The document provides an overview of personal data protection regulations and technical aspects related to data privacy. It discusses key aspects of the draft Indonesian Personal Data Protection Bill, including rights of data owners and obligations of data controllers. It also covers technical topics like identity and access management, data loss prevention, and incident management. The presentation aims to provide a basic understanding of both regulatory requirements and technical controls for protecting personal data.
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
Sosialisasi UU Pelindungan Data Pribadi untuk sektor kesehatan.
Webinar Serial TIK I-2022
Diselenggarakan oleh:
*INDOHCF - KREKI - IODTI - FORKOMTIKNAS - Z-COURSE*
TOPIK:
*Implikasi UU PDP (Perlindungan Data Pribadi) Terhadap Tata Kelola Data di Sektor Kesehatan*
Rancangan Undang - Undang (RUU) Perlindungan Data Pribadi (PDP) telah resmi disahkan menjadi Undang-Undang (UU) dalam Rapat Paripurna DPR RI pada tanggal 20 Sept 2022. Sambil menunggu peraturan pelaksanaannya, maka perlu lebih mencermati isi regulasi tsb dan mendiskusikan bagaimana implikasinya bagi sektor kesehatan baik Faskes, BPJS, Masyarakat dan stakeholder kesehatan lainnya
This material was presented at Orang Siber Indonesia regular webinar.
Content:
> Understanding privacy management
> Global privacy news
> Understanding privacy regulations and frameworks
> Data Privacy Program Management practices
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
Privacy-ready Data Protection Program ImplementationEryk Budi Pratama
Presented at CDEF 16th Meetup at 18 August 2022.
Title:
Privacy-ready Data Protection Program Implementation
Topics:
- Why data protection is important
- Data Privacy Program Domain
- Operationalize Data Privacy Program
- Privacy-aligned Information Security Framework
- Roadmap to Protect Personal Data
- Privacy Management Technology
Implikasi UU PDP terhadap Tata Kelola Data Sektor Kesehatan - Rangkuman UU Pe...Eryk Budi Pratama
Sosialisasi UU Pelindungan Data Pribadi untuk sektor kesehatan.
Webinar Serial TIK I-2022
Diselenggarakan oleh:
*INDOHCF - KREKI - IODTI - FORKOMTIKNAS - Z-COURSE*
TOPIK:
*Implikasi UU PDP (Perlindungan Data Pribadi) Terhadap Tata Kelola Data di Sektor Kesehatan*
Rancangan Undang - Undang (RUU) Perlindungan Data Pribadi (PDP) telah resmi disahkan menjadi Undang-Undang (UU) dalam Rapat Paripurna DPR RI pada tanggal 20 Sept 2022. Sambil menunggu peraturan pelaksanaannya, maka perlu lebih mencermati isi regulasi tsb dan mendiskusikan bagaimana implikasinya bagi sektor kesehatan baik Faskes, BPJS, Masyarakat dan stakeholder kesehatan lainnya
This material was presented at Orang Siber Indonesia regular webinar.
Content:
> Understanding privacy management
> Global privacy news
> Understanding privacy regulations and frameworks
> Data Privacy Program Management practices
Data Loss Prevention (DLP) - Fundamental Concept - ErykEryk Budi Pratama
Presented at APTIKNAS (Indonesia ICT Business Association) DKI Jakarta regular webinar.
Title:Data Loss Prevention: Fundamental Concept in Enabling DLP System
2 July 2020
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
Presented on PHPID Online Learning 35.
Komunitas PHP Indonesia
Title: Enabling Data Governance - The Journey through Data Trust, Ethics, and Quality
Eryk B. Pratama
Global IT & Cybersecurity Advisor
Data Protection Officer Dashboard | GDPRCorporater
Data Protection Officers (DPOs) have a very critical role to play in today's organizations, especially with the implementation of GDPR. Data Protection Officer dashboards are an essential aid to DPOs to stay on top of GDPR compliance activities, and to implement and monitor GDPR projects.
The presentation gives insight into the essentials of a DPO dashboard.
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
O que e mapeamento de dados (data mapping) e como elaborar um para sua empresaGraziela Brandão
O que é Mapeamento de Dados (Data Mapping) e como elaborar um para sua empresa
Com a iminência da entrada em vigor da #LGPD, muitas empresas precisam se adequar aos requisitos da lei!
Para realização de uma adequação de procedimentos à LGPD, o primeiro passo é a realização de um mapeamento de dados que circulam na empresa tanto por vias físicas quanto por vias digitais.
Saiba mais sobre Mapeamento de Dados, ou ainda, o data mapping, data flow ou inventário de dados, acesse: https://blconsultoriadigital.com.br/lgpd
Caso necessite de assessoria jurídica especializada em Direito Digital e Proteção de Dados (LGPD & GDPR), entre em contato pelo e-mail contato@blconsultoriadigital.com.br ou ligue para +55 19 3090 6600.
Referências desse conteúdo:
Referências – O que é Mapeamento de Dados
[1] Adaptado de LGPD: Lei Geral de Proteção de Dados pessoais: manual de implementação. Viviane Nóbrega Maldonado (coord.). São Paulo: Thomson Reuters Brasil, 2019.
[2] https://www.aim4gain.com/
Para mais conteúdos, acesse: www.blconsultoriadigital.com.br
DATA LOSS PREVENTION ENSURES CRITICAL INFORMATION ARE KEPT SAFELY AT THE CORPORATE NETWORK AND HELPS ADMINISTRATOR CONTROL THE DATA WHAT
END-USERS WISH TO TRANSFER.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
With the new General Data Protection Regulation (GDPR) set to launch in May of 2018, many are wondering how it will change the way they do business. In this presentation, we explore how to ensure compliance of the new regulation.
Want more on GDPR compliance? Join us for this FREE virtual event: http://info.aiim.org/data-privacy-data-protection-gdpr
At the highest level, our mission continues to be about keeping our customers (companies and governments) safe from ever-evolving digital threats, so they are confident to move business forward. Our strategy to accomplish this mission centers around four key pillars: Advanced Threat Protection, Information Protection for On Premise and Cloud, Security as a Service -- all anchored by a Unified Security Analytics Platform. Symantec Data Loss Prevention is a foundational product in the Information Protection for On Premise and Cloud pillar.
Everyone knows that storing and accessing data and applications in the cloud and on mobile devices provides makes work much easier and productive by allowing employees to work everywhere they need to.
It allows for great business agility – applications are always up to date, new functionality and processes can be deployed and activated quickly and organizations can adjust things on the fly if they need to.
It also brings the convenience factor – all employees to work in the way that they need to, collaboration and sharing is made vastly easier with cloud applications and storage.
But it brings with it all the challenges of securing devices and applications that your don’t own, and whilst saying NO might be the right thing for security, end users will find a way around it. Right now, close to 30% of employees use their personal devices for work. And that number is on the rise, potentially turning BYOD into Bring Your Own Disaster.
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
Data loss is considered by security experts to be one of the most serious threats that businesses currently face.
Maintaining the confidentiality of personal information and data is an essential factor in operating a successful business. People must be able to trust that their service provider takes the appropriate measures to implement security controls that will ultimately protect their privacy.
However, some of the largest and most reputable organizations have fallen victim to data loss security breaches resulting in significant legal, financial, and reputation loss, including [1]:
The Bank of America: Losing the personal employee information of over one million employees
The United States Government: Losing data related to the military
Heartland Payment Systems: Transferring credit card information and other personal records of over 130 million customers
In 2013, it was estimated that data breaches had resulted in the exploitation of over 800 million personal records [2]. This number is also expected to rise over the next several years given the advanced tools that cybercriminals use to steal information and data.
Interestingly, it is not just cybercriminals who represent a threat as:
64% of data loss is caused by well-meaning insiders.
50% of employees leave with data.
$3.5 million average cost of a security breach.
Considering these extensive data breaches, it is practical for organizations to understand where their critical data is located and understanding current security controls that can stop data loss.
Data Loss Prevention (DLP) solutions locate critical and personal data for organizations and help prevent data loss. By having a deeper understanding of efficient DLP security controls, you will help protect the reputation of your organization.
