SlideShare a Scribd company logo
Summary
◼ INFORMATION SECURITY
◼ IMPORTANCE OF INFORMATION SECURITY TODAY
◼ HIGH PROFILE SECURITY BREACHES (NOTABLE EVENTS)
◼ COMPLIANCE REQUIREMENTS FOR INFORMATION SECURITY (HIPPA, PCI-DSS, ISO 27001, FISMA, SOX)
◼ TAKING INFORMATION SECURITY BEYOND A COMPLIANCE FIRST
◼ BASICS OF INFORMATION SECURITY
◼ IMPORTANCE OF DATA GOVERNANCE IN INFORMATION SECURITY
◼ PRIVACY
◼ IMPORTANCE OF PRIVACY TODAY
◼ CHANGING AND EVOLVING PRIVACY REQUIREMENTS
◼ IMPORTANCE OF DATA GOVERNANCE IN PRIVACY
◼ DATA GOVERNANCE AND DATA PRIVACY
◼ WHY DATA?
◼ DATA PRIVACY - DATA PROCESSING PRINCIPLES
◼ DATA GOVERNANCE (ROPA ) AS A TOOL
◼ RECENT HIGH IMPACT DATA BREACHES
◼ RECENT HIGH PROFILE DATA BREACHES
◼ IMPACT ON CUSTOMER TRUST
◼ IMPACT OF DATA BREACH
◼ FURTHER NOTES
IMPORTANCE OF INFORMATION SECURITY TODAY
Hacking as Service
Hire hackers to get
access to company
networks
Ransomware as a
Service
Subscription based
model to use already-
developed ransomware.
Denial of Service as
a Service
A pre-configured
infrastructure for use of
DDoS attacks.
Supply Chain Attacks
Attack of a common vendor or
supplier to infiltrate numerous
company networks and systems.
Companies have a large number of
third-party vendors and SaaS
solutions that integrate with their
systems and networks.
Internet of Things
According to Gartner, IoT devices in
2020 which will grow to 75 million by
2025. IoT Malware attacks rose 700%
during the pandemic. Attacks towards
televisions, security cameras,
autonomous vehicles, to medical
devices/pacemakers.
Artificial Intelligence & Automation
Cyber criminals use AI for targeted spear-phishing
attacks using deepfakes and voice-cloning.
Weaponized AI self-seeks vulnerabilities, uses
concealed intelligent’ malware to laterally move,
executes at specific times, and acquires system
knowledge to vary attacks. PassGan uses neural
network to lean the statistical distribution of
passwords from leaks and generates high-quality
guesses.
COMPLIANCE REQUIREMENTS FOR INFORMATION
SECURITY
HIGH PROFILE SECURITY BREACHES (NOTABLE
EVENTS)
Ransomware attack in July that paralyzed as
many as 1,500 organizations by compromising
tech-management software from a company
called Kaseya
SolarWinds, a major US information
technology firm, was the subject of a
cyberattack that spread to its clients and
went undetected for months.
The hack that took down the largest fuel
pipeline in the U.S. and led to shortages
across the East Coast. Hackers entered
the network through a VPN account,
which did not use MFA.
TAKING INFORMATION SECURITY BEYOND COMPLIANCE
◼ Compliance Frameworks help drive business to
practice due diligence and make decisions not just
based on cost.
◼ Compliance frameworks are the basic building
blocks.
◼ Organizations looking to meet compliance
requirements may avoid penalties but may not
always be secure.
◼ Compliance is important, clearly, but it should be a
subset of the overall security strategy.
◼ One must always stay ahead of compliance. E.g., IoT.
START WITH THE BASICS – BASIC CYBER HYGENIE
A prioritized and prescriptive set of safeguards mitigate
approximately 83% of all attack techniques found in the MITRE
ATT&CK Framework.
Implementation Group 1 (IG1) of the Controls provide mitigation
against the attack techniques found in the top four attack patterns
listed in the 2019 Verizon Data Breach Investigations Report (DBIR),
including ransomware.
Key Next Steps:
 Identify business goals and objectives.
 Start with a gap assessment.
 Get senior leadership buy-in.
 Focus on the basics of cyber-hygiene and do it well.
 Strengthen your incident response.
 Roadmap to compliance & maturity.
“NOT IF BUT WHEN” AN INCIDENT WILL OCCUR
◼ USE the “CYBER KILL CHAIN” to understand how cyber
criminals attack and gain access to systems.
◼ Build “DETECTION & PREVENTION” based on the kill chain
to reduce the mean time to detect.
◼ Develop an “INCIDENT RESPONSE PLAN” to be prepared
and reduce the mean time to respond.
Source: 2021 IBM Cost of Data Breach Report found that the average time to detect and contain a data breach is 280 days
https://www.ibm.com/security/data-breach
Source: Lockheed Martin Cyber Kill Chain
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
DATA DRIVEN ERA - IMPORTANCE OF DATA GOVERNANCE
◼ Data today is one of the most important assets of the organization.
◼ Data governance saves money reducing duplication, errors and increasing integrity.
◼ Data governance increases access to data sharing across the organization
