Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How Do You Feel About Data Security


Published on

Environmental professionals, lenders, corporations—regardless of our business—are all involved in the information economy. Although cyber-attacks on a company’s data are becoming more frequent and more impactful, it is common for industry professionals and business owners to feel underprepared for the cybersecurity demands of the coming years. Investment in cyber defense often lags dollars spent in other areas of technology such as energy efficiency and 'big data'. Whether due to increasing regulation or the costs of incident remediation, today’s cyber-security is about much more than just having a strong password. In this session, cyber-security experts will cover common types of cyber attackers, trends in techniques, regulations and audits, security procedures, employee training, and technology solutions. You will come away with valuable food for thought on strategies to protect your operations from cybersecurity threats.
- Matt Stansel, EDR, Director of Information Security
- Roselle Safran, President at Rosint Labs and former White House Cybersecurity Chief

Published in: Internet
  • Be the first to comment

  • Be the first to like this

How Do You Feel About Data Security

  1. 1. Protecting Privacy Matthew Stansel, CISSP Director of Information Security
  2. 2. What is Data Privacy? Data privacy is the ability of an organization or individual to determine what data in a computer system can be shared with third parties. It is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. The power of Personally Identifiable Information (PII) compels us to protect sources of this information, to be guardians of the regulated data that we collect, transmit, process or share with others.
  3. 3. - Regulation - Controls - Policies - Standards - Transparency (Audit) - People (Legal, IT, HR, Finance) Elements of Privacy Compliance
  4. 4. Things to Protect • Healthcare records • Criminal justice investigations and proceedings • Financial institutions and transactions • Biological traits, such as genetic material • Residence and geographic records • Privacy breach • Location-based service and geolocation • Web surfing behavior or user preferences using persistent cookies • Academic research
  5. 5. GDPR (General Data Protection Regulation) • GDPR is the EU policy for protection of PII • It is the most wide ranging data privacy regulation. • It affects every organization working with EU citizen data either directly or indirectly. • Technical and Administrative controls • Budgetary considerations • Compliance deadline – NOW!
  6. 6. Privacy Trends - Expanding definition of Personally Identifiable Information (PII) - More rigorous and increasing protections for regulated data - Increasing reach across the enterprise (IT, Finance, HR, Leadership) – not just IT - Increased audits, greater scrutiny - Heavy fines for breaches and non-compliance - Can be as much as 4% of annual revenue or $20M – whichever is greater
  7. 7. Increasing corporate spending - a leading international bank – “…will spend $600 million this year on cyber defense alone. It employs 1,200 people whose jobs are dedicated to nothing else but information security, although the company makes that “the job of every single employee”” Data Loss Prevention (DLP) will be a key technology toward compliance efforts. Must have comprehensive knowledge of the data, where it flows, to whom and what is being done with it. Complete transparency is also a key factor. Must be able to demonstrate data flows, governance, controls, policy adherence. Must provide the ‘right to be forgotten’ – remove all PII for a given individual, including backup data/records. Trends