For more information contact: rkopaee@riskview.ca
https://www.threatview.ca
http://www.riskview.ca
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec Data Loss Prevention - Introduction
- Symantec Data Loss Prevention - Components
- Symantec Data Loss Prevention - Features & Use Cases
- Symantec Data Loss Prevention - System Requirements
- Symantec Data Loss Prevention - Appendix (extra information)
This provides a brief overview of Symantec Data Loss Prevention (DLP). Please note all the information is based prior to May 2016 and the full integration of Blue Coat Systems's set of solutions.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
O que e mapeamento de dados (data mapping) e como elaborar um para sua empresaGraziela Brandão
O que é Mapeamento de Dados (Data Mapping) e como elaborar um para sua empresa
Com a iminência da entrada em vigor da #LGPD, muitas empresas precisam se adequar aos requisitos da lei!
Para realização de uma adequação de procedimentos à LGPD, o primeiro passo é a realização de um mapeamento de dados que circulam na empresa tanto por vias físicas quanto por vias digitais.
Saiba mais sobre Mapeamento de Dados, ou ainda, o data mapping, data flow ou inventário de dados, acesse: https://blconsultoriadigital.com.br/lgpd
Caso necessite de assessoria jurídica especializada em Direito Digital e Proteção de Dados (LGPD & GDPR), entre em contato pelo e-mail contato@blconsultoriadigital.com.br ou ligue para +55 19 3090 6600.
Referências desse conteúdo:
Referências – O que é Mapeamento de Dados
[1] Adaptado de LGPD: Lei Geral de Proteção de Dados pessoais: manual de implementação. Viviane Nóbrega Maldonado (coord.). São Paulo: Thomson Reuters Brasil, 2019.
[2] https://www.aim4gain.com/
Para mais conteúdos, acesse: www.blconsultoriadigital.com.br
California Consumer Protection Act (CCPA) is
one such law that empowers the residents of
California, United States to have enhanced
privacy rights & consumer protection. It is the
most comprehensive US state privacy law to
date.
Salesforce Data Archive & Backup: How to Comply with the DPDP Act?DataArchiva
Safeguarding the data rights of Indian subjects, DPDP mandates all data fiduciaries to update the Data Protection Board of India on how the represented organizations can follow ethical practices in handling personal data. As a keeper of compliance DPDP Act not only applies to Data Protection Officers (DPO), he/she can be a board member, CEO, any representative of the organization, or even Salesforce Platform Manager/Salesforce Technical Architect!
If you are one among them, it is imperative to adhere to the Data Protection and Privacy (DPDP). Most appropriately while using 3rd party services in Salesforce data processing & disposals as per the DPDP act provisions. This slide deck covers everything you need to know about the act and how you can ensure 100% compliance with India's latest Digital Data Privacy Bill (DPDP) while maintaining Salesforce data archives & backups with DataArchiva.
For more details visit at dataarchiva.com
Ethyca CodeDriven - Data Privacy Compliance for Engineers & Data TeamsCillian Kieran
A presentation at FirstMark's CodeDriven event in AWS Loft in New York on how to think about Data Privacy Compliance if you work in engineering, data or product teams.
For more information visit https://www.thesaurus.ie or https://www.brightpay.ie
With the introduction of the GDPR, in May, came updates to the Data Protection legislation that had been in place since 1988, making the new regulations more coherent in dealing with the levels of online use we see today in comparison to 30 years ago. It has also brought with it new and more stringent rules around the security of personal data and how it is processed.
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations. This webinar looks at what is new in GDPR and how it may effect your business, what have we learned from the GDPR 3 months on and how Thesaurus can help your organisation utilise the new regulations for the benefit of you, your customers, suppliers and employees.
Speakers include:
Laura Murphy - HR Manager, Thesaurus Software / Bright Contracts
Jennie Hussey - Payroll Advisor and Employment Law Expert, Thesaurus Software / Bright Contracts
Guest Speaker: Graham Doyle - Head of Communications, Data Protection Commissioners
Presentation about insider threat ways of working, their impact on organizations and how technical and human indicators can be monitored to detect and neutralize insider threats. Professionals working in security operations should monitor these indicators to create profile of possible insider going rogue.
25 May 2018, the General Data Protection Regulation (GDPR) deadline, is less than 6 months away.
As the attention on the regulation is at the top, there is now a growing concern for any organization that is affected by.
