This document discusses strategies for managing the growing volume of security data. It identifies four key problems caused by the abundance of security data: collecting the right data, storing data accessibly, dealing with different data formats, and controlling data access. The document recommends creating a Security Data Acquisition Strategy to determine high-value data to collect and centralize. It also suggests using log management technology to make security data accessible across programs in different formats while limiting access to centralized data.
It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.
Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.
Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
Presented at Absolut Data Event, 17 Dec 2019, at GoWork Kuningan.
Event URL: https://www.eventbrite.com/e/panel-discussion-what-will-you-prepare-with-data-in-2020-tickets-84851546259
My presentation summarized the two of KPMG publication related to Trust in Data & Analytics. The focus of this event was panel discussion.
Ref 1 : https://assets.kpmg/content/dam/kpmg/xx/pdf/2016/10/building-trust-in-analytics.pdf
Ref 2: https://assets.kpmg/content/dam/kpmg/xx/pdf/2018/02/guardians-of-trust.pdf
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
My slide deck used in People Management Association of the Philippines' (PMAP) Data Privacy Act Forum held last 18 SEP 2017 at Ace Hotel & Suites, Pasig City.
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
Where in the world is your PII and other sensitive data? by @druva incDruva
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Introduction to Information Governance and eDiscovery in the CloudeDiscoveryConsultant
Introduction to Information Governance and eDiscovery in the Cloud by Charles Skamser, well known industry thought leader and CEO of eDiscovery Solutions Group. Part of the 2011 eDSG Summer Webinar Series on Information Govenance and eDiscovery in the Cloud.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
Not too long ago, many security experts believed that the best way to defend data was to apply the strongest possible technological protections to all of the data, all of the time. While that plan may work perfectly in theory, in the real world of business this model creates unacceptable costs, performance and availability problems.
What works from both IT and management standpoints? Risk-adjusted data security. Protecting data according to risk enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues, strengthen their security and compliance profile, and achieve the right balance between business needs and security demands.
Other issues that risk-adjusted security addresses are the unnecessary expenses, availability problems and system performance lags that result when data is over-protected. And cloud-based technologies, mobile devices and the distributed enterprise require a risk-mitigation approach to security, focused on securing mission critical data, rather than the now-unachievable ‘protect all the data at all costs’ model of years past.
Here’s how to develop and deploy a risk-adjusted data protection plan
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
Is your current state really threat ready?
Amit Walia, Senior Vice President, General Manager of Data Integration and Security at Informatica, shares how to protect data from the inside and the outside from the 2015 Informatica Government Summit.
Planning Information Governance and Litigation ReadinessRich Medina
Presentation on Information Governance, Litigation Readiness, E-Discovery, and Records Management. Given at the AIIM-Wisconsin / Milwaukee Bar Association 6th Annual Electronic Discovery Conference on November 1, 2013.
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
Presented at Absolut Data Event, 17 Dec 2019, at GoWork Kuningan.
Event URL: https://www.eventbrite.com/e/panel-discussion-what-will-you-prepare-with-data-in-2020-tickets-84851546259
My presentation summarized the two of KPMG publication related to Trust in Data & Analytics. The focus of this event was panel discussion.
Ref 1 : https://assets.kpmg/content/dam/kpmg/xx/pdf/2016/10/building-trust-in-analytics.pdf
Ref 2: https://assets.kpmg/content/dam/kpmg/xx/pdf/2018/02/guardians-of-trust.pdf
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
My slide deck used in People Management Association of the Philippines' (PMAP) Data Privacy Act Forum held last 18 SEP 2017 at Ace Hotel & Suites, Pasig City.
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
Where in the world is your PII and other sensitive data? by @druva incDruva
Consumers rely on businesses to keep their personal information safe. Too few of those businesses are actively protecting that data. Here’s what’s gone wrong, and how businesses should be responding. Full blog here: http://bit.ly/1Jtzym5
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Introduction to Information Governance and eDiscovery in the CloudeDiscoveryConsultant
Introduction to Information Governance and eDiscovery in the Cloud by Charles Skamser, well known industry thought leader and CEO of eDiscovery Solutions Group. Part of the 2011 eDSG Summer Webinar Series on Information Govenance and eDiscovery in the Cloud.
The objective of this workshop is to show existing Oracle Database (Enterprise
Edition, Exadata, Autonomous Database, EXACS, DBCS) customers how to
attach your Database to Data safe and gain valuable understanding of
potential risks. Using user Assessment, understand rights and entitlement of
users and review activity auditing which provides powerful insight to database
interaction. The workshop will finish with a full sensitive data discovery and
then how to anonymize date with sensitive data masking.
