BSidesSF talk: Silver lining for security teams in data protection clouds

•

0 likes•286 views

The path to navigating data protection risks is often filled with uncertainty. Overestimating the risks stifles growth, and underestimating them can derail the business. To be able to measure data protection risks, security teams need to view them from both a technical and legal lens. This talk is about enabling security teams to right-size their risk profile, and to identify controls correlated with reducing data protection risks and the liability exposure of the organization.

Technology

Rafae Bhatti
Director of Security and Compliance, Mode
LinkedIn: rafaebhatti
Twitter: @privacyphd
When GDPR and CCPA strike:
Silver lining for security teams in data protection clouds

Who
Am I?
I build security programs at startups
I am also a recently licensed CA attorney

Traditional
Risk
Landscape
Backdoor
Breach

Shifting
Risk
Landscape
Breaches at your
Front door

Parallax
So an engineer and a lawyer walked into a bar…

● Data subject expectations
○ Collection
○ Processing/Sharing
○ Retention
● Data protection safeguards
○ Security controls
○ Contractual obligations
● Adequate/reasonable
○ Risk acceptance
Security From
Data Protection
Lens

Solution
When engineers and lawyers talk

Lets Run
With It
Front door breaches ahead!

Scenario 1
A company’s vendor launches an email campaign
using the personal data of the company’s users.
The data belongs to consumers in CA.
Can a CA consumer sue the company for a CCPA
violation?

Vendor
Data Use
Takeaway
● Audit data use for vendor with PII,
including cookie scan
● In addition to legal commitments, use
tools (such as plug-ins) to protect
personal data
● Tie vendor security to business
consequences

Scenario 2
A company accidentally shares a report belonging
to organization A with organization B.
The data belongs to consumers in the EU.
Is the company required to notify the consumers of
a data breach?

Data Breaches:
Crash vs.
Water Landing
Video: Sully Movie CLIP - Brace for Impact (2016) - Tom Hanks Movie

Data
Processing
Risk
Takeaway
● Degree of risk is a matter of data
subject expectation
● Mandatory code review when high level
of risk in processing data
● Tie risk of disclosure to business
consequences
Different analysis for CA and EU

Scenario 3
A company’s vendor leaks personal data about its customers.
The data belongs to consumers in CA.
Can a CA consumer sue the company for a data breach?

Reasonable
Means
Operational
Takeaway
● An operational cybersecurity program.
● An independent attestation of design
and operational effectiveness can go a
long way
● Investment in compliance pays off

Takeaways
● Audit vendor use of PII when doing vendor
security reviews
● Focus on data processing risk to guide breach
mitigation and response
● Invest in operational effectiveness of
cybersecurity program

Understanding
Risks Has its
Rewards
Security Roadmap
● Communicate security risks
● Translate risks into needs
● Create security culture
Tooling and Scaling
● Privacy Engineering

Conclusion When it’s our time to land:
Hope we are on the Hudson, not in it.

Thankyou!
LinkedIn: rafaebhatti
Twitter: @privacyphd

What's hot

Cmgt 441 complete course

Laynevine

Managing security risks in today's digital era

Singtel

GDPR for WordPress - Impacts & Solutions

ServerGuy

GDPR and Privacy AI Miner enables any organization to detect privacy data (for example data under EU GDPR) and then take action on it. Includes unique capability to train AI using own data so that AI able to detect privacy data unique for each customers’ way of doing business. The solution has been recognized and proven by IBM – We were selected as a wildcard Champion of the global IBM Watson Build challenge, and were one of eight companies at the challenge finals.

GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!

