SlideShare a Scribd company logo

A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats

Download as PPTX, PDF
K
Kirsty Donovan

With the ever-increasing frequency and sophistication of security threats to organisations, business leaders need to have a comprehensive data security strategy to protect themselves. Information security practitioners have to think and plan beyond existing protection capabilities that are aimed at preventing threats only. In this Information Security presentation, you can find out what actions can be taken to identify your most critical information assets, and how a modern day cyber security model needs to focus on prevention and detection of a data breach, and how to respond to a breach in order to reduce damage to brand and reputation. You can also find the full briefing paper on 'Data Leakage Prevention' at https://www.securityforum.org/research/data-leakage-prevention-briefing-paper/

Technology
1 of 37
Copyright 2018 © Information Security Forum Limited ISF Presentation 1 A Data Breach Prevention, Detection & Response Strategy to Combat Today's Threats Nick Frost, Principal Consultant Information Security Forum (ISF)
Copyright 2018 © Information Security Forum Limited ISF Presentation 2 An international association of over 400 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the ISF
Copyright 2018 © Information Security Forum Limited ISF Presentation 3 ISF Security Model
Copyright 2018 © Information Security Forum Limited ISF Presentation 4 Agenda Setting the scene1 Identifying critical information assets to protect2 Developing a pragmatic DLP strategy for todays threat landscape3 Questions?5 Implementing a DLP strategy4
Copyright 2018 © Information Security Forum Limited ISF Presentation 5 1. Setting the scene
Copyright 2018 © Information Security Forum Limited ISF Presentation 6 What is Data Leakage Prevention (DLP)? Definition: DLP can be defined as the practice of detecting and preventing the unauthorised disclosure of data. Data Loss Prevention Data Loss ProtectionData Leakage Prevention Purpose: the main purpose of DLP is to ensure that specific sensitive data is not leaked.
Copyright 2018 © Information Security Forum Limited ISF Presentation 7 Data Breaches This year we have over 53,000 incidents and 2,216 confirmed data breaches
Copyright 2018 © Information Security Forum Limited ISF Presentation 8 Data Breaches today http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Copyright 2018 © Information Security Forum Limited ISF Presentation 9 Data Breaches – What did 2008 look like? https://www.forbes.com/2008/11/21/data-breaches-cybertheft-identity08-tech-cx_ag_1121breaches_slide/ 12.5 million customers 4.2 million customers 1.2 million customers
Copyright 2018 © Information Security Forum Limited ISF Presentation 10
Copyright 2018 © Information Security Forum Limited ISF Presentation 11 Operations - Information relating to delivery of the organisation’s products and services - Logistical arrangements/operational information - Manufacturing specifications - Production costs - Pre-programmed commands IT infrastructure - Infrastructure information (including information regarding the hardware, software, network and facilities) - Cryptographic information/private encryption keys//licensing and activation keys - Network topology - Password files Financial - Unannounced financial results - Information relating to the financial management of the organisation - Cost structure and price calculations - Profit margin strategy - Contractual agreements Sales and marketing - Product pipeline/market strategy - Brand / logos (protected legally) - Business intelligence/market analysis - Market research and analysis - Information relating to promoting and selling an organisation’s products and services - Competitor analysis - Sales pipeline - Customer information / leads - Non-competition agreements Personal - Information or details relating directly to an individual, such as employees, customers or citizens - Personally identifiable information (PII) - Financial/customer information - Sensitive personal information - Customer lists/master files/price lists - Medical records - Tax records - User credentials External party - Information belonging to individuals or external parties, such as suppliers, business partners or customers. - Distribution plans - Software source code - Non-competition agreements Regulated - Information subject to or covered by legal or regulatory requirements - Customer profile database (containing PII) - Cryptographic algorithms (subject to export control) - Blueprints or designs for new aircraft Business and governance - Information relating to current and future trading - Board papers and resolutions - Mergers, acquisitions & divestment details - Business strategy/plans - Business negotiations/bidding details - Contractual details - Cost structure, margin strategy, price calculations Research and development - Early phase research for new products/results of studies or investigations - Ideas and concepts relating to possible and planned future products and services, which are generated, modelled and developed - Trade secrets - Patent applications/registered designs - Pre-patent/legally protected information - Prototype details - Unregistered engineering designs/product blueprints and schematics - Algorithms/source code/formulas/techniques - Planned exploration locations - Development plans/technology roadmaps Intellectual property - Original information solely generated and owned by the organisation - Proprietary algorithms - Trade secrets - Unregistered/pre-patent information Examples of information / data types
