SlideShare a Scribd company logo

IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software

Skoda Minotti
Skoda Minotti

Overview of data loss prevention controls and vulnerability scanners

Technology
1 of 20
Download to read offline
Delivering on the Promise. IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software By: Brian Rosenfelt, CPA And Joseph Compton, CISSP, CISA February 16, 2012
Delivering on the Promise. Security Software Agenda • Data Loss Prevention Controls • Aids in policy development • Helps identify data to be protected • Provides real-time incident response tickets • Provides centralized audit reports • Vulnerability Scanners • Identify Network Device Weakness • Used to validate machine configuration • Used to identify missing patches
Delivering on the Promise. The Software Data Loss • DLP tools have been around for a long time Prevention • Expensive Controls • Geared toward single task • Poor alerting • New unified platforms are coming online • Comprehensive approach • Unified exception and audit reporting • Real time incident responses • Controls can be configured to function as • Detective • Corrective • Preventive
Delivering on the Promise. Organizational Data in Motion Challenges • What is the confidential data? • Where is the confidential data stored? • Where is the confidential data going? • Can the controls enforce data use polices?
Delivering on the Promise. Enterprise Data Protection and Governance What can these tools protect • Email encryption • Content profiling • Web filtering • End-point protection • Document management • Finger printing • Employee monitoring
Delivering on the Promise. Multiple endpoints Security / DLP • Storage drives (CD, DVD, USB) • Print devices • Websites • Home networks • Screen capture • Clipboard monitoring • Content profiling
Delivering on the Promise. CTH Technologies Secure Care Our DLP • Agent based technology Solution • Works on and off the network • Lockdown the desktop with policy enforcement • Policies will travel
Delivering on the Promise. Define Run Enforce policy Remediate Report on risk confidential scan and by incidents and data policy discover automatically compliance exposed data protecting files
Delivering on the Promise. Employee Detects or Notifies Workflow Report on sends prevents employee automates risk and confidential incident remediation compliance data
Delivering on the Promise. SENSITIVE Employee Detects Tags email Automatically Report on risk sends incidents message encrypts and confidential tagged compliance data messages
Delivering on the Promise.
Delivering on the Promise. CTH Demo
Delivering on the Promise. Business Intelligence CTH DLP Summary • Behavioral Analytics • Employee Monitoring • Employee Activity / Productivity Reports • Software Audit Reporting • Usage Report • Compliance Report
Delivering on the Promise. DLP Solutions should CTH DLP Summary • Capture and Monitor • Desktop Data • Customer and Employee Data • Application Performance Data • Analyze Data • User • Machine • Application • Risk Mitigation Compliance
Delivering on the Promise. SAINT Security Scanner • Besides a tool for security testers, auditors can leverage the power of the Saint Security Scanner • Review Network Device Configuration • Perform Security Patch Audits • Test for PCI Compliance (Payment Card Industry) • Test for FISMA Compliance (Federal Information Security Act) • Test for HIPPA Compliance (Health Insurance Portability and Accountability Act) • Test for NERC Compliance(North American Electric Reliability Corporation) .
Delivering on the Promise. What Can SAINT Do? Compliance • Besides various compliance checks SAINT can also Features run OVAL (Open vulnerability and Assessment Language) Vulnerability and Inventory tests • XCCDF and SCAP (NIST Extensible Configuration Checklist Description Format and Security Content Automation Protocol) • Import Lists from National Vulnerability Database http://web.nvd.nist.gov/view/ncp/repository
Delivering on the Promise. What else is out there? Other Scanning Tools and • A list of approved Scanners: Resources http://nvd.nist.gov/scapproducts.cfm • Other DLP Vendors: Code Green Networks, Websense, Axway, and SMARSH
Delivering on the Promise. What We Learned Summary • There are a variety of automated controls available • Each type can be used to speed up policy and procedure development • Auditors / Like security testers should have access to these tools • The right toolset should be customizable to the for any environment or reporting criteria
Delivering on the Promise. Our Whether seen by our clients, employees, Philosophy business contacts or community, our identity is the symbol of a promise delivered with enthusiasm, innovation, teamwork, drive and commitment. • Clients - Provide premier business services to our clients • Employees - Foster an environment that maximizes personal and professional growth • Business Contacts - Maintain the highest ethical standards • Community - Enhance the future of our community
Delivering on the Promise. Questions?

