A Whitepaper is about How Qubole can help with GDPR compliance & regulatory needs by using our domain knowledge and best practices to help you meet the GDPR.
https://www.qubole.com/resources/white-papers/qubole-gdpr-security-and-compliance-whitepaper
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
The Internet of Things (IoT) is an extensive system of networks and connected devices with minimal human interaction and swift growth. The constraints of the System and limitations of Devices pose several challenges, including security; hence billions of devices must protect from attacks and compromises. The resource-constrained nature of IoT devices amplifies security challenges. Thus standard data communication and security measures are inefficient in the IoT environment. The ubiquity of IoT devices and their deployment in sensitive applications increase the vulnerability of any security breaches to risk lives. Hence, IoT-related security challenges are of great concern. Authentication is the solution to the vulnerability of a malicious device in the IoT environment. The proposed Multi-level Elliptic Curve Cryptography based Key Distribution and Authentication in IoT enhances the security by Multi-level Authentication when the devices enter or exit the Cluster in an IoT system. The decreased Computation Time and Energy Consumption by generating and distributing Keys using Elliptic Curve Cryptography extends the availability of the IoT devices. The Performance analysis shows the improvement over the Fast Authentication and Data Transfer method.
Eskom is a South African electricity utility that generates 95% of the country's electricity. It operates numerous coal, gas, renewable and nuclear power plants. The presentation discusses Eskom's significant digital security challenges due to its large technology portfolio and expanding operations. These include risks from the internet of things, smart grids and cities, and major cyber attacks. It emphasizes that digital security now encompasses issues beyond traditional cyber security, such as ensuring confidentiality, integrity and cyber resilience across increasingly disrupted business models and technologies.
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
The value of the fast growing class of big data technologies is the ability to handle high velocity and volumes of data. However, a lack of robust security and auditing capabilities are holding organizations back from fully using the potential of these systems. Learn how you can use Big Data technologies to help you meet this compliance and data protection challenge head on so you can return to innovating for competitive advantage.
Using InfoSphere Guardium and BigInsights, we'll show you how you can meet your Hadoop security, compliance and audit requirements.
MDR-SOC is a cybersecurity framework services | Ampcus IncUnified11
MDR-SOC is high performance, scalable, and uses Apache Metron as its base platform with C/C++ and Python as its core components. It indexes and searches log and other data in near real-time.
This document discusses the value and risks of big data. It begins with defining big data as large and complex data sets that require new technologies to manage and analyze. The document then discusses how big data is used for marketing, recommendations, analytics, and other purposes. It notes both the benefits but also risks of poor data quality and limited governance of big data projects. The document also provides overviews of technologies like Hadoop, MapReduce, Pig, Hive, and NoSQL that support big data. It questions whether social data should be considered a corporate asset and discusses the complexity of understanding big data risks. Overall, the document aims to highlight both the opportunities and governance challenges presented by big data.
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
MEKDA: Multi-Level ECC based Key Distribution and Authentication in Internet ...IJCNCJournal
The Internet of Things (IoT) is an extensive system of networks and connected devices with minimal human interaction and swift growth. The constraints of the System and limitations of Devices pose several challenges, including security; hence billions of devices must protect from attacks and compromises. The resource-constrained nature of IoT devices amplifies security challenges. Thus standard data communication and security measures are inefficient in the IoT environment. The ubiquity of IoT devices and their deployment in sensitive applications increase the vulnerability of any security breaches to risk lives. Hence, IoT-related security challenges are of great concern. Authentication is the solution to the vulnerability of a malicious device in the IoT environment. The proposed Multi-level Elliptic Curve Cryptography based Key Distribution and Authentication in IoT enhances the security by Multi-level Authentication when the devices enter or exit the Cluster in an IoT system. The decreased Computation Time and Energy Consumption by generating and distributing Keys using Elliptic Curve Cryptography extends the availability of the IoT devices. The Performance analysis shows the improvement over the Fast Authentication and Data Transfer method.
Eskom is a South African electricity utility that generates 95% of the country's electricity. It operates numerous coal, gas, renewable and nuclear power plants. The presentation discusses Eskom's significant digital security challenges due to its large technology portfolio and expanding operations. These include risks from the internet of things, smart grids and cities, and major cyber attacks. It emphasizes that digital security now encompasses issues beyond traditional cyber security, such as ensuring confidentiality, integrity and cyber resilience across increasingly disrupted business models and technologies.
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
The value of the fast growing class of big data technologies is the ability to handle high velocity and volumes of data. However, a lack of robust security and auditing capabilities are holding organizations back from fully using the potential of these systems. Learn how you can use Big Data technologies to help you meet this compliance and data protection challenge head on so you can return to innovating for competitive advantage.
Using InfoSphere Guardium and BigInsights, we'll show you how you can meet your Hadoop security, compliance and audit requirements.
MDR-SOC is a cybersecurity framework services | Ampcus IncUnified11
MDR-SOC is high performance, scalable, and uses Apache Metron as its base platform with C/C++ and Python as its core components. It indexes and searches log and other data in near real-time.
This document discusses the value and risks of big data. It begins with defining big data as large and complex data sets that require new technologies to manage and analyze. The document then discusses how big data is used for marketing, recommendations, analytics, and other purposes. It notes both the benefits but also risks of poor data quality and limited governance of big data projects. The document also provides overviews of technologies like Hadoop, MapReduce, Pig, Hive, and NoSQL that support big data. It questions whether social data should be considered a corporate asset and discusses the complexity of understanding big data risks. Overall, the document aims to highlight both the opportunities and governance challenges presented by big data.
Presented at ISACA Indonesia Monthly Technical Meeting, 11 Dec 2019 at Telkom Landmark.