Copyright 2018 © Information Security Forum Limited ISF Presentation 12 Types of data ISF Members protect using DLP Based on 147 participants
Copyright 2018 © Information Security Forum Limited ISF Presentation 13 Information as an asset “Our employees are our most valuable asset” CEO
Copyright 2018 © Information Security Forum Limited ISF Presentation 14 Benefits of a DLP programme Supporting compliance Visibility of the usage of sensitive data Improving security awareness and behaviour Detecting exfiltration of data by external threats DLP 77% of surveyed ISF Members implement DLP to reduce the frequency and magnitude of accidental data leakage; almost the same implemented DLP to mitigate malicious data leakage (76%)
Copyright 2018 © Information Security Forum Limited ISF Presentation 15 2. Identifying critical information assets to protect
Copyright 2018 © Information Security Forum Limited ISF Presentation 16 The format of information
Copyright 2018 © Information Security Forum Limited ISF Presentation 17 The life cycle of information
Copyright 2018 © Information Security Forum Limited ISF Presentation 18 The footprint of an information asset
Copyright 2018 © Information Security Forum Limited ISF Presentation 19
Copyright 2018 © Information Security Forum Limited ISF Presentation 20 Identify mission critical assets - Merger and acquisition details - Early phase research - Trade secrets - Manufacturing specifications - Logistics information - Cryptographic information - Registered designs / patents - Market analysis - Non-competition agreements - Pre-programmed commands - Unregistered / pre-patent data - Infrastructure information - Financial results - Prototype information
Copyright 2018 © Information Security Forum Limited ISF Presentation 21 3. Developing a pragmatic DLP strategy for todays threat landscape
Copyright 2018 © Information Security Forum Limited ISF Presentation 22 Core activities that make up a DLP strategy
Copyright 2018 © Information Security Forum Limited ISF Presentation 23 Identify mission critical assets Fingerprinting (indexing) Described content matching Optical character recognition (Image recognition) Machine learning (Statistical analysis)
Copyright 2018 © Information Security Forum Limited ISF Presentation 24 Monitor data leakage channels
Copyright 2018 © Information Security Forum Limited ISF Presentation 25 Coverage of data leakage channels Based on 147 participants
Copyright 2018 © Information Security Forum Limited ISF Presentation 26 Actions taken in response Act to prevent data from leaking
Copyright 2018 © Information Security Forum Limited ISF Presentation 27 Actions taken in response “Start with monitoring and detecting before implementing any protective controls”
Copyright 2018 © Information Security Forum Limited ISF Presentation 28 DLP tools and policies • Technical DLP policies provide a set of rules governing the handling of data • The rules in the policy determine the action to initiate when the conditions are met • Different rules depend on the level of risk (transfer of 20 or 20000 records)
Copyright 2018 © Information Security Forum Limited ISF Presentation 29 DLP tools and policies
Copyright 2018 © Information Security Forum Limited ISF Presentation 30 Main types of action Notifying BlockingLogging violations Hard block Soft block
Copyright 2018 © Information Security Forum Limited ISF Presentation 31 Actions taken in response to policy violations Based on 147 participants
Copyright 2018 © Information Security Forum Limited ISF Presentation 32 4. Implementing a DLP strategy
Copyright 2018 © Information Security Forum Limited ISF Presentation 33 Actions taken in response to policy violations Governance Preparation Implementation
Copyright 2018 © Information Security Forum Limited ISF Presentation 34 Actions taken in response to policy violations – Obtain executive support – Define DLP programme objectives – Assign roles and responsibilities Governance Preparation Implementation – Involve business stakeholders – Prioritise what data to protect – Select DLP tools – Integrate DLP tools into existing environment – Improve security awareness of data leakage – Determine how to respond to policy violations – Deploy DLP incrementally
Copyright 2018 © Information Security Forum Limited ISF Presentation 35 Summary
Copyright 2018 © Information Security Forum Limited ISF Presentation 36 Key messages from this presentation • Increasing adoption of collaboration platforms, cloud services and social media has introduced a host of new ways for sensitive data to leak • Media headlines are making organisations aware of the importance of taking a systematic, structured approach to detect and prevent the leakage of sensitive data • DLP tools alone cannot prevent the leakage of all types of sensitive data across every possible channel • A prerequisite of a successful DLP programme is support from executive management and ongoing collaboration with business representatives Get the ‘Data Leakage Prevention’ briefing paper at www.securityforum.org/research/data- leakage-prevention-briefing-paper/
Copyright 2018 © Information Security Forum Limited ISF Presentation 37 Nick Frost Principal Consultant, ISF nick.frost@securityforum.org UK: +44 (0)7584 756212 Web: www.securityforum.org ISF Twitter: @securityforum ISF LinkedIn: linkedin.com/groups/760947 ISF Webcasts available on demand: https://www.brighttalk.com/channel/9923/isf-managing-cyber- security-for-cisos ISF Podcasts available on: www.securityforum.org/podcasts-videos/ or download on iTunes: www.itunes.apple.com/gb/podcast/isf- podcasts/id1180646163?mt=2