Recommended

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of OpportunityCASCouncil
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)Michael Scovetta
 
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)Michael Scovetta
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Is Your Data Secure
Is Your Data SecureIs Your Data Secure
Is Your Data SecureReal-Time Innovations (RTI)
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 

Recommended

Rationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudRationalization and Defense in Depth - Two Steps Closer to the Cloud
Rationalization and Defense in Depth - Two Steps Closer to the CloudBob Rhubart
 
New Window of Opportunity
New Window of OpportunityNew Window of Opportunity
New Window of OpportunityCASCouncil
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)Michael Scovetta
 
DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)DARPA: Cyber Analytical Framework (Kaufman)
DARPA: Cyber Analytical Framework (Kaufman)Michael Scovetta
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Is Your Data Secure
Is Your Data SecureIs Your Data Secure
Is Your Data SecureReal-Time Innovations (RTI)
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightScale
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint SecurityAhmed Hashem El Fiky
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingCipherCloud
 
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionOn Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionTripwire
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...Andris Soroka
 
Managed Service Brochure
Managed Service BrochureManaged Service Brochure
Managed Service BrochureLen Moncrieffe
 
GTB DLP Suite Presentation
GTB DLP Suite PresentationGTB DLP Suite Presentation
GTB DLP Suite Presentationgtbsalesindia
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011commandersaini
 
NCR Hosting Services
NCR Hosting ServicesNCR Hosting Services
NCR Hosting Serviceswebhostingguy
 
Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Marc-Andre Heroux
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 

More Related Content

What's hot

Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightScale
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloudcentralohioissa
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyNandita Nityanandam
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached Dell EMC World
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsBob Rhubart
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabiltiesSneha .
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingCipherCloud
 
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionOn Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionTripwire
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1PROIDEA
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Trend Micro
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forcescommandersaini
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...Andris Soroka
 
Managed Service Brochure
Managed Service BrochureManaged Service Brochure
Managed Service BrochureLen Moncrieffe
 
GTB DLP Suite Presentation
GTB DLP Suite PresentationGTB DLP Suite Presentation
GTB DLP Suite Presentationgtbsalesindia
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself Alert Logic
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overviewgtbsalesindia
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011commandersaini
 
NCR Hosting Services
NCR Hosting ServicesNCR Hosting Services
NCR Hosting Serviceswebhostingguy
 

What's hot (20)

Rightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public CloudRightscale Webinar: PCI in Public Cloud
Rightscale Webinar: PCI in Public Cloud
 
Lisa Guess - Embracing the Cloud
Lisa Guess - Embracing the CloudLisa Guess - Embracing the Cloud
Lisa Guess - Embracing the Cloud
 
Vulnerability Testing Services Case Study
Vulnerability Testing Services Case StudyVulnerability Testing Services Case Study
Vulnerability Testing Services Case Study
 
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
MT 68 Hunting for the Threat: When You Don’t Know If You’ve Been Breached
 
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the CloudsRationalization and Defense in Depth - Two Steps Closer to the Clouds
Rationalization and Defense in Depth - Two Steps Closer to the Clouds
 
Endpoint Security
Endpoint SecurityEndpoint Security
Endpoint Security
 
CyberKnight capabilties
CyberKnight capabiltiesCyberKnight capabilties
CyberKnight capabilties
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File Sharing
 
On Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data ProtectionOn Common Ground: The Overlap of PCI DSS and Data Protection
On Common Ground: The Overlap of PCI DSS and Data Protection
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012Where to Store the Cloud Encryption Keys - InterOp 2012
Where to Store the Cloud Encryption Keys - InterOp 2012
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense ForcesCloud Computing security Challenges for Defense Forces
Cloud Computing security Challenges for Defense Forces
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
 
Managed Service Brochure
Managed Service BrochureManaged Service Brochure
Managed Service Brochure
 
GTB DLP Suite Presentation
GTB DLP Suite PresentationGTB DLP Suite Presentation
GTB DLP Suite Presentation
 
CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
Gtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment OverviewGtb Dlp & Irm Solution Product And Deployment Overview
Gtb Dlp & Irm Solution Product And Deployment Overview
 
Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011Migrating To Cloud & Security @ FOBE 2011
Migrating To Cloud & Security @ FOBE 2011
 