We would like to invite you to join our webinar to share with you our approach and help your organization and you document repository to be compliant with GDPR.
During the webinar, our special guests, George Parapadakis – Business Solutions Strategy, Alfresco and Bart van Bouwel – Managing Partner, CDI-Partners, will provide you with:
- How to implement GDPR in your document repository
- How the Alfresco Digital Business Platform can help your organization to be compliant with GDPR
- Xenit approach: a managed shared drive
-Xenit demonstration
-Top tips to start preparing for the GDPR.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
This presentation was presented in OWASP Thailand Chapter Meeting 5/2019 (July 25). It is about how to design data architecture and secure software in order to protect organization from regulation's penalty causes by data breach. However, this slide is still incomplete and need more clarification, so it would be useful for those attended the meeting. Be careful for distribution.
GDPR regulations will affect the way your organization collects and manages customer data in Europe. This will require changes to your business processes along with IT applications and infrastructure updates. In the webinar, 5 Ways to Make Your Postgres GDPR-Ready, you'll discover what you need to do to prepare your Postgres databases for GDPR including:
- An overview of GDPR and its detailed requirements
- Strategies for preparing your Postgres databases for compliance
- Examples of relevant Postgres capabilities, code changes, process modifications, and third-party tools
- Where to turn for the expertise and support you need to succeed
View Now at: https://attendee.gotowebinar.com/register/3457814923722973699
In a little more than 100 days, GDPR regulations will affect the way your organization collects and manages customer data in Europe. This will require changes to your business processes along with IT applications and infrastructure updates.
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
The Data Protection Act 2019, was enacted on November 8th, 2019, ushering a new era of accountability and responsibility with regard to processing of personal data and information. Naturally, there has been a resurrection of the chatter around data protection in increasingly data-driven social and economic settings. The question on everyone’s mind being what does this mean for me?
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxSteveNgigi2
The data protection impact assessment for a cloud based project aims to provide financial inclusion for the unbanked population through its three modules, i.e., wallet, social banking and marketplace/business hub. The primary goal is to enable individuals without access to traditional banking services to engage in financial transactions.
The processing involves the collection, storage, and utilization of personal data for various purposes, such as creating digital wallets, facilitating social banking interactions, and delivering targeted marketing content. The platform will manage user information to enable secure and seamless financial transactions.
The targeted data subjects are individuals and entities within the unbanked population who lack access to traditional financial services. These individuals include low-income earners, marginalized communities and those residing in areas with limited banking infrastructure.
The primary class of data subjects includes the unbanked population seeking financial inclusion. Within this group, there may be subcategories, such as individuals with limited financial literacy or those residing in remote areas, and any vulnerable groups, such as elderly users or minors, who are part of the targeted data subjects.
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
12/7/2016 - It's difficult to avoid news stories about hacks and misused databases. For our Q4 meetup, we will discuss what nonprofits can do to protect their systems and data. Each panelist will outline best practices for protecting your own data as well as constituent data.
PANELISTS
* Mary Gardner, Chief Information Security Officer at Seattle Children's Hospital.
* Ralph Johnson, Chief Information Security and Privacy Officer, King County
* Peter Kittas, Web and IT Consultant, Revelate LLC
Ringkasan Standar Kompetensi Data Protection Officer | Agustus 2023 | IODTIEryk Budi Pratama
UU No 27 Tahun 2022 tentang Pelindungan Data Pribadi (“UU PDP”) telah disahkan pada bulan Oktober 2022 dan saat ini telah memasuki masa tenggang. Ketiadaan peraturan teknis / turunan membuat banyak organisasi masih ragu dalam menetapkan arah dan mengimplementasikan UU PDP sesuai dengan peraturan perundang-undangan yang berlaku. Salah satu aspek penting dalam UU PDP adalah terkait penunjukan Pejabat/Petugas yang melaksanakan fungsi Pelindungan Data Pribadi (PPDP) atau Data Protection Officer (DPO) seperti yang diamanatkan oleh UU PDP Pasal 53 dan 54.
