SlideShare a Scribd company logo

2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf

ControlCase
ControlCase

This webinar discussed data protection by design and the Multi-cert approach to compliance. It defined data protection by design as an approach that considers data protection requirements at the design phase and throughout the lifecycle of any system. The Multi-cert approach recognizes that many organizations must comply with multiple certifications and regulations, and integrating these helps provide comprehensive data protection. Common challenges with the Multi-cert approach include redundant efforts and cost inefficiencies. ControlCase's One Audit solution aims to help organizations assess once and comply to many certifications by automating evidence collection and integrating compliance activities.

Internet
1 of 27
Download to read offline
WEBINAR: DATA PROTECTION BY DESIGN THE MULTICERT WAY YOUR IT COMPLIANCE PARTNER GO BEYOND THE CHECKLIST
ASHISH KIRTIKAR President, UK ControlCase Ashish is responsible for handling the HITRUST and CSP verticals and ensures efficient and quality delivery of services to clients in the Healthcare sector and beyond. In addition, he is also responsible for sales and execution of business for the Europe and UK regions. Ashish has over 13 years of experience and proficiency in Information and Network Security, Information Risk Management, Cyber Security, Resilience, Security Architecture Designing, Information Security Audit and Governance having handled clients across the globe. He has handled the entire gamut of project management functions related to Cyber Security/Information Security Operations across Banking, Financial, Insurance, Telecom, and IT Services and Industries. Ashish has functioned as a speaker and trainer on various Information Security Topics globally and writes online articles/blogs covering topics of Information Security and Leadership. He has a Bachelor’s Degree in Computer Science from Mumbai University and has completed a management program from the Indian School of Business and National University of Singapore. Our Speaker © ControlCase. All Rights Reserved. 2
Agenda © ControlCase. All Rights Reserved. 3 1. ControlCase Introduction 2. Data Protection by Design 3. The Multi-cert Way to Data Protection 4. Multi-cert Common Challenges 5. One Audit™ Assess Once, Comply to Many
CONTROLCASE INTRODUCTION 1 © ControlCase. All Rights Reserved. 4
ControlCase Snapshot © ControlCase. All Rights Reserved. 5 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution © ControlCase. All Rights Reserved. 6 I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center Certification & Continuous Compliance Services “
Certification Services © ControlCase. All Rights Reserved. 7 PCI DSS ISO 27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS One Audit™ Assess Once. Comply to Many. “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
DATA PROTECTION BY DESIGN 2 © ControlCase. All Rights Reserved. 8
DATA IS THE NEW OIL What is Data Protection by Design? © ControlCase. All Rights Reserved. 9
What is Data Protection by Design? © ControlCase. All Rights Reserved. 10 DATA PROTECTION = PRIVACY DATA PROTECTION = SECURITY DATA PROTECTION = PRIVACY + SECURITY animate
Data protection by design is an approach that ensures data protection requirements are considered at the design phase of any system, service, product or process and then throughout the lifecycle. ICO UK has recommended this approach to be considered for effective GDPR implementation. This approach helps in having a proactive outlook towards data protection instead of a reactive one. This helps strategize whether a detective, preventive or deterrent control needs to be implemented for overall security / protection as well as effective business operability for any system, service, product or process. What is Data Protection by Design? © ControlCase. All Rights Reserved. 11
THE MULTI-CERT WAY TO DATA PROTECTION 3 © ControlCase. All Rights Reserved. 12
Why Multi-cert? © ControlCase. All Rights Reserved. 13 In today’s world multiple certifications/regulations have been enforced for the security and privacy of data. Some cover specific datasets, overall security posture, or they may be specific to privacy requirements. A multi-cert approach acts like a tongue and groove joint, where controls which are not covered in one certification are covered in other thus giving a wholistic implementation. This assists in organization’s achieve an effective implementation of ‘Defense in Depth’, methodology which can provide deep Data Protection.
