SlideShare a Scribd company logo

Iamers presentation-2

Download as PPTX, PDF
DFLABS SRL
DFLABS SRL

The document summarizes the proceedings of the 8th Annual IAMER meeting in 2012 on emerging issues in data security, privacy, and employee monitoring. It discusses differences between US and EU approaches to data privacy, potential modifications to EU privacy laws, the importance of security analytics and proactive monitoring, and considerations around monitoring employees in different jurisdictions. Key topics covered include healthcare privacy laws, data theft protection, anti-bribery laws, medical fraud, and how these issues relate to frameworks for risk mitigation.

TechnologyBusiness
1 of 17
IAMERs 8th Annual Meeting 2012 Emerging Issues in Data Security, Data Privacy, & Employee Monitoring DF Labs The Lorenzi Group (c)2012 The Lorenzi Group & DF Labs
Data Security  What data are we talking about?  Health  Financial  Product Innovation  Operations & Strategy (c)2012 The Lorenzi Group & DF Labs
Data Privacy – US vs. EU  Main Difference:  EU – All about regulation & compliance protecting the rights of the individual.  USA – National security & the company interests are protected first.  Patriot Act  Safe Harbor  Preventive Monitoring & Security Analytics (c)2012 The Lorenzi Group & DF Labs
Privacy in the EU: ….possible modification soon  No More Local Implementation  Only one notification  Under the new proposals national data protection authorities will be able to penalize data protection breaches by imposing fines of up to 2 percent of the global annual revenues of a business.  Immediate data breach notification (c)2012 The Lorenzi Group & DF Labs
Security Analytics: The Next Frontier  Proactive Monitoring of data traffic  Internal monitoring more important than external monitoring  Baselines  Metrics  Patterns, anomalies & Standard Deviation (c)2012 The Lorenzi Group & DF Labs
Discussion Points  HIPAA/EU Healthcare Privacy (aka Directive)  Insurance Companies & Data Theft Protection  FCPA/UK Bribery Act 2010  Medical Fraud  Employee Monitoring (c)2012 The Lorenzi Group & DF Labs
HIPAA & the EU Directive United States European Union  Federal Mandate  EU Mandate (w/  Health related country-specific information regulators)  Can encompass Financial Info (c)2012 The Lorenzi Group & DF Labs
Insurance Co’s & Data Theft  More control over data theft claims  Policies becoming more restrictive  Coverage becoming more focused  Moving away from typical coverage as add-on  Immediate action required by insured (c)2012 The Lorenzi Group & DF Labs
US FCPA & UK Bribery Act 2010  ForeignCorrupt Practices Act  Revenue generator for Federal Gov’ts  Regulator base and depth growing  “Double Jeopardy” does not apply  Recently expanded to vendors, partners & consultants (c)2012 The Lorenzi Group & DF Labs
Medical Fraud  Equipment being sold on Black Market/Gray Market  Purchases made with false information:  Credit Cards  Federal Tax Id’s (Corporate ID Theft)  Unauthorized Personnel  FBI issued report showing 40% Corporate Cybercrime is Employee Driven (c)2012 The Lorenzi Group & DF Labs
Employee Monitoring  Key part of Security Analytics  US: Company owned  EU: Data owned  German Unions seeing great success Sony vs. Lockheed  Lockheed Martin, KaiserPermanente, USPS (c)2012 The Lorenzi Group & DF Labs
Employee Monitoring (pt2)  In EU, Employee monitoring may not be allowed. In some cases, in fact:  Privacy Impact  Labor Law  Cases where monitoring data and preventing incidents are mandatory  i.e. the Italian 231/01 (c)2012 The Lorenzi Group & DF Labs
Risk Mitigation Framework Fonte: Dflabs&Terremark Incident Prevention and Preparation (Including Forensics and IT SecurityProcess Fraud) Management and Support, including vulnerability Pre-Incident management Preparation Enterprise Know where Business your data are Security Application Security Incident Response and Management investigation (Including Forensics Test Your Tech and Fraud) Business Risk Management, Use the Right Policy, standards, Technologies, Legal and Technology guidelines (c)2012 The Lorenzi Group & DF Labs
Risk Mitigation Framework: Example in the Medical Device World  FDA: Which medical devices are covered by this guidance?  Medical devices that incorporate off-the-shelf (OTS) software  Medical Devices that can be connected to a private intranet or the public Internet  This information also may be useful to network administrators in health care organizations and information technology vendors.  Who is responsible for ensuring the safety and effectiveness of medical devices?  The device manufacturer bears the responsibility for the continued safe and effective performance of their medical device,  The device manufacturer does not bear responsibility for the Hospital Network Source: FDA 2012 (c)2012 The Lorenzi Group & DF Labs
Risk Mitigation Framework: Example in the Medical Device World A vendor in the medical devices arena asked DFLabs to perform the following tasks:  Code Audit on the Device Software  Security Assessment on the Device Itself  Security Guidelines for the Device setup  Contractual Technical Support Vs, Hospital Relationships Source: FDA 2012 (c)2012 The Lorenzi Group & DF Labs
Risk Mitigation Framework: Example in the Hospital World  Prominent Hospital has a MAJOR/Gross data breach  Post event Security Analysis ID’d  Lack of Controls  Too much & contradicting Information  Employee Monitoring would have ID threat risk prior to event Set it & Forget Security it is DEAD. Diligence is KEY to success. (c)2012 The Lorenzi Group & DF Labs
Questions? Robert Fitzgerald Dario Forte The Lorenzi Group DF Labs +1-866-632-9880 +39-0373-83196 www.thelorenzigroup.com www.dflabs.com info@thelorenzigroup.com info@dflabs.com (c)2012 The Lorenzi Group & DF Labs