Melalui Keputusan Menteri Ketenagakerjaan Republik Indonesia Nomor 103 Tahun 2023 tentang Penetapan Standar Kompetensi Kerja Nasional Indonesia Kategori Informasi dan Komunikasi Golongan Pokok Aktivitas Pemrograman, Konsultasi Komputer dan Kegiatan yang Berhubungan dengan Itu (YBDI) Bidang Keahlian Pelindungan Data Pribadi yang ditetapkan pada tanggal 23 Juni 2023, maka standar kompetensi PPDP/DPO telah sah untuk dapat dijadikan rujukan dalam menentukan kompetensi SDM, kebutuhan rekrutmen, pelatihan, dan sertifikasi terkait dengan Pelindungan Data Pribadi.
Ringkasan Standar Kompentensi / SKKNI Pelindungan Data Pribadi ini disusun untuk memudahkan masyarakat dalam memahami secara ringkas 4 Fungsi Kunci, 8 Fungsi Utama, dan 19 Fungsi Dasar yang telah disusun oleh Tim Perumus dan Kementerian Komunikasi dan Informatika Republik Indonesia, serta disahkan oleh Menteri Ketenagakerjaan Republik Indonesia. Semoga ringkasan SKKNI PDP ini dapat bermanfaat dan memberikan panduan secara ringkas tidak hanya perihal kompetensi PPDP/DPO, namun juga hal-hal yang dapat dilakukan oleh organisasi dalam menerapkan Program Pelindungan Data Pribadi.
Salam,
Eryk Budi Pratama, CIPM, CIPP/E, FIP
Chairman - Institute of Digital Trust Indonesia (IODTI)
Tim Perumus SKKNI Pelindungan Data Pribadi
Tim Perumus Rancangan Peraturan Pemerintah Pelindungan Data Pribadi (“RPP PDP”)
eryk@digitaltrustid.org
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
Presented at Online ITIL Indonesia Webinar #5.
Content:
> Setting up the context
> Understanding holistic IT Management point of view
> IT Service Management Transformation
> Key Performance Indicator (KPI)
> IT Service Catalogue
> IT Sourcing
> Agile Incident Management
Presented at National Webinar of ISACA Student Group, Universitas Kristen Satya Wacana, indonesia.
Title: Cyber Resilience: Post COVID-19 - Welcoming New Normal
2 July 2020
Guardians of Trust: Building Trust in Data & AnalyticsEryk Budi Pratama
Presented at Absolut Data Event, 17 Dec 2019, at GoWork Kuningan.
Event URL: https://www.eventbrite.com/e/panel-discussion-what-will-you-prepare-with-data-in-2020-tickets-84851546259
My presentation summarized the two of KPMG publication related to Trust in Data & Analytics. The focus of this event was panel discussion.
Ref 1 : https://assets.kpmg/content/dam/kpmg/xx/pdf/2016/10/building-trust-in-analytics.pdf
Ref 2: https://assets.kpmg/content/dam/kpmg/xx/pdf/2018/02/guardians-of-trust.pdf
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
Presented at Indonesia Honeynet Project (IHP) meetup. This presentation covering:
1. Overview of Industry 4.0
2. IoT Security Model
3. How to Secure IoT
4. Research in IoT
Other emerging technology risk area that will be covered in my professional services:
1. Cloud
2. Mobile
3. Artificial Intelligence / Intelligent Automation
4. Data & Analytics
Protecting Agile Transformation through Secure DevOps (DevSecOps)Eryk Budi Pratama
Respresenting Cyber Defense Community (cdef.id) to present and share my view on Secure DevOps / DevSecOps. Through this presentation, I shared several insights about:
1. How to balance the risk and controls in the "great shift left" paradigm (agile)
2. DevOps activities
3. How to seamlessly integrate security into DevOps
4. How to "shift left" the security"
5. Get started with Secure DevOps / DevSecOps
6. Case Study about DevSecOps implementation
For further discussion, especially how to secure digital and agile transformation in your organization, don't hesitate to contact me :)
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
(re-upload)
Capability assessment of IT Governance using COBIT 5 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
1. 11
PERSONAL DATA PROTECTION
Eryk B. Pratama
IT Advisory & Cyber Security Consultant at Global Consulting Firm
Komunitas Data Privacy & Protection Indonesia
11 July 2020 | 20:00
Komunitas Orang Siber Indonesia Webinar
Basic Regulation and Technical Aspects
5. Data/Information Lifecycle
Introduction
Source: ISACA – Getting Started with Data Governance with COBIT 5
It is important to plan the life cycle of data along with their placement within the governance structure. As practices
operate, the data supporting or underlying them reach the various levels of their natural life cycles. Data is planned,
designed, acquired, used, monitored and disposed of.