Key takeaways from my presentation:
1. Cloud customers have to understand the share responsibilities between customer and cloud provider
2. Different cloud service model (IaaS, PaaS, SaaS) has different audit methodology
3. Customer’s IT Auditor have to be trained to have the skills needed to audit the cloud service
4. Understanding IAM in Cloud is very important. Each Cloud Service Provider has different IAM mechanism
5. Understanding different type of audit logs in cloud platform is important for IT Auditor
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
Ulf Mattsson is the CTO of Protegrity, a company that provides data security solutions through encryption, tokenization, and policy-driven approaches. He has over 20 years of experience in data security research. This presentation discusses evolving data security risks and reviews options for enterprise data protection strategies. It examines studies on implementing protection in real-world scenarios and recommends balancing performance, security, and compliance when choosing defenses for sensitive data across different systems and storage locations. The presentation also introduces Protegrity's centralized risk-adjusted platform for securing data throughout its lifecycle.
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
Practical Advice for Cloud Data Security for Oracle
Learn about critical security issues in the Cloud in relation to databases
Learn about Cloud data security guidance and standards
Learn Cloud data security technologies, models and Cloud security in context to the enterprise
The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of usability, database indexing, database searches, separation of duties, key management, tokenization, compliance, privacy and security in the cloud environment.
Big Data and Security - Where are we now? (2015)Peter Wood
Peter Wood started looking at Big Data as a solution for Advanced Threat Protection in 2013. This presentation examines how Big Data is being used for security in 2015, how this market is developing and how realistic vendor offerings are.
This document provides an overview of Microsoft Office 365 Data Loss Prevention (DLP). It defines DLP as a practice to protect sensitive data from loss or sharing. It describes how Office 365 DLP works by detecting sensitive content, defining policies to monitor activities, and taking protective actions. It also outlines how to configure DLP policies by specifying monitoring targets, locations, conditions, and actions. Finally, it discusses best practices for planning, preparing, testing and deploying DLP policies within an organization.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
The document discusses the need for data-centric security strategies to protect sensitive data in digital business systems. As data generation grows exponentially due to technologies like cloud computing, big data, and IoT, cybercriminals have more opportunities. A data-centric approach is needed to merge data security with productivity by controlling access, classifying data, and techniques like encryption, tokenization, and monitoring across structured and unstructured data silos. Solutions that provide centralized security policies and audit/protection of data throughout its entire flow can safely unlock the power of digital business.
The document discusses five key security trends affecting security strategy: 1) Targeted attacks have revealed risks beyond just data exposure, requiring protection against these sophisticated attacks. 2) Data center transformation to software-defined services requires different security tailored to virtual/cloud constructs rather than traditional models. 3) Cloud security demands a strategy to keep data secure and compliant both in the cloud and to/from it. 4) Data protection must extend to intellectual property, risk management, and proof of due care. 5) Specialized environments like IoT shift security's role to protecting connected devices and their generated data.
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
This document discusses concerns with cloud computing and provides guidance on cloud data security. It defines cloud computing models including SaaS, PaaS, IaaS, public cloud, private cloud, and hybrid cloud. New data security technologies for cloud discussed include encryption, tokenization, anonymization, and cloud security gateways. The document emphasizes applying security directly to data and outlines how to develop an enterprise data security policy to centrally manage protection in cloud contexts.
This document discusses implementing a data-driven security model in SQL Server Analysis Services (SSAS). It describes the problem of users having access to more data than intended when they belong to multiple roles secured by different dimensions. The solution is to use a single "data security" role and dimension that represents every fact-dimension combination, and dynamically filters data based on the user's login credentials. An alternative is a custom role assembly that can short-circuit the additive nature of multiple roles in SSAS.
The document discusses the convergence of network and security technologies. It notes growing challenges like BYOD, cloud computing, and application complexity that have increased the network teams' role in security. The document then summarizes a survey that found over 80% of network teams are involved in security work, with over a quarter spending more than 10 hours per week on security issues. It also discusses the need for comprehensive security approaches that combine network and host-based tools with network packet recording and forensics capabilities.
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
This document discusses successfully creating an IT service at Mercy Health to address organizational challenges and compliance needs. It describes implementing Tripwire Enterprise for change detection and monitoring to gain visibility into their IT environment, validate approved changes, and produce reports for audits. This improved governance of controls, reduced audit findings, and provided a key strategy for their security operations center and PCI compliance efforts. Going forward, Tripwire will help address other regulatory needs and expand its use for security configuration management.
Digital transformation in the oil and gas industry is being driven by emerging technologies like big data, artificial intelligence, and public cloud adoption. Cybersecurity is crucial as companies integrate IT and operational technology systems. A leading company underwent a three-year cybersecurity transformation that prioritized competency, risk management, hygiene, response and resilience. Their strategy was built on the NIST cybersecurity framework and included goals like achieving certain cyber maturity levels for identify, protect, detect, respond and recover functions. A vulnerability assessment of one company's operational technology environment reviewed policies, physical security, network security, host security and safety aspects across process domains to identify risks.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
This document discusses data leakage prevention (DLP) and outlines best practices for implementing a DLP project. It defines DLP, explains how DLP technology works to monitor data in motion, at rest, and in use. The document recommends a multi-step DLP project that includes analyzing business environments and threats, classifying sensitive data, mapping data storage and business processes, assessing leakage channels, and selecting DLP tools. It also stresses the importance of organizational culture and policies to complement technical solutions and prevent data leakage.
Finto Thomas is an Information Technology Security Consultant with over 8.5 years of experience advising large businesses and Fortune 500 companies. He has expertise in network and security architectural design, implementation, and review. Some of his skills include cyber threat intelligence, penetration testing, firewall configuration, and cloud/mobile security. He is certified in CISSP, several Cisco certifications, ITIL, and IBM Qradar. He has worked as a Project Manager at IBM India and held security roles at Wipro and Trimax Data Centre.
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
Ea Relationship To Security And The Enterprise V1pk4
The document discusses different frameworks and methodologies for enterprise architecture (EA) and enterprise security architecture (SA). EA focuses on optimizing business value through mapping business activities, while SA focuses on protecting business assets through a balanced security program. SA goals depend on an organization's risk management culture, which can range from generative to bureaucratic to pathologic. The document provides examples of using the TOGAF and Federal EA frameworks to structure SA.
The document summarizes key aspects of the General Data Protection Regulation (GDPR) taking effect in May 2018 and recommendations for organizations to comply. It outlines the GDPR's 5 main duties: rights of EU data subjects, security of personal data, lawfulness and consent, accountability of compliance, and data protection by design and default. The document recommends organizations assess risks, identify necessary policies, processes, and technologies, and leverage IBM's solutions framework and experience helping clients in various industries prepare for the GDPR.
The document discusses how Microsoft helps organizations comply with the General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines key aspects of the GDPR including enhanced privacy rights for individuals, increased duty to protect data, mandatory breach reporting, and significant penalties for noncompliance. It describes how Microsoft's cloud services, products, contracts, and commitments help customers meet the four key steps to compliance: identifying personal data and where it resides, governing how data is used and accessed, establishing security controls, and keeping required documentation. The document promotes Microsoft Office 365 and its features for data loss prevention, advanced data governance, eDiscovery, audit logs, and other capabilities to help achieve compliance.
Atlanta ISSA 2010 Enterprise Data Protection Ulf MattssonUlf Mattsson
Ulf Mattsson is the CTO of Protegrity, a company that provides data security solutions through encryption, tokenization, and policy-driven approaches. He has over 20 years of experience in data security research. This presentation discusses evolving data security risks and reviews options for enterprise data protection strategies. It examines studies on implementing protection in real-world scenarios and recommends balancing performance, security, and compliance when choosing defenses for sensitive data across different systems and storage locations. The presentation also introduces Protegrity's centralized risk-adjusted platform for securing data throughout its lifecycle.
Practical advice for cloud data protection ulf mattsson - oracle nyoug sep ...Ulf Mattsson
Practical Advice for Cloud Data Security for Oracle
Learn about critical security issues in the Cloud in relation to databases
Learn about Cloud data security guidance and standards
Learn Cloud data security technologies, models and Cloud security in context to the enterprise
The rapid rise of cloud databases, storage and applications has led to unease among adopters over the security of their data. Whether it is data stored in a public, private or hybrid cloud, or used in third party SaaS applications, companies have good reason to be concerned.
In this session Protegrity CTO and data security thought leader Ulf Mattsson will focus on practical advice on what to look for in cloud service providers and a review of the technologies and architectures available to protect sensitive data in the cloud, both on- and off-site. Through real life use cases, Ulf will discuss solutions to some of the most common issues of usability, database indexing, database searches, separation of duties, key management, tokenization, compliance, privacy and security in the cloud environment.
Big Data and Security - Where are we now? (2015)Peter Wood
Peter Wood started looking at Big Data as a solution for Advanced Threat Protection in 2013. This presentation examines how Big Data is being used for security in 2015, how this market is developing and how realistic vendor offerings are.
This document provides an overview of Microsoft Office 365 Data Loss Prevention (DLP). It defines DLP as a practice to protect sensitive data from loss or sharing. It describes how Office 365 DLP works by detecting sensitive content, defining policies to monitor activities, and taking protective actions. It also outlines how to configure DLP policies by specifying monitoring targets, locations, conditions, and actions. Finally, it discusses best practices for planning, preparing, testing and deploying DLP policies within an organization.
Kindred Healthcare is one of the nation’s most respected healthcare providers. Through its subsidiaries, Kindred operates multiple healthcare-related businesses across the United States, including hospitals, nursing centers, institutional pharmacies and a contract rehabilitation-services business.
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
The document discusses the need for data-centric security strategies to protect sensitive data in digital business systems. As data generation grows exponentially due to technologies like cloud computing, big data, and IoT, cybercriminals have more opportunities. A data-centric approach is needed to merge data security with productivity by controlling access, classifying data, and techniques like encryption, tokenization, and monitoring across structured and unstructured data silos. Solutions that provide centralized security policies and audit/protection of data throughout its entire flow can safely unlock the power of digital business.
The document discusses five key security trends affecting security strategy: 1) Targeted attacks have revealed risks beyond just data exposure, requiring protection against these sophisticated attacks. 2) Data center transformation to software-defined services requires different security tailored to virtual/cloud constructs rather than traditional models. 3) Cloud security demands a strategy to keep data secure and compliant both in the cloud and to/from it. 4) Data protection must extend to intellectual property, risk management, and proof of due care. 5) Specialized environments like IoT shift security's role to protecting connected devices and their generated data.
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
This document discusses concerns with cloud computing and provides guidance on cloud data security. It defines cloud computing models including SaaS, PaaS, IaaS, public cloud, private cloud, and hybrid cloud. New data security technologies for cloud discussed include encryption, tokenization, anonymization, and cloud security gateways. The document emphasizes applying security directly to data and outlines how to develop an enterprise data security policy to centrally manage protection in cloud contexts.
This document discusses implementing a data-driven security model in SQL Server Analysis Services (SSAS). It describes the problem of users having access to more data than intended when they belong to multiple roles secured by different dimensions. The solution is to use a single "data security" role and dimension that represents every fact-dimension combination, and dynamically filters data based on the user's login credentials. An alternative is a custom role assembly that can short-circuit the additive nature of multiple roles in SSAS.
The document discusses the convergence of network and security technologies. It notes growing challenges like BYOD, cloud computing, and application complexity that have increased the network teams' role in security. The document then summarizes a survey that found over 80% of network teams are involved in security work, with over a quarter spending more than 10 hours per week on security issues. It also discusses the need for comprehensive security approaches that combine network and host-based tools with network packet recording and forensics capabilities.
Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass AuditsTripwire
This document discusses successfully creating an IT service at Mercy Health to address organizational challenges and compliance needs. It describes implementing Tripwire Enterprise for change detection and monitoring to gain visibility into their IT environment, validate approved changes, and produce reports for audits. This improved governance of controls, reduced audit findings, and provided a key strategy for their security operations center and PCI compliance efforts. Going forward, Tripwire will help address other regulatory needs and expand its use for security configuration management.