Multi-cert Way For Example: consider the following certifications, which are seen in the UK / Europe region © ControlCase. All Rights Reserved. 14 Payment Card Industry Data Security Standard (PCI DSS) Established by leading payment card issuers - Guidelines for securely processing, storing, or transmitting payment card account data. GDPR General Data Protection Regulation is a regulation in EU / UK law on data protection and privacy in the UK / European Union and the European Economic Area. It was adopted in 2016 and enforceable since 2018. ISO 27001/ISO 27002 - ISO 27001 The management framework for implementing information security within an organization. ISO 27002 are the detailed controls from an implementation perspective. SOC 2 Created by the American Institute of Certified Public Accountants (AICPA) to fill the gap for organizations that were being requested to have a SAS 70 (now SSAE 18). The purpose of a SOC 2 report is to evaluate an organization’s information systems relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
Multi-Cert Way – Data Protection by Design © ControlCase. All Rights Reserved. 15 The multi-cert approach provides an integrated way of compliance and data protection implementation by covering the multiple aspects to the right. All the regulations mentioned in the earlier slide, have a very important parameter which talks of security / privacy as a part of the organizational lifecycle. This when implemented in an integrated manner helps achieve Data Protection by Design. Compliance Management Policy Management Vendor / Third Party Management Asset and Vulnerability Management Logging and Monitoring Change Management Incident and Problem Management Data Management Risk Management Business Continuity Management HR Management Physical Security Compliance Project Management
INDUSTRY REGULATION Business Process Organizations (BPOs) GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Payments GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Financial Services GDPR, PCI DSS, PSD-2, ISO 27001, Cyber Essentials (UK) Critical Infrastructure GDPR, NIS-1 / NIS-2, ISO27001, Cyber Essentials plus (UK) Common Regulations by Region / Industry © ControlCase. All Rights Reserved. 16
MULTI-CERT COMMON CHALLENGES 4 © ControlCase. All Rights Reserved. 17
Multi-cert Common Challenges © ControlCase. All Rights Reserved. 18 Redundant Efforts Cost Inefficiencies Lack of Compliance Dashboard Fixing of Dispositions Change in Environment Reliance on Third Parties Increased Regulations Reducing Budgets (Do more with less)
ONE AUDIT™ ASSESS ONCE, COMPLY TO MANY 5 © ControlCase. All Rights Reserved. 19
ControlCase Solution – One Audit™ © ControlCase. All Rights Reserved. 20 One Audit™ Assess Once. Comply to Many. ? No. Topic Question ControlCase Integrated Standard PCI DSS 3.2.1 ISO 27001 HIPAA SOC2 4 Scoping Provide your asset list, a list of the software, databases, data storage locations, Sample Sets and other related data elements. CC4 X X X X 28 Data Encryption at rest Provide the following for all filesystems, databases and any backup media: • Details on the method (encryption, hashing, truncation, tokenization) being used to protect covered information in storage • Evidence (screenshots or settings) showing covered information is protected. For encryption method, please share the evidence of it's associated key management. • Documented description of the cryptographic architecture that includes: 1. Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date 2. The function of each key used in the cryptographic architecture. 3. Inventory of any HSMs and other secure cryptographic devices (SCD) used for key management (to be provided in inventory as part of Q4). CC37 X X X X 44 Logical Access Provide the organizational access control policy. CC63 X X X X 50 Logical Access For all assets identified in the sample provide evidence of logical access account and password features to include: CC69 X X X X 67 Logging and Monitoring For the sample, provide the audit log policy settings. CC95 X X X 67 77 Security Testing Provide external penetration test reports for network and application layer. CC115 X X X 77
Compliance Evidence Overlap © ControlCase. All Rights Reserved. 21 Regulation(s) Completed Other Regulation status based on questions overlap PCI SOC 2 ISO 27001 HIPAA 100% Complete 49.1% (84) Complete 67% (77) Complete 76.1% (54) Complete 50.9% (87) No Evidence Uploaded 33% (38) No Evidence Uploaded 23.9% (17) No Evidence Uploaded
Assisted by Automation © ControlCase. All Rights Reserved. 22 ACE • Automated Compliance Engine • Can collect evidence such as configurations remotely CDD • Data Discovery Solution • Can scan end user workstations for card data 1 2
Compliance & Certification Time Savings © ControlCase. All Rights Reserved. 23 1,600 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 350 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 2,200 hrs. total time spent on compliance & certification using another auditor* 950 hrs. total time spent on compliance & certification by partnering with ControlCase* * Based on 1 environment with 4 parallel certifications (PCI, ISO, SOC2, HIPAA).
Three Key Areas of Focus © ControlCase. All Rights Reserved. 24 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays.
Summary – Why ControlCase © ControlCase. All Rights Reserved. 25 They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company “
QUESTIONS & ANSWERS 6 © ControlCase. All Rights Reserved. 26
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com

