SlideShare a Scribd company logo

Compliant Cloud Hosting: What You Need to Know | Symmetry™

Symmetry™
Symmetry™

According to the Association of Certified Fraud Examiners, fraud costs organizations an average of 5% of annual revenue, and a single incident costs $150,000 on average. But compliance penalties are often much more costly, running in the millions, and that doesn’t count secondary costs like lost business, lawsuits, bad publicity and professional censure. During this webinar we’ll discuss the best practices and services you should expect from your cloud hosting provider, and how cyber security, application security and regulatory compliance are integrated practices that must come together to support a comprehensive corporate security posture.

Technology
1 of 16
Confidential 3 Things You Need to Know About Compliant Cloud Hosting Presented by Symmetry & Alchemy Security ©2016 Symmetry
Confidential Introducing Our Presenters ©2016 Symmetry § Alchemy Security § Holistic security solutions built upon SIEM & Security Operations § Business-centric approach to information security and risk management § Managed & Monitored SIEM through virtual SOC § Nationwide experience and reach § Complete end-to-end Services § Symmetry § Leading applications management and hybrid cloud hosting solution provider § Deep expertise in SAP application management § SAP Certified in Hosting Services, Cloud Services, SAP HANA® Operations Services § We operate as a true extension of your IT team § Highly flexible, tailored solutions to meet the unique business needs of enterprise clientsScott Goolik VP of Compliance & Security Joe Bonnell Founder & CEO
Confidential Agenda ©2016 Symmetry § Why Invest In Security & Compliance Programs § Compliance Frameworks & Risk Management § Three Pillars of Risk Management § Key Requirements for Compliant Hosting
Confidential Data Breach Cost Analysis ©2016 Symmetry § $2.1T – Global Cybercrime Economic Costs Forecasted by 2019, Juniper Research § United States Breach Loss Statistics* § $7M - Average Total Cost of Data Breach § $221 – Average Cost Per Record Lost or Stolen (Direct & Indirect Costs) § 10,000 records lost ~ $2.21M or 100,000 records lost ~ $22.1M § Investments in Security Monitoring and Encryption can vastly reduce cost of data breach § Examples of stolen data: § Personally Identifiable Information § Credit Card Data § Electronic Patient Information § Intellectual Property § $$$ - Fraud *IBM – 2016 Cost of Data Breach Study: United States
Confidential Attacker Motivations ©2016 Symmetry *2016 Verizon Business Data Breach Investigations Report Type of Account Stolen (US) Black Market Value (Per Record) Banking $40 - $500 Credit Card $7 - $40 Corporate Email $500 Personal Identity Details $15 - $65 Airline Points $60 - $450 Hotel Points $20 - $200 Intellectual Property ??
Confidential Breach Analysis ©2016 Symmetry *2016 Verizon Business Data Breach Investigations Report
Confidential Cost of PCI Compliance Failures ©2016 Symmetry VISA Fines: Storing “Prohibited” Data* Merchant Level 1-3 Months 3-6 Months 7+ Months Level 1 $10,000 p/m $50,000 p/m $100,000 p/m Level 2 $5,000 p/m $25,000 p/m $50,000 p/m Visa Fines: PCI Non-Compliance Fee Schedule* 1st violation of specific compliance failure $1,000 fine 2nd violation of same compliance failure $5,000 fine 3rd violation of same compliance failure $10,000 fine 4th violation of same compliance failure $25,000 fine 5th+ violation of same compliance failure Up to Visa – inability to process credit cards Note: There are 250+ unique compliance requirements *Interlink Network Inc. Operating Regulations