Digital transformation in the oil and gas industry is being driven by emerging technologies like big data, artificial intelligence, and public cloud adoption. Cybersecurity is crucial as companies integrate IT and operational technology systems. A leading company underwent a three-year cybersecurity transformation that prioritized competency, risk management, hygiene, response and resilience. Their strategy was built on the NIST cybersecurity framework and included goals like achieving certain cyber maturity levels for identify, protect, detect, respond and recover functions. A vulnerability assessment of one company's operational technology environment reviewed policies, physical security, network security, host security and safety aspects across process domains to identify risks.
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
According to Technavio's latest market research report, the data security market value will grow by $2.85 Billion during 2021-2025.
To secure their data, organizations can use the CIA triad, a data security model developed to help the data security market and people deal with various IT security parts.
The webinar covers
• Overview Of CIA
• Description of Data Governance vs Information Security vs Privacy
• Relationship of CIA to Data Governance
• Relationship of CIA to Information Security
• Relationship of CIA to Privacy
• How to Implement and Maintain the CIA model (e.g., PDCA, etc.)
Presenters:
Anthony English
Our presenter for this webinar is Anthony English, one of the top cybersecurity professionals in Atlantic Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance.
Date: November 17, 2021
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Youtube video: https://youtu.be/eA8uQhdLZpw
Website link: https://pecb.com/
This document discusses data leakage prevention (DLP) and outlines best practices for implementing a DLP project. It defines DLP, explains how DLP technology works to monitor data in motion, at rest, and in use. The document recommends a multi-step DLP project that includes analyzing business environments and threats, classifying sensitive data, mapping data storage and business processes, assessing leakage channels, and selecting DLP tools. It also stresses the importance of organizational culture and policies to complement technical solutions and prevent data leakage.
Finto Thomas is an Information Technology Security Consultant with over 8.5 years of experience advising large businesses and Fortune 500 companies. He has expertise in network and security architectural design, implementation, and review. Some of his skills include cyber threat intelligence, penetration testing, firewall configuration, and cloud/mobile security. He is certified in CISSP, several Cisco certifications, ITIL, and IBM Qradar. He has worked as a Project Manager at IBM India and held security roles at Wipro and Trimax Data Centre.
The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.
Ea Relationship To Security And The Enterprise V1pk4
The document discusses different frameworks and methodologies for enterprise architecture (EA) and enterprise security architecture (SA). EA focuses on optimizing business value through mapping business activities, while SA focuses on protecting business assets through a balanced security program. SA goals depend on an organization's risk management culture, which can range from generative to bureaucratic to pathologic. The document provides examples of using the TOGAF and Federal EA frameworks to structure SA.
The document summarizes key aspects of the General Data Protection Regulation (GDPR) taking effect in May 2018 and recommendations for organizations to comply. It outlines the GDPR's 5 main duties: rights of EU data subjects, security of personal data, lawfulness and consent, accountability of compliance, and data protection by design and default. The document recommends organizations assess risks, identify necessary policies, processes, and technologies, and leverage IBM's solutions framework and experience helping clients in various industries prepare for the GDPR.
The document discusses how Microsoft helps organizations comply with the General Data Protection Regulation (GDPR) which takes effect in May 2018. It outlines key aspects of the GDPR including enhanced privacy rights for individuals, increased duty to protect data, mandatory breach reporting, and significant penalties for noncompliance. It describes how Microsoft's cloud services, products, contracts, and commitments help customers meet the four key steps to compliance: identifying personal data and where it resides, governing how data is used and accessed, establishing security controls, and keeping required documentation. The document promotes Microsoft Office 365 and its features for data loss prevention, advanced data governance, eDiscovery, audit logs, and other capabilities to help achieve compliance.
DevOps vs GDPR: How to Comply and Stay AgileBen Saunders
A joint webinar between Contino and Delphix explaining how DevOps, Cloud and Data Virtualization can be used to accelerate application delivery, yet still allow organisations to remain GDPR compliant.
Impact of GDPR on the pre dominant business model for digital economiesEquiGov Institute
A brief description of the impact the General Data Protection Regulation (GDPR) could have on the proposed move towards a digital economy, especially for the Caribbean
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
The document discusses the General Data Protection Regulation (GDPR) which regulates how companies handle personal data of EU citizens. It provides an overview of GDPR including key events leading to its adoption and how it strengthens data protection rights. It highlights some notable differences between GDPR and the previous UK Data Protection Act. The document also outlines an approach for companies to become GDPR compliant including conducting a data assessment, updating policies and processes, and appointing a data protection officer if needed. It notes both the penalties for non-compliance and opportunities that GDPR presents organizations.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
The document provides a summary of the key aspects of the General Data Protection Regulation (GDPR) in 3 pages. It discusses the basic principles of GDPR, how it may impact technology systems, and software tools that can help with compliance. Some of the main topics covered include the definition of personal and sensitive data, data subject rights, privacy by design, security requirements, and obligations for controllers and processors. The summary emphasizes the need for businesses to review their data protection practices and ensure they are prepared to comply with GDPR requirements that take effect in May 2018.
The document provides a summary of the key aspects of the General Data Protection Regulation (GDPR) in 3 pages. It discusses the basic principles of GDPR, how it may impact technology systems, and software tools that can help with compliance. Some of the main topics covered include the definition of personal and sensitive data, data subject rights, privacy by design, security requirements, and obligations for controllers and processors. The summary emphasizes the need for businesses to focus on compliance given the enhanced penalties and wider scope of GDPR.
The document discusses how Oracle's database security products can help organizations comply with the EU's General Data Protection Regulation (GDPR). It provides an overview of the GDPR, including its key objectives to establish data privacy rights and increase enforcement. It also outlines the core actors in the GDPR such as data subjects, controllers, processors, and supervisory authorities. Finally, it maps Oracle's security features to three key GDPR data security requirements: assessing security risks, preventing attacks, and monitoring to detect breaches.