Critical information security control
Store | Data at Rest Share | Data in Motion Use | Data in Use
6. Mind-map
Introduction
Regulation Technical Aspects
EU General Data Protection
Regulation (GDPR)
US California Consumer
Protection Act (CCPA)
RUU Perlindungan Data
Pribadi (RUU PDP)
Pre-Breach
Identity & Access Management
Data Loss Prevention
Privilege Access Management
Cyber Hygiene
During & Post Breach
Incident Management
Crisis Management
PP 71 2019 - PSTE
Peraturan Kominfo No 20
2016 - Data Pribadi pada PSE
8. RUU Perlindungan Data Pribadi
Regulation Aspects
Key Highlight
▪ Explicit Consent is required from the data owner for
personal data processing.
▪ Responding timelines for Data subject rights have been
separately called out in the RUU PDP.
▪ Data controller to notify the data owner and the Minister
within 3 days of data breach.
▪ Penalties for non-compliance may range from Rp 20 Billion
to Rp 70 Billion or Imprisonment ranging from 2 to 7 years
Data Owner Data Controller Data Processor Data Protection Officer
9. Data Owner – Pemilik Data Pribadi
Regulation Aspects
Hak Pemilik Data Pribadi
Pasal Deskripsi
Pasal 4 meminta Informasi tentang kejelasan identitas, dasar kepentingan hukum, tujuan permintaan dan penggunaan Data
Pribadi, dan akuntabilitas pihak yang meminta Data Pribadi.
Pasal 5 melengkapi Data Pribadi miliknya sebelum diproses oleh Pengendali Data Pribadi.
Pasal 6 mengakses Data Pribadi miliknya sesuai dengan ketentuan peraturan perundang-undangan.
Pasal 7 memperbarui dan/atau memperbaiki kesalahan dan/atau ketidakakuratan Data Pribadi miliknya sesuai dengan
ketentuan perundang-undangan.
Pasal 8 mengakhiri pemrosesan, menghapus, dan/atau memusnahkan Data Pribadi miliknya.
Pasal 9 menarik kembali persetujuan pemrosesan Data Pribadi miliknya yang telah diberikan kepada Pengendali Data Pribadi
Pasal 10 mengajukan keberatan atas tindakan pengambilan keputusan yang hanya didasarkan pada pemrosesan secara otomatis
terkait profil seseorang (profiling).
Pasal 11 memilih atau tidak memilih pemrosesan Data Pribadi melalui mekanisme pseudonim untuk tujuan tertentu
Pasal 12 menunda atau membatasi pemrosesan Data Pribadi secara proporsional sesuai dengan tujuan pemrosesan Data Pribadi
Pasal 13 menuntut dan menerima ganti rugi atas pelanggaran Data Pribadi miliknya sesuai dengan ketentuan peraturan
perundang-undangan.
11. Data Masking - Tokenization
Regulation Aspects
Source: https://blog.thalesesecurity.com/2015/02/05/token-gesture-vormetric-unveils-new-tokenization-solution/
No sensitive data is stored in the production
database
12. Data Controller – Pengendali Data Pribadi
Regulation Aspects
Kewajiban Data Controller
Pasal Deskripsi
Pasal 24 ▪ wajib menyampaikan Informasi mengenai legalitas dari pemrosesan , tujuan pemrosesan , jenis dan relevansi
pemrosesan, periode retensi dokumen, rincian informasi yang dikumpulkan, dan jangka waktu pemrosesan data
▪ menunjukkan bukti persetujuan yang telah diberikan oleh Pemilik Data Pribadi
Pasal 25 wajib menghentikan pemrosesan Data Pribadi dalam hal Pemilik Data Pribadi menarik kembali persetujuan
pemrosesan Data Pribadi
Pasal 27 wajib melindungi dan memastikan keamanan Data Pribadi yang diprosesnya dengan melakukan:
▪ penyusunan dan penerapan langkah teknis operasional untuk melindungi Data Pribadi
▪ penentuan tingkat keamanan Data Pribadi dengan memperhatikan sifat dan risiko dari Data Pribadi yang
harus dilindungi dalam pemrosesan Data Pribadi
Pasal 28 wajib melakukan pengawasan terhadap setiap pihak yang terlibat dalam pemrosesan Data Pribadi
Pasal 29 wajib memastikan pelindungan Data Pribadi dari pemrosesan Data Pribadi yang tidak sah
Pasal 36 wajib melakukan pemrosesan Data Pribadi sesuai dengan tujuan pemrosesan Data Pribadi yang disetujui oleh Pemilik
Data Pribadi. (Explisit / Implicit Consent)
Pasal 38
Pasal 39
Penghapusan dan pemusnahan data pribadi
13. Data Protection Officer – Fungsi Perlindungan Data Pribadi
Regulation Aspects
▪ harus ditunjuk berdasarkan kualitas profesional, pengetahuan mengenai hukum
dan praktik pelindungan Data Pribadi.