Elinar

CWIN17 New-York / earning the currency of trust

Capgemini

Understanding gdpr compliance gdpr analytics tools

RominaMariaBaltariu

The emails that you want are only the tip of the iceberg that you get. Your Challenge Within the email security gateway (ESG) marketplace, there are numerous vendors with varying options who all claim to be the perfect fit for your organization. It becomes challenging to sift through all the offerings and find the right one. An ESG must serve a multitude of functions for the organization, as well as meet an array of requirements, all of which can be hard to accurately assess and include confidently. IT security always struggles with costs. An email gateway can become expensive, but it is vital and thus needs to have a strong case made for implementation, improvement, or replacement scenarios. Our Advice Critical Insight Cloud adoption among business functions is already high. Moving email to the cloud is just another step. Take this into consideration when selecting an ESG. Advanced Persistent Threats (APTs) and Zero-Day attacks are changing the way organizations deal with threats. Recognize the need for greater visibility and tools that stay current with these developments. Impact and Result Understand developments within the ESG market to properly evaluate all capabilities and functions of an ESG. Evaluate ESG vendors and products based on your enterprise requirements. Determine which products are most appropriate for particular use cases and scenarios.

Vendor Landscape: Email Security Gateway

Info-Tech Research Group

Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...

FinTech Belgium

Cross border - off-shoring and outsourcing privacy sensitive data

Ulf Mattsson

Watch the webinar on-demand: https://info.trustarc.com/mastering-article-30-compliance-webinar.html 78% of companies need help with conducting a data inventory. As businesses grapple with the requirements of the GDPR one of the most challenging is the need to create a comprehensive record of all of your data processing activities as required under Article 30 of the GDPR. Recent research from Dimensional Research/TrustArc found that 78% of companies said they needed help with conducting a data inventory. With a project of this scale why re-invent the wheel when you can learn from other privacy professionals who have gone through the process of scoping, communicating, managing and delivering a comprehensive data inventory and mapping project. Watch this webinar on-demand to hear from in-house privacy professionals and consultants how to: - build a business case for the data inventory - involve other departments across the business - understand benefits of different methodologies – such as a systems or process-based approach - review the tools and technologies available to help for you - maintain the inventory over time To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...

TrustArc

We dispel the myth that database DevOps and compliance can't go hand in hand. We begin with a brief look at how extending DevOps to the database lays solid foundations for data governance and compliance. Our guest speaker is James Boother, Sales and Marketing Director at Coeo. Coeo are Europe's most trusted analytics and data management experts, with over 10 years’ experience delivering technology strategy and support for businesses who need to get the most from their data. In a climate where data breaches are all too frequent, and more and more data lives in the cloud, the challenge of protecting your data can seem daunting. James addresses the implications of the forthcoming GDPR on database management, highlighting requirements you may need to address. As well as offering guidance for assessing your data estate for GDPR readiness, James shares some great tools and tips for building data protection and privacy into your DevOps processes. With the right preparation, you can be fully compliant, with your data safe, whilst maintaining fast delivery of value to your end users.

Data protection and privacy in the world of database DevOps

Red Gate Software

Securing Real Estate Transactions through Threat Intelligence

Inman News

Gdpr presentation

Sudarsan Reddy

GDPR infographic

Marketing Team at Crown Worldwide Group

GDPR Jennifer Rose

Jennifer Rose

What Every Physician Needs to Know About Cloud Storage

Texas Medical Liability Trust

Speaker: Matt Skinner, Head of Digital Strategy and Data, Proctor + Stevenson The General Data Protection Regulation represents the biggest change to European data laws in decades. It comes into effect on May 25th, 2018, and if you haven’t already chalked out a compliance roadmap, it’s high time you did. The regulation has far-reaching effects and will have a significant impact on any firm that does business in the EU. This session is designed to give you a complete overview of GDPR and what it entails. Get an understanding of the regulations introduced, and what it means for your business: data security as well as marketing communications. Join the webinar to plan out your seamless transition into GDPR compliance. Who's This For - Technology professionals - Senior marketing professionals - Anyone working with agencies and clients in the EU, looking to understand the complete impact of GDPR What's In It for You - General overview of GDPR, what it means - Know how enterprises should prepare for it - Understand its impacts on data collection, websites, and comms - Review data security and GDPR’s potential long-term impact on the marketing industry View our complete series of webinars at: www.srijan.net/webinar/past webinars

[Srijan Wednesday Webinars] Is Your Business Ready for GDPR

Srijan Technologies

California's New Privacy Policy Guidelines

Brian Heidelberger

EU General Data Protection Regulation

Dr. Mira Suleimenova, CIPPe

Benefits of erp

proshenjitsaha

What's hot (20)

Cmgt 441 complete course

Managing security risks in today's digital era

GDPR for WordPress - Impacts & Solutions

GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!