This document discusses how Microsoft Azure can help organizations comply with the EU General Data Protection Regulation (GDPR). It provides an overview of the GDPR and its requirements. It then outlines a 4-step process for GDPR compliance preparation using Azure: 1) Discover personal data and where it resides, 2) Manage how personal data is used and accessed, 3) Protect personal data through security controls, and 4) Report on required documentation and breach notifications. For each step, it provides examples of how Azure features like Information Protection, Data Factory, HDInsight, and Key Vault can help organizations meet specific GDPR requirements.
Buzz about the General Data Protection Regulation (GDPR) has been around for years, but with the new security rules finally going into play in May 2018, it’s time to take it seriously. Some enterprises have been panicking, some have been preparing, and most have been doing a little of both. The new GDPR law will impact all companies who work with any EU citizens or companies. What does this mean for your business?
This document discusses how Microsoft 365 can help organizations simplify compliance with the General Data Protection Regulation (GDPR). The GDPR imposes new privacy rules for organizations in the EU or those that offer services to people in the EU. Microsoft 365 provides built-in tools to streamline GDPR processes, protect personal data across devices and apps, and assess compliance risk through ongoing evaluation. The document outlines various Microsoft and Communication Square services that can help organizations prepare for and meet GDPR requirements through training, assessments, data discovery, and use of the Microsoft Compliance Manager tool.
The document discusses and compares several tools that can help companies assess, implement, and maintain compliance with the General Data Protection Regulation (GDPR). It describes GDPR assessment tools that can identify personal data, conduct risk assessments, and evaluate third parties. It also outlines implementation tools that can help with consent management, data governance, protection and auditing. Finally it discusses maintenance tools that can track personal data changes, automate privacy tasks, and aid with data deletion requests.
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
The General Data Protection Regulation (GDPR) represents significant challenges for financial institutions to comply with the new data processing and record keeping requirements. This Accenture Finance & Risk presentation explores the impact of GDPR on Canadian firms, including lessons learned from our work with clients and knowledge gained that can be used for an effective GDPR journey.
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
Cognizant business consulting the impacts of gdpraudrey miguel
GDPR will fundamentally change the approach to personal data protection in Europe beginning in May 2018. It aims to give individuals greater control over their personal data and places more responsibility on organizations to demonstrate appropriate consent and data usage. While Swiss law already protects personal data, recent updates to Switzerland's Federal Act on Data Protection are intended to closely align it with GDPR. Organizations need to start implementing programs now to assess their compliance and address new requirements around data usage, security, individual rights and oversight.
GDPR- Get the facts and prepare your businessMark Baker
The GDPR will become law on May 25, 2018 and requires any organization that collects or processes personal data from EU citizens to comply with new privacy regulations. It mandates breach reporting within 72 hours of discovery and fines of up to 20 million euros for noncompliance. It also introduces the principle of "data protection by design" which requires privacy to be built into new systems and processes from the start. To prepare, organizations need to review technologies and processes for breach detection and reporting, and make privacy protections a fundamental part of their operations and systems.
The document provides an overview of steps organizations can take to begin complying with the General Data Protection Regulation (GDPR). It recommends taking a platform approach and focusing on four key steps: discover personal data and where it resides, manage how data is used and accessed, protect data through security controls, and report on data requests and breaches. The document describes tools in Microsoft solutions that can help with each step, such as using Azure to inventory personal data and Dynamics 365 to manage consent. It emphasizes the importance of starting preparation now ahead of the May 2018 enforcement date.
Similar to Qubole GDPR Security and Compliance Whitepaper (20)
O'Reilly ebook: Operationalizing the Data LakeVasu S
Best practices for building a cloud data lake operation—from people and tools to processes
https://www.qubole.com/resources/ebooks/ebook-operationalizing-the-data-lake
O'Reilly ebook: Machine Learning at Enterprise Scale | QuboleVasu S
Real-world data science practitioners offer perspectives and advice on six common Machine Learning problems
https://www.qubole.com/resources/ebooks/oreilly-ebook-machine-learning-at-enterprise-scale
Ebooks - Accelerating Time to Value of Big Data of Apache Spark | QuboleVasu S
This ebook deep dives into Apache Spark optimizations that improve performance, reduce costs and deliver unmatched scale
https://www.qubole.com/resources/ebooks/accelerating-time-to-value-of-big-data-of-apache-spark
O'Reilly eBook: Creating a Data-Driven Enterprise in Media | eubolrVasu S
An O'Reilly eBook about Creating a Data-Driven Enterprise in Media DataOps Insights from Comcast, Sling TV, and Turner Broadcasting.
https://www.qubole.com/resources/ebooks/ebook-creating-a-data-driven-enterprise-in-media
Case Study - Spotad: Rebuilding And Optimizing Real-Time Mobile Adverting Bid...Vasu S
Find out how Qubole helped Spotad, Inc's mobile advertising platform, save 50 percent in its operating costs almost instantly after their migration.
https://www.qubole.com/resources/case-study/spotad
Case Study - Oracle Uses Heterogenous Cluster To Achieve Cost Effectiveness |...Vasu S
Oracle Data Cloud uses 82 clusters with Qubole, including 12 Hadoop1, 28 Hadoop2, and 41 Spark clusters. They configured 25 Hadoop2 and 14 Spark clusters with heterogeneous nodes to reduce costs from rising EC2 prices and spot market volatility. Since switching to heterogeneous clusters 6 months ago, Oracle's costs have decreased or remained steady despite increased usage.