◼ Strong data governance ensures an organization is complying with all regulatory requirements and compliance frameworks.
Data-driven organizations are 23
times more likely to acquire
customers.
Sources:
https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights
https://bi-survey.com/big-data-benefits
https://www.forrester.com/report/InsightsDriven+Businesses+Set+The+Pace+For+Global+Growth/-/E-RES130848
Businesses that use big
data increase their profit
by 8 percent.
62% of retailers report that the
use of information and analytics
is creating a competitive
advantage for their
organization.
Insight-driven businesses are
growing at an average of 30% each
year; by 2021, they are predicted
to take $1.8 trillion annually from
their less-informed industry
competitors.
WHY DATA?
The world’s most valuable resource is no longer oil, but data | The Economist
The world’s most valuable resource is no longer oil but DATA.
What are you doing to PROTECT your most precious resource? Who has ACCESS to it? Do you know
WHERE it is? Do you know its VALUE?
What do you know about your most precious resource?
DATA PRIVACY - DATA PROCESSING PRINCIPLES
UK GDPR outlines 7 principles for processing data to create a solid framework for minimizing risk exposure:
1. Lawfulness, Fairness and Transparency
2. Purpose Limitation
3. Data Minimization
4. Accuracy
5. Storage Limitation
6. Integrity and Confidentiality
7. Accountability
Failure to comply leads to fines, breach of trust, operational disruption …..
Art. 5 GDPR – Principles relating to processing of personal data | General Data Protection Regulation (GDPR) (gdpr-info.eu)
DATA GOVERNANCE & (RECORD of PROCESSING ACTIVITIES) AS TOOLS
The GDPR obligates documentation of the processing activities relating to your data.
Good data governance and RoPA allow you to understand:
1. What data you have
2. Where your data is located
3. How the data is used
4. Who the data is shared with
This ensures data security, availability, integrity and consistency
Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org)
Records of Processing Activities | General Data Protection Regulation (GDPR) (gdpr-info.eu)
HIGH IMPACT DATA BREACHES
These data breaches show case the importance of data governance, information security and data privacy in
protecting data
June 2021
Impact: 700 Million records
Hackers scraped data by exploiting
LinkedIn’s API
Exposed data includes: Email
addresses, phone numbers,
geolocation records, LinkedIn
usernames and profile URLs, other
social media accounts & details
among others
April 2019
Impact: 533 Million records
2 Third party Facebook app datasets
exposed to public internet
Exposed data includes: Account
names, Facebook ID’s, likes, reactions,
comments and others
July 2021
Impact: Up to 1500 Organizations
records
Supply Chain Ransom ware
Exposed data includes: Organizational
database, user names and passwords
and sensitive information
The 57 Biggest Data Breaches (Updated for 2021) | UpGuard
RECENT DATA BREACH FINES
1.
2.
3.
4.
$886 MILLION
€50 MILLION
€35.3 MILLION
£20 MILLION
Three years of GDPR: the biggest fines so far - BBC News
IMPACT ON CONSUMER TRUST
The average customer is becoming privacy aware,
security aware and over all, DATA AWARE
Building consumer trust: Protecting personal data in the consumer product industry | Deloitte Insights
IMPACT OF DATA BREACH
1. FINANCIAL LOSS
2. REPUTATIONAL DAMAGE
3. OPERATIONAL DOWNTIME
4. LEGAL ACTION
5. LOSS OF SENSITIVE DATA
Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org)
What’s New in the 2021 Cost of a Data Breach Report - Security Intelligence
FURTHER NOTES
Data & Information Governance at UNSW | Data Governance
According to a Cisco analysis (2020), companies who have invested in privacy measures
experience positive returns on investments.
Based on responses from 2,500 professionals across 13 countries, companies on average
received $2.70 for every $1 spend on their privacy program.
Implementing a mature privacy program, developing a robust data governance in alignment with
company goals and implementing an efficient information security system proactive in threat
detection and incident response are key to reducing data breaches.
Study: Mature privacy programs experience higher ROI (iapp.org)
SUMMARY
1. KNOW YOUR DATA
2. PROTECT YOUR DATA
3. APPLY THE DATA PROCESSING PRINCPLES
4. INVEST IN A MATURE PRIVACY PROGRAM
5. BUILD AND IMPLEMENT A ROBUST INFORMATION SECURITY PROGRAM
THANK YOU
?
hardeep.mehrotara@gmail.com Hardeep Mehrotara
olasow@yahoo.com Mojisola Abi Sowemimo

