This document discusses how traditional data loss prevention solutions alone are not effective or efficient at preventing data leakage in today's distributed environments. It advocates for a data-centric security approach that focuses on identifying and classifying sensitive information at the point of creation. This enables sensitive data to be automatically protected with information rights management policies as it moves across systems and locations. The document outlines how such an approach based on flexible, dynamic classification policies and embedded protections can effectively and efficiently secure sensitive information throughout its lifecycle, regardless of where the data resides.
Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.
This document discusses information rights management (IRM) concepts and implementation challenges. It notes that unstructured data makes up 80% of organizational information assets and faces challenges from external collaboration and mobile devices. Legacy approaches to information loss control like NDAs are insufficient. IRM aims to allow information owners to control how information is used by applying persistent access policies even as it moves outside the organization. Key requirements for successful IRM implementation include automated policy assignment, usability for users, and support from senior management.
Secure Islands provides IRM protection, and takes it to the next level by adding a simple and powerful management layer.
http://www.secureislands.com/irm/
IRM will address information security needs for all types of enterprises.IRM is a set of policies and technologies that help enterprises control the usage of information contained in shared documents.
3 ways to secure your law firm’s information and reputationNikec Solutions
As competition within the legal environment intensifies, law firms are constantly looking for ways to differentiate their services.
While many consider their reputation as their greatest asset that took years to build, there are a few key elements that underpin this, one of which is security.
It is this robust security that can prevent issues such as data breaches which in turn will destroy your reputation at the snap of a finger.
It is not only the law firms who understand the need for data protection and security, clients and consumers are becoming much more savvy and are realising that they too, need to protect their own.
With newspapers filled with stories of hackers attacking large multinational companies and mobile devices with sensitive data being lost or stolen, security is fast becoming a top priority for most businesses today.
Here are 3 ways to secure your law firm’s
information and reputation
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
Ulf Mattsson is the CTO of Protegrity, with over 20 years of experience in research and development and global services at IBM. He has been involved in developing encryption, tokenization, and intrusion prevention technologies. The document discusses cross-border offshoring and outsourcing of privacy sensitive data in the cloud. It notes that cloud services are often provided by third parties and can involve data being stored in multiple locations. Regulations like PCI DSS and national privacy laws apply when data crosses borders or is outsourced. Sensitive data needs to be protected to comply with regulations and address threats while also enabling useful insights from the data. Methods like de-identification through tokenization and encryption can protect identifiable data
Information Rights Management is the set of techniques and methods which protect the highly sensitive information of the organization irrespective of the file location whether it resides "in" or "outside" the corporate boundaries. This happens as the permissions embedded inside the file don't allow unauthorized access, modification, copying or printing. This is typically done for protection of financial documents, intellectual property such as patents, design blueprints and executive communications.
This document discusses information rights management (IRM) concepts and implementation challenges. It notes that unstructured data makes up 80% of organizational information assets and faces challenges from external collaboration and mobile devices. Legacy approaches to information loss control like NDAs are insufficient. IRM aims to allow information owners to control how information is used by applying persistent access policies even as it moves outside the organization. Key requirements for successful IRM implementation include automated policy assignment, usability for users, and support from senior management.
Secure Islands provides IRM protection, and takes it to the next level by adding a simple and powerful management layer.
http://www.secureislands.com/irm/
IRM will address information security needs for all types of enterprises.IRM is a set of policies and technologies that help enterprises control the usage of information contained in shared documents.
3 ways to secure your law firm’s information and reputationNikec Solutions
As competition within the legal environment intensifies, law firms are constantly looking for ways to differentiate their services.
While many consider their reputation as their greatest asset that took years to build, there are a few key elements that underpin this, one of which is security.
It is this robust security that can prevent issues such as data breaches which in turn will destroy your reputation at the snap of a finger.
It is not only the law firms who understand the need for data protection and security, clients and consumers are becoming much more savvy and are realising that they too, need to protect their own.
With newspapers filled with stories of hackers attacking large multinational companies and mobile devices with sensitive data being lost or stolen, security is fast becoming a top priority for most businesses today.