Case Study - Ibotta Builds A Self-Service Data Lake To Enable Business Growth...Vasu S
Read a case study that how Ibotta cut costs thanks to Qubole’s autoscaling and downscaling capabilities, and the ability to isolate workloads to separate clusters
https://www.qubole.com/resources/case-study/ibotta
Case Study - Wikia Provides Federated Access To Data And Business Critical In...Vasu S
A case study of Wikia, that migrated its big data infrastructure and workloads to the cloud in a few months with Qubole and completely eliminated the overhead needed to manage its data platform.
https://www.qubole.com/resources/case-study/wikia
Case Study - Komli Media Improves Utilization With Premium Big Data Platform ...Vasu S
A case study of Komli, that has seen big improvements in data processing, lower total cost of ownership, faster performance and unlimited scale at a lower cost with Qubole.
https://www.qubole.com/resources/case-study/komli-media
Case Study - Malaysia Airlines Uses Qubole To Enhance Their Customer Experien...Vasu S
Malaysia Airlines faced increasing pressure to cut costs and improve profitability. They realized departments were hampered by a lack of data availability, as IT required 48 hours on average to access data. Malaysia Airlines migrated to Microsoft Azure and used Qubole to increase data processing capabilities and reduce data ingestion time by over 90%, allowing customer data to be accessed within 20 minutes rather than 6 hours. This near real-time data access enabled dynamic pricing and improved the customer experience.
Case Study - AgilOne: Machine Learning At Enterprise Scale | QuboleVasu S
A case study about Agilone,partnered with Qubole to better automate the provision of machine learning data-processing resources based on workload with jobs, and automating cluster management.
https://www.qubole.com/resources/case-study/agilone
Case Study - DataXu Uses Qubole To Make Big Data Cloud Querying, Highly Avail...Vasu S
DataXu uses Qubole Data Platform to automate and manage on-premise deployments, provision clusters, maintain Hadoop distributions, and upkeep Adhoc clusters with Qubole's Hive as a service.
https://www.qubole.com/resources/case-study/dataxu
How To Scale New Products With A Data Lake Using Qubole - Case StudyVasu S
Read the case study of Tivo, that how Qubole helped TiVo make viewership, purchasing behavior, and location-based consumer data easily available for its network and advertising partners.
https://www.qubole.com/resources/case-study/tivo
Big Data Trends and Challenges Report - WhitepaperVasu S
In this whitepaper read How companies address common big data trends & challenges to gain greater value from their data.
https://www.qubole.com/resources/report/big-data-trends-and-challenges-report
Qubole is a cloud-native data platform that includes a native connector for Tableau to enable business intelligence and visual analytics on any cloud data lake with any file format. The Qubole connector delivers fast query response times for Tableau users through Presto on Qubole, while automatically managing cloud infrastructure based on user demand to prevent performance impacts or resource competition for simultaneous users. Tableau customers have flexibility to query unstructured or semi-structured data on any data lake, leveraging Presto's high performance without changing their normal workflow.
The Open Data Lake Platform Brief - Data Sheets | WhitepaperVasu S
An open data lake platform provides a robust and future-proof data management paradigm to support a wide range of data processing needs, including data exploration, ad-hoc analytics, streaming analytics, and machine learning.
What is an Open Data Lake? - Data Sheets | WhitepaperVasu S
A data lake, where data is stored in an open format and accessed through open standards-based interfaces, is defined as an Open Data Lake.
https://www.qubole.com/resources/data-sheets/what-is-an-open-data-lake
Qubole Pipeline Services - A Complete Stream Processing Service - Data SheetsVasu S
A Data Sheet about Qubole Pipeline Service to manage streaming ETL pipelines with zero overhead of installation, Integration with Maintenance.
https://www.qubole.com/resources/data-sheets/qubole-pipeline-services
TDWI Checklist - The Automation and Optimization of Advanced Analytics Based ...Vasu S
A whitepaper of TDWI checklist, drills into the data, tools, and platform requirements for machine learning to to identify goals and areas of improvement for current project
https://www.qubole.com/resources/white-papers/tdwi-checklist-the-automation-and-optimzation-of-advanced-analytics-based-on-machine-learning
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
2. What is the GDPR?
The EU General Data Protection Regulation (“GDPR”) is a comprehensive data protection
law that updates and replaces the Data Protection Directive 95/46/EC for all EU member
states and is designed to strengthen the protection of “Personal Data” (any information
relating to an identified or identifiable natural person, so called “data subjects”) in light
of rapid technological developments, the increasingly global nature of business and more
complex international flows of personal data. GDPR will be directly enforceable in each EU
member state. The GDPR takes effect on May 25, 2018.
What Constitutes Personal Data?
The EU defines “Personal Data” as “any information relating to an individual, whether it relates to
his or her private, professional, or public life. It can be anything from a name, a photo, an email address,
bank details, posts on social networking websites, medical information, or a computer’s IP address.” The
new obligations pertain to any organization that handles data about EU citizens—whether
that organization is in the EU or not. The regulation does not apply to the processing of
personal data for national security activities or law enforcement.
Overview
No other company can match Qubole’s prowess
at the intersection of Big Data and the cloud.
Qubole was founded by real-world operators
who understand that security, confidentiality,
and data privacy are fundamental to our mission
and our commitment to a customer-first
culture. We understand that GDPR compliance
may be a important thing for you and Qubole is
prepared to support GDPR and your compliance
and regulatory needs. Qubole is committed to
using our domain knowledge and best practices
to help you meet the GDPR regulations.
In this whitepaper, we discuss:
• Qubole and the GDPR regulations
• Our compliance strategy—how we prepared for the GDPR from the start
• The shared security model—your responsibilities as a Qubole user
• How Qubole can help with GDPR compliance
2018 Qubole GDPR: Security & Compliance
3. Does My Organization Need to Be GDPR Compliant?
If you are processing personal data within the EU, the GDPR applies to your organization.
The GDPR also applies if you are processing personal data on EU subjects but your
organization is not located in the EU. In other words, the GDPR is specific to where the
person whose data is obtained is located or where the data was collected—not where the
processor is located. “Processing” means any operation performed on personal data, such
as use, storage, analysis, aggregation, transfer, dissemination or erasure.
What if My Business Isn’t Located in
the EU?