Confidential Cost of HIPAA Compliance Failures ©2016 Symmetry HIPAA Violation Minimum Penalty Maximum Penalty Category 1 - Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA $100 per violation, with an annual maximum of $25,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million Category 2 - HIPAA violation due to reasonable cause and not due to willful neglect $1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million Category 3 - HIPAA violation due to willful neglect but violation is corrected within the required time period $10,000 per violation, with an annual maximum of $250,000 for repeat violations 50,000 per violation, with an annual maximum of $1.5 million Category 4 - HIPAA violation is due to willful neglect and is not corrected $50,000 per violation, with an annual maximum of $1.5 million $50,000 per violation, with an annual maximum of $1.5 million Criminal Penalties Covered entities and specified individuals whom "knowingly" obtain or disclose individually identifiable health information, offenses committed under false pretenses, or offenses with intent to sell, transfer, or use ePHI for personal gain or malicious harm. $50,000 to $250,000 fines, and up to one to ten years imprisonment
Confidential Effective Risk Management = Compliance Success ©2016 Symmetry
Confidential Risk/Compliance Management ©2016 Symmetry § Risk = Threat * Vulnerability * Impact § ergo – any zero value results in zero risk § Impact Examples § Crown Jewel Information Assets > Low Value Systems § Threat Examples § Hacking, Malware, Malicious Employees, Fraudsters, etc. § Vulnerability Examples § Unpatched Operating Systems (buffer overflow), Web Application Vulnerabilities (sql injection), Poorly implemented application access controls, etc
Confidential Impact Management ©2016 Symmetry § Robust Asset Management Program § Properly identifies & classifies systems with respect to the CIA Triad: § Confidentiality ▫ Is information stored, process or transmitted through the system considered to be confidential in nature? § Integrity ▫ What would be the organizational impact if data was compromised? § Availability ▫ If system is offline, what is the impact to the business? § Any system that characterizes any portion of the CIA triad as “critical” results in a critical rating for the system § Migrate Critical systems into highly protected and monitored security enclaves § Be able to define “normal” system behavior § Recognizing High Risk Systems Require Stringent Security Measures
Confidential Vulnerability Management ©2016 Symmetry § Identifying § Periodic Vulnerability Scanning § Priodic Penetration Testing § Network/OS Layer & Application Layer § Social Engineering (Phishing campaigns, etc) § SAP Risk Analysis with ControlPanelGRC § Segregation of Duties (SoD), Critical Transactions, Sensitive Authorizations § Protecting § Compliant Provisioning with § Stay clean by checking for SoD risks as part of the request process § Operations Governed by a Quality Program § Managed training ensures employees understand processes § Installation Qualifications (IQs) verify systems are built to specifications § Managed Patching
Confidential Threat Management ©2016 Symmetry § Identifying & Detecting: § Network and Endpoint Security Monitoring § NGFWs, Anti-malware, File Integrity Monitoring, HIDS, etc § Security Information Event Management (SIEM) § Threat Analysis § Protecting § Palo Alto NGFW § Firewall, 2-factor authorization, IDS/IPS, Web filtering, malware detonation, etc. § Robust Security Architecture - Network Segmentation § Anti-malware solutions § Data Encryption (in transit and at rest)
Confidential Key Requirements for Compliant Hosting ©2016 Symmetry § Robust Security Controls = Strong Compliance Programs § Most compliance requirements are well defined, but organizations often fail audits due to poor implementation of ongoing processes & procedures, competing resources, internal politics, and other factors § Compliant hosting solutions must include a holistic approach to Compliance requirements that: § Provides ability to migrate critical systems to highly protected security enclaves § Identifies areas of risk and vulnerability § Provides solutions that mitigate risks and vulnerabilities § Provides the heavy lifting for more complex security problems such as Network and Endpoint Security Monitoring, Penetration Testing, Next Generation Firewall Management, Vulnerability Scanning, SAP Security Controls, etc § Supports Internal process & procedures through robust reporting
Confidential EXPERT Q&A ©2016 Symmetry
Confidential THANK YOU ©2016 Symmetry Follow Us on @Symmetry_Corp & @AlchemySec to Keep in Touch & Learn Even More

Recommended

The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecurityHudson Valley Public Relations
 
Learnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for BreachLearnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for BreachPriyanka Aash
 
Cyber insurance : Fraud, waste or abuse?
Cyber insurance : Fraud, waste or abuse?Cyber insurance : Fraud, waste or abuse?
Cyber insurance : Fraud, waste or abuse?Priyanka Aash
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityTrust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityScott Carlson
 
AML Penalties Intro Deck
AML Penalties Intro Deck AML Penalties Intro Deck
AML Penalties Intro Deck ZIGRAM
 

Recommended

The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119Cyber Security Audits and Risk Management 20160119
Cyber Security Audits and Risk Management 20160119FitCEO, Inc. (FCI)
 
Cyber security audits and risk management 2016
Cyber security audits and risk management 2016Cyber security audits and risk management 2016
Cyber security audits and risk management 2016FitCEO, Inc. (FCI)
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecurityHudson Valley Public Relations
 
Learnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for BreachLearnings from the Cloud: What to Watch When Watching for Breach
Learnings from the Cloud: What to Watch When Watching for BreachPriyanka Aash
 
Cyber insurance : Fraud, waste or abuse?
Cyber insurance : Fraud, waste or abuse?Cyber insurance : Fraud, waste or abuse?
Cyber insurance : Fraud, waste or abuse?Priyanka Aash
 
Trust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityTrust But Control: Managing Privileges without killing productivity
Trust But Control: Managing Privileges without killing productivityScott Carlson
 
AML Penalties Intro Deck
AML Penalties Intro Deck AML Penalties Intro Deck
AML Penalties Intro Deck ZIGRAM
 
Fraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityFraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityStrategic Treasurer
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceCharles Steve
 
AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021ZIGRAM
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsThycotic
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Laryssa Mereszczak
 
Gone Phishing
Gone Phishing Gone Phishing
Gone Phishing stratospherenetworks
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementCharles Steve
 
Cost for Failed Certificate Management Practices
Cost for Failed Certificate Management PracticesCost for Failed Certificate Management Practices
Cost for Failed Certificate Management PracticesSOCRadar Inc
 
Stop occupational fraud - Three simple steps to help stop fraud
Stop occupational fraud - Three simple steps to help stop fraudStop occupational fraud - Three simple steps to help stop fraud
Stop occupational fraud - Three simple steps to help stop fraudWynyard Group
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
The July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeThe July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeCraig McGill
 
Trust It Mini Public
Trust It Mini PublicTrust It Mini Public
Trust It Mini PublicTrust_IT
 
ISO consultant
ISO consultantISO consultant
ISO consultantLinqsGroup
 
Managing privacy
Managing privacyManaging privacy
Managing privacyJuan Carlos Carrillo
 
Online Security Breach Compromises 77 Million Client Accounts
Online Security Breach Compromises 77 Million Client AccountsOnline Security Breach Compromises 77 Million Client Accounts
Online Security Breach Compromises 77 Million Client Accountscorelink11
 
Cybersecurity Toolkit
Cybersecurity ToolkitCybersecurity Toolkit
Cybersecurity ToolkitClaranet UK
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA PresentationMarc Crudgington, MBA
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Online Security and Privacy Issues
Online Security and Privacy IssuesOnline Security and Privacy Issues
Online Security and Privacy Issuesebusinessmantra
 
Cybersecurity in Shared Services Organizations
Cybersecurity in Shared Services OrganizationsCybersecurity in Shared Services Organizations
Cybersecurity in Shared Services OrganizationsScottMadden, Inc.
 

