origin and nature of their risks?
How to select the appropriate controls based on policy and
risk?
How to manage security centrally?
How to conduct audit security to constantly improve?
8. SSI
Security Software International
Protecting Data throughout its Cycle
E-Card Servers
Personalization Archiving
Document Workstations
Management Data in Data at
Use Rest
Laptops
E-Payment
Smartphones
/ PDA
E-Business
Processes Data in
Motion USB Device
E-Mail Firewire-Device
CD/DVD
9. SSI
Security Software International
Data Protection
CryptoServer-HSM
PCI Compliance
Products
Network Access Control (NAC)
Full Disk Encryption (FDE)
Encryption Devices-Enterprise USB Policy Management
Data Leakage Prevention (DLP)
Solutions Data Protection
Lifecycle / Support
Consulting Services
Quality Assurance
Implementation
Project Management
Solution Architecture
Design
Audit/Assessment
10. SSI
Security Software International SSI Data Protection Solutions
SSI advise on the following full suite of Enterprise Data
Protection Solutions:
PCI DSS Compliance (Policy development & implementation to
ensure secure management of credit card data and network
access control).
Full disk encryption (FDE), device encryption-hardware
encrypted USB flash drives - FIPS 140-2 Level 3
Managed Service Policies covering: who can use drives, how
drives can be used and how the data on drives is protected.
Network Access Control (NAC)
Highest level of data and business processes security with a
tamper-resistant Hardware Security Module (HSM) - FIPS 140-2
Level 4
12. SSI
Security Software International Summary
Remember
Today organizations must underscore the importance of
security on the company’s reputation.
But after all, by marketing your Data-IP Protection, don’t
you think it will help your organizations to find new
business?
“According to Bank of America, they have successfully managed
itself as a bank that values its clients privacy and security. They have
come up with innovative ways to increase revenue through consumer
security such as offering two factors authentication tokens for a small
fee. For companies in such Industries data protection is an absolute
necessity just for both their internal users and their customers.’
Sources: Information Age October/November 2009