Recommended

The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)
Kirsty Donovan
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Digital Guardian
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
Digital Guardian
 

Recommended

The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)The 3 Phased Approach to Data Leakage Prevention (DLP)
The 3 Phased Approach to Data Leakage Prevention (DLP)
Kirsty Donovan
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Digital Guardian
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR ReadinessSymantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR ComplianceSymantec Webinar Part 2 of 6 GDPR Compliance
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec
 
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - ErykData Loss Prevention (DLP) - Fundamental Concept - Eryk
Data Loss Prevention (DLP) - Fundamental Concept - Eryk
Eryk Budi Pratama
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
Digital Guardian
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
RishalHalid1
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
 
DLP
DLPDLP
DLP
saurabh.sood
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
IT Governance Ltd
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Infosecurity2010
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
TrustArc
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
daveGBE
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 
GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to compliance
DataWorks Summit
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
Splunk
 

More Related Content

What's hot

Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
RishalHalid1
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
 
DLP
DLPDLP
DLP
saurabh.sood
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Databoldonjames
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
IT Governance Ltd
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
Eryk Budi Pratama
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
AdilsonSuende
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Infosecurity2010
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
TrustArc
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureLee Dalton
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
daveGBE
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
SafeNet
 

What's hot (20)

Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
 
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
 
DLP
DLPDLP
DLP
 
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
 
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs UtrechtPeter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
Peter Kornelisse, Infosecurity.nl, 4 november, Jaarbeurs Utrecht
 
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
Managing Multiple Compliance Priorities - GDPR, CCPA, HIPAA, APEC, ISO 27001,...
 
clearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochureclearswift-adaptive-redaction-brochure
clearswift-adaptive-redaction-brochure
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2 Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 

Similar to A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats

GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to compliance
DataWorks Summit
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
Splunk
 
Keep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachKeep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approach
Nagib Aouini
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing
Jesse Wilkins
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
DATAVERSITY
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
Redazione InnovaPuglia
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
TrustArc
 
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DCUnderstanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Adam Levithan
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
DATAVERSITY
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
japijapi
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Enterprise Management Associates
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
Capgemini
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
Matt Stubbs
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Enterprise Management Associates
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
Cloudera, Inc.
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
Mafazo: Digital Solutions
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 