Here are 3 ways to secure your law firm’s
information and reputation
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
Ulf Mattsson is the CTO of Protegrity, with over 20 years of experience in research and development and global services at IBM. He has been involved in developing encryption, tokenization, and intrusion prevention technologies. The document discusses cross-border offshoring and outsourcing of privacy sensitive data in the cloud. It notes that cloud services are often provided by third parties and can involve data being stored in multiple locations. Regulations like PCI DSS and national privacy laws apply when data crosses borders or is outsourced. Sensitive data needs to be protected to comply with regulations and address threats while also enabling useful insights from the data. Methods like de-identification through tokenization and encryption can protect identifiable data
The importance of information security nowadaysPECB
Nowadays living without access to the information of interest at any time, any place through countless types
of devices has become unimaginable. However, its security has become more important than information
access itself. In fact today information security rules the world…! Why?
The best way to ensure the safety of sensitive information is to classify data when it first created. Here you can find more information IQProtector:
http://www.secureislands.com/product/endpoint-suite/
The document discusses information security and provides an overview of key concepts:
1) It defines information security as protecting information and systems from unauthorized access, use, disclosure, disruption or destruction. Maintaining confidentiality, integrity and availability of information are core principles.
2) Reasons for managing information security are given, including compliance with laws, protecting assets from loss, meeting business requirements and customer demands.
3) Methods for managing security are outlined, including implementing security frameworks, classifying information assets, and establishing roles and processes for ongoing security management. Continual assessment and improvement of security controls is important.
Information Security Management Education Program - Concept Document Dinesh O Bareja
The document proposes an information security management program to train future security managers. It notes shortcomings in existing education and certification programs. The proposed program would [1] provide practical skills training using real-world scenarios, [2] cover technical, business, audit and legal topics to prepare students for security leadership roles, and [3] include soft skills development and fieldwork opportunities. The program differentiators include an experiential learning lab, partnerships with industry, and mentoring to support career placement.
Drivelock modern approach of it security & amp; encryption solution -whitep...Arbp Worldwide
#drivelock #endpointprotection #applicationcontrol #websecurity #devicecontrol #datalossprevention #mssp #ITforensics #ITreporting #ArbpWorldwide
For any queries contact us on http://www.arbpworldwide.com/Our_partners/DriveLock
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
The document summarizes China's new Cybersecurity Law and its potential impact on global businesses. It provides definitions of key terms in the law and outlines some of the law's main provisions, such as data localization requirements for critical information infrastructure operators and penalties for cyber attacks on Chinese infrastructure from foreign groups. The law establishes China's sovereignty over networks located within its borders and aims to strengthen protections for network operations, information, and critical infrastructure.
Security For Business: Are You And Your Customers Safewoodsy01
This presentation takes a look at issues affecting cyber-security. It also covers some of SHBO Technologies\' capabilities of supporting and protecting clients.
This document discusses IT compliance. It defines compliance as obeying and following laws, rules, and demands. It outlines several frameworks for IT compliance including ISO standards, COBIT, and industry-specific regulations. The document compares the costs of compliance versus non-compliance, noting that non-compliance can result in regulatory penalties, brand damage, and loss of customer trust. Market research findings show that the cost of non-compliance is typically higher than compliance costs and is related to the number of records lost in data breaches. Effective compliance strategies like ongoing audits can help reduce total compliance costs.
Top 25 Cyber Security Blogs You Should Be ReadingDDoS Mitigation
http://www.rivalhost.com/
This presentation lists a selection of the top 25 cyber security blogs, a random sample of some interesting blogs that dive into the complex nature of today's cyber security threats.
You can see the Top 100+ Cyber Security Blog list by visiting below:
http://ddosattackprotection.org/blog/cyber-security-blogs/
Peter Ward gave a presentation on June 26th, 2008 about information theft and document encryption. The presentation covered how much proprietary information is stolen annually, the limitations of legacy security technologies, and how rights management can help control access to data at rest and in transit. The presentation also provided details on Microsoft Rights Management Server and how it can encrypt documents and control actions like deletion, copying, and printing for Office documents. It emphasized that RMS requires proper deployment, end user training, and templates to fully realize its security benefits and protect valuable data from the wrong hands.