Recommended

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
Shanmugavel Sankaran
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
automatskicorporation
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
Redazione InnovaPuglia
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
SafeNet
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
Niklas Hjorthen
 

Recommended

Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
 
The Virtual Security Officer Platform
The Virtual Security Officer PlatformThe Virtual Security Officer Platform
The Virtual Security Officer Platform
Shanmugavel Sankaran
 
Automatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security StandardsAutomatski - The Internet of Things - Security Standards
Automatski - The Internet of Things - Security Standards
automatskicorporation
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
Redazione InnovaPuglia
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
SafeNet
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
Niklas Hjorthen
 
MEDS
MEDSMEDS
MEDSmielmarketing
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Karina Matos
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
kpatrickwheeler
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
Syed Azher
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
sohailAhmad304
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
David Walker
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
ControlCase
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1Anil Kr. Dubey ISP ISLA CIISA ACSA CEH CIWSA CCNA MCSA
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
RapidScale
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
Omar Khawaja
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
 

More Related Content

Similar to 2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf

How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Karina Matos
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
kpatrickwheeler
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
Syed Azher
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
sohailAhmad304
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
DataWorks Summit
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
David Walker
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
Visionet Systems, Inc.
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
ControlCase
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
RapidScale
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
Omar Khawaja
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 

Similar to 2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf (20)

MEDS
MEDSMEDS
MEDS
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Pci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance EcosystemPci Europe 2009 Underside Of The Compliance Ecosystem
Pci Europe 2009 Underside Of The Compliance Ecosystem
 
Why ISO 27001 for an Organisation
Why ISO 27001 for an OrganisationWhy ISO 27001 for an Organisation
Why ISO 27001 for an Organisation
 
What operational technology cyber security is?
What operational technology cyber security is?What operational technology cyber security is?
What operational technology cyber security is?
 
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
Not Just a necessary evil, it’s good for business: implementing PCI DSS contr...
 
Data Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI ComplianceData Works Berlin 2018 - Worldpay - PCI Compliance
Data Works Berlin 2018 - Worldpay - PCI Compliance
 
IT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet SystemsIT Security and Risk Management - Visionet Systems
IT Security and Risk Management - Visionet Systems
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1CV_Anil K Dubey V1.1
CV_Anil K Dubey V1.1
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
Mobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric ApproachMobility Security - A Business-Centric Approach
Mobility Security - A Business-Centric Approach
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 

More from ControlCase

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
ControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
ControlCase
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
ControlCase
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
ControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
ControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
ControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
ControlCase
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
ControlCase
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
ControlCase
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
ControlCase
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase
 

More from ControlCase (20)

PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdfPCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptxIntegrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptxWebinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
 
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdfWebinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptxPCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
HITRUST Certification
HITRUST CertificationHITRUST Certification
HITRUST Certification
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP MarketplaceFedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
PCI DSS Compliance Checklist
PCI DSS Compliance ChecklistPCI DSS Compliance Checklist
PCI DSS Compliance Checklist
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 

Recently uploaded

急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
eutxy
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
VivekSinghShekhawat2
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
Javier Lasa
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
GTProductions1
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 

Recently uploaded (20)

急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
一比一原版(LBS毕业证)伦敦商学院毕业证成绩单专业办理
 
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptxInternet-Security-Safeguarding-Your-Digital-World (1).pptx
Internet-Security-Safeguarding-Your-Digital-World (1).pptx
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdfJAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
JAVIER LASA-EXPERIENCIA digital 1986-2024.pdf
 
Comptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guideComptia N+ Standard Networking lesson guide
Comptia N+ Standard Networking lesson guide
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 