More Related Content

What's hot

Fraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityFraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityStrategic Treasurer
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceCharles Steve
 
AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021ZIGRAM
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsThycotic
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Laryssa Mereszczak
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementCharles Steve
 
Cost for Failed Certificate Management Practices
Cost for Failed Certificate Management PracticesCost for Failed Certificate Management Practices
Cost for Failed Certificate Management PracticesSOCRadar Inc
 
Stop occupational fraud - Three simple steps to help stop fraud
Stop occupational fraud - Three simple steps to help stop fraudStop occupational fraud - Three simple steps to help stop fraud
Stop occupational fraud - Three simple steps to help stop fraudWynyard Group
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessBeyondTrust
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsBeyondTrust
 
The July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeThe July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeCraig McGill
 
Trust It Mini Public
Trust It Mini PublicTrust It Mini Public
Trust It Mini PublicTrust_IT
 
ISO consultant
ISO consultantISO consultant
ISO consultantLinqsGroup
 
Online Security Breach Compromises 77 Million Client Accounts
Online Security Breach Compromises 77 Million Client AccountsOnline Security Breach Compromises 77 Million Client Accounts
Online Security Breach Compromises 77 Million Client Accountscorelink11
 
Cybersecurity Toolkit
Cybersecurity ToolkitCybersecurity Toolkit
Cybersecurity ToolkitClaranet UK
 

What's hot (17)

Fraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for securityFraud is rampant Six key Principles for security
Fraud is rampant Six key Principles for security
 
Third party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligenceThird party risk management with cyber threat intelligence
Third party risk management with cyber threat intelligence
 
AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021AML Penalties Closed Beta 7 June 2021
AML Penalties Closed Beta 7 June 2021
 
Comply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed AuditsComply or Die: Learn How to Avoid Failed Audits
Comply or Die: Learn How to Avoid Failed Audits
 
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
Cal Net Tech Talk Webinar Vulnerability Management 101-10 Essential Rules to ...
 
Gone Phishing
Gone Phishing Gone Phishing
Gone Phishing
 
Tackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-managementTackling the-challenges-of-third-party-risk-management
Tackling the-challenges-of-third-party-risk-management
 
Cost for Failed Certificate Management Practices
Cost for Failed Certificate Management PracticesCost for Failed Certificate Management Practices
Cost for Failed Certificate Management Practices
 
Stop occupational fraud - Three simple steps to help stop fraud
Stop occupational fraud - Three simple steps to help stop fraudStop occupational fraud - Three simple steps to help stop fraud
Stop occupational fraud - Three simple steps to help stop fraud
 
Enemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling AccessEnemy from Within: Managing and Controlling Access
Enemy from Within: Managing and Controlling Access
 
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged AccountsHow Federal Agencies Can Build a Layered Defense for Privileged Accounts
How Federal Agencies Can Build a Layered Defense for Privileged Accounts
 
The July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk LandscapeThe July 2017 Cybersecurity Risk Landscape
The July 2017 Cybersecurity Risk Landscape
 
Trust It Mini Public
Trust It Mini PublicTrust It Mini Public
Trust It Mini Public
 
ISO consultant
ISO consultantISO consultant
ISO consultant
 
Managing privacy
Managing privacyManaging privacy
Managing privacy
 
Online Security Breach Compromises 77 Million Client Accounts
Online Security Breach Compromises 77 Million Client AccountsOnline Security Breach Compromises 77 Million Client Accounts
Online Security Breach Compromises 77 Million Client Accounts
 
Cybersecurity Toolkit
Cybersecurity ToolkitCybersecurity Toolkit
Cybersecurity Toolkit
 

Similar to Compliant Cloud Hosting: What You Need to Know | Symmetry™

Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Online Security and Privacy Issues
Online Security and Privacy IssuesOnline Security and Privacy Issues
Online Security and Privacy Issuesebusinessmantra
 
Cybersecurity in Shared Services Organizations
Cybersecurity in Shared Services OrganizationsCybersecurity in Shared Services Organizations
Cybersecurity in Shared Services OrganizationsScottMadden, Inc.
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALWayne Anderson
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security ArchitecturePriyanka Aash
 
ISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email CompromiseISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email CompromiseLaurent Pacalin
 