CWIN17 New-York / earning the currency of trust

Understanding gdpr compliance gdpr analytics tools

Vendor Landscape: Email Security Gateway

Fintech Belgium - MeetUp on The Right Tech for your FinTech - Philippe Cornet...

Cross border - off-shoring and outsourcing privacy sensitive data

Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...

Data protection and privacy in the world of database DevOps

Securing Real Estate Transactions through Threat Intelligence

Gdpr presentation

GDPR infographic

GDPR Jennifer Rose

What Every Physician Needs to Know About Cloud Storage

[Srijan Wednesday Webinars] Is Your Business Ready for GDPR

California's New Privacy Policy Guidelines

EU General Data Protection Regulation

Benefits of erp

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds

GDPR solutions (JS Event 28/2/18) | Greenlight Computers

Gary Dodson

BigID GDPR Compliance Automation Webinar Slides

Dimitri Sirota

What is GDPR? As a holiday rental property owner, Airbnb host or holiday rental agent, why does it matter to you? You don't need to work at a large internet company like Facebook, Google or Amazon to be affected, or responsible for data protection. As part of the travel & tourism industry, you probably have personal data on your guests such as name and email address at the very least. You may also have highly sensitive data such as financial details, date of birth and passport details. The introduction of the new privacy regulation called the GENERAL DATA PROTECTION REGULATION, or GDPR, comes into effect from 25th May 2018. This webinar aims to help you understand what your obligation in how you deal with the data from the customers, the penalties and risks for non-compliance and, most importantly, a step by step roadmap to becoming GDPR compliant as a small business owner in the holiday rental industry. Alongside tips and practical advice, the webinar will explore the opportunities that the introduction of the new data protection law can have for you in the travel & tourism industry. The presentation agenda will cover: Introduction and overview to GDPR GDPR and the Holiday Rental Industry GDPR and You - Responsibilities, risks and benefits Roadmap to GDPR compliance GDPR applies to all businesses and organisations, big or small, offering products or services to citizens in the EU. Show your customers that you are committed to treating their personal data with respect and consideration by understanding how to become GDPR-ready for 25th May 2018.

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

Spain-Holiday.com

The security management of SaaS and Cloud providers is an essential element of a company’s cyber security strategy. The problem is that many companies don't even know how to start assessing these providers. Even if they do, it’s hard to scale an actionable program. However, a well-planned program will easily and quickly provide transparency into vendors’ security while facilitating significant improvements in your company’s own cyber security posture. By attending this webinar, attendees will learn how to: Tier provider evaluation based on the inherent risk/criticality of each relationship; Achieve transparency into your providers’ security practices; Implement compensating internal controls when the providers don't have or won't reveal their own; Collaborate with your providers to ensure success in the remediation process; Create KPI's to help manage, improve the process and demonstrate achievements.

The Guide to Managing the Security of Your SaaS and Cloud Providers

DevOps.com

To view the full webinar recording, visit: https://info.trustarc.com/managing-ccpa-gdpr-individual-rights-dsar-compliance.html?utm_source=slideshare One of the most visible and complex requirements to achieve CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) compliance is managing data subject access requests (DSAR), also known as individual rights or consumer rights. Recent IAPP / TrustArc benchmarking research indicates over 75% of companies have received a DSAR request, but only 33% have started to automate the management process. This webinar will cover the following: -Review the similarities and differences in the subject rights request requirements for CCPA and GDPR compliance -Provide best practices to build an end to end management process and tools to help automate the CCPA and GDPR compliance process. -Offer guidance from privacy experts who understand the regulatory requirements and have hands-on experience building and implementing successful CCPA and GDPR compliance programs To view the full webinar recording, visit: https://info.trustarc.com/managing-ccpa-gdpr-individual-rights-dsar-compliance.html?utm_source=slideshare

Feb20 Webinar - Managing Risk and Pain of Vendor Management

TrustArc

(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...