2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf

  • 1. WEBINAR: DATA PROTECTION BY DESIGN THE MULTICERT WAY YOUR IT COMPLIANCE PARTNER GO BEYOND THE CHECKLIST
  • 2. ASHISH KIRTIKAR President, UK ControlCase Ashish is responsible for handling the HITRUST and CSP verticals and ensures efficient and quality delivery of services to clients in the Healthcare sector and beyond. In addition, he is also responsible for sales and execution of business for the Europe and UK regions. Ashish has over 13 years of experience and proficiency in Information and Network Security, Information Risk Management, Cyber Security, Resilience, Security Architecture Designing, Information Security Audit and Governance having handled clients across the globe. He has handled the entire gamut of project management functions related to Cyber Security/Information Security Operations across Banking, Financial, Insurance, Telecom, and IT Services and Industries. Ashish has functioned as a speaker and trainer on various Information Security Topics globally and writes online articles/blogs covering topics of Information Security and Leadership. He has a Bachelor’s Degree in Computer Science from Mumbai University and has completed a management program from the Indian School of Business and National University of Singapore. Our Speaker © ControlCase. All Rights Reserved. 2
  • 3. Agenda © ControlCase. All Rights Reserved. 3 1. ControlCase Introduction 2. Data Protection by Design 3. The Multi-cert Way to Data Protection 4. Multi-cert Common Challenges 5. One Audit™ Assess Once, Comply to Many
  • 5. ControlCase Snapshot © ControlCase. All Rights Reserved. 5 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 6. Solution © ControlCase. All Rights Reserved. 6 I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center Certification & Continuous Compliance Services “
  • 7. Certification Services © ControlCase. All Rights Reserved. 7 PCI DSS ISO 27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI P2PE GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS One Audit™ Assess Once. Comply to Many. “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
  • 8. DATA PROTECTION BY DESIGN 2 © ControlCase. All Rights Reserved. 8
  • 9. DATA IS THE NEW OIL What is Data Protection by Design? © ControlCase. All Rights Reserved. 9
  • 10. What is Data Protection by Design? © ControlCase. All Rights Reserved. 10 DATA PROTECTION = PRIVACY DATA PROTECTION = SECURITY DATA PROTECTION = PRIVACY + SECURITY animate
  • 11. Data protection by design is an approach that ensures data protection requirements are considered at the design phase of any system, service, product or process and then throughout the lifecycle. ICO UK has recommended this approach to be considered for effective GDPR implementation. This approach helps in having a proactive outlook towards data protection instead of a reactive one. This helps strategize whether a detective, preventive or deterrent control needs to be implemented for overall security / protection as well as effective business operability for any system, service, product or process. What is Data Protection by Design? © ControlCase. All Rights Reserved. 11
  • 12. THE MULTI-CERT WAY TO DATA PROTECTION 3 © ControlCase. All Rights Reserved. 12
  • 13. Why Multi-cert? © ControlCase. All Rights Reserved. 13 In today’s world multiple certifications/regulations have been enforced for the security and privacy of data. Some cover specific datasets, overall security posture, or they may be specific to privacy requirements. A multi-cert approach acts like a tongue and groove joint, where controls which are not covered in one certification are covered in other thus giving a wholistic implementation. This assists in organization’s achieve an effective implementation of ‘Defense in Depth’, methodology which can provide deep Data Protection.
  • 14. Multi-cert Way For Example: consider the following certifications, which are seen in the UK / Europe region © ControlCase. All Rights Reserved. 14 Payment Card Industry Data Security Standard (PCI DSS) Established by leading payment card issuers - Guidelines for securely processing, storing, or transmitting payment card account data. GDPR General Data Protection Regulation is a regulation in EU / UK law on data protection and privacy in the UK / European Union and the European Economic Area. It was adopted in 2016 and enforceable since 2018. ISO 27001/ISO 27002 - ISO 27001 The management framework for implementing information security within an organization. ISO 27002 are the detailed controls from an implementation perspective. SOC 2 Created by the American Institute of Certified Public Accountants (AICPA) to fill the gap for organizations that were being requested to have a SAS 70 (now SSAE 18). The purpose of a SOC 2 report is to evaluate an organization’s information systems relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy.
  • 15. Multi-Cert Way – Data Protection by Design © ControlCase. All Rights Reserved. 15 The multi-cert approach provides an integrated way of compliance and data protection implementation by covering the multiple aspects to the right. All the regulations mentioned in the earlier slide, have a very important parameter which talks of security / privacy as a part of the organizational lifecycle. This when implemented in an integrated manner helps achieve Data Protection by Design. Compliance Management Policy Management Vendor / Third Party Management Asset and Vulnerability Management Logging and Monitoring Change Management Incident and Problem Management Data Management Risk Management Business Continuity Management HR Management Physical Security Compliance Project Management
  • 16. INDUSTRY REGULATION Business Process Organizations (BPOs) GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Payments GDPR, PCI DSS, SOC2, ISO 27001, Cyber Essentials (UK) Financial Services GDPR, PCI DSS, PSD-2, ISO 27001, Cyber Essentials (UK) Critical Infrastructure GDPR, NIS-1 / NIS-2, ISO27001, Cyber Essentials plus (UK) Common Regulations by Region / Industry © ControlCase. All Rights Reserved. 16
  • 18. Multi-cert Common Challenges © ControlCase. All Rights Reserved. 18 Redundant Efforts Cost Inefficiencies Lack of Compliance Dashboard Fixing of Dispositions Change in Environment Reliance on Third Parties Increased Regulations Reducing Budgets (Do more with less)
  • 19. ONE AUDIT™ ASSESS ONCE, COMPLY TO MANY 5 © ControlCase. All Rights Reserved. 19
  • 20. ControlCase Solution – One Audit™ © ControlCase. All Rights Reserved. 20 One Audit™ Assess Once. Comply to Many. ? No. Topic Question ControlCase Integrated Standard PCI DSS 3.2.1 ISO 27001 HIPAA SOC2 4 Scoping Provide your asset list, a list of the software, databases, data storage locations, Sample Sets and other related data elements. CC4 X X X X 28 Data Encryption at rest Provide the following for all filesystems, databases and any backup media: • Details on the method (encryption, hashing, truncation, tokenization) being used to protect covered information in storage • Evidence (screenshots or settings) showing covered information is protected. For encryption method, please share the evidence of it's associated key management. • Documented description of the cryptographic architecture that includes: 1. Details of all algorithms, protocols, and keys used for the protection of cardholder data, including key strength and expiry date 2. The function of each key used in the cryptographic architecture. 3. Inventory of any HSMs and other secure cryptographic devices (SCD) used for key management (to be provided in inventory as part of Q4). CC37 X X X X 44 Logical Access Provide the organizational access control policy. CC63 X X X X 50 Logical Access For all assets identified in the sample provide evidence of logical access account and password features to include: CC69 X X X X 67 Logging and Monitoring For the sample, provide the audit log policy settings. CC95 X X X 67 77 Security Testing Provide external penetration test reports for network and application layer. CC115 X X X 77
  • 21. Compliance Evidence Overlap © ControlCase. All Rights Reserved. 21 Regulation(s) Completed Other Regulation status based on questions overlap PCI SOC 2 ISO 27001 HIPAA 100% Complete 49.1% (84) Complete 67% (77) Complete 76.1% (54) Complete 50.9% (87) No Evidence Uploaded 33% (38) No Evidence Uploaded 23.9% (17) No Evidence Uploaded
  • 22. Assisted by Automation © ControlCase. All Rights Reserved. 22 ACE • Automated Compliance Engine • Can collect evidence such as configurations remotely CDD • Data Discovery Solution • Can scan end user workstations for card data 1 2
  • 23. Compliance & Certification Time Savings © ControlCase. All Rights Reserved. 23 1,600 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 350 HRS. EVIDENCE COLLECTION* 600 HRS. CERTIFICATION SUPPORT* 2,200 hrs. total time spent on compliance & certification using another auditor* 950 hrs. total time spent on compliance & certification by partnering with ControlCase* * Based on 1 environment with 4 parallel certifications (PCI, ISO, SOC2, HIPAA).
  • 24. Three Key Areas of Focus © ControlCase. All Rights Reserved. 24 CONTROLCASE SOLUTION CONTINUOUS An effective compliance program for cyber security must provide a stream of continuous, accurate information about posture. AUTOMATED Continuous compliance requires an automated platform that collects and processes data in as close to real-time as can be achieved. INTEGRATED The best compliance programs are integrated into the systems being measured, versus built as after-the- fact overlays.
  • 25. Summary – Why ControlCase © ControlCase. All Rights Reserved. 25 They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company “
  • 26. QUESTIONS & ANSWERS 6 © ControlCase. All Rights Reserved. 26
  • 27. THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com (US) + 1 703.483.6383 (INDIA) + 91.22.62210800 contact@controlcase.com