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium BusinessesWeb Application Security For Small and Medium Businesses
Web Application Security For Small and Medium BusinessesSasha Nunke
 
Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020Pete Nieminen
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1NetWatcher
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementMafazo: Digital Solutions
 
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPTAmazon Web Services
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsCA Technologies
 

Similar to Compliant Cloud Hosting: What You Need to Know | Symmetry™ (20)

ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Online Security and Privacy Issues
Online Security and Privacy IssuesOnline Security and Privacy Issues
Online Security and Privacy Issues
 
Cybersecurity in Shared Services Organizations
Cybersecurity in Shared Services OrganizationsCybersecurity in Shared Services Organizations
Cybersecurity in Shared Services Organizations
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Unrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINALUnrestricted - Complex Regulation Practical Security FINAL
Unrestricted - Complex Regulation Practical Security FINAL
 
2011 Intro Bio Lock
2011 Intro Bio Lock2011 Intro Bio Lock
2011 Intro Bio Lock
 
From Business Architecture to Security Architecture
From Business Architecture to Security ArchitectureFrom Business Architecture to Security Architecture
From Business Architecture to Security Architecture
 
ISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email CompromiseISMG - Fighting Business Email Compromise
ISMG - Fighting Business Email Compromise
 
Web Application Security For Small and Medium Businesses
Web Application Security For Small and Medium BusinessesWeb Application Security For Small and Medium Businesses
Web Application Security For Small and Medium Businesses
 
Falcon 012009
Falcon 012009Falcon 012009
Falcon 012009
 
Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020Tivi - Tunnistautuminen - 2020
Tivi - Tunnistautuminen - 2020
 
Cyber 101 for smb execs v1
Cyber 101 for smb execs v1Cyber 101 for smb execs v1
Cyber 101 for smb execs v1
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
Cyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk ManagementCyber Security Vendor Risk Management /Supply Chain Risk Management
Cyber Security Vendor Risk Management /Supply Chain Risk Management
 
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
 
Fortify technology
Fortify technologyFortify technology
Fortify technology
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 

More from Symmetry™

Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...
Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...
Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...Symmetry™
 
Carlisle Construction Materials: Value Achieved in Automated Controls in an S...
Carlisle Construction Materials: Value Achieved in Automated Controls in an S...Carlisle Construction Materials: Value Achieved in Automated Controls in an S...
Carlisle Construction Materials: Value Achieved in Automated Controls in an S...Symmetry™
 
An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...
An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...
An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...Symmetry™
 
Managed Hosting Buyer’s Checklist | Symmetry
Managed Hosting Buyer’s Checklist | SymmetryManaged Hosting Buyer’s Checklist | Symmetry
Managed Hosting Buyer’s Checklist | SymmetrySymmetry™
 
Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetrySymmetry™
 
SAP HANA® Deployment Guide | Symmetry
SAP HANA® Deployment Guide | SymmetrySAP HANA® Deployment Guide | Symmetry
SAP HANA® Deployment Guide | SymmetrySymmetry™
 
ControlPanelGRC® Security Risk Assessment | Symmetry
ControlPanelGRC® Security Risk Assessment | SymmetryControlPanelGRC® Security Risk Assessment | Symmetry
ControlPanelGRC® Security Risk Assessment | SymmetrySymmetry™
 
Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Symmetry™
 
Prevent SAP Security Vulnerabilities | Symmetry
Prevent SAP Security Vulnerabilities | SymmetryPrevent SAP Security Vulnerabilities | Symmetry
Prevent SAP Security Vulnerabilities | SymmetrySymmetry™
 
SAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySymmetry™
 
3 Ways to Future-Proof Your SAP® on IBM i Implementation
3 Ways to Future-Proof Your SAP® on IBM i Implementation3 Ways to Future-Proof Your SAP® on IBM i Implementation
3 Ways to Future-Proof Your SAP® on IBM i ImplementationSymmetry™
 