Andrew O. Leeth

What is a data protection impact assessment?

Infinity Legal Solutions

Today, growing an organization through Mergers & Acquisitions (M&A) has become a popular business practice. This can lead to great success but it can also cause a potential liability to the acquirer if global data privacy laws and regulations are not considered during the acquisition. Businesses that adopt this strategy need to be aware of how to handle the data involved in the acquisitions. Between new and evolving data privacy laws, an increased focus on regulators, and increased liability on the acquirer, incorporating data privacy practices is necessary for the M&A transaction process.

Data Privacy: The Hidden Beast within Mergers & Acquisitions

TrustArc

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance

ObservePoint

The General Data Protection Regulation (GDPR) explicitly states that any data processing activity that poses a high risk to the data subject’s rights and freedoms must undergo a Data Protection Impact Assessment in Netherland. It is one of the most important and particular processes prescribed by the Regulation for determining the risk of sensitive data exposure. The Assessment determines the level of risk associated with data processing operations that may have an impact on data subjects. Visit the blog for further details: https://infinitylegalsolutions.com/blog/

What is a data protection impact assessment? what are the essential stages to...

Infinity Legal Solutions

Can your organization afford to be fined €20 million for improperly removing customer data, as required by EU’s new General Data Protection Regulation (GDPR)? Seasoned legal and security experts from Blancco Technology Group and DLA Piper distil the legal terminology from the recently approved EU General Data Protection Regulation (GDPR) into 'how' and 'what' your organization needs to know to prepare for compliance by 2018.

EU GDPR: What You Really Need to Know

Sarah Crabb

Journey2018: Surviving and thriving under GDPR

Yieldify

One North’s Managing Director of Technology Ryan Horner and legal process and technology consultant Bob Beach share details on how the EU’s General Data Protection Regulation (GDPR) could impact digital assets. This webinar is designed to educate digital marketers, share actionable examples, and provide an overview of how One North can help clients ensure their digital properties are in compliance with the regulation and execute on those efforts. Beyond GDPR compliance, the session will also highlight important information for marketers as data privacy continues to become a critical and strategic component of digital. Access the recording: https://youtu.be/ruQpN70LGt0

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers

One North

MRS Operations Network: GDPR - Organisational Measures

MRS

Common Practice in Data Privacy Program Management

Eryk Budi Pratama

Cloud data security and GDPR compliance

Salim Benadel

Securing The Reality of Multiple Cloud Apps: Pandora's Story

CloudLock

Impact of GDPR on Third Party and M&A Security

EQS Group

Data security, privacy protection, and information governance are inextricably linked to the attorney-client relationship. Lawyers must overcome their aversion to technology and understand that protecting data is not just the IT department’s responsibility, but theirs as well, as lawyers are stewards of their own, their clients’, and their firms’ data. Learn insights and tips on how to better understand the data security environment from a lawyers’ perspective and how you can best communicate to clients the need for secure information governance. You’ll be prepared to answer the following questions that are being asked by corporate counsel and other prospective clients: Is your firm positioned to handle my data securely? What are your firm’s protocols?

Cybersecurity: How To Protect Your Law Firm Data

Rocket Matter, LLC

Data Protection Forum Brussels 230517 - Implementing GDPR

John M Walsh

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds (20)

GDPR solutions (JS Event 28/2/18) | Greenlight Computers

BigID GDPR Compliance Automation Webinar Slides

GDPR & the Travel Industry: Practical recommendations for holiday rental owners

The Guide to Managing the Security of Your SaaS and Cloud Providers

Feb20 Webinar - Managing Risk and Pain of Vendor Management

(ISC)2 Security Congress 2015 - The Cloud Trust Conundrum- You’re Asking all ...

What is a data protection impact assessment?

