This session is about how to implement any privacy program in any organization - big or small - the foundational step is to understand what Personal Data an organization deals with, where it lies, how it flows (within & outside the organization), who does what with that data, what are the underlying assets involved, etc. Without this foundation, the organization cannot build the necessary controls required to implement and manage Privacy. However, this is not an easy probem to address. This session does a deep dive into the challenges faced, the methodologies used and tools that can be employed to build AND sustain an organization's data map.
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon Priyanka Aash
Just like in the case of Security, building Privacy at the design stage itself ensures privacy gets baked into the specific application/ process/ initiative. There is a formal Privacy By Design (PbD) framework available and it has been incorporated into several laws & regulations as well. To actually implement PbD into specific applications needs the translation and application of this framework and its principles into specific, detailed, step by step guidelines/ standards. This Hackathon endeavours to do exactly that
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...Priyanka Aash
It is one thing to understad what the various applicable Privacy laws & standards require an organization to do and another thing to actually implement a program to deliver on this requirement within the organization. Data Privacy programs cut across almost all functions & teams in an organization - all of whom need to work in sync to 'make it all happen'. When it is a large conglomerate spanning multiple countries and entities, this challenge is further amplified. This session discusses these real life issues and challenges.
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
Data Privacy & Personal Data Protection has become a key driver today in dialogues involving data. India is at the cusp of getting its own law in place - one of the last few countries in the world to do so. However, the reality on the ground is that few people really understand what Data Privacy is all about. It is often confused with Data Security. This session seeks to de-mystify Data Privacy, giving an overview of the domain and how it is different from Data Security.
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
Myths & Realities of Data Security & Compliance - ISACA Atlanta - Ulf Mattsson Jul 22 2016.
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this session, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
In depth presentation covers market trends and risks related to network security & big data analytics. The presentation was given by Matan Trogan at Cybertech Singapore.
(SACON) Sameer anja - Privacy in Technology: Kickstart of the Hackathon Priyanka Aash
Just like in the case of Security, building Privacy at the design stage itself ensures privacy gets baked into the specific application/ process/ initiative. There is a formal Privacy By Design (PbD) framework available and it has been incorporated into several laws & regulations as well. To actually implement PbD into specific applications needs the translation and application of this framework and its principles into specific, detailed, step by step guidelines/ standards. This Hackathon endeavours to do exactly that
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...Priyanka Aash
It is one thing to understad what the various applicable Privacy laws & standards require an organization to do and another thing to actually implement a program to deliver on this requirement within the organization. Data Privacy programs cut across almost all functions & teams in an organization - all of whom need to work in sync to 'make it all happen'. When it is a large conglomerate spanning multiple countries and entities, this challenge is further amplified. This session discusses these real life issues and challenges.
(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data PrivacyPriyanka Aash
Data Privacy & Personal Data Protection has become a key driver today in dialogues involving data. India is at the cusp of getting its own law in place - one of the last few countries in the world to do so. However, the reality on the ground is that few people really understand what Data Privacy is all about. It is often confused with Data Security. This session seeks to de-mystify Data Privacy, giving an overview of the domain and how it is different from Data Security.
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Ulf Mattsson
Myths & Realities of Data Security & Compliance - ISACA Atlanta - Ulf Mattsson Jul 22 2016.
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this session, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
In depth presentation covers market trends and risks related to network security & big data analytics. The presentation was given by Matan Trogan at Cybertech Singapore.
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
The session will focus on delivering the key trends in APIs, API Management Platform technologies and how it is driving the API economy. We will also discuss the key drivers for digital transformation initiatives which include wide acceptance of APIs in Industry 4.0, Connected Devices, Cloud and Payments industry. Next, we will talk about the top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IoT/OT devices integrations with third-party applications. Lastly, we will uncover the need for implementing the API security governance framework and how to measure the API security programme’ s success through this governance framework.
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
‘Data violators’ have outpaced data defenders. But security and identity analytics can level the playing field. Learn how identity, access and security disciplines can benefit from:
Risk-based authentication
Data exfiltration identification
Malicious insider activity disruption
Adaptive access certification
Presenter: Adam Evans, Solutions Consulting
What is a secure enterprise architecture roadmap?Ulf Mattsson
Webcast title : What is a Secure Enterprise Architecture Roadmap?
Description : This session will cover the following topics:
* What is a Secure Enterprise Architecture roadmap (SEA)?
* Are there different Roadmaps for different industries?
* How does compliance fit in with a SEA?
* Does blockchain, GDPR, Cloud, and IoT conflict with compliance regulations complicating your SEA?
* How will quantum computing impact SEA roadmap?
Presenters : Juanita Koilpillai, Bob Flores, Mark Rasch, Ulf Mattsson, David Morris
Duration : 68 min
Date & Time : Sep 20 2018 8:00 am
Timezone : United States - New York
Webcast URL : https://www.brighttalk.com/webinar/what-is-a-secure-enterprise-architecture-roadmap
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA).
More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning.
Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
Presented at Indonesia Honeynet Project (IHP) meetup. This presentation covering:
1. Overview of Industry 4.0
2. IoT Security Model
3. How to Secure IoT
4. Research in IoT
Other emerging technology risk area that will be covered in my professional services:
1. Cloud
2. Mobile
3. Artificial Intelligence / Intelligent Automation
4. Data & Analytics
Data Security by AES Advanced Encryption StandardYogeshIJTSRD
Now a days with the rapid development of multimedia technologies, research on safety and security are becoming more important. Multimedia data are generated and transmitted through the communication channels and the wireless media. The efficiencies of encryption based on different existing algorithms are not up to the satisfactory limit. Hence researchers are trying to modify the existing algorithm or even develop new algorithms that help to increase security with a little encryption time. Here in this paper, we have furnished a new technology to modify the AES algorithm which gives more security with a little encryption time and which can be used to encrypt using 128 bit key. Theoretical analysis on the proposed algorithm with the existing reveals the novelty of our work. Here we have proposed a technique to randomize the key and hidden the key data into an encrypted digital image using the basics concept of cryptography and also using the concept of digital watermarking, the concept of key hide has also been encrypted. We have also proposed a new technique to reposition the pixels to break the correlation between them. So, the proposed scheme offers a more secure and cost effective mechanism for encryption. Next on the AES criteria list good performance. Widespread market adoption will require reasonably good performance on a variety of platforms, ranging from easy tocrack smart cards to the largest servers. Good algorithm performance includes speed for the encryption and decryption process as well as the key schedule. Prateek Goyal | Ms. Shalini Bhadola | Ms. Kirti Bhatia "Data Security by AES (Advanced Encryption Standard)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-5 , August 2021, URL: https://www.ijtsrd.com/papers/ijtsrd45073.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/45073/data-security-by-aes-advanced-encryption-standard/prateek-goyal
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
The day when role based access control disappearsUlf Mattsson
We will discuss the Good, the Bad and the Ugly of Role Based Access Control. We will review access control in systems where multiple roles are fulfilled and compare MAC, DAC and RBAC.
We will present the "next generation" authorization model that provides dynamic, context-aware and risk-intelligent access control. We will discuss Identity Management, Data Discovery, AI, policy-based access control (PBAC), claims-based access control (CBAC) and key standards, including XACML and ALFA.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
PCI DSS Compliance can be very challenging for businesses, especially when they are expected to meet the stringent standard requirements. They are constantly under the pressure of being compliant and struggle to keep up with the compliance challenges. Addressing this challenge, VISTA InfoSec hosted a very informative webinar on “Reducing Cardholder Data Footprint with Tokenization and other Techniques” that provides details on various techniques to reduce the scope of compliance. The webinar highlights different techniques that can be implemented to reduce the scope of Compliance by limiting the Cardholder Data footprint in the environment.
If you find this video interesting and wish to learn more about different techniques or have any queries regarding the same, then do drop us a comment in the comment section below. We would be more than happy to educate you on it and clear all your doubts. You can subscribe to our channel for more videos on Information Security and Compliance Standards. Do like, share, and comment on our video, if you find it informative and useful to you.
The findings of a recent survey, commissioned by NetIQ through IDG Connect, found that increased cloud-based software-as-a-service (SaaS) application use by businesses has led to more confidence amongIT decision-makers that corporate data is better secured now than it has been in the past.
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
How to become GDPR & CCPA Compliant. See the complete 5 page GDPR, CCPA Compliancy Plan
Here is the CCPA / GDPR 3 Day Training PowerPoint - https://www.slideshare.net/StevenMeister/ccpa-and-gdpr-three-day-training-with-actual-deliverables-and-the-whys-and-hows-to-do-so
847-440-4439 https://www.youtube.com/channel/UC3F-qrvOIOwDj4ZKBMmoTWA?view_as=subscriber
GDPR 16 page PPT Plan - https://www.slideshare.net/StevenMeister/gdpr-ccpa-automated-compliance-spark-java-application-features-and-functions-of-big-datarevealed-april-version-35
https://youtu.be/JGoQwoicUxw
Comprehensive Metadata Catalog Video for GDPR / CCPA - https://youtu.be/xryESgfzRcc
Unified Information Governance, Powered by Knowledge GraphVaticle
As a knowledge graph database, Grakn is ideal for storing metadata and data lineage information. Many applications, such as data discovery, data governance, and data marketplaces, depend upon metadata for management. User experiences can be enhanced by leveraging a hyper-scalable graph database like Grakn, rather than traditional graph databases. Additionally, inference-driven use cases predominantly depended on RDF Triple Stores, requiring additional plug-ins to derive the inferences. With Grakn, this can now be achieved natively.
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.
(SACON) Suhas Desai - The Power of APIs – API Economy Trends & Market Drivers...Priyanka Aash
The session will focus on delivering the key trends in APIs, API Management Platform technologies and how it is driving the API economy. We will also discuss the key drivers for digital transformation initiatives which include wide acceptance of APIs in Industry 4.0, Connected Devices, Cloud and Payments industry. Next, we will talk about the top 10 security risks in APIs, API Management Platforms, APIs integrations with cloud platforms, IoT/OT devices integrations with third-party applications. Lastly, we will uncover the need for implementing the API security governance framework and how to measure the API security programme’ s success through this governance framework.
#MFSummit2016 Secure: How Security and Identity Analytics can Drive Adaptive ...Micro Focus
‘Data violators’ have outpaced data defenders. But security and identity analytics can level the playing field. Learn how identity, access and security disciplines can benefit from:
Risk-based authentication
Data exfiltration identification
Malicious insider activity disruption
Adaptive access certification
Presenter: Adam Evans, Solutions Consulting
What is a secure enterprise architecture roadmap?Ulf Mattsson
Webcast title : What is a Secure Enterprise Architecture Roadmap?
Description : This session will cover the following topics:
* What is a Secure Enterprise Architecture roadmap (SEA)?
* Are there different Roadmaps for different industries?
* How does compliance fit in with a SEA?
* Does blockchain, GDPR, Cloud, and IoT conflict with compliance regulations complicating your SEA?
* How will quantum computing impact SEA roadmap?
Presenters : Juanita Koilpillai, Bob Flores, Mark Rasch, Ulf Mattsson, David Morris
Duration : 68 min
Date & Time : Sep 20 2018 8:00 am
Timezone : United States - New York
Webcast URL : https://www.brighttalk.com/webinar/what-is-a-secure-enterprise-architecture-roadmap
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA).
More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning.
Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.
Emerging Technology Risk Series - Internet of Things (IoT)Eryk Budi Pratama
Presented at Indonesia Honeynet Project (IHP) meetup. This presentation covering:
1. Overview of Industry 4.0
2. IoT Security Model
3. How to Secure IoT
4. Research in IoT
Other emerging technology risk area that will be covered in my professional services:
1. Cloud
2. Mobile
3. Artificial Intelligence / Intelligent Automation
4. Data & Analytics
Data Security by AES Advanced Encryption StandardYogeshIJTSRD
Now a days with the rapid development of multimedia technologies, research on safety and security are becoming more important. Multimedia data are generated and transmitted through the communication channels and the wireless media. The efficiencies of encryption based on different existing algorithms are not up to the satisfactory limit. Hence researchers are trying to modify the existing algorithm or even develop new algorithms that help to increase security with a little encryption time. Here in this paper, we have furnished a new technology to modify the AES algorithm which gives more security with a little encryption time and which can be used to encrypt using 128 bit key. Theoretical analysis on the proposed algorithm with the existing reveals the novelty of our work. Here we have proposed a technique to randomize the key and hidden the key data into an encrypted digital image using the basics concept of cryptography and also using the concept of digital watermarking, the concept of key hide has also been encrypted. We have also proposed a new technique to reposition the pixels to break the correlation between them. So, the proposed scheme offers a more secure and cost effective mechanism for encryption. Next on the AES criteria list good performance. Widespread market adoption will require reasonably good performance on a variety of platforms, ranging from easy tocrack smart cards to the largest servers. Good algorithm performance includes speed for the encryption and decryption process as well as the key schedule. Prateek Goyal | Ms. Shalini Bhadola | Ms. Kirti Bhatia "Data Security by AES (Advanced Encryption Standard)" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-5 , August 2021, URL: https://www.ijtsrd.com/papers/ijtsrd45073.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/45073/data-security-by-aes-advanced-encryption-standard/prateek-goyal
Data loss prevention by using MRSH-v2 algorithm IJECEIAES
Sensitive data may be stored in different forms. Not only legal owners but also malicious people are interesting of getting sensitive data. Exposing valuable data to others leads to severe Consequences. Customers, organizations, and /or companies lose their money and reputation due to data breaches. There are many reasons for data leakages. Internal threats such as human mistakes and external threats such as DDoS attacks are two main reasons for data loss. In general, data may be categorized based into three kinds: data in use, data at rest, and data in motion. Data Loss Prevention (DLP) are good tools to identify important data. DLP can do analysis for data content and send feedback to administrators to make decision such as filtering, deleting, or encryption. Data Loss Prevention (DLP) tools are not a final solution for data breaches, but they consider good security tools to eliminate malicious activities and protect sensitive information. There are many kinds of DLP techniques, and approximation matching is one of them. Mrsh-v2 is one type of approximation matching. It is implemented and evaluated by using TS dataset and confusion matrix. Finally, Mrsh-v2 has high score of true positive and sensitivity, and it has low score of false negative.
The day when role based access control disappearsUlf Mattsson
We will discuss the Good, the Bad and the Ugly of Role Based Access Control. We will review access control in systems where multiple roles are fulfilled and compare MAC, DAC and RBAC.
We will present the "next generation" authorization model that provides dynamic, context-aware and risk-intelligent access control. We will discuss Identity Management, Data Discovery, AI, policy-based access control (PBAC), claims-based access control (CBAC) and key standards, including XACML and ALFA.
Reducing cardholder data footprint with tokenization and other techniquesVISTA InfoSec
PCI DSS Compliance can be very challenging for businesses, especially when they are expected to meet the stringent standard requirements. They are constantly under the pressure of being compliant and struggle to keep up with the compliance challenges. Addressing this challenge, VISTA InfoSec hosted a very informative webinar on “Reducing Cardholder Data Footprint with Tokenization and other Techniques” that provides details on various techniques to reduce the scope of compliance. The webinar highlights different techniques that can be implemented to reduce the scope of Compliance by limiting the Cardholder Data footprint in the environment.
If you find this video interesting and wish to learn more about different techniques or have any queries regarding the same, then do drop us a comment in the comment section below. We would be more than happy to educate you on it and clear all your doubts. You can subscribe to our channel for more videos on Information Security and Compliance Standards. Do like, share, and comment on our video, if you find it informative and useful to you.
The findings of a recent survey, commissioned by NetIQ through IDG Connect, found that increased cloud-based software-as-a-service (SaaS) application use by businesses has led to more confidence amongIT decision-makers that corporate data is better secured now than it has been in the past.
Gdpr ccpa steps to near as close to compliancy as possible with low risk of f...Steven Meister
How to become GDPR & CCPA Compliant. See the complete 5 page GDPR, CCPA Compliancy Plan
Here is the CCPA / GDPR 3 Day Training PowerPoint - https://www.slideshare.net/StevenMeister/ccpa-and-gdpr-three-day-training-with-actual-deliverables-and-the-whys-and-hows-to-do-so
847-440-4439 https://www.youtube.com/channel/UC3F-qrvOIOwDj4ZKBMmoTWA?view_as=subscriber
GDPR 16 page PPT Plan - https://www.slideshare.net/StevenMeister/gdpr-ccpa-automated-compliance-spark-java-application-features-and-functions-of-big-datarevealed-april-version-35
https://youtu.be/JGoQwoicUxw
Comprehensive Metadata Catalog Video for GDPR / CCPA - https://youtu.be/xryESgfzRcc
Unified Information Governance, Powered by Knowledge GraphVaticle
As a knowledge graph database, Grakn is ideal for storing metadata and data lineage information. Many applications, such as data discovery, data governance, and data marketplaces, depend upon metadata for management. User experiences can be enhanced by leveraging a hyper-scalable graph database like Grakn, rather than traditional graph databases. Additionally, inference-driven use cases predominantly depended on RDF Triple Stores, requiring additional plug-ins to derive the inferences. With Grakn, this can now be achieved natively.
From Asset to Impact - Presentation to ICS Data Protection Conference 2011Castlebridge Associates
This is a presentation I delivered to the Irish Computer Society Data Protection Conference in February 2011 and again on a webinar for dataqualitypro.com in March 2011.
It looks (for what I believe was the first time) at the relationship between Information Quality and Data Governance principles and practices and the objectives of Data Protection/Privacy compliance. it includes my first version of the mapping of the 8 Data Protection principles to the POSMAD Information Life Cycle referred to by McGilvray and others in the IQ/DQ fields.
Mesos Meetup - Building an enterprise-ready analytics and operational ecosyst...Stratio
On November 6th, we got together at Google Campus to talk about Mesos and DC/OS.
Ignacio Mulas, Sparta & Spark Product Owner at Stratio, explained how to build an environment that can secure and govern its data for operational and analytical applications on top of DC/OS platform. He showed that analytical and machine learning pipelines can be combined with operational processes maintaining the security and providing governing tools to manage our data. He focused on the architecture and tools needed to achieve an ecosystem like this and we will show a demo of it. He also explained how we can develop our pipelines interactively with auto-discovered data catalogs and explore our results.
Find out more: https://www.stratio.com/events/discover-how-to-deploy-a-secure-big-data-pipeline-with-dcos/
DBAs - Is Your Company’s Personal and Sensitive Data Safe?DevOps.com
We have all seen the press coverage on corporate data breaches and compromises to personal data. You’ve probably heard about the new EU General Data Protection Regulation (GDPR) that came into effect in May last year, which affects any company that manages the personal data of EU residents. There are also some U.S. regulations that cover data privacy, such as HIPAA, HITECH, PCI and the CA Consumer Privacy Act.
Of these, GDPR is considered the most comprehensive when it comes to the needs of the individual and how their personal data should be protected and carries the harshest financial penalties for non-compliance.
The DBA is often the primary responsible party for implementing compliance controls and technical measures for protecting data. But the GDPR first requires an assessment of where PII and sensitive data is across multiple databases and this will be one of the first challenges a DBA will face before applying protection measures.
With many DBAs having to manually trawl through their database tables to identify sensitive data, what is needed is a fast, effective way to automate the discovery process and report on where sensitive data is stored. This would save time and enable companies to determine the most appropriate way to apply protective safeguards in order to minimize data breaches in the future and protect the business.
If you are a DBA responsible for your company’s data and are concerned about how to identify and protect your data, you should attend this webinar to find out how you can simplify and automate this task.
Dark Data Revelation and its Potential BenefitsPromptCloud
This presentation covers benefits, use cases, practical examples, potential issues and the approach that needs to be taken when it comes to harnessing the power of dark data (a largely untapped strategic play in the big data realm).
data collection, data integration, data management, data modeling.pptxSourabhkumar729579
it contains presentation of data collection, data integration, data management, data modeling.
it is made by sourabh kumar student of MCA from central university of haryana
The reliability of data, and your company’s reputation for protecting it, have become essential to doing business in the data age. Modern data governance works at the speed of business, the scale of data, and still has a human touch so you can say “yes” and deliver trusted data.
In these presentations
, Stewart Bond, Research Director of IDC’s Data Integration and Integrity Software Service, and Talend will highlight this modern approach to data governance.
Watch now to learn how to:
Put trust and data literacy at the core of your digital transformation
Tackle the growing complexity of data management
Identify the value and ROI levers that drive success
Leverage Data Intelligence Software from discovery to enablement
To view this On Demand Webinar, please fill out the form. A Flash-based player will then open. Controls for pause/play, rewind, and sound are available at the bottom of the player.
Are you tired of saying “no” when it comes to data? IDC and Talend share insights into how you can deliver data governance with a “yes”.
The reliability of data, and your company’s reputation for protecting it, have become essential to doing business in the data age. Modern data governance works at the speed of business, the scale of data, and still has a human touch so you can say “yes” and deliver trusted data.
DataOps - Big Data and AI World London - March 2020 - Harvinder AtwalHarvinder Atwal
Title
DataOps, the secret weapon for delivering AI, data science, and business intelligence value at speed.
Synopsis
● According to recent research, just 7.3% of organisations say the state of their data and analytics is excellent, and only 22% of companies are currently seeing a significant return from data science expenditure.
● Poor returns on data & analytics investment are often the result of applying 20th-century thinking to 21st-century challenges and opportunities.
● Modern data science and analytics require secure, efficient processes to turn raw data from multiple sources and in numerous formats into useful inputs to a data product.
● Developing, orchestrating and iterating modern data pipelines is an extremely complex process requiring multiple technologies and skills.
● Other domains have to successfully overcome the challenge of delivering high-quality products at speed in complex environments. DataOps applies proven agile principles, lean thinking and DevOps practices to the development of data products.
● A DataOps approach aligns data producers, analytical data consumers, processes and technology with the rest of the organisation and its goals.
Discovering Big Data in the Fog: Why Catalogs MatterEric Kavanagh
The Briefing Room with Dr. Robin Bloor and Waterline Data
Good enterprise data can drive positive business outcomes. But if that data isn’t organized and accessible, information workers are left with an incomplete picture. Knowing the location, lineage and permissions of data across the enterprise can lead to more accurate and insightful searches, and ultimately, knowledge discovery.
Register for this episode of The Briefing Room to learn from veteran Analyst Dr. Robin Bloor as he discusses how the success of big data projects relies on understanding your data. He’ll be briefed by Todd Goldman and Mohan Sadashiva of Waterline Data, who will explain how their solution can facilitate discovery via automation and crowd sourcing. They’ll demonstrate how combining the value of tribal knowledge with rationalized data can enable self-service analytics, improve data governance, and reduce data redundancy.
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxSteveNgigi2
The data protection impact assessment for a cloud based project aims to provide financial inclusion for the unbanked population through its three modules, i.e., wallet, social banking and marketplace/business hub. The primary goal is to enable individuals without access to traditional banking services to engage in financial transactions.
The processing involves the collection, storage, and utilization of personal data for various purposes, such as creating digital wallets, facilitating social banking interactions, and delivering targeted marketing content. The platform will manage user information to enable secure and seamless financial transactions.
The targeted data subjects are individuals and entities within the unbanked population who lack access to traditional financial services. These individuals include low-income earners, marginalized communities and those residing in areas with limited banking infrastructure.
The primary class of data subjects includes the unbanked population seeking financial inclusion. Within this group, there may be subcategories, such as individuals with limited financial literacy or those residing in remote areas, and any vulnerable groups, such as elderly users or minors, who are part of the targeted data subjects.
Microsoft Information Protection: Your Security and Compliance FrameworkAlistair Pugin
Its one thing encrypting and protecting your data from prying eyes but what use is it, if it is not retained or protected against loss. With Microsoft Information Protection, Microsoft provides organisations the ability to:
• Protection content from deletion
• Adhere to compliance standards (GDPR, HIPAA, etc)
• Discover content for litigation
• Manage access to content based on rules
By implementing the correct rules, organisations are able to mitigate risk and remain compliant and at the same time ensure that content is identified, classified, retained and disposed of accordingly.
Similar to (SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges faced, Methodologies & Tools employed (20)
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges faced, Methodologies & Tools employed
1. SACONSensitivity: Internal & Restricted
SACON International 2020
India | Bangalore | February 21 - 22 | Taj Yeshwantpur
Personal Data Discovery &
Mapping
#SACON
Ramkumar Narayanan
Wipro Limited
Practice Partner – Data Privacy
2. SACON 2020
Sensitivity: Internal & Restricted
1. Challenges in Building Data Map
2. Approach & Methodologies for Data Mapping
3. Tools & Technologies for Data Mapping
4. Sustenance of Data Mapping & Data Inventory
5. Case Studies
Agenda
4. SACON 2020
Sensitivity: Internal & Restricted
In a world of hyper connected ecosystem
✓ Personal data is generated and captured across
multiple channels.
✓ Personal data is proliferated across different
infrastructures and platforms.
Enterprise Storage Systems
Databases End Points
Cloud Unstructured
Data
✓ Personal data is being used and shared by many.
Organizations are unable to follow the footprint of data to apply required controls to protect personal data.
5. SACON 2020
Sensitivity: Internal & Restricted
The foundational step in data protection journey is to understand the
lifecycle of personal data
Understanding the flow of personal data in an enterprise is critical and is easier said than done.
6. SACON 2020
Sensitivity: Internal & Restricted
Need for data mapping and creating an inventory of personal data
• A data inventory is a record of the data flows and assets that an organization handles and a data map is a visual representation of the data
inventory. It is generated based on the same underlying data inventory, and the maps may contain varying degree of detail.
GDPR Requirements
Article 30 of GDPR requires data
controllers and data processors to build
and maintain a record of their data
processing activities.
01
Privacy Statements
To make privacy statements accurate
based on what the organization is doing
with the personal data.
Individual Rights Management
Data Privacy regulations gives individuals the ability
to request to correct, port, access and delete the
data organizations have about them.
02
04
Data Breach Preparation & Response
Having a data map can help respond more
appropriately to data breach and understand
what data may have been exposed.
05
Security
Understanding where the personal data
is located and flowing is the first step to
understand the security risks which
allows to implement appropriate
safeguards to be put in place.
03
Building a data inventory and map can help organizations proactively manage and protect personal data.
7. SACON 2020
Sensitivity: Internal & Restricted
However there are some challenges in building a data map
Challenges in
Building a Data
Map
Poor Information Available
Lack of Precision &
Expertise
Time Consuming
Outdated Quickly
Poor Information Available
Lack of knowledge available within the various business
teams in an enterprise about the data flows
Lack of Precision & Expertise
The accuracy of data mapping depends on how
comprehensive it is. It must account for things like
mobile devices and cloud based applications etc..
Time Consuming
Building data maps through an interview based
approach is time consuming.
Outdated Quickly
Data mapping patterns need to be constantly
updated, evaluated and verified for quality. If not it
becomes obsolete very quickly.
Need for an automated approach for data mapping & inventory
9. SACON 2020
Sensitivity: Internal & Restricted
In order to build a data map and inventory, start with an understanding of
the 5W’s of personal data
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” – Sun Tzu, The Art of War
• are we?
(Controller or
Processor)
• are our data
subjects?
(Customers /
Employees etc.)
• are the categories
of recipients to
whom data will be
disclosed?
• do we keep their
personal data?
(Databases, File
Servers, Cloud
storage etc.)
• do we transfer their
personal data to?
(Jurisdictions)
• is personal data
under our control?
(purpose for which
data is collected and
stored)
• are we keeping the
personal data until?
(Retention Period)
• do we share
personal data with
others (Partners,
Regulators,
Governement
authorities etc.)
• data types are
involved in the
processing?
• jurisdictions are
involved in the
processing?
• technical security
measures and
organizational
security measures
do we have to
safeguard the
personal data?
WHO WHERE WHY WHEN WHAT
10. SACON 2020
Sensitivity: Internal & Restricted
There are 2 approaches to do data mapping in an enterprise
Top-Down Approach
QUESTIONNAIRE
INTERVIEWS
BUSINESS
PROCESS
DATA
ELEMENTS
DATA
DATA SOURCES
DATA
CLASSIFICATION
Bottom-Up Approach
DATA
ELEMENTS
DATA
DATA
DISCOVERY
11. SACON 2020
Sensitivity: Internal & Restricted
Leverage a combination of Top Down and Bottom Up approach for
building the data map and data inventory
Identify purpose of processing
(Example Customer Support,
Billing, Charge Calculation,
Marketing Research, Credit Check,
Goods & Services, Statistical
Analysis etc.
7 81 2 4 53 6
Identify Business Unit data
mapping owners from each of
the Business Units like Finance,
Consumer, Technology, Retail,
HR, Enterprise, Consumer
Operations etc.
Identify key stakeholders from each
business unit that have information
on the processing activities in each
purpose of processing
Capture information on the source
and location of personal data using
personal data discovery solutions,
the entry point for personal data,
format in which data is stored, where
is it getting stored, countries in which
it is getting stored, locations from
which it is accessed and to whom it
is being disclosed, retention etc.
Manage the data inventory and
data mapping in a Privacy
Management Platform or a GRC
solution to keep it alive in an
ongoing manner.
Identify Business Processes such
as customer acquisition,
Provisioning & Welcome, Customer
service, Billing, Collection &
Retention, Terminate, Recruitment,
Hiring, Pre-On-boarding, Post-
joining, Retire / Exit etc.
Conduct data mapping interviews to
Identify the categories of data
subjects (Consumer, Enterprise
customer, Subscriber, Employees
etc.) and sub categories of personal
data (Recruitment data, account
data, call data, location data, device
data etc.) processed
Document data maps & Validate
data flow and sign off on the
personal data inventory.
14. SACON 2020
Sensitivity: Internal & Restricted
Automate the discovery of personal data in the enterprise
Data Discovery throughout the enterprise is easier said than done.
Data
Discovery
Personal Data Discovery
• Personal Data Discovery solutions
searches for personal data across the
enterprise and cloud and correlates them
to the identities. It relies on data values
and context to find primary and related
or connected data.
Types of Data Sources
• Structured Data Sources (Oracle,
MySQL, MSSQL, Redshift etc.
• Semi-Structured Data Sources
(Cassandra, MongoDB etc.)
• Unstructured (Google Drive, OneDrive,
O365, SharePoint, Salesforce etc.
PII Data Discovery
• PII Data Discovery solutions helps you
find Personally Identifiable Information
(PII) on enterprise systems based on
data values and data patterns (regular
expressions).
Types of Data Sources
• Structured
• Unstructured
15. SACON 2020
Sensitivity: Internal & Restricted
PII Data Discