Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Delivering	the	best	in	z	services,	software,	hardware	and	training.Delivering	the	best	in	z	services,	software,	hardware	a...
Who	am	I?	A	quick	introduction…
RUI	MIGUEL	FEIO
• Senior	Technical	Lead	at	RSM	Partners
• Based	in	the	UK	but	travels	all	...
Data	Privacy	on	a	Digital	
World
http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx
The	Data	Protection	Act	controls	how	your	
personal	information	is	used	by	organisations,	
businesses	or	the	government.
E...
https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/
https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/
“It	knows	who	you	ar...
The	Paradigm	of	Private	Data
General	Data	Protection	
Regulation	(GDPR)
• GDPR	is	composed	of	11	chapters	and	99	articles:
– Chapter	1	– General	provisions
– Chapter	2	– Principles
– Chapter	3	–...
• General	Data	Protection	Regulation	to	be	enforced	on	25	May	2018	
• This	regulation	will	impact	any	business,	whether	ba...
• 1	in	4	companies	in	the	UK	have	stopped	preparing	for	GDPR
• “If	you	process	data	about	individuals	in	the	context	of	se...
How	Does	GDPR	Affect	
The	Mainframe?
• Most	mainframe	sites	have	not	started	to	prepare	for	GDPR!
• Main	reasons	are:
– Belief	that	it	only	applies	to	countrie...
• How	much	customer	data	do	you	store	on	the	mainframe?
• What	type	of	data	you	are	collecting?
• How	much	of	that	data	re...
Your	Mainframe	got	breached?
How	To	Avoid	”Losing”	
Your	Head?
You	need	to	know	your	data,	your	processes,	your	
applications;	in	summary	you	need	to	know	your	
mainframe	environment…
• 7	Steps	to	meet	the	GDPR	technical	requirements:
– #	1	- Data	Discovery	&	Detection:
• Identify,	document	and	classify	t...
– #	3	- End-point-protection:
• Tapes	and	other	end-point-devices	need	to	be	controlled	
and	protected.
• Consider	this:
–...
– #	5	- Backup	and	Recovery:
• Think	of	CIA:	Confidentiality,	Integrity	and	Availability
– #	6	- Anti-virus	&	Malware	dete...
Review
SecureMonitor
Mainframe	Technical	- Summary
• Although	not	a	direct	GDPR	requirement	(at	least	not	at	the	
moment),	consider	Security	Certifications.
• It	is	extremel...
Mainframe	Technical	Hardware
• Some	examples	of	products	that	may	help	with	GDPR:
– IBM	zSecure (or	Vanguard’s	equivalent)
– IBM	Multi-Factor	Authentic...
The	Clock	is	Ticking
https://www.helpnetsecurity.com/2017/11/06/gdpr-impact-ma-activity/
Questions?
Rui	Miguel	Feio
RSM	Partners	
ruif@rsmpartners.com
mobile:	+44	(0)7570	911459
www.rsmpartners.com
Contact
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
(2017) GDPR – What Does It Mean For The Mainframe v0.2
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
What to Upload to SlideShare
Next
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

(2017) GDPR – What Does It Mean For The Mainframe v0.2

Download to read offline

In this session Rui will explain what the General Data Protection Regulation (GDPR) is and what the implications are for the mainframe. Get your mainframe ready and compliant with the GDPR before it comes to effect on May 25th, 2018.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