Data Privacy: The Hidden Beast within Mergers & Acquisitions

The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance

What is a data protection impact assessment? what are the essential stages to...

EU GDPR: What You Really Need to Know

Journey2018: Surviving and thriving under GDPR

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers

MRS Operations Network: GDPR - Organisational Measures

Common Practice in Data Privacy Program Management

Cloud data security and GDPR compliance

Securing The Reality of Multiple Cloud Apps: Pandora's Story

Impact of GDPR on Third Party and M&A Security

Cybersecurity: How To Protect Your Law Firm Data

Data Protection Forum Brussels 230517 - Implementing GDPR

Recently uploaded

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

caitlingebhard1

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

Elevate Developer Efficiency & build GenAI Application with Amazon Q

Bhuvaneswari Subramani

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

MINDCTI Revenue Release Quarter One 2024

MIND CTI

[BuildWithAI] Introduction to Gemini.pdf

Sandro Moreira

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency. The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming. Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost. This webinar will review: - Why companies are building unified Trust Centers for a robust privacy program. - How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks. - How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes. - How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc

CNIC Information System with Pakdata Cf In Pakistan

danishmna97

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

The integration landscape is changing rapidly with the introduction of technologies like GraphQL, gRPC, stream processing, iPaaS, and platformless. However, not all existing applications and industries can keep up with these new technologies. Certain industries, like manufacturing, logistics, and finance, still rely on well-established EDI-based message formats. Some applications use XML or CSV with file-based communications, while others have strict on premises deployment requirements. This talk focuses on how Ballerina's built-in integration capabilities can bridge the gap between "old" and "new" technologies, modernizing enterprise applications without disrupting business operations.

Modernizing Legacy Systems Using Ballerina

WSO2

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

The presentation was made in “Web3 Fusion: Embracing AI and Beyond” is more than a conference; it's a journey into the heart of digital transformation. The conference a provided a platform where the future of technology meets practical application. This three-day hybrid event, set in the heart of innovation, served as a gateway to the latest trends and transformative discussions in AI, Blockchain, IoT, AR/VR, and their collective impact on the information space.

AI in Action: Real World Use Cases by Anitaraj

AnitaRaj43

Explore the latest trends and insights on JavaScript usage with Pixlogix's informative blog. Discover key statistics and facts about JavaScript's role in web development, its popularity among developers, and its impact on modern websites. Stay updated with the evolving landscape of JavaScript frameworks and libraries, and learn how they're shaping the future of web development. Gain valuable insights to enhance your JavaScript skills and stay ahead in the digital realm.

JavaScript Usage Statistics 2024 - The Ultimate Guide

Pixlogix Infotech

In this session, we will discuss the journey of API governance from its initial, ungoverned state to the development of sophisticated models that tackle contemporary challenges. We'll explore how APIs have become essential in the intersection of business and technology, adapting to advancements and evolving needs. We'll focus on how organizations have moved from launching to monetizing APIs, using models like pay-per-use and subscriptions, and finding the right balance between technical implementation and business strategy. We'll also highlight the impact of governance on monetization strategies, especially how data security, compliance, and service quality influence pricing. Real-world examples will demonstrate the effective integration of governance with monetization, including AI's role in dynamic pricing. Looking ahead, we'll share insights into future trends in API governance and monetization, emphasizing the importance of adaptability, continuous learning, and innovation.

API Governance and Monetization - The evolution of API governance

WSO2

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Orbitshub

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

Samir Dash

Recently uploaded (20)

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

Vector Search -An Introduction in Oracle Database 23ai.pptx

Elevate Developer Efficiency & build GenAI Application with Amazon Q

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

MINDCTI Revenue Release Quarter One 2024

[BuildWithAI] Introduction to Gemini.pdf

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

CNIC Information System with Pakdata Cf In Pakistan

Six Myths about Ontologies: The Basics of Formal Ontology

Modernizing Legacy Systems Using Ballerina

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

AI in Action: Real World Use Cases by Anitaraj

JavaScript Usage Statistics 2024 - The Ultimate Guide

API Governance and Monetization - The evolution of API governance

Why Teams call analytics are critical to your entire business

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)