▪ dapat berasal dari dalam dan/atau luar Pengendali Data Pribadi atau Prosesor Data Pribadi.
▪ menginformasikan dan memberikan saran untuk Data Controller dan Data Processor
▪ memantau dan memastikan kepatuhan terhadap Undang-Undang ini dan kebijakan Pengendali Data
Pribadi atau Prosesor Data Pribadi
▪ memberikan saran mengenai penilaian dampak pelindungan Data Pribadi dan memantau kinerja
Data Controller dan Data Processor
▪ berkoordinasi dan bertindak sebagai narahubung untuk isu yang berkaitan dengan pemrosesan Data
Pribadi
▪ Dalam melaksanakan tugas, harus memperhatikan risiko terkait pemrosesan Data Pribadi, dengan
mempertimbangkan sifat, ruang lingkup, konteks, dan tujuan pemrosesan
15. Identity and Access Management
Technical Aspects – Identity & Access Management
Security Management
Provides the overarching framework, policies, and procedures
Identity Management Access Management
Manages individual identities and their access to
resources and services
Manages the “who has access to what” question and
allows access based on individual relationship with the
resources and services
Directory Services
Maintains an identity repository that store identity data and attributes, and provides access and
authorization information
“ IAM grants authorized users the right to use a service,
while preventing access to non-authorized users “
16. From Simply Managing Identities to Managing Complex Relationships
Technical Aspects – Identity & Access Management
Identity Access Management Identity Relationship Management
Source: Forrester Research
17. Identity Management Basic Process
Technical Aspects – Identity & Access Management
Authoritative/Trusted Source
Middleware / Identity
Management Solution
Target System
HR Data IDM Solution
Active Directory
Email Server
ERP
Others Applications
Provisioning
Reconciliation
Create,Update,Revoke
18. Access Management Basic Process
Technical Aspects – Identity & Access Management
Receive Request Verification Provide Rights Log and Track Access
▪ Change requests
▪ Services requests
▪ HR requests
▪ App / Script requests
▪ Valid user ?
▪ Valid request ?
▪ Request access ?
▪ Remove access ?
▪ Provide access
▪ Remove access
▪ Restrict access
▪ Check and monitor
identity status
▪ Violations to Incident
Management Process
Business Rules, Policies, Procedures, Controls
ISMS
19. User and Access Management primary concern
Technical Aspects – Identity & Access Management
User access provisioning and de-provisioning
Periodic access reviews
Privileged user accounts
Segregation of duties
System authentication
User Management
Access Management
20. Data Governance: Common Area
Technical Aspects – Data Loss Prevention
Source: https://www.pinterest.com/pin/838584393089888744/
Data Security is one of
foundational and important
area in Data Governance
21. Data Loss/Leakage Prevention Solution
Technical Aspects – Data Loss Prevention
A Data Loss Prevention (DLP) solution typically incorporates people, process, and technology to protect sensitive data traversing
throughout an organization. Data within an organization is often categorized and protected by DLP in the following three different
forms:
Data in Motion Data at Rest Data in Use
Data that is transmitted or moved, both
through electronic or non-electronic
means. Data that is actively traveling on
a network, such as email or web traffic.