More Related Content

What's hot

ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
Uppala Anand
 
ISO 27701
ISO 27701ISO 27701
ISO 27701
UtkarshDhiman4
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
PECB
 

What's hot (20)

2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
ISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedureISO 27001:2013 Implementation procedure
ISO 27001:2013 Implementation procedure
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
isms-presentation.ppt
isms-presentation.pptisms-presentation.ppt
isms-presentation.ppt
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013  An Overview ISO/IEC 27001:2013  An Overview
ISO/IEC 27001:2013 An Overview
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 
ISO 27701
ISO 27701ISO 27701
ISO 27701
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 

Similar to Information Security vs. Data Governance vs. Data Protection: What Is the Real Difference

Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_Pitfalls
Laris Orman
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 

Similar to Information Security vs. Data Governance vs. Data Protection: What Is the Real Difference (20)

Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_Pitfalls
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud   brighttalk webinar ...Where data security and value of data meet in the cloud   brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data Security
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Who is the next target proactive approaches to data security
Who is the next target   proactive approaches to data securityWho is the next target   proactive approaches to data security
Who is the next target proactive approaches to data security
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptxslides CapTechTalks Webinar May 2024 Alexander Perry.pptx
slides CapTechTalks Webinar May 2024 Alexander Perry.pptx
 
The impact of social media on mental health and well-being has been a topic o...
The impact of social media on mental health and well-being has been a topic o...The impact of social media on mental health and well-being has been a topic o...
The impact of social media on mental health and well-being has been a topic o...
 
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
GIÁO ÁN DẠY THÊM (KẾ HOẠCH BÀI BUỔI 2) - TIẾNG ANH 8 GLOBAL SUCCESS (2 CỘT) N...
 
Morse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptxMorse OER Some Benefits and Challenges.pptx
Morse OER Some Benefits and Challenges.pptx
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
50 ĐỀ LUYỆN THI IOE LỚP 9 - NĂM HỌC 2022-2023 (CÓ LINK HÌNH, FILE AUDIO VÀ ĐÁ...
 
How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17How to the fix Attribute Error in odoo 17
How to the fix Attribute Error in odoo 17
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 2 STEPS Using Odoo 17
 
Open Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPointOpen Educational Resources Primer PowerPoint
Open Educational Resources Primer PowerPoint
 
B.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdfB.ed spl. HI pdusu exam paper-2023-24.pdf
B.ed spl. HI pdusu exam paper-2023-24.pdf
 
The basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptxThe basics of sentences session 4pptx.pptx
The basics of sentences session 4pptx.pptx
 
Salient features of Environment protection Act 1986.pptx
Salient features of Environment protection Act 1986.pptxSalient features of Environment protection Act 1986.pptx
Salient features of Environment protection Act 1986.pptx
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdfNCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
 
size separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceuticssize separation d pharm 1st year pharmaceutics
size separation d pharm 1st year pharmaceutics
 
Gyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptxGyanartha SciBizTech Quiz slideshare.pptx
Gyanartha SciBizTech Quiz slideshare.pptx
 
The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxStudents, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptx
 
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxJose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
 

Information Security vs. Data Governance vs. Data Protection: What Is the Real Difference

  • 1.
  • 2. Summary ◼ INFORMATION SECURITY ◼ IMPORTANCE OF INFORMATION SECURITY TODAY ◼ HIGH PROFILE SECURITY BREACHES (NOTABLE EVENTS) ◼ COMPLIANCE REQUIREMENTS FOR INFORMATION SECURITY (HIPPA, PCI-DSS, ISO 27001, FISMA, SOX) ◼ TAKING INFORMATION SECURITY BEYOND A COMPLIANCE FIRST ◼ BASICS OF INFORMATION SECURITY ◼ IMPORTANCE OF DATA GOVERNANCE IN INFORMATION SECURITY ◼ PRIVACY ◼ IMPORTANCE OF PRIVACY TODAY ◼ CHANGING AND EVOLVING PRIVACY REQUIREMENTS ◼ IMPORTANCE OF DATA GOVERNANCE IN PRIVACY ◼ DATA GOVERNANCE AND DATA PRIVACY ◼ WHY DATA? ◼ DATA PRIVACY - DATA PROCESSING PRINCIPLES ◼ DATA GOVERNANCE (ROPA ) AS A TOOL ◼ RECENT HIGH IMPACT DATA BREACHES ◼ RECENT HIGH PROFILE DATA BREACHES ◼ IMPACT ON CUSTOMER TRUST ◼ IMPACT OF DATA BREACH ◼ FURTHER NOTES
  • 3. IMPORTANCE OF INFORMATION SECURITY TODAY Hacking as Service Hire hackers to get access to company networks Ransomware as a Service Subscription based model to use already- developed ransomware. Denial of Service as a Service A pre-configured infrastructure for use of DDoS attacks. Supply Chain Attacks Attack of a common vendor or supplier to infiltrate numerous company networks and systems. Companies have a large number of third-party vendors and SaaS solutions that integrate with their systems and networks. Internet of Things According to Gartner, IoT devices in 2020 which will grow to 75 million by 2025. IoT Malware attacks rose 700% during the pandemic. Attacks towards televisions, security cameras, autonomous vehicles, to medical devices/pacemakers. Artificial Intelligence & Automation Cyber criminals use AI for targeted spear-phishing attacks using deepfakes and voice-cloning. Weaponized AI self-seeks vulnerabilities, uses concealed intelligent’ malware to laterally move, executes at specific times, and acquires system knowledge to vary attacks. PassGan uses neural network to lean the statistical distribution of passwords from leaks and generates high-quality guesses.
  • 4. COMPLIANCE REQUIREMENTS FOR INFORMATION SECURITY
  • 5. HIGH PROFILE SECURITY BREACHES (NOTABLE EVENTS) Ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management software from a company called Kaseya SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months. The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast. Hackers entered the network through a VPN account, which did not use MFA.
  • 6. TAKING INFORMATION SECURITY BEYOND COMPLIANCE ◼ Compliance Frameworks help drive business to practice due diligence and make decisions not just based on cost. ◼ Compliance frameworks are the basic building blocks. ◼ Organizations looking to meet compliance requirements may avoid penalties but may not always be secure. ◼ Compliance is important, clearly, but it should be a subset of the overall security strategy. ◼ One must always stay ahead of compliance. E.g., IoT.
  • 7. START WITH THE BASICS – BASIC CYBER HYGENIE A prioritized and prescriptive set of safeguards mitigate approximately 83% of all attack techniques found in the MITRE ATT&CK Framework. Implementation Group 1 (IG1) of the Controls provide mitigation against the attack techniques found in the top four attack patterns listed in the 2019 Verizon Data Breach Investigations Report (DBIR), including ransomware. Key Next Steps:  Identify business goals and objectives.  Start with a gap assessment.  Get senior leadership buy-in.  Focus on the basics of cyber-hygiene and do it well.  Strengthen your incident response.  Roadmap to compliance & maturity.
  • 8. “NOT IF BUT WHEN” AN INCIDENT WILL OCCUR ◼ USE the “CYBER KILL CHAIN” to understand how cyber criminals attack and gain access to systems. ◼ Build “DETECTION & PREVENTION” based on the kill chain to reduce the mean time to detect. ◼ Develop an “INCIDENT RESPONSE PLAN” to be prepared and reduce the mean time to respond. Source: 2021 IBM Cost of Data Breach Report found that the average time to detect and contain a data breach is 280 days https://www.ibm.com/security/data-breach Source: Lockheed Martin Cyber Kill Chain https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