The workshop is delivered in an interactive way with Presentations and Hands on
Labs to ensure complete understanding.
Extending Information Security to Non-Production EnvironmentsLindaWatson19
This paper discusses the threats that non-production environments pose to database security and provides practical advice and multiple options for ensuring data assets remain secure against unauthorized access.
ISACA New York Metro, Developing, Deploying and Managing a Risk-Adjusted Data...Ulf Mattsson
Not too long ago, many security experts believed that the best way to defend data was to apply the strongest possible technological protections to all of the data, all of the time. While that plan may work perfectly in theory, in the real world of business this model creates unacceptable costs, performance and availability problems.
What works from both IT and management standpoints? Risk-adjusted data security. Protecting data according to risk enables organizations to determine their most significant security exposures, target their budgets towards addressing the most critical issues, strengthen their security and compliance profile, and achieve the right balance between business needs and security demands.
Other issues that risk-adjusted security addresses are the unnecessary expenses, availability problems and system performance lags that result when data is over-protected. And cloud-based technologies, mobile devices and the distributed enterprise require a risk-mitigation approach to security, focused on securing mission critical data, rather than the now-unachievable ‘protect all the data at all costs’ model of years past.
Here’s how to develop and deploy a risk-adjusted data protection plan
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
Is your current state really threat ready?
Amit Walia, Senior Vice President, General Manager of Data Integration and Security at Informatica, shares how to protect data from the inside and the outside from the 2015 Informatica Government Summit.
Planning Information Governance and Litigation ReadinessRich Medina
Presentation on Information Governance, Litigation Readiness, E-Discovery, and Records Management. Given at the AIIM-Wisconsin / Milwaukee Bar Association 6th Annual Electronic Discovery Conference on November 1, 2013.
Symantec Data Loss Prevention - Technical Proposal (General)Iftikhar Ali Iqbal
The document provides the structure and content for a general technical proposal based Symantec Data Loss Prevention. Please ensure that if being used, the latest information is provided.
To implement data-centric security, while simultaneously empowering your business to compete and win in today’s nano-second world, you need to understand your data flows and your business needs from your data. Begin by answering some important questions:
•
What does your organization need from your data in order to extract the maximum business value and gain a competitive advantage?
•
What opportunities might be leveraged by improving the security posture of the data?
•
What risks exist based upon your current security posture? What would the impact of a data breach be on the organization? Be specific!
•
Have you clearly defined which data (both structured and unstructured) residing across your extended enterprise is most important to your business? Where is it?
•
What people, processes and technology are currently employed to protect your business sensitive information?
•
Who in your organization requires access to data and for what specific purposes?
•
What time constraints exist upon the organization that might affect the technical infrastructure?
•
What must you do to comply with the myriad government and industry regulations relevant to your business?
Finally, ask yourself what a successful data-centric protection program should look like in your organization. What’s most appropriate for your organization?
The answers to these and other related questions would provide you with a clearer picture of your enterprise’s “data attack surface,” which in turn will provide you with a well-documented risk profile. By answering these questions and thinking holistically about where your data is, how it’s being used and by whom, you’ll be well positioned to design and implement a robust, business-enabling data-centric protection plan that is tailored to the unique requirements of your organization.
To better understand how organizations manage the planning and securing of their digital assets, McAfee, Inc. retained Evalueserve to conduct an independent assessment of how organizations manage their security policies and processes, and what threats are perceived to pose the greatest
risk to their business. This global study of Enterprise-class organizations highlights how IT decision makers view the challenges of securing information assets in a highly regulated and increasingly complex global business environment. It is also forward-looking, revealing companies’ IT security priorities around processes, practices and technology for 2012 and beyond.
From Target to Equifax, we're learning just how expensive data breaches can be. And the cost isn't just financial - it's a hit to reputation as well. Learn how to avoid putting your organization at risk by identifying the three pitfalls of data security...and how to navigate around them.
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsPuneet Kukreja
When organisations today connect digitally and the concept of a network is found to be fast disappearing. Mobile and Cloud solutions are being enabled across the enterprise to aid digital agendas. Calls for agility by the business are driving CIOs and CISOs to look for effective trust-based service enablement models that can help cater to business demand.
Expanded top ten_big_data_security_and_privacy_challengesTom Kirby
There is some really great stuff coming out of the CSA working & research groups these days. I found this particular research paper from the big data working group to be extremely relevant and useful