Similar to A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats (20)

GDPR: the IBM journey to compliance
GDPR: the IBM journey to complianceGDPR: the IBM journey to compliance
GDPR: the IBM journey to compliance
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
 
Keep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approachKeep your data safe and be compliant via a 360° approach
Keep your data safe and be compliant via a 360° approach
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing20160426 AIIM16 CIP Preconference Briefing
20160426 AIIM16 CIP Preconference Briefing
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
 
3 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-23 oraclex evento reg puglia_v2017-09-14-2
3 oraclex evento reg puglia_v2017-09-14-2
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
What the GDPR Means for your Cybersecurity Strategy [Webinar Slides]
 
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DCUnderstanding Federal IT Compliance in Three Steps - SharePoint Fest DC
Understanding Federal IT Compliance in Three Steps - SharePoint Fest DC
 
Mapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance ProceduresMapping Business Processes to Compliance Procedures
Mapping Business Processes to Compliance Procedures
 
Aalto cyber-10.4.18
Aalto cyber-10.4.18Aalto cyber-10.4.18
Aalto cyber-10.4.18
 
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
Investing in Digital Threat Intelligence Management to Protect Your Assets ou...
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat ThreatsUsing Digital Threat Intelligence Management (DTIM) to Combat Threats
Using Digital Threat Intelligence Management (DTIM) to Combat Threats
 
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for complianceGDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
GDPR: 20 Million Reasons to get ready - Part 1: Preparing for compliance
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 

Recently uploaded

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 

Recently uploaded (20)