Toshiba provides security solutions to help businesses protect valuable data and secure devices, access, and documents. Some key threats businesses face include data theft, fraud, and non-compliance with regulations. Toshiba's security features address these threats through measures such as encrypted hard drives, access control, and audit logs. Toshiba aims to deliver comprehensive security that meets various compliance standards and certification levels.
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
When it comes to email, document storage, and online browsing, security should be foremost. Join us for a 30-minute webinar where we will discuss how you can use built-in features of Office 365 to protect your organization. Learn how to protect your systems and keep data in the hands of only those users who need it.
This webinar is intended for organizations that already use Office 365, or those that want to better understand how Office 365 can keep their communications and data secure.
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...ProductNation/iSPIRT
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT ProductNation initiative. Started in 2007; they work in the space of information security policy based. Their tag line is security not at the cost of collaboration.
SECUDE is an innovative provider of IT security solutions for SAP customers. It focuses on data-centric security and classification with its Halocore solutions. Halocore allows users to identify sensitive data extracted from SAP, apply data loss prevention controls, and protect documents with rights management. This helps mitigate security risks, reduce compliance costs, and prevent data breaches and theft. The presenters discuss how rising security threats, lack of preparedness, and stringent compliance regulations are pushing companies to find new ways to secure their SAP data.
This document discusses digital security and the challenges of securing systems in a changing technological landscape. It notes that terminology around information, cyber, and digital security can be confusing, and that security requirements need to be defined on a case-by-case basis. It emphasizes that security risks will continue to increase as digitalization accelerates, and that security professionals must adapt to embrace changes like cloud computing, IoT, and new technologies. The document concludes that data and trust are key currencies, that security enables digitalization when done well, and that effective security requires balancing risks with opportunities through good design principles and lifelong learning.
The document outlines an agenda for an information security essentials workshop. It discusses key topics like the principles of information security around confidentiality, integrity and availability. It also covers security governance structures, roles and responsibilities, risk management, information system controls and auditing information security. The objectives are to provide an overview of information security, describe approaches to auditing it, and discuss current trends.
The document discusses security awareness and the growing threat of cyber attacks and data breaches. It notes that malware has become more sophisticated, targeting data and businesses rather than just PCs. The impacts of data breaches can include high costs for businesses. It recommends practicing defense in depth across networks, endpoints, and security tools to balance risk and costs. Cyber/privacy breach insurance can help cover liabilities and costs imposed by laws and regulations in the event of a security incident.
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
Presentation for the North Carolina State Bar seminar on Real Estate Hot Topics on February 20, 2015. This presentation focuses on email security and its role in complying with the ALTA Best Practice on Privacy and Protection of Non-Public Personal Information.
This document provides information on data classification, including its importance, goals, and how to implement a classification system. Classification involves organizing data into categories to facilitate effective use while achieving goals like availability, integrity, compliance and mitigating risks. The document outlines a process for classification that includes understanding information types and risks, creating a classification scheme, implementing policies, and ongoing maintenance through education and improvement.
The importance of information security nowadaysPECB
Nowadays living without access to the information of interest at any time, any place through countless types
of devices has become unimaginable. However, its security has become more important than information
access itself. In fact today information security rules the world…! Why?
The best way to ensure the safety of sensitive information is to classify data when it first created. Here you can find more information IQProtector:
http://www.secureislands.com/product/endpoint-suite/
The document discusses information security and provides an overview of key concepts:
1) It defines information security as protecting information and systems from unauthorized access, use, disclosure, disruption or destruction. Maintaining confidentiality, integrity and availability of information are core principles.
2) Reasons for managing information security are given, including compliance with laws, protecting assets from loss, meeting business requirements and customer demands.
3) Methods for managing security are outlined, including implementing security frameworks, classifying information assets, and establishing roles and processes for ongoing security management. Continual assessment and improvement of security controls is important.
Information Security Management Education Program - Concept Document Dinesh O Bareja
The document proposes an information security management program to train future security managers. It notes shortcomings in existing education and certification programs. The proposed program would [1] provide practical skills training using real-world scenarios, [2] cover technical, business, audit and legal topics to prepare students for security leadership roles, and [3] include soft skills development and fieldwork opportunities. The program differentiators include an experiential learning lab, partnerships with industry, and mentoring to support career placement.