BSidesSF talk: Silver lining for security teams in data protection clouds

1. Rafae Bhatti Director of Security and Compliance, Mode LinkedIn: rafaebhatti Twitter: @privacyphd When GDPR and CCPA strike: Silver lining for security teams in data protection clouds

2. Who Am I? I build security programs at startups I am also a recently licensed CA attorney

3. What This Talk is About? Right-sizing the risk profile

4. Outline Problem Solution Conclusion Q&A

5. Traditional Risk Landscape Backdoor Breach

6. Shifting Risk Landscape Breaches at your Front door

7. Parallax So an engineer and a lawyer walked into a bar…

8. ● Data subject expectations ○ Collection ○ Processing/Sharing ○ Retention ● Data protection safeguards ○ Security controls ○ Contractual obligations ● Adequate/reasonable ○ Risk acceptance Security From Data Protection Lens

9. Challenge

10. Outline Problem Solution Conclusion Q&A

11. Solution When engineers and lawyers talk

12. Right-Sizing: Examples

13. Lets Run With It Front door breaches ahead!

14. Scenario 1 A company’s vendor launches an email campaign using the personal data of the company’s users. The data belongs to consumers in CA. Can a CA consumer sue the company for a CCPA violation?

15. CCPA Sale: Example

16. Vendor Data Use Takeaway ● Audit data use for vendor with PII, including cookie scan ● In addition to legal commitments, use tools (such as plug-ins) to protect personal data ● Tie vendor security to business consequences

17. Scenario 2 A company accidentally shares a report belonging to organization A with organization B. The data belongs to consumers in the EU. Is the company required to notify the consumers of a data breach?

18. Data Breaches: Crash vs. Water Landing Video: Sully Movie CLIP - Brace for Impact (2016) - Tom Hanks Movie

19. Clarity in Uncertainty Flight#1549 had a unique risk profile 1. Speed was too high to avoid hitting the birds 2. Altitude was too low to be able to land on any ground 3. Decision had to be made quickly Find your unique profile to calibrate risks 1. Exposed data included personal data 2. Exposed data was not encrypted 3. The source of breach has not been addressed Under CCPA -> Enough to decide Under GDPR -> Consider high risk

20. High Risk Processing?

21. Data Processing Risk Takeaway ● Degree of risk is a matter of data subject expectation ● Mandatory code review when high level of risk in processing data ● Tie risk of disclosure to business consequences Different analysis for CA and EU

22. Scenario 3 A company’s vendor leaks personal data about its customers. The data belongs to consumers in CA. Can a CA consumer sue the company for a data breach?

23. Clarity in Uncertainty Find your unique profile to calibrate risks 1. Exposed data included personal data 2. Exposed data was not encrypted 3. The breach has not been cured Under CCPA -> If NOT reasonable Under GDPR -> No private right

24. Reasonable Security

25. Reasonable Means Operational Takeaway ● An operational cybersecurity program. ● An independent attestation of design and operational effectiveness can go a long way ● Investment in compliance pays off

26. Takeaways ● Audit vendor use of PII when doing vendor security reviews ● Focus on data processing risk to guide breach mitigation and response ● Invest in operational effectiveness of cybersecurity program

27. Outline Problem Solution Conclusion Q&A

28. Understanding Risks Has its Rewards Security Roadmap ● Communicate security risks ● Translate risks into needs ● Create security culture Tooling and Scaling ● Privacy Engineering

29. Conclusion When it’s our time to land: Hope we are on the Hudson, not in it.

30. Thankyou! LinkedIn: rafaebhatti Twitter: @privacyphd

BSidesSF talk: Silver lining for security teams in data protection clouds

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds

Similar to BSidesSF talk: Silver lining for security teams in data protection clouds (20)

Recently uploaded

Recently uploaded (20)

BSidesSF talk: Silver lining for security teams in data protection clouds