NCR Hosting Services
NCR Hosting ServicesNCR Hosting Services
NCR Hosting Services
 

Viewers also liked

Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Marc-Andre Heroux
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsPECB
 
Framework for a business process management competency centre
Framework for a business process management competency centreFramework for a business process management competency centre
Framework for a business process management competency centreMartin Moore
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management Argyle Executive Forum
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
Expert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategyExpert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategyDavid Terrar
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 

Viewers also liked (9)

Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0Enterprise Security Critical Security Functions version 1.0
Enterprise Security Critical Security Functions version 1.0
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processes
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
 
Vulnerability Management
Vulnerability ManagementVulnerability Management
Vulnerability Management
 
Framework for a business process management competency centre
Framework for a business process management competency centreFramework for a business process management competency centre
Framework for a business process management competency centre
 
Implementing Vulnerability Management
Implementing Vulnerability Management Implementing Vulnerability Management
Implementing Vulnerability Management
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability Management
 
Expert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategyExpert talk strategic building blocks for the digital transformation strategy
Expert talk strategic building blocks for the digital transformation strategy
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 

Similar to IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software

Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0Amazon Web Services
 
RSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI ComplianceRSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI ComplianceEMC
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Intel IT Center
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourleyGovCloud Network
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceTej Luthra
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnSamuel Reed
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareKonverge Technologies Pvt. Ltd.
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsAndris Soroka
 
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesNetskope
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtimeAFCOM
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Ben Rothke
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsCprime
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness TrainingDaniel P Wallace
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxtmbainjr131
 
Ciso executive forum 2013
Ciso executive forum 2013Ciso executive forum 2013
Ciso executive forum 2013Bill Burns
 

Similar to IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software (20)

Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0(SEC402) Enterprise Cloud Security via DevSecOps 2.0
(SEC402) Enterprise Cloud Security via DevSecOps 2.0
 
RSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI ComplianceRSA Presentation - 5 Steps to Improving PCI Compliance
RSA Presentation - 5 Steps to Improving PCI Compliance
 
Logicalis BYOD Briefing
Logicalis BYOD BriefingLogicalis BYOD Briefing
Logicalis BYOD Briefing
 
Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary Cloud Security Checklist and Planning Guide Summary
Cloud Security Checklist and Planning Guide Summary
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Secure DevOPS Implementation Guidance
Secure DevOPS Implementation GuidanceSecure DevOPS Implementation Guidance
Secure DevOPS Implementation Guidance
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
 
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP SoftwareExplore Top Data Loss Prevention Tools | Fortify with DLP Software
Explore Top Data Loss Prevention Tools | Fortify with DLP Software
 
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs FilatovsDSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
DSS.LV - Principles Of Data Protection - March2015 By Arturs Filatovs
 
Making Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar SlidesMaking Cloud Security Part of Your DNA Webinar Slides
Making Cloud Security Part of Your DNA Webinar Slides
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtime
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
 
Harsha CV
Harsha CVHarsha CV
Harsha CV
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Re-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptxRe-Thinking BYOD Policy.pptx
Re-Thinking BYOD Policy.pptx
 
Ciso executive forum 2013
Ciso executive forum 2013Ciso executive forum 2013
Ciso executive forum 2013
 

More from Skoda Minotti

Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Skoda Minotti
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesSkoda Minotti
 
Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesSkoda Minotti
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSkoda Minotti
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesSkoda Minotti
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and RewardsSkoda Minotti
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesSkoda Minotti
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsSkoda Minotti
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsSkoda Minotti
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentSkoda Minotti
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsSkoda Minotti
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologySkoda Minotti
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedSkoda Minotti
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top TalentSkoda Minotti
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding MedicareSkoda Minotti
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Skoda Minotti
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation BasicsSkoda Minotti
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusSkoda Minotti
 

More from Skoda Minotti (20)

Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader Slides
 
Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional Slides
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv Session
 
Managing Risk
Managing RiskManaging Risk
Managing Risk
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of Cryptocurrencies
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and Rewards
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private Companies
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing Skills
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell Agreements
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top Talent
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with Technology
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top Talent
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding Medicare
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation Basics
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax Nexus
 