  • 9. DATA DRIVEN ERA - IMPORTANCE OF DATA GOVERNANCE ◼ Data today is one of the most important assets of the organization. ◼ Data governance saves money reducing duplication, errors and increasing integrity. ◼ Data governance increases access to data sharing across the organization ◼ Strong data governance ensures an organization is complying with all regulatory requirements and compliance frameworks. Data-driven organizations are 23 times more likely to acquire customers. Sources: https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights https://bi-survey.com/big-data-benefits https://www.forrester.com/report/InsightsDriven+Businesses+Set+The+Pace+For+Global+Growth/-/E-RES130848 Businesses that use big data increase their profit by 8 percent. 62% of retailers report that the use of information and analytics is creating a competitive advantage for their organization. Insight-driven businesses are growing at an average of 30% each year; by 2021, they are predicted to take $1.8 trillion annually from their less-informed industry competitors.
  • 10. WHY DATA? The world’s most valuable resource is no longer oil, but data | The Economist The world’s most valuable resource is no longer oil but DATA. What are you doing to PROTECT your most precious resource? Who has ACCESS to it? Do you know WHERE it is? Do you know its VALUE? What do you know about your most precious resource?
  • 11. DATA PRIVACY - DATA PROCESSING PRINCIPLES UK GDPR outlines 7 principles for processing data to create a solid framework for minimizing risk exposure: 1. Lawfulness, Fairness and Transparency 2. Purpose Limitation 3. Data Minimization 4. Accuracy 5. Storage Limitation 6. Integrity and Confidentiality 7. Accountability Failure to comply leads to fines, breach of trust, operational disruption ….. Art. 5 GDPR – Principles relating to processing of personal data | General Data Protection Regulation (GDPR) (gdpr-info.eu)
  • 12. DATA GOVERNANCE & (RECORD of PROCESSING ACTIVITIES) AS TOOLS The GDPR obligates documentation of the processing activities relating to your data. Good data governance and RoPA allow you to understand: 1. What data you have 2. Where your data is located 3. How the data is used 4. Who the data is shared with This ensures data security, availability, integrity and consistency Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org) Records of Processing Activities | General Data Protection Regulation (GDPR) (gdpr-info.eu)
  • 13. HIGH IMPACT DATA BREACHES These data breaches show case the importance of data governance, information security and data privacy in protecting data June 2021 Impact: 700 Million records Hackers scraped data by exploiting LinkedIn’s API Exposed data includes: Email addresses, phone numbers, geolocation records, LinkedIn usernames and profile URLs, other social media accounts & details among others April 2019 Impact: 533 Million records 2 Third party Facebook app datasets exposed to public internet Exposed data includes: Account names, Facebook ID’s, likes, reactions, comments and others July 2021 Impact: Up to 1500 Organizations records Supply Chain Ransom ware Exposed data includes: Organizational database, user names and passwords and sensitive information The 57 Biggest Data Breaches (Updated for 2021) | UpGuard
  • 14. RECENT DATA BREACH FINES 1. 2. 3. 4. $886 MILLION €50 MILLION €35.3 MILLION £20 MILLION Three years of GDPR: the biggest fines so far - BBC News
  • 15. IMPACT ON CONSUMER TRUST The average customer is becoming privacy aware, security aware and over all, DATA AWARE Building consumer trust: Protecting personal data in the consumer product industry | Deloitte Insights
  • 16. IMPACT OF DATA BREACH 1. FINANCIAL LOSS 2. REPUTATIONAL DAMAGE 3. OPERATIONAL DOWNTIME 4. LEGAL ACTION 5. LOSS OF SENSITIVE DATA Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org) What’s New in the 2021 Cost of a Data Breach Report - Security Intelligence
  • 17. FURTHER NOTES Data & Information Governance at UNSW | Data Governance According to a Cisco analysis (2020), companies who have invested in privacy measures experience positive returns on investments. Based on responses from 2,500 professionals across 13 countries, companies on average received $2.70 for every $1 spend on their privacy program. Implementing a mature privacy program, developing a robust data governance in alignment with company goals and implementing an efficient information security system proactive in threat detection and incident response are key to reducing data breaches. Study: Mature privacy programs experience higher ROI (iapp.org)
  • 18. SUMMARY 1. KNOW YOUR DATA 2. PROTECT YOUR DATA 3. APPLY THE DATA PROCESSING PRINCPLES 4. INVEST IN A MATURE PRIVACY PROGRAM 5. BUILD AND IMPLEMENT A ROBUST INFORMATION SECURITY PROGRAM
  • 19. THANK YOU ? hardeep.mehrotara@gmail.com Hardeep Mehrotara olasow@yahoo.com Mojisola Abi Sowemimo