Simplifying the path to SAP Solution Manager 7.2 | Symmetry™
Simplifying the path to SAP Solution Manager 7.2 | Symmetry™Simplifying the path to SAP Solution Manager 7.2 | Symmetry™
Simplifying the path to SAP Solution Manager 7.2 | Symmetry™Symmetry™
 
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Symmetry™
 
Best Practices for SAP Access Controls | Symmetry™
Best Practices for SAP Access Controls | Symmetry™Best Practices for SAP Access Controls | Symmetry™
Best Practices for SAP Access Controls | Symmetry™Symmetry™
 
Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™
Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™
Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™Symmetry™
 
Compliance Automation: The Complete Journey | Symmetry™
Compliance Automation: The Complete Journey | Symmetry™Compliance Automation: The Complete Journey | Symmetry™
Compliance Automation: The Complete Journey | Symmetry™Symmetry™
 
Symmetry and smartShift | Revolutionizing SAP® Technology Transformation
Symmetry and smartShift | Revolutionizing SAP® Technology TransformationSymmetry and smartShift | Revolutionizing SAP® Technology Transformation
Symmetry and smartShift | Revolutionizing SAP® Technology TransformationSymmetry™
 

More from Symmetry™ (17)

Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...
Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...
Delivering Unparalleled System Uptime and Peace-of-Mind For Critical Systems ...
 
Carlisle Construction Materials: Value Achieved in Automated Controls in an S...
Carlisle Construction Materials: Value Achieved in Automated Controls in an S...Carlisle Construction Materials: Value Achieved in Automated Controls in an S...
Carlisle Construction Materials: Value Achieved in Automated Controls in an S...
 
An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...
An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...
An SAP upgrade and HANA Cloud Case Study: Carlisle Construction Materials | S...
 
Managed Hosting Buyer’s Checklist | Symmetry
Managed Hosting Buyer’s Checklist | SymmetryManaged Hosting Buyer’s Checklist | Symmetry
Managed Hosting Buyer’s Checklist | Symmetry
 
Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | Symmetry
 
SAP HANA® Deployment Guide | Symmetry
SAP HANA® Deployment Guide | SymmetrySAP HANA® Deployment Guide | Symmetry
SAP HANA® Deployment Guide | Symmetry
 
ControlPanelGRC® Security Risk Assessment | Symmetry
ControlPanelGRC® Security Risk Assessment | SymmetryControlPanelGRC® Security Risk Assessment | Symmetry
ControlPanelGRC® Security Risk Assessment | Symmetry
 
Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...Review the five signs that you need a new Segregation of Duties compliance st...
Review the five signs that you need a new Segregation of Duties compliance st...
 
Prevent SAP Security Vulnerabilities | Symmetry
Prevent SAP Security Vulnerabilities | SymmetryPrevent SAP Security Vulnerabilities | Symmetry
Prevent SAP Security Vulnerabilities | Symmetry
 
SAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | SymmetrySAP Compliance Management Demystified | Symmetry
SAP Compliance Management Demystified | Symmetry
 
3 Ways to Future-Proof Your SAP® on IBM i Implementation
3 Ways to Future-Proof Your SAP® on IBM i Implementation3 Ways to Future-Proof Your SAP® on IBM i Implementation
3 Ways to Future-Proof Your SAP® on IBM i Implementation
 
Simplifying the path to SAP Solution Manager 7.2 | Symmetry™
Simplifying the path to SAP Solution Manager 7.2 | Symmetry™Simplifying the path to SAP Solution Manager 7.2 | Symmetry™
Simplifying the path to SAP Solution Manager 7.2 | Symmetry™
 
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™
 
Best Practices for SAP Access Controls | Symmetry™
Best Practices for SAP Access Controls | Symmetry™Best Practices for SAP Access Controls | Symmetry™
Best Practices for SAP Access Controls | Symmetry™
 
Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™
Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™
Get Audit Ready | Enterprise Risk Management Implementation | Symmetry™
 