Recently uploaded

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 

Recently uploaded (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software

  • 1. Delivering on the Promise. IT Compliance and Governance with DLP Controls and Vulnerability Scanning Software By: Brian Rosenfelt, CPA And Joseph Compton, CISSP, CISA February 16, 2012
  • 2. Delivering on the Promise. Security Software Agenda • Data Loss Prevention Controls • Aids in policy development • Helps identify data to be protected • Provides real-time incident response tickets • Provides centralized audit reports • Vulnerability Scanners • Identify Network Device Weakness • Used to validate machine configuration • Used to identify missing patches
  • 3. Delivering on the Promise. The Software Data Loss • DLP tools have been around for a long time Prevention • Expensive Controls • Geared toward single task • Poor alerting • New unified platforms are coming online • Comprehensive approach • Unified exception and audit reporting • Real time incident responses • Controls can be configured to function as • Detective • Corrective • Preventive
  • 4. Delivering on the Promise. Organizational Data in Motion Challenges • What is the confidential data? • Where is the confidential data stored? • Where is the confidential data going? • Can the controls enforce data use polices?
  • 5. Delivering on the Promise. Enterprise Data Protection and Governance What can these tools protect • Email encryption • Content profiling • Web filtering • End-point protection • Document management • Finger printing • Employee monitoring
  • 6. Delivering on the Promise. Multiple endpoints Security / DLP • Storage drives (CD, DVD, USB) • Print devices • Websites • Home networks • Screen capture • Clipboard monitoring • Content profiling
  • 7. Delivering on the Promise. CTH Technologies Secure Care Our DLP • Agent based technology Solution • Works on and off the network • Lockdown the desktop with policy enforcement • Policies will travel
  • 8. Delivering on the Promise. Define Run Enforce policy Remediate Report on risk confidential scan and by incidents and data policy discover automatically compliance exposed data protecting files
  • 9. Delivering on the Promise. Employee Detects or Notifies Workflow Report on sends prevents employee automates risk and confidential incident remediation compliance data
  • 10. Delivering on the Promise. SENSITIVE Employee Detects Tags email Automatically Report on risk sends incidents message encrypts and confidential tagged compliance data messages
  • 11. Delivering on the Promise.
  • 12. Delivering on the Promise. CTH Demo
  • 13. Delivering on the Promise. Business Intelligence CTH DLP Summary • Behavioral Analytics • Employee Monitoring • Employee Activity / Productivity Reports • Software Audit Reporting • Usage Report • Compliance Report
  • 14. Delivering on the Promise. DLP Solutions should CTH DLP Summary • Capture and Monitor • Desktop Data • Customer and Employee Data • Application Performance Data • Analyze Data • User • Machine • Application • Risk Mitigation Compliance
  • 15. Delivering on the Promise. SAINT Security Scanner • Besides a tool for security testers, auditors can leverage the power of the Saint Security Scanner • Review Network Device Configuration • Perform Security Patch Audits • Test for PCI Compliance (Payment Card Industry) • Test for FISMA Compliance (Federal Information Security Act) • Test for HIPPA Compliance (Health Insurance Portability and Accountability Act) • Test for NERC Compliance(North American Electric Reliability Corporation) .
  • 16. Delivering on the Promise. What Can SAINT Do? Compliance • Besides various compliance checks SAINT can also Features run OVAL (Open vulnerability and Assessment Language) Vulnerability and Inventory tests • XCCDF and SCAP (NIST Extensible Configuration Checklist Description Format and Security Content Automation Protocol) • Import Lists from National Vulnerability Database http://web.nvd.nist.gov/view/ncp/repository
  • 17. Delivering on the Promise. What else is out there? Other Scanning Tools and • A list of approved Scanners: Resources http://nvd.nist.gov/scapproducts.cfm • Other DLP Vendors: Code Green Networks, Websense, Axway, and SMARSH
  • 18. Delivering on the Promise. What We Learned Summary • There are a variety of automated controls available • Each type can be used to speed up policy and procedure development • Auditors / Like security testers should have access to these tools • The right toolset should be customizable to the for any environment or reporting criteria
  • 19. Delivering on the Promise. Our Whether seen by our clients, employees, Philosophy business contacts or community, our identity is the symbol of a promise delivered with enthusiasm, innovation, teamwork, drive and commitment. • Clients - Provide premier business services to our clients • Employees - Foster an environment that maximizes personal and professional growth • Business Contacts - Maintain the highest ethical standards • Community - Enhance the future of our community
  • 20. Delivering on the Promise. Questions?