Recommended

IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET Journal
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
Joey Jablonski
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
LindaWatson19
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
IJNSA Journal
 
An Introduction to Asset Recovery
An Introduction to Asset RecoveryAn Introduction to Asset Recovery
An Introduction to Asset Recovery
mylespilkington
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
researchinventy
 
Apps fundamentals
Apps fundamentalsApps fundamentals
Apps fundamentalsKrishnamraju Kottapalli
 

Recommended

IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET- An Approach Towards Data Security in Organizations by Avoiding Data Br...
IRJET Journal
 
Big Data for Security
Big Data for SecurityBig Data for Security
Big Data for Security
Joey Jablonski
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
A New Frontier in Securing Sensitive Information – Taneja Group, April 2007
LindaWatson19
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
IJNSA Journal
 
An Introduction to Asset Recovery
An Introduction to Asset RecoveryAn Introduction to Asset Recovery
An Introduction to Asset Recovery
mylespilkington
 
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...An Overview of Information Systems Security Measures in Zimbabwean Small and ...
An Overview of Information Systems Security Measures in Zimbabwean Small and ...
researchinventy
 
Apps fundamentals
Apps fundamentalsApps fundamentals
Apps fundamentalsKrishnamraju Kottapalli
 
2010 survey on information security business
2010 survey on information security business2010 survey on information security business
2010 survey on information security businessHai Nguyen
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
GFI Software
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Signals Defense, LLC
 
Review of the Jamaican Cybercrime Act of 2010
Review of the Jamaican Cybercrime Act of 2010Review of the Jamaican Cybercrime Act of 2010
Review of the Jamaican Cybercrime Act of 2010
Tyrone Grandison
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Jim Kaplan CIA CFE
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
ADGP, Public Grivences, Bangalore
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
Основна школа "Миливоје Боровић" Мачкат
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
ALI ANWAR, OCP®
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
Imperva
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYODJim Sutter
 
WAE Project - Proposals.
WAE Project - Proposals.WAE Project - Proposals.
WAE Project - Proposals.
Ekarin Sup
 
Tsui shan tu social media for designers
Tsui shan tu social media for designersTsui shan tu social media for designers
Tsui shan tu social media for designersTsui-Shan Tu
 

More Related Content

What's hot

2010 survey on information security business
2010 survey on information security business2010 survey on information security business
2010 survey on information security businessHai Nguyen
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
GFI Software
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10jpmccormack
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Signals Defense, LLC
 
Review of the Jamaican Cybercrime Act of 2010
Review of the Jamaican Cybercrime Act of 2010Review of the Jamaican Cybercrime Act of 2010
Review of the Jamaican Cybercrime Act of 2010
Tyrone Grandison
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - WebFahd Khan
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
IBM Security
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Jim Kaplan CIA CFE
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
DMIMarketing
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
ADGP, Public Grivences, Bangalore
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
ALI ANWAR, OCP®
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
Imperva
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYODJim Sutter
 

What's hot (20)

2010 survey on information security business
2010 survey on information security business2010 survey on information security business
2010 survey on information security business
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
 
Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10Version 3.6 Powerpoint March10
Version 3.6 Powerpoint March10
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
 
Review of the Jamaican Cybercrime Act of 2010
Review of the Jamaican Cybercrime Act of 2010Review of the Jamaican Cybercrime Act of 2010
Review of the Jamaican Cybercrime Act of 2010
 
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 YrsFinto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
Finto InfoSec ExIBM- CISSP ITIL CCSP CCIE JNCIS MCP 8.5 Yrs
 
ZSAH Security - Web
ZSAH Security - WebZSAH Security - Web
ZSAH Security - Web
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Mobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging RisksMobile Payments: Protecting Apps and Data from Emerging Risks
Mobile Payments: Protecting Apps and Data from Emerging Risks
 
Linda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT SecurityLinda Lopez Resume 20170130 IT Security
Linda Lopez Resume 20170130 IT Security
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider Threat
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYOD
 

Viewers also liked

WAE Project - Proposals.
WAE Project - Proposals.WAE Project - Proposals.
WAE Project - Proposals.
Ekarin Sup
 
Tsui shan tu social media for designers
Tsui shan tu social media for designersTsui shan tu social media for designers
Tsui shan tu social media for designersTsui-Shan Tu
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
DFLABS SRL
 
Food1
Food1Food1
Food1
Jessicash
 
Reglas para pantalla
Reglas para pantallaReglas para pantalla
Reglas para pantallaAndrea Godoy
 
Bayes net for "Stop Death by powerpoint"
Bayes net for "Stop Death by powerpoint"Bayes net for "Stop Death by powerpoint"
Bayes net for "Stop Death by powerpoint"
Ekarin Sup
 
Soc. 02_RiveraJordan.ppt
Soc. 02_RiveraJordan.pptSoc. 02_RiveraJordan.ppt
Soc. 02_RiveraJordan.pptriveram1
 
Historia
HistoriaHistoria
Historia
Andrea Godoy
 
Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU
DFLABS SRL
 
Dario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDario Forte's SST Moscow Keynote
Dario Forte's SST Moscow Keynote
DFLABS SRL
 
D.I.M.
D.I.M.D.I.M.
D.I.M.
DFLABS SRL
 
Life In Finland, blog texts in Chinese and Images
Life In Finland, blog texts in Chinese and ImagesLife In Finland, blog texts in Chinese and Images
Life In Finland, blog texts in Chinese and Images
Tsui-Shan Tu
 
PTK 1.0 official presentation
PTK 1.0 official presentationPTK 1.0 official presentation
PTK 1.0 official presentation
DFLABS SRL
 
IT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementIT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk Management
DFLABS SRL
 
Digital Rights and Responsibilities Game
Digital Rights and Responsibilities Game Digital Rights and Responsibilities Game
Digital Rights and Responsibilities Game 11sms
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFLABS SRL
 
Using Encase for Digital Investigations
Using Encase for Digital InvestigationsUsing Encase for Digital Investigations
Using Encase for Digital Investigations
DFLABS SRL
 

Viewers also liked (18)

WAE Project - Proposals.
WAE Project - Proposals.WAE Project - Proposals.
WAE Project - Proposals.
 
Tsui shan tu social media for designers
Tsui shan tu social media for designersTsui shan tu social media for designers
Tsui shan tu social media for designers
 
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and In...
 
Food1
Food1Food1
Food1
 
Reglas para pantalla
Reglas para pantallaReglas para pantalla
Reglas para pantalla
 
Bayes net for "Stop Death by powerpoint"
Bayes net for "Stop Death by powerpoint"Bayes net for "Stop Death by powerpoint"
Bayes net for "Stop Death by powerpoint"
 
Soc. 02_RiveraJordan.ppt
Soc. 02_RiveraJordan.pptSoc. 02_RiveraJordan.ppt
Soc. 02_RiveraJordan.ppt
 
Cancer
CancerCancer
Cancer
 
Historia
HistoriaHistoria
Historia
 
Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU
 
Dario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDario Forte's SST Moscow Keynote
Dario Forte's SST Moscow Keynote
 
D.I.M.
D.I.M.D.I.M.
D.I.M.
 
Life In Finland, blog texts in Chinese and Images
Life In Finland, blog texts in Chinese and ImagesLife In Finland, blog texts in Chinese and Images
Life In Finland, blog texts in Chinese and Images
 
PTK 1.0 official presentation
PTK 1.0 official presentationPTK 1.0 official presentation
PTK 1.0 official presentation
 
IT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementIT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk Management
 
Digital Rights and Responsibilities Game
Digital Rights and Responsibilities Game Digital Rights and Responsibilities Game
Digital Rights and Responsibilities Game
 
DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013DFlabs corporate profile 01-2013
DFlabs corporate profile 01-2013
 
Using Encase for Digital Investigations
Using Encase for Digital InvestigationsUsing Encase for Digital Investigations
Using Encase for Digital Investigations
 

Similar to Iamers presentation-2

3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
Keith Braswell
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
Imperva
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Education & Training Boards
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
- Mark - Fullbright
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Inno Eroraha [NetSecurity]
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
SafeguardsintheworkplaceAdam Richards
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
Puneet Kukreja
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
The Lorenzi Group
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
LaLaBlaGhvgT
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
Data Security.pptx
Data Security.pptxData Security.pptx
Data Security.pptx
FujifilmFbsg
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
DMIMarketing
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
todd581
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
glendar3
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
Legal Services National Technology Assistance Project (LSNTAP)
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
Robert 'Bob' Reyes
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
honey690131
 

Similar to Iamers presentation-2 (20)

Prevent & Protect
Prevent & ProtectPrevent & Protect
Prevent & Protect
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 
Data Breach Guide 2013
Data Breach Guide 2013Data Breach Guide 2013
Data Breach Guide 2013
 
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
Man and Machine -- Forming a Perfect Union to Mature Security Programs -- Key...
 
Safeguardsintheworkplace
SafeguardsintheworkplaceSafeguardsintheworkplace
Safeguardsintheworkplace
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
trellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdftrellix-dlp-buyers-guide.pdf
trellix-dlp-buyers-guide.pdf
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
Data Security.pptx
Data Security.pptxData Security.pptx
Data Security.pptx
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docxRunning head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
Running head ORGANIZATIONAL SECURITY1ORGANIZATIONAL SECURITY.docx
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
What every executive needs to know about information technology security
What every executive needs to know about information technology securityWhat every executive needs to know about information technology security
What every executive needs to know about information technology security
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 

Recently uploaded

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 

Recently uploaded (20)

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 

Iamers presentation-2

  • 1. IAMERs 8th Annual Meeting 2012 Emerging Issues in Data Security, Data Privacy, & Employee Monitoring DF Labs The Lorenzi Group (c)2012 The Lorenzi Group & DF Labs
  • 2. Data Security  What data are we talking about?  Health  Financial  Product Innovation  Operations & Strategy (c)2012 The Lorenzi Group & DF Labs
  • 3. Data Privacy – US vs. EU  Main Difference:  EU – All about regulation & compliance protecting the rights of the individual.  USA – National security & the company interests are protected first.  Patriot Act  Safe Harbor  Preventive Monitoring & Security Analytics (c)2012 The Lorenzi Group & DF Labs
  • 4. Privacy in the EU: ….possible modification soon  No More Local Implementation  Only one notification  Under the new proposals national data protection authorities will be able to penalize data protection breaches by imposing fines of up to 2 percent of the global annual revenues of a business.  Immediate data breach notification (c)2012 The Lorenzi Group & DF Labs
  • 5. Security Analytics: The Next Frontier  Proactive Monitoring of data traffic  Internal monitoring more important than external monitoring  Baselines  Metrics  Patterns, anomalies & Standard Deviation (c)2012 The Lorenzi Group & DF Labs
  • 6. Discussion Points  HIPAA/EU Healthcare Privacy (aka Directive)  Insurance Companies & Data Theft Protection  FCPA/UK Bribery Act 2010  Medical Fraud  Employee Monitoring (c)2012 The Lorenzi Group & DF Labs
  • 7. HIPAA & the EU Directive United States European Union  Federal Mandate  EU Mandate (w/  Health related country-specific information regulators)  Can encompass Financial Info (c)2012 The Lorenzi Group & DF Labs
  • 8. Insurance Co’s & Data Theft  More control over data theft claims  Policies becoming more restrictive  Coverage becoming more focused  Moving away from typical coverage as add-on  Immediate action required by insured (c)2012 The Lorenzi Group & DF Labs
  • 9. US FCPA & UK Bribery Act 2010  ForeignCorrupt Practices Act  Revenue generator for Federal Gov’ts  Regulator base and depth growing  “Double Jeopardy” does not apply  Recently expanded to vendors, partners & consultants (c)2012 The Lorenzi Group & DF Labs
  • 10. Medical Fraud  Equipment being sold on Black Market/Gray Market  Purchases made with false information:  Credit Cards  Federal Tax Id’s (Corporate ID Theft)  Unauthorized Personnel  FBI issued report showing 40% Corporate Cybercrime is Employee Driven (c)2012 The Lorenzi Group & DF Labs
  • 11. Employee Monitoring  Key part of Security Analytics  US: Company owned  EU: Data owned  German Unions seeing great success Sony vs. Lockheed  Lockheed Martin, KaiserPermanente, USPS (c)2012 The Lorenzi Group & DF Labs
  • 12. Employee Monitoring (pt2)  In EU, Employee monitoring may not be allowed. In some cases, in fact:  Privacy Impact  Labor Law  Cases where monitoring data and preventing incidents are mandatory  i.e. the Italian 231/01 (c)2012 The Lorenzi Group & DF Labs
  • 13. Risk Mitigation Framework Fonte: Dflabs&Terremark Incident Prevention and Preparation (Including Forensics and IT SecurityProcess Fraud) Management and Support, including vulnerability Pre-Incident management Preparation Enterprise Know where Business your data are Security Application Security Incident Response and Management investigation (Including Forensics Test Your Tech and Fraud) Business Risk Management, Use the Right Policy, standards, Technologies, Legal and Technology guidelines (c)2012 The Lorenzi Group & DF Labs
  • 14. Risk Mitigation Framework: Example in the Medical Device World  FDA: Which medical devices are covered by this guidance?  Medical devices that incorporate off-the-shelf (OTS) software  Medical Devices that can be connected to a private intranet or the public Internet  This information also may be useful to network administrators in health care organizations and information technology vendors.  Who is responsible for ensuring the safety and effectiveness of medical devices?  The device manufacturer bears the responsibility for the continued safe and effective performance of their medical device,  The device manufacturer does not bear responsibility for the Hospital Network Source: FDA 2012 (c)2012 The Lorenzi Group & DF Labs
  • 15. Risk Mitigation Framework: Example in the Medical Device World A vendor in the medical devices arena asked DFLabs to perform the following tasks:  Code Audit on the Device Software  Security Assessment on the Device Itself  Security Guidelines for the Device setup  Contractual Technical Support Vs, Hospital Relationships Source: FDA 2012 (c)2012 The Lorenzi Group & DF Labs
  • 16. Risk Mitigation Framework: Example in the Hospital World  Prominent Hospital has a MAJOR/Gross data breach  Post event Security Analysis ID’d  Lack of Controls  Too much & contradicting Information  Employee Monitoring would have ID threat risk prior to event Set it & Forget Security it is DEAD. Diligence is KEY to success. (c)2012 The Lorenzi Group & DF Labs
  • 17. Questions? Robert Fitzgerald Dario Forte The Lorenzi Group DF Labs +1-866-632-9880 +39-0373-83196 www.thelorenzigroup.com www.dflabs.com info@thelorenzigroup.com info@dflabs.com (c)2012 The Lorenzi Group & DF Labs