Drivelock modern approach of it security & amp; encryption solution -whitep...Arbp Worldwide
#drivelock #endpointprotection #applicationcontrol #websecurity #devicecontrol #datalossprevention #mssp #ITforensics #ITreporting #ArbpWorldwide
For any queries contact us on http://www.arbpworldwide.com/Our_partners/DriveLock
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
The document summarizes China's new Cybersecurity Law and its potential impact on global businesses. It provides definitions of key terms in the law and outlines some of the law's main provisions, such as data localization requirements for critical information infrastructure operators and penalties for cyber attacks on Chinese infrastructure from foreign groups. The law establishes China's sovereignty over networks located within its borders and aims to strengthen protections for network operations, information, and critical infrastructure.
Security For Business: Are You And Your Customers Safewoodsy01
This presentation takes a look at issues affecting cyber-security. It also covers some of SHBO Technologies\' capabilities of supporting and protecting clients.
This document discusses IT compliance. It defines compliance as obeying and following laws, rules, and demands. It outlines several frameworks for IT compliance including ISO standards, COBIT, and industry-specific regulations. The document compares the costs of compliance versus non-compliance, noting that non-compliance can result in regulatory penalties, brand damage, and loss of customer trust. Market research findings show that the cost of non-compliance is typically higher than compliance costs and is related to the number of records lost in data breaches. Effective compliance strategies like ongoing audits can help reduce total compliance costs.
Top 25 Cyber Security Blogs You Should Be ReadingDDoS Mitigation
http://www.rivalhost.com/
This presentation lists a selection of the top 25 cyber security blogs, a random sample of some interesting blogs that dive into the complex nature of today's cyber security threats.
You can see the Top 100+ Cyber Security Blog list by visiting below:
http://ddosattackprotection.org/blog/cyber-security-blogs/
Peter Ward gave a presentation on June 26th, 2008 about information theft and document encryption. The presentation covered how much proprietary information is stolen annually, the limitations of legacy security technologies, and how rights management can help control access to data at rest and in transit. The presentation also provided details on Microsoft Rights Management Server and how it can encrypt documents and control actions like deletion, copying, and printing for Office documents. It emphasized that RMS requires proper deployment, end user training, and templates to fully realize its security benefits and protect valuable data from the wrong hands.
Toshiba provides security solutions to help businesses protect valuable data and secure devices, access, and documents. Some key threats businesses face include data theft, fraud, and non-compliance with regulations. Toshiba's security features address these threats through measures such as encrypted hard drives, access control, and audit logs. Toshiba aims to deliver comprehensive security that meets various compliance standards and certification levels.
Office 365 Security Features That Nonprofits Should Know and UseTechSoup
When it comes to email, document storage, and online browsing, security should be foremost. Join us for a 30-minute webinar where we will discuss how you can use built-in features of Office 365 to protect your organization. Learn how to protect your systems and keep data in the hands of only those users who need it.
This webinar is intended for organizations that already use Office 365, or those that want to better understand how Office 365 can keep their communications and data secure.
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT Produ...ProductNation/iSPIRT
Presentation by Seclore Technologies at Zensar #TechShowcase. An iSPIRT ProductNation initiative. Started in 2007; they work in the space of information security policy based. Their tag line is security not at the cost of collaboration.
SECUDE is an innovative provider of IT security solutions for SAP customers. It focuses on data-centric security and classification with its Halocore solutions. Halocore allows users to identify sensitive data extracted from SAP, apply data loss prevention controls, and protect documents with rights management. This helps mitigate security risks, reduce compliance costs, and prevent data breaches and theft. The presenters discuss how rising security threats, lack of preparedness, and stringent compliance regulations are pushing companies to find new ways to secure their SAP data.
This document discusses digital security and the challenges of securing systems in a changing technological landscape. It notes that terminology around information, cyber, and digital security can be confusing, and that security requirements need to be defined on a case-by-case basis. It emphasizes that security risks will continue to increase as digitalization accelerates, and that security professionals must adapt to embrace changes like cloud computing, IoT, and new technologies. The document concludes that data and trust are key currencies, that security enables digitalization when done well, and that effective security requires balancing risks with opportunities through good design principles and lifelong learning.
The document outlines an agenda for an information security essentials workshop. It discusses key topics like the principles of information security around confidentiality, integrity and availability. It also covers security governance structures, roles and responsibilities, risk management, information system controls and auditing information security. The objectives are to provide an overview of information security, describe approaches to auditing it, and discuss current trends.
The document discusses security awareness and the growing threat of cyber attacks and data breaches. It notes that malware has become more sophisticated, targeting data and businesses rather than just PCs. The impacts of data breaches can include high costs for businesses. It recommends practicing defense in depth across networks, endpoints, and security tools to balance risk and costs. Cyber/privacy breach insurance can help cover liabilities and costs imposed by laws and regulations in the event of a security incident.
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
Presentation for the North Carolina State Bar seminar on Real Estate Hot Topics on February 20, 2015. This presentation focuses on email security and its role in complying with the ALTA Best Practice on Privacy and Protection of Non-Public Personal Information.
This document provides information on data classification, including its importance, goals, and how to implement a classification system. Classification involves organizing data into categories to facilitate effective use while achieving goals like availability, integrity, compliance and mitigating risks. The document outlines a process for classification that includes understanding information types and risks, creating a classification scheme, implementing policies, and ongoing maintenance through education and improvement.
The document discusses email security and best practices. It notes that email is essential for daily work but poses security risks like unauthorized access, data leakage, and malware infiltration. It recommends configuring email servers securely, establishing policies for email use and retention, monitoring for anomalies, and educating users on secure email practices. Overall, the document emphasizes the importance of securing email infrastructure while enabling effective and appropriate use of email to meet business objectives.
IBM offers unified data protection solutions for four key data environments:
1) Big data security - Solutions are needed to securely harness rapidly growing data from diverse sources in big data platforms and prevent unauthorized access and data breaches.
2) Cloud and virtual environment data security - Both private and public cloud infrastructures need protection against data leakage.
3) Enterprise data security - Heterogeneous enterprise data from various sources like databases and data warehouses requires protection.
4) Enterprise application security - Solutions are needed to securely protect multi-tier enterprise applications.
IBM's InfoSphere Guardium provides next-generation activity monitoring, auditing and data protection across physical, virtual and cloud environments.
What Is Digital Asset Security. What Are the Risks Associated With It.docx.pdfSecureCurve
Security and privacy are crucial elements for protecting digital assets. As the use of technology continues to increase, so does the risk of cyber-attacks and data breaches.
1. The document provides an overview of best practices for implementing enterprise-wide data encryption and protection. It discusses challenges like explosive data growth, evolving compliance requirements, operational complexity, and increasing threats.
2. The document recommends a data-centric security approach that applies protection to data itself regardless of location. This includes discovering and classifying sensitive data, encrypting data in motion and at rest, and centralized key and policy management.
3. Effective data security requires discovering where sensitive data resides, encrypting that data, managing encryption keys centrally, and implementing access policies to control data use.
This document discusses the importance of information security policies and processes. It defines information and explains that information can take many forms and must be appropriately protected. It then discusses the importance of information, what constitutes information security, and why information security is needed to protect organizations. Key risks like data breaches are outlined. The document emphasizes that information security is an organizational issue, not just an IT issue, and stresses the importance of people, processes, and technology in an information security program. It provides an overview of some common information security standards and regulations like ISO 27001 and HIPAA.
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
Is your current state really threat ready?
Amit Walia, Senior Vice President, General Manager of Data Integration and Security at Informatica, shares how to protect data from the inside and the outside from the 2015 Informatica Government Summit.
Today organization now has to protect the data from unauthorized access not only from external users but also from internal users as the criticality of the data may be high. Seclore's Data-Centric platform offers all one advanced data protection.
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
Insurance companies of all sizes are challenged to keep up with emerging technologies that deliver a competitive advantage. Recording: https://www.brighttalk.com/webcast/9573/192877
Big data holds the key to greater customer insight and stronger customer relationships. But risk of sensitive data exposure — and compliance violations — keeps many insurers from pursuing big data initiatives and reaping the rewards of business-driven analytics. Join Dataguise and Hortonworks for this live webinar to learn how you can free your organization from traditional information security constraints and unlock the power of your most valuable business assets.
• What do you need to know about PII/PHI privacy before embarking on big data initiatives?
• Why do so many big data initiatives fail before they’ve even begun—and what can you do about it?
• How can IT security organizations help data scientists extract more business value from their data?
• How are leading insurance companies leveraging big data to gain competitive advantage?
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
view on-demand webinar: https://event.on24.com/wcc/r/1241904/E7C5BDA81308626F69D20F843B229534
An alarming number of organizations today are doing the bare minimum to meet compliance regulations. They are completely unaware of the “data security race” taking place against malicious insiders and criminal hackers creating risk, flying past them in a to win over sensitive data. These organizations are spending their time doing just enough to check the compliance ‘checkbox’ and pass their audits. While being compliance-ready is absolutely important and represents a great first step along the road to data security, it won't win you the gold.
View this on-demand webcast to learn more about how to shift your thinking and compete to win by using your compliance efforts to springboard you into a successful data security program - one that can safeguard data from internal and external threats, allowing you to be the champion and protector of your customers, your brand, and the sensitive data the fuels your business.
IBM offers information security solutions from IBM System Storage to help organizations protect critical business information. These solutions include self-encrypting tape and disk drives that encrypt data at the storage level with minimal performance impact. IBM also provides services to help plan, implement, and support comprehensive information security strategies across the enterprise. When deploying IBM security solutions, organizations can better secure information assets throughout their lifecycle.
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
The document discusses strategies for complying with the EU's General Data Protection Regulation (GDPR). It outlines five critical strategies: 1) Know all personal data stored, 2) Carefully manage access to personal data, 3) Encrypt as much data as possible, 4) Monitor changes affecting sensitive data and prevent critical changes, and 5) Investigate potential breaches. It also discusses how the software company Quest can help customers strengthen data protection, ensure compliance, and avoid fines through solutions that secure and manage data, modernize infrastructure, and provide insights.
Fujifilm’s data security solutions protect your company’s intellectual property from unauthorized access. Start by authenticating users, monitoring and controlling confidential information, and tracking the authenticity of all your critical documents.
On World Backup Day 2014, the Data Loss Gremlins unleashed a dastardly attack on businesses worldwide! Intronis has published this Tech Guide, the 6 Ways to Fight the Data Loss Gremlins, to help IT solutions providers protect their clients from any data loss disaster.
Three key aspects need to be addressed when deploying BYOD policies in an organization: [1] what device capabilities are required for access, [2] what information different employee roles can access, and [3] what environments pose too much risk. An effective BYOD strategy can help IT balance security risks with the benefits of consumerization by regaining visibility and control of corporate data on personal devices, enabling secure sharing of data, and protecting data wherever it goes. When implementing digital asset security, organizations should educate staff, review policies for creating and sharing digital content, use strong encryption for offsite sharing, and automatically enforce consistent protection policies.
Learn how to get more out of your PCI investment with this presentation from SafeNet titled: "Life After Compliance". Derek Tumulak discusses current approaches to PCI DSS compliance, challenges to ensuring compliance, and how to achieve best practices while addressing compliance challenges.
This document discusses the security risks of big data and how to protect sensitive information. It notes that while big data provides opportunities, it also poses big security risks if data is breached. It recommends asking key questions about data discovery, classification, access controls and monitoring to help secure data. The document also describes IBM tools like InfoSphere Guardium that can help organizations monitor user activity, detect anomalies and protect sensitive data in both traditional and big data environments.
Here are some Guidelines for CxO's relating to BYOD / Mobile-Device Security at work. Includes some recent Statistics and other Research on the Market.
Similar to Classification-HowToBoostInformationProtection (20)
2. # 2
Let me ask 3 questions:
1. How many of us are using (or thinking of implementing) DLP solutions?
2. How many of us think that these are good and needed solutions?
3. How many think that DLPs on their own can effectively and efficiently
prevent data leakage?
− effectively => adequate to deliver the expected result
− efficiently => perform with the least waste of time and effort
3. # 3
In confined and isolated IT environments
it is relatively simple to protect data against leakage
DLP, Firewalls, Routers, … are able to well protect organizations against
information leakage within well defined IT boundaries …
… even application boundaries can easily be audited and protected
against information leakage.
4. # 4
But this is no more the case: we see cracks in the wall.
The established solutions, alone, fail to protect information.
Organizations are becoming distributed and mobile:
• Endless locations
− Inside and outside the Enterprise
− Cloud services / SaaS
• Endless applications
− Standard market apps
− Specific business value apps
• Endless devices
− Enterprise desktops/laptops/devices
− Service providers
− Mobile & Tablets (BYOD)
… and so are the threats:
• Endless cyber attack vectors
− Insider threats, inadvertent data leakage Trojans, spyware, botnets, phishing, social engineering
5. # 5
Data produced & exchanged by organizations
to do and be business is growing exponentially – Big-Data
• Both structured and unstructured data is growing exponentially:
− in volume (Zettabytes)
− in velocity (speed & peaks)
− in variety (unlimited formats)
− in complexity (correlation & matching)
• Perimeter-centric Information Security
Tools on their own have limitations:
− difficult to scale
− difficult to keep up the pace with Big Data
− static solutions (media & locations-based)
− unreasonable monitoring burden (false positives)
6. # 6
In any organisation only a relatively small percentage
of created, managed & exchanged data is sensitive information
The security problem today is to find the needle of sensitive information,
to protect against leakage, within the haystacks of non-sensitive daily
business information in an effective and efficient way!
not effective
&
not efficient
7. # 7
What if we change the approach and proactively
create sensitive information “ differently ”
… we are enabling simple and error free identification of Sensitive
Information anywhere / anytime
By embedding within the data itself it’s sensitive nature …
8. # 8
By concentrating attention on the sensitive information itself, the context in
which it is created and accessed and leveraging its’ “natural” sensitiveness traits
and qualities we can effectively and efficiently protect information:
Focusing on sensitive information identification at creation,
enables to implement data-centric security
THIS IS:
effective,
efficient
& smart
9. # 9
The world is not just black & white !
There is not just Normal or Sensible Information but a number of
different and organisation specific types of Information
Good Information Classification is not a trivial task
10. # 10
Data-centric security is not just classification but also
about enforcing information usage policies
• IRM (Information Rights Management) platforms like AD-RMS, allow to
define, implement and track information usage policies.
• An information usage policy precisely defines, enforces and track:
− WHO can use the information
− WHAT can each person/group/role do with/to the information
− WHEN can the information de used
− WHERE can the information be used
• With IRM security can be embedded within the data protecting it
wherever it is – in motion, at rest or in use
11. # 11
Classification Solution needs
to be integrated into the entire IT landscape, &
into IRM Platforms & Perimeter-Based Solutions…
Identify
Classify
Protection
Format
Appli-
cation
User Device Services Location
As per your
directives
Sub-Classification Flexibel & Dynamical
Usage Tracking
eDiscovery
RMS: Encryption &
Permisson Mangt.
DLP: Feed the right
information
i.e. MS
AD RMS
IP/2Rules
automatic/semi/manual
i.e.
Symantec
12. # 12
With IP/2 IMTF is offering an enterprise solution to protect
all sensitive data and documents of any organization
Any data and document in electronic format
• Files, enterprise systems
• Emails, cloud data, web content
Protection through the entire information lifecycle
• From creation through collaboration and storage
• Beyond application and IT environment boundaries
Policy-based IRM protection and security
• Simple policy generation, application and enforcement
• Application of enterprise-level encryption and key management tools
13. # 13
Information protection is achieved by first classifying sensitive
information and then applying the appropriate protection policy
14. # 14
IP/2 first key feature is an effective and performant
classification engine to correctly classify information
• An integrated rule based engine allows for flexible and comprehensive
“classification policy authoring” referring to:
− Content and metadata
− Time criteria
− User identity and actions
− Locations
− Dynamic and static values
− Events or other attributes
• Instant, zero false-positive, automatic, identification and classification
− New, modified, or accessed sensitive data
− From any origin
− To any destination
− Via any channel
15. # 15
Once sensitive information assets are identified and classified,
IRM protection can be effectively implemented to avoid
unauthorized usage and leakage
• Effective enforcement of data protection mechanisms
− Data encryption (based on «your» encryption engine and PKI)
− Strict access rights management (permissions)
− Strict usage rights management (actions)
− Enable existing and trusted IT systems and applications to
work seamlessly with secured and encrypted data
16. # 16
The technology is based on an “agent to server architecture”
that triggers the IP/2 event driven classification and protection
Multi Source Data Acquisition System
ClassificationPolicy
ProtectionPolicy
Optimized Classification and
Protection Mechanism
Optimized classification cycle is triggered upon
intercepted events like: create, open, save,
close, download, upload, copy, etc.
17. # 17
Simple IT protection Use Case:
Secure enterprise solutions interfaces that, need to share
potentially reserved and sensitive information
All sensitive data is identified and protected (encrypted) at all time and anywhere
NO RISK OF LEAKAGE !!!
18. # 18
Data Centric information security has 2 parts:
• A technical solution enabling embedded data classification and IRM
enforcement to effectively and efficiently prevent sensitive data leakage
• A business process and methodology to correctly identify and classify
sensitive information within the specific and unique enterprise context
19. # 19
Sensitive Information identification and classification can help
organizations adherence to many international standard for
information security (e.g. ISO 27001) …
20. # 20
… and can help comply with many specific industry regulations
over Information Protection & Control (e.g. PCI-DSS)
21. # 21
What is to be considered sensitive information mainly depends
on the enterprise activity domain and operational exposure
• The financial world is focused in protecting CID information:
− Direct Identifying Data (name, signature, address, email, phone, … )
− Indirect Identifying Data (customer num., account num., card num., passport num., …)
− Potentially indirect Identifying Data (birth info, memberships, wedding date, profession, …)
• In the health insurance industry PHI customer data are key assets
• In chemical industry formulas and production processes are key
information assets to identify, classify and protect
• In HighTech companies R&D and technology innovations are key
assets
22. # 22
All sensitive information assets of a company can be considered
as one (or many) of 4 main sensitive data types:
• PCI-DSS (Payment Card Industry – Data Security Standard)
• PHI (Personal Health Information)
• PII (Personally Identifiable Information)
• IP (Intellectual Property)
• BI (Business Information)
23. # 23
Data Leakage Prevention
Source?
- Employees
- Business units
- Applications
- Locations
- etc.
Processes/
Use Cases?
Final destination?
- eMail
- Repositories
- etc.
How do we help our clients classify their digital assets and
identify the organization Crown Jewels
IRM / RMS
end-point
DLP etc.
Classification
encryption
IAM
context
Parameter
context
B
labeling
What to be protected?
- Information types
- Assets
- etc.
Why to be protected?
- Regulations
- Intelectual
Properties
- Defence
- Reputation
- etc.
Protective
Mechanism?
Generic
context
A
Processes
1
Classification
2
24. # 24
We truly believe that Data-Centric-Security is the way to go:
the information (metadata) itself can trigger suitable protection mechanisms!
Secure Creation
& Access Points
Open Creation
& Access Points
Open Creation
& Access Points
Secure Creation
& Access Points
Open Creation
& Access Points
Secure Creation
& Access Points
perimeter
100% accurate LifeCycle Classification
flexible & dynamic
considering context
automatic to manual = protecting vs teaching
To derive suitable protection mechanism
technical
processes
RMS / IRM
25. # 25
A take away for you: Are you thinking to Go Cloud?
Once sensitive data is identified and protected it can go anywhere…
… even in the CLOUD !
26. # 26
Thank You !
Gianmarco Ferri
Business Development
Direct +41 26 460 66 41
Mobile +41 79 776 47 26
Mail gianmarco.ferri@imtf.ch
Skype ferrig
www.imtf.com