Data that resides on a stable medium,
including servers, network shares,
databases, individual computers, and
portable media.
Data that has been obtained and are
being processed or actively used.
Typically, referring to data on end-user
computing device or host systems.
Structured Data Unstructured Data Semi-structured Data
Data commonly stored in
databases or applications
Exists in filesystems or
documents
Examples of such data format
types include email
Data Type
22. Sample Deployment
Technical Aspects – Data Loss Prevention
ILLUSTRATIVE
DLP Manager
DLP Monitor
DLP Prevent
DLP Prevent
Host DLP
DLP Discover
DLP End Point
23. DLP Implementation Key Activities
Technical Aspects – Data Loss Prevention
Review of the organisation data protection policy and conduct gap assessment
Define data flows, data classification and information asset list
DLP Framework and High-level Policy Definition
Base policy creation and tuning
Metrics definition
Incident response workflow creation
User awareness
24. DLP Implementation Strategy
Technical Aspects – Data Loss Prevention
Organizations often deploy DLP solutions using a phased approach. This includes initial implementation of the DLP solution in monitoring
mode and/or within selected business unit(s) to help ensure policies/rules effectiveness and assess business impact before turning on any
automated “prevent “functions.
LowHigh
Near Term Long Term
ImplementationComplexity
Email
Monitoring
Network
Monitoring
Endpoint Monitoring
and Discovery
Email
Filtering/Blocking
Network
Filtering/Blocking
Endpoint
Filtering/Blocking
Timeline
Prevent PhaseMonitor Phase
Benefits
▪ By performing Email DLP first, existing technology is utilized and a high-risk use case is addressed quickly
▪ Implementing endpoint DLP after email DLP allows company to address the remaining high-risk use cases.
▪ Deploying DLP in monitoring mode followed by preventive mode allows company to pilot solution
25. DLP Use Case: Data in Motion
Technical Aspects – Data Loss Prevention
Data Origination Outbound Email from Internal Source (Sensitive Information)
User Action
Internal user sends email with sensitive information (e.g. PII, PCI, HR files, etc.) outbound to an external
user or personal email address.
DLP Response
DLP monitors and analyzes outbound traffic based on policies for predefined data elements and
company document tags. Document tagging allows DLP to fingerprint files in order to monitor and/or prohibit
the movement of sensitive information based on policies.
Available Action Monitor, record/block/encrypt, and notify
Result
Sensitive information is tracked and prevented from reaching unauthorized recipient. Sender, manager, security,
and/or HR notified of policy violation or actions required/taken for authorized recipients (e.g. email and
attachments marked to indicate level of confidentiality and encrypted, as required).
26. DLP Use Case: Data in Use
Technical Aspects – Data Loss Prevention
Data Origination Unauthorized Sensitive Information Download
User Action
User attempts to retain sensitive information for unauthorized use from an application or database through
copy/paste functions, the “print screen” command, hard copy printing, or exploitation of current access
privileges to execute excessive sensitive information downloads (e.g. prior to departure).
DLP Response
DLP monitors workstation and mobile device activity for the use and/or transfer of sensitive information based
on policies for predefined data elements and company document tags. Company document tagging and user-
defined fingerprinting allow DLP to monitor and/or prohibit the movement of sensitive information based on
policies.
Available Action Monitor/inventory, block, and notify
Result
Sensitive information is monitored, blocking the “print screen,” paste, and hard copy print actions. The user,
manager, security, and/or HR are notified of policy violation. Utilize scan results to update/maintain inventory of
endpoints containing sensitive information.
27. Incident Management Definition
Technical Aspects – Incident Management
What is an IT incident?
An IT incident is any disruption to an organization's IT services that affects anything from a single user or the entire business . In
short, an incident is anything that interrupts business continuity.
What is IT incident management?
Incident management is the process of managing IT service disruptions and restoring services within agreed
service level agreements (SLAs). The scope of incident management starts with an end user reporting an issue and
ends with a service desk team member resolving that issue.
Analyst Incident Responder Digital Forensic
Incident Escalation
Layer 1 (L1) Layer 2 (L2) Layer 3 (L3)
Incident Classification
MediumHigh Low
Incident Prioritization
Critical High Medium Low