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 

A Data Breach Prevention, Detection & Response Strategy to Combat Today' Threats

  • 1. Copyright 2018 © Information Security Forum Limited ISF Presentation 1 A Data Breach Prevention, Detection & Response Strategy to Combat Today's Threats Nick Frost, Principal Consultant Information Security Forum (ISF)
  • 2. Copyright 2018 © Information Security Forum Limited ISF Presentation 2 An international association of over 400 leading global organisations (Fortune 500/Forbes 2000), which... • addresses key issues in information risk management through research and collaboration • develops practical tools and guidance • remains a fully independent, not-for-profit organisation driven by its Members • promotes networking within its Membership. T H E L E A D I N G G L O B A L A U T H O R I T Y O N C Y B E R S E C U R I T Y A N D I N F O R M AT I O N R I S K M A N A G E M E N T About the ISF
  • 3. Copyright 2018 © Information Security Forum Limited ISF Presentation 3 ISF Security Model
  • 4. Copyright 2018 © Information Security Forum Limited ISF Presentation 4 Agenda Setting the scene1 Identifying critical information assets to protect2 Developing a pragmatic DLP strategy for todays threat landscape3 Questions?5 Implementing a DLP strategy4
  • 5. Copyright 2018 © Information Security Forum Limited ISF Presentation 5 1. Setting the scene
  • 6. Copyright 2018 © Information Security Forum Limited ISF Presentation 6 What is Data Leakage Prevention (DLP)? Definition: DLP can be defined as the practice of detecting and preventing the unauthorised disclosure of data. Data Loss Prevention Data Loss ProtectionData Leakage Prevention Purpose: the main purpose of DLP is to ensure that specific sensitive data is not leaked.
  • 7. Copyright 2018 © Information Security Forum Limited ISF Presentation 7 Data Breaches This year we have over 53,000 incidents and 2,216 confirmed data breaches
  • 8. Copyright 2018 © Information Security Forum Limited ISF Presentation 8 Data Breaches today http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
  • 9. Copyright 2018 © Information Security Forum Limited ISF Presentation 9 Data Breaches – What did 2008 look like? https://www.forbes.com/2008/11/21/data-breaches-cybertheft-identity08-tech-cx_ag_1121breaches_slide/ 12.5 million customers 4.2 million customers 1.2 million customers
  • 10. Copyright 2018 © Information Security Forum Limited ISF Presentation 10
  • 11. Copyright 2018 © Information Security Forum Limited ISF Presentation 11 Operations - Information relating to delivery of the organisation’s products and services - Logistical arrangements/operational information - Manufacturing specifications - Production costs - Pre-programmed commands IT infrastructure - Infrastructure information (including information regarding the hardware, software, network and facilities) - Cryptographic information/private encryption keys//licensing and activation keys - Network topology - Password files Financial - Unannounced financial results - Information relating to the financial management of the organisation - Cost structure and price calculations - Profit margin strategy - Contractual agreements Sales and marketing - Product pipeline/market strategy - Brand / logos (protected legally) - Business intelligence/market analysis - Market research and analysis - Information relating to promoting and selling an organisation’s products and services - Competitor analysis - Sales pipeline - Customer information / leads - Non-competition agreements Personal - Information or details relating directly to an individual, such as employees, customers or citizens - Personally identifiable information (PII) - Financial/customer information - Sensitive personal information - Customer lists/master files/price lists - Medical records - Tax records - User credentials External party - Information belonging to individuals or external parties, such as suppliers, business partners or customers. - Distribution plans - Software source code - Non-competition agreements Regulated - Information subject to or covered by legal or regulatory requirements - Customer profile database (containing PII) - Cryptographic algorithms (subject to export control) - Blueprints or designs for new aircraft Business and governance - Information relating to current and future trading - Board papers and resolutions - Mergers, acquisitions & divestment details - Business strategy/plans - Business negotiations/bidding details - Contractual details - Cost structure, margin strategy, price calculations Research and development - Early phase research for new products/results of studies or investigations - Ideas and concepts relating to possible and planned future products and services, which are generated, modelled and developed - Trade secrets - Patent applications/registered designs - Pre-patent/legally protected information - Prototype details - Unregistered engineering designs/product blueprints and schematics - Algorithms/source code/formulas/techniques - Planned exploration locations - Development plans/technology roadmaps Intellectual property - Original information solely generated and owned by the organisation - Proprietary algorithms - Trade secrets - Unregistered/pre-patent information Examples of information / data types
  • 12. Copyright 2018 © Information Security Forum Limited ISF Presentation 12 Types of data ISF Members protect using DLP Based on 147 participants
  • 13. Copyright 2018 © Information Security Forum Limited ISF Presentation 13 Information as an asset “Our employees are our most valuable asset” CEO