Compliance Automation: The Complete Journey | Symmetry™
Compliance Automation: The Complete Journey | Symmetry™Compliance Automation: The Complete Journey | Symmetry™
Compliance Automation: The Complete Journey | Symmetry™
 
Symmetry and smartShift | Revolutionizing SAP® Technology Transformation
Symmetry and smartShift | Revolutionizing SAP® Technology TransformationSymmetry and smartShift | Revolutionizing SAP® Technology Transformation
Symmetry and smartShift | Revolutionizing SAP® Technology Transformation
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 

Compliant Cloud Hosting: What You Need to Know | Symmetry™

  • 1. Confidential 3 Things You Need to Know About Compliant Cloud Hosting Presented by Symmetry & Alchemy Security ©2016 Symmetry
  • 2. Confidential Introducing Our Presenters ©2016 Symmetry § Alchemy Security § Holistic security solutions built upon SIEM & Security Operations § Business-centric approach to information security and risk management § Managed & Monitored SIEM through virtual SOC § Nationwide experience and reach § Complete end-to-end Services § Symmetry § Leading applications management and hybrid cloud hosting solution provider § Deep expertise in SAP application management § SAP Certified in Hosting Services, Cloud Services, SAP HANA® Operations Services § We operate as a true extension of your IT team § Highly flexible, tailored solutions to meet the unique business needs of enterprise clientsScott Goolik VP of Compliance & Security Joe Bonnell Founder & CEO
  • 3. Confidential Agenda ©2016 Symmetry § Why Invest In Security & Compliance Programs § Compliance Frameworks & Risk Management § Three Pillars of Risk Management § Key Requirements for Compliant Hosting
  • 4. Confidential Data Breach Cost Analysis ©2016 Symmetry § $2.1T – Global Cybercrime Economic Costs Forecasted by 2019, Juniper Research § United States Breach Loss Statistics* § $7M - Average Total Cost of Data Breach § $221 – Average Cost Per Record Lost or Stolen (Direct & Indirect Costs) § 10,000 records lost ~ $2.21M or 100,000 records lost ~ $22.1M § Investments in Security Monitoring and Encryption can vastly reduce cost of data breach § Examples of stolen data: § Personally Identifiable Information § Credit Card Data § Electronic Patient Information § Intellectual Property § $$$ - Fraud *IBM – 2016 Cost of Data Breach Study: United States
  • 5. Confidential Attacker Motivations ©2016 Symmetry *2016 Verizon Business Data Breach Investigations Report Type of Account Stolen (US) Black Market Value (Per Record) Banking $40 - $500 Credit Card $7 - $40 Corporate Email $500 Personal Identity Details $15 - $65 Airline Points $60 - $450 Hotel Points $20 - $200 Intellectual Property ??
  • 6. Confidential Breach Analysis ©2016 Symmetry *2016 Verizon Business Data Breach Investigations Report
  • 7. Confidential Cost of PCI Compliance Failures ©2016 Symmetry VISA Fines: Storing “Prohibited” Data* Merchant Level 1-3 Months 3-6 Months 7+ Months Level 1 $10,000 p/m $50,000 p/m $100,000 p/m Level 2 $5,000 p/m $25,000 p/m $50,000 p/m Visa Fines: PCI Non-Compliance Fee Schedule* 1st violation of specific compliance failure $1,000 fine 2nd violation of same compliance failure $5,000 fine 3rd violation of same compliance failure $10,000 fine 4th violation of same compliance failure $25,000 fine 5th+ violation of same compliance failure Up to Visa – inability to process credit cards Note: There are 250+ unique compliance requirements *Interlink Network Inc. Operating Regulations
  • 8. Confidential Cost of HIPAA Compliance Failures ©2016 Symmetry HIPAA Violation Minimum Penalty Maximum Penalty Category 1 - Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA $100 per violation, with an annual maximum of $25,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million Category 2 - HIPAA violation due to reasonable cause and not due to willful neglect $1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million Category 3 - HIPAA violation due to willful neglect but violation is corrected within the required time period $10,000 per violation, with an annual maximum of $250,000 for repeat violations 50,000 per violation, with an annual maximum of $1.5 million Category 4 - HIPAA violation is due to willful neglect and is not corrected $50,000 per violation, with an annual maximum of $1.5 million $50,000 per violation, with an annual maximum of $1.5 million Criminal Penalties Covered entities and specified individuals whom "knowingly" obtain or disclose individually identifiable health information, offenses committed under false pretenses, or offenses with intent to sell, transfer, or use ePHI for personal gain or malicious harm. $50,000 to $250,000 fines, and up to one to ten years imprisonment
  • 9. Confidential Effective Risk Management = Compliance Success ©2016 Symmetry
  • 10. Confidential Risk/Compliance Management ©2016 Symmetry § Risk = Threat * Vulnerability * Impact § ergo – any zero value results in zero risk § Impact Examples § Crown Jewel Information Assets > Low Value Systems § Threat Examples § Hacking, Malware, Malicious Employees, Fraudsters, etc. § Vulnerability Examples § Unpatched Operating Systems (buffer overflow), Web Application Vulnerabilities (sql injection), Poorly implemented application access controls, etc
  • 11. Confidential Impact Management ©2016 Symmetry § Robust Asset Management Program § Properly identifies & classifies systems with respect to the CIA Triad: § Confidentiality ▫ Is information stored, process or transmitted through the system considered to be confidential in nature? § Integrity ▫ What would be the organizational impact if data was compromised? § Availability ▫ If system is offline, what is the impact to the business? § Any system that characterizes any portion of the CIA triad as “critical” results in a critical rating for the system § Migrate Critical systems into highly protected and monitored security enclaves § Be able to define “normal” system behavior § Recognizing High Risk Systems Require Stringent Security Measures
  • 12. Confidential Vulnerability Management ©2016 Symmetry § Identifying § Periodic Vulnerability Scanning § Priodic Penetration Testing § Network/OS Layer & Application Layer § Social Engineering (Phishing campaigns, etc) § SAP Risk Analysis with ControlPanelGRC § Segregation of Duties (SoD), Critical Transactions, Sensitive Authorizations § Protecting § Compliant Provisioning with § Stay clean by checking for SoD risks as part of the request process § Operations Governed by a Quality Program § Managed training ensures employees understand processes § Installation Qualifications (IQs) verify systems are built to specifications § Managed Patching
  • 13. Confidential Threat Management ©2016 Symmetry § Identifying & Detecting: § Network and Endpoint Security Monitoring § NGFWs, Anti-malware, File Integrity Monitoring, HIDS, etc § Security Information Event Management (SIEM) § Threat Analysis § Protecting § Palo Alto NGFW § Firewall, 2-factor authorization, IDS/IPS, Web filtering, malware detonation, etc. § Robust Security Architecture - Network Segmentation § Anti-malware solutions § Data Encryption (in transit and at rest)
  • 14. Confidential Key Requirements for Compliant Hosting ©2016 Symmetry § Robust Security Controls = Strong Compliance Programs § Most compliance requirements are well defined, but organizations often fail audits due to poor implementation of ongoing processes & procedures, competing resources, internal politics, and other factors § Compliant hosting solutions must include a holistic approach to Compliance requirements that: § Provides ability to migrate critical systems to highly protected security enclaves § Identifies areas of risk and vulnerability § Provides solutions that mitigate risks and vulnerabilities § Provides the heavy lifting for more complex security problems such as Network and Endpoint Security Monitoring, Penetration Testing, Next Generation Firewall Management, Vulnerability Scanning, SAP Security Controls, etc § Supports Internal process & procedures through robust reporting
  • 16. Confidential THANK YOU ©2016 Symmetry Follow Us on @Symmetry_Corp & @AlchemySec to Keep in Touch & Learn Even More