(2017) GDPR – What Does It Mean For The Mainframe v0.2

  1. 1. Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training. Delivering the best in z services, skills, security and software. GDPR – What Does It Mean For The Mainframe?
  2. 2. Who am I? A quick introduction… RUI MIGUEL FEIO • Senior Technical Lead at RSM Partners • Based in the UK but travels all over the world • 18 years experience working with mainframes • Started with IBM as an MVS Sys Programmer • Specialist in mainframe security • Experience in other platforms
  3. 3. Data Privacy on a Digital World
  4. 4. http://www.ohchr.org/EN/Issues/DigitalAge/Pages/DigitalAgeIndex.aspx
  5. 5. The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Everyone responsible for using data has to follow strict rules called ‘data protection principles’. The UK Data Protection Act https://www.gov.uk/data-protection/the-data-protection-act
  6. 6. https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/
  7. 7. https://www.webpagefx.com/blog/general/what-are-data-brokers-and-what-is-your-data-worth-infographic/ “It knows who you are. It knows where you live. It knows what you do.” New York Times
  8. 8. The Paradigm of Private Data
  9. 9. General Data Protection Regulation (GDPR)
  10. 10. • GDPR is composed of 11 chapters and 99 articles: – Chapter 1 – General provisions – Chapter 2 – Principles – Chapter 3 – Rights of the data subject – Chapter 4 – Controller and processor – Chapter 5 – Transfers of personal data to third countries or international organisations – Chapter 6 – Independent supervisory authorities – Chapter 7 – Cooperation and consistency – Chapter 8 – Remedies, liability and penalties – Chapter 9 – Provisions relating to specific processing situations – Chapter 10 – Delegated acts and implementing acts – Chapter 11 – Final provisions GDPR Regulation
  11. 11. • General Data Protection Regulation to be enforced on 25 May 2018 • This regulation will impact any business, whether based in the EU or not, that holds the personal data of EU citizens. • GDPR is driven by two serious threats: – Reputational damage – Monetary fines (up to €20m max or 4% of total worldwide annual turnover, whichever is higher) • Mandatory for businesses of over 250 employees to appoint a Data Protection Officer (DPO). • GDPR has several rules such as ‘the right to be forgotten’ GDPR Overview http://www.eugdpr.org/
  12. 12. • 1 in 4 companies in the UK have stopped preparing for GDPR • “If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not you the UK retains the GDPR post-Brexit.” * • 84% of financial services firms are not prepared for GDPR** The Brexit and GDPR * http://www.eugdpr.org/gdpr-faqs.html ** 2016 Egress article
  13. 13. How Does GDPR Affect The Mainframe?
  14. 14. • Most mainframe sites have not started to prepare for GDPR! • Main reasons are: – Belief that it only applies to countries of the European Union – Mainframe is unhackable so there’s nothing to be done – Mainframe meets all the GDPR requirements by default • Funny enough in some cases the GDPR compliance box has been ticked without the mainframe technical teams being even consulted!! Current Status
  15. 15. • How much customer data do you store on the mainframe? • What type of data you are collecting? • How much of that data relates to EU citizens or companies? • How data is processed, managed, stored and protected? • Which applications and processes use the data? • Who has got access to it? • Is the data properly classified? Do You Know?
  16. 16. Your Mainframe got breached?
  17. 17. How To Avoid ”Losing” Your Head?
  18. 18. You need to know your data, your processes, your applications; in summary you need to know your mainframe environment…
  19. 19. • 7 Steps to meet the GDPR technical requirements: – # 1 - Data Discovery & Detection: • Identify, document and classify the data • Where is it used, processed and stored? – # 2 - Access Control & Restriction: • Access to Data must be restricted • Access control of applications, processes and databases needs to be reviewed Mainframe Technical Perspective (1)
  20. 20. – # 3 - End-point-protection: • Tapes and other end-point-devices need to be controlled and protected. • Consider this: – Can the data be accessed by mobile devices? – Can the data be downloaded to the local terminal and transferred into a USB memory stick? – # 4 - Pseudonymisation and Encryption: • Data should be encrypted and anonymised both at “rest” and ”in transit” Mainframe Technical Perspective (2)
  21. 21. – # 5 - Backup and Recovery: • Think of CIA: Confidentiality, Integrity and Availability – # 6 - Anti-virus & Malware detection: • Does not apply to the mainframe (until it does) • Think of alerting and monitoring – # 7 - Vulnerability scanning and Penetration testing: • Consider undertaking these tests at a reasonable frequency to keep measuring your security effectiveness Mainframe Technical Perspective (3)
  22. 22. Review SecureMonitor Mainframe Technical - Summary
  23. 23. • Although not a direct GDPR requirement (at least not at the moment), consider Security Certifications. • It is extremely likely that approved certifications or codes-of- conduct specifically for GDPR will arrive, and it’s also highly possible that these will look for security certifications as pre-requisites (e.g. ISO 27001). Consider Security Certifications
  24. 24. Mainframe Technical Hardware
  25. 25. • Some examples of products that may help with GDPR: – IBM zSecure (or Vanguard’s equivalent) – IBM Multi-Factor Authentication for z/OS – IBM Security Identity Governance and Intelligence – RSM Exception Reporter – RSM Enterprise Connector – RSM zDetect – CA Privileged Access Manager – CA Test Data Manager – CA Data Content Discovery Mainframe Technical Software
  26. 26. The Clock is Ticking
  27. 27. https://www.helpnetsecurity.com/2017/11/06/gdpr-impact-ma-activity/
  28. 28. Questions?
  29. 29. Rui Miguel Feio RSM Partners ruif@rsmpartners.com mobile: +44 (0)7570 911459 www.rsmpartners.com Contact
  • MartinCasey3

    Dec. 8, 2017

In this session Rui will explain what the General Data Protection Regulation (GDPR) is and what the implications are for the mainframe. Get your mainframe ready and compliant with the GDPR before it comes to effect on May 25th, 2018.

Views

Total views

639

On Slideshare

0

From embeds

0

Number of embeds

16

Actions

Downloads

5

Shares

0

Comments

0

Likes

1

×