If your business is not located in the
EU, the GDPR applies to you if you are
offering goods or services (whether
paid or free) to EU data subjects (data
subjects are defined as EU citizens
or EU residents) or monitoring the
behavior of EU data subjects within the
EU. Monitoring can be anything from
putting cookies on a website to tracking
the browsing behavior of data subjects
to high-tech surveillance activities.
Note: Unless your organization can
track the origins of your data including
the time that the data was tracked and
the dates of collection, it is possible
that all your data could fall under the
purview of the GDPR.
Controllers and Processors
Under the new GDPR legislation,
organizations processing personal data
are divided into “Controllers,” or the
entities which control the personal
data, and “Processors,” the entities
that process personal data only on the
instructions of the Controllers. The
GDPR applies to both Controllers
and Processors.
2018 Qubole GDPR: Security & Compliance
Although the GDPR is daunting in its
complexity and scope (there are 99
articles in total), the key requirements
governing data collection processes
(commonly referred to as the Seven Key
Principles) are summarized below:
1. Lawful, fair and transparent
processing–emphasizing transparency
for data subjects.
2. Purpose limitation–having a lawful and
legitimate purpose for processing the
information in the first place.
3. Data minimization–making sure data
is adequate, relevant, and limited, and
organizations are sufficiently capturing
the minimum amount of data needed
to fulfill the specified purpose.
4. Accurate and up-to-date processing–
requiring data controllers to make sure
information remains accurate, valid
and fit for purpose.
5. Limitation of storage in a form that
permits identification–discouraging
unnecessary data redundancy
and replication.
6. Confidential and secure–protecting
the integrity and privacy of data by
making sure its secure (which extends
to IT systems, paper records, and
physical security).
7. Accountability and liability–
demonstrating compliance.
KEY REQUIREMENTS OF THE GDPR
4. Accountability
How Qubole is
Preparing for the GDPR
Qubole complies with the GDPR in the
delivery of our service to customers and is
fully prepared to handle the intricacies of
the GDPR legislation. Specifically, Qubole will
also continue to enhance data protection and
compliance in the areas below.
Data Protection Officer (DPO)-Qubole employs a Chief Security Officer (CSO) who functions
as the organization’s top executive responsible for security. Our CSO will also serve as our
DPO under the new GDPR requirements.
Policies and Procedures
Qubole maintains a set of security policies, standards and procedures that provide our
workforce with stringent data protection and compliance guidelines.
Qubole Data Protection Policy Addendum and Agreement-Qubole has created a Data
Processing Addendum as an attachment to its Master Services Agreement. This document
supports our commitment to this important legislation and is available here.
Mandatory GDPR Security Awareness Training
All Quboler’s have taken mandatory GDPR compliance training. Further job-specific
training will be required for individuals with responsibilities related to GDPR compliance.
Compliance and Risk Activities
Qubole evaluates the design and operation of the Qubole platform, including all services,
applications and processes to ensure compliance with internal and external standards. We
engage credentialed assessors to perform external audits at least once per year including
TrustArc.
Privacy Shield-Qubole engaged with TrustArc (formerly TRUSTe) to complete and attest to
compliance with the US Privacy Shield regulation around privacy and transfer of
EU Personal Data to the United States and now works with them for arbitration and
notification services.
2018 Qubole GDPR: Security & Compliance
5. 3rd Party Innovation
Qubole has partnered with 3rd party GDPR specialists to provide translation and
assistance with the practical application of the GDPR to our unique business model.
Data Protection and Other Security Measures
Customer Data Protection-GDPR regulations mandate that personal data is kept
confidential and secure. Qubole’s maintains a staff of security practitioners dedicated
to ensuring that all systems (IT, and Development) remain secure and confidential at all
times. For detailed information about our security program, please refer to our
whitepaper, Qubole on Amazon AWS: Security and Compliance Whitepaper.
Design Security-Qubole assesses the security risk of each software development project
according to our Secure Development Lifecycle. Before we complete the design phase,
we do an assessment to qualify the security risk of the software changes introduced. This
risk analysis leverages both the OWASP Top 10 (discussed below) and the experience of
Qubole’s Product Security team.
3rd-Party Suppliers-To run its business efficiently, Qubole relies on a limited set of sub-
service providers. In areas where those sub-service providers could impact data security,
Qubole ensures that service organizations adhere to confidentiality commitments Qubole
has made to its users. Additionally, Qubole monitors and reviews all sub-service security
safeguards by conducting reviews of its service organization controls before use and at
least annually.
Data Breach Notification and Reporting Requirements
Notification and Customer Communication-Qubole makes every effort to maintain the
security of customer data. In the event that an incident occurs that exposes or provides
unauthorized access to data, Qubole will respond to any impacted customers no later than
72 hours after the event.
Any sensitive or confidential information will only be shared with authorized users.
2018 Qubole GDPR: Security & Compliance
6. Similar to our existing legal requirements, GDPR compliance requires a partnership
between Qubole and our customers in their use of our services. Security in the cloud is
slightly different from security in your on-premise data centers. When you move computer
systems and data to the cloud, security responsibilities become shared between you and
your cloud service provider.
Each party-the cloud provider and cloud user-is accountable for different aspects of
security and must work together to ensure full coverage. When you use a cloud provider,
they are responsible for securing the underlying infrastructure that supports the cloud,
and you are responsible for anything you put on the cloud or connect to the cloud. This
model of shared security responsibilities also applies to Qubole as a service provider and
your role as a QDS user.
QDS and Your Data
One of the most unique facets of QDS is that even though the service is provided in the
cloud, Qubole does not need direct access to your data. QDS is architected as a service
platform with three primary components:
• The big data applications (Spark, Hadoop, etc.) along with additional components to
help leverage these technologies such as Hive, Pig and Tez and, finally, the storage layer
of HDFS and/or file-based storage on Amazon S3.