  • 14. Copyright 2018 © Information Security Forum Limited ISF Presentation 14 Benefits of a DLP programme Supporting compliance Visibility of the usage of sensitive data Improving security awareness and behaviour Detecting exfiltration of data by external threats DLP 77% of surveyed ISF Members implement DLP to reduce the frequency and magnitude of accidental data leakage; almost the same implemented DLP to mitigate malicious data leakage (76%)
  • 15. Copyright 2018 © Information Security Forum Limited ISF Presentation 15 2. Identifying critical information assets to protect
  • 16. Copyright 2018 © Information Security Forum Limited ISF Presentation 16 The format of information
  • 17. Copyright 2018 © Information Security Forum Limited ISF Presentation 17 The life cycle of information
  • 18. Copyright 2018 © Information Security Forum Limited ISF Presentation 18 The footprint of an information asset
  • 19. Copyright 2018 © Information Security Forum Limited ISF Presentation 19
  • 20. Copyright 2018 © Information Security Forum Limited ISF Presentation 20 Identify mission critical assets - Merger and acquisition details - Early phase research - Trade secrets - Manufacturing specifications - Logistics information - Cryptographic information - Registered designs / patents - Market analysis - Non-competition agreements - Pre-programmed commands - Unregistered / pre-patent data - Infrastructure information - Financial results - Prototype information
  • 21. Copyright 2018 © Information Security Forum Limited ISF Presentation 21 3. Developing a pragmatic DLP strategy for todays threat landscape
  • 22. Copyright 2018 © Information Security Forum Limited ISF Presentation 22 Core activities that make up a DLP strategy
  • 23. Copyright 2018 © Information Security Forum Limited ISF Presentation 23 Identify mission critical assets Fingerprinting (indexing) Described content matching Optical character recognition (Image recognition) Machine learning (Statistical analysis)
  • 24. Copyright 2018 © Information Security Forum Limited ISF Presentation 24 Monitor data leakage channels
  • 25. Copyright 2018 © Information Security Forum Limited ISF Presentation 25 Coverage of data leakage channels Based on 147 participants
  • 26. Copyright 2018 © Information Security Forum Limited ISF Presentation 26 Actions taken in response Act to prevent data from leaking
  • 27. Copyright 2018 © Information Security Forum Limited ISF Presentation 27 Actions taken in response “Start with monitoring and detecting before implementing any protective controls”
  • 28. Copyright 2018 © Information Security Forum Limited ISF Presentation 28 DLP tools and policies • Technical DLP policies provide a set of rules governing the handling of data • The rules in the policy determine the action to initiate when the conditions are met • Different rules depend on the level of risk (transfer of 20 or 20000 records)
  • 29. Copyright 2018 © Information Security Forum Limited ISF Presentation 29 DLP tools and policies
  • 30. Copyright 2018 © Information Security Forum Limited ISF Presentation 30 Main types of action Notifying BlockingLogging violations Hard block Soft block
  • 31. Copyright 2018 © Information Security Forum Limited ISF Presentation 31 Actions taken in response to policy violations Based on 147 participants
  • 32. Copyright 2018 © Information Security Forum Limited ISF Presentation 32 4. Implementing a DLP strategy
  • 33. Copyright 2018 © Information Security Forum Limited ISF Presentation 33 Actions taken in response to policy violations Governance Preparation Implementation
  • 34. Copyright 2018 © Information Security Forum Limited ISF Presentation 34 Actions taken in response to policy violations – Obtain executive support – Define DLP programme objectives – Assign roles and responsibilities Governance Preparation Implementation – Involve business stakeholders – Prioritise what data to protect – Select DLP tools – Integrate DLP tools into existing environment – Improve security awareness of data leakage – Determine how to respond to policy violations – Deploy DLP incrementally
  • 35. Copyright 2018 © Information Security Forum Limited ISF Presentation 35 Summary
  • 36. Copyright 2018 © Information Security Forum Limited ISF Presentation 36 Key messages from this presentation • Increasing adoption of collaboration platforms, cloud services and social media has introduced a host of new ways for sensitive data to leak • Media headlines are making organisations aware of the importance of taking a systematic, structured approach to detect and prevent the leakage of sensitive data • DLP tools alone cannot prevent the leakage of all types of sensitive data across every possible channel • A prerequisite of a successful DLP programme is support from executive management and ongoing collaboration with business representatives Get the ‘Data Leakage Prevention’ briefing paper at www.securityforum.org/research/data- leakage-prevention-briefing-paper/
  • 37. Copyright 2018 © Information Security Forum Limited ISF Presentation 37 Nick Frost Principal Consultant, ISF nick.frost@securityforum.org UK: +44 (0)7584 756212 Web: www.securityforum.org ISF Twitter: @securityforum ISF LinkedIn: linkedin.com/groups/760947 ISF Webcasts available on demand: https://www.brighttalk.com/channel/9923/isf-managing-cyber- security-for-cisos ISF Podcasts available on: www.securityforum.org/podcasts-videos/ or download on iTunes: www.itunes.apple.com/gb/podcast/isf- podcasts/id1180646163?mt=2

Editor's Notes

  1. 1
  2. 2
  3. 4
  4. 5
  5. 6
  6. 7
  7. 8
  8. 9
  9. 12
  10. 15
  11. 19
  12. 21
  13. 22
  14. 24
  15. 25
  16. 26
  17. 27
  18. 28
  19. 29
  20. 30
  21. 31
  22. 32
  23. 33
  24. 34
  25. 35