• The orchestration infrastructure that takes desired inputs from the customer (whether
to use on-demand or spot instances, the minimum and maximum size of the clusters,
whether or not to encrypt, and dozens of other inputs).
• Finally, the interface itself, translates the complex command structures of big data by
providing an easy mechanism for customers to create, test and run their queries and
various commands.
Role-Based Access Control in AWS, Microsoft Azure, and Oracle Cloud
Qubole also uses Identity and Access Management (IAM) roles in AWS and other types of
Role-Based Access (RBAC) in Azure and Oracle Cloud to limit access to resources such as
storage and compute by using a refined set of permissions. This allows our customers to
use Qubole on their behalf by granting limited access to process the data in your cloud
provider account.
Additionally, common concerns are addressed including limiting access rights to modify or
affect the status of clusters, limiting the types of commands your users can execute and
the data engines they can use.
For more information on IAM roles, see Managing Roles in QDS and our technical paper
Authorizing AWS in QDS—Using Secure AWS IAM Roles and Policies.
What are My GDPR
Responsibilities as a QDS user?
2018 Qubole GDPR: Security & Compliance
7. The following table illustrates the respective shared security responsibilities between your
organization, Qubole, and your cloud provider with respect to GDPR compliance. (To better
understand your cloud security responsibilities, please refer to your Qubole Service-
level Agreement).
Customer Qubole Cloud Provider (AWS,
Azure, Oracle Cloud)
Responsible for user access
management and data
security in the cloud
Responsible for security of
the platform and big data
service in the cloud
Responsible for the security
of the cloud
Customers own the data
and are responsible for
the security of their data
Qubole is granted rights
to process the data in the
customer’s account
Responsible for secure
access to data platform
Responsible for secure
storage in the cloud
Responsible for data
encryption
Responsible for secure
transport of commands
Responsible for availability
and redundancy in the
cloud
Responsible for user
management
Responsible for multi-
factor authentication for
administrative access to
systems with more highly
sensitive and regulated data
Responsible for compute
resources in the cloud
Responsible for
infrastructure identity and
access management
Responsible for operating
system, firewall
configuration
Responsible for networking
in the cloud
Responsible for Qubole
groups and role definitions
Responsible for metadata
security
Responsible for
encryption technology, key
management capabilities
Responsible for data
residency
Responsible for requesting
and reviewing 3rd
party
attestation and certification
reports
Responsible for 3rd
party
attestation/validation
(SOC2, HIPAA, PCI)
Responsible for 3rd
party
attestation/validation
(SOC2, HIPAA, PCI)
2018 Qubole GDPR: Security & Compliance
8. Leveraging Qubole for GDPR
Qubole provides the following functionality that can assist you with data governance and
security.
GDPR requires you to: QDS allows you to:
Control Access to Personal Data
A pillar of GDPR is limiting who
has access to crucial data in your
domain. While it sounds simple,
consolidating a list of administrators
is tricky. Limiting and tracking
access to your applications can
prove even trickier.
Enforce a Least Privilege Model
You can restrict who can view, create, edit, and
delete your most sensitive data objects using:
1. Privileges based on job requirements using
Identity and Access Management (IAM) roles
in AWS and other types of Role-Based Access
(RBAC) in Azure and Oracle Cloud.
2. Qubole also supports Amazon AWS Key
Management Service (KMS). This service stores
keys in a shared Hardware Security Module
(HSM) dedicated to encryption key storage.
3. Qubole provides a policy document that
is GDPR compliant. This policy defines the
permissions that apply to a user, group, or
role; the permissions in turn determine what
users can do in AWS.
Follow the Right to Be Forgotten
This rule allows a person to request
that any data a company owns
about them be deleted. This can be
anything about a specific individual,
ranging from a social security
number to a CRM record. While
this rule cannot supersede another
law (like a requirement to maintain
HIPAA records), it is essential for any
company who houses personal data
online.
Discover and Delete Data
Qubole has a data deletion process that allows
you to comply with requests from individuals
exercising their right to erasure.
Note: This process only covers the Qubole
customer data that is collected in the QDS service
and not the customer-managed data within their
environment.
Please contact your account representative for
access to Qubole’s written data deletion process.
Report a Breach in 72 Hours
In the case of a personal data
breach, the Controller needs to
notify their local Data Protection
Authority figure within 72 hours
after becoming aware of it.
Companies should have a cross-
functional incident response plan
prepared that includes the Public
Relations, Legal, Compliance, IT, and
Security teams.
Defined Policies and Procedures for Incident
Reporting
Qubole has strictly enforced security policies
that govern all aspects of our incident reporting
process.
Please contact your account representative for
access to Qubole’s written incident reporting
process.
2018 Qubole GDPR: Security & Compliance
9. Conclusion
Qubole is prepared to meet the challenges of the new GDPR legislation and we want
our customers to know that we take data protection seriously. Qubole understands that
GDPR compliance is a shared effort between our organization and our customers. It
requires a combination of people, process and tools and to that end, we are committed
to helping you prepare for the GDPR. We welcome your questions and would be
happy to discuss the ways that we can work together to ensure GDPR compliance for
your organization.
ABOUT QUBOLE
Qubole is revolutionizing the way
companies activate their data—the
process of putting data into active use
across their organizations. With Qubole’s
cloud-native Big Data Activation Platform,
companies exponentially activate
petabytes of data faster, for everyone and
any use case, while continuously lowering
costs. Qubole overcomes the challenges
of expanding users, use cases, and variety
and volume of data while constrained by
limited budgets and a global shortage
of big data skills. Qubole’s intelligent
automation and self-service supercharge
productivity, while workload-aware auto-
scaling and real-time spot buying drive
down compute costs dramatically. Qubole
offers the only platform that delivers
freedom of choice, eliminating legacy
lock in—use any engine, any tool, and any
cloud to match your company’s needs.
Qubole investors include CRV, Harmony
Partners, IVP, Lightspeed Venture Partners,
Norwest Venture Partners, and Singtel
Innov8. For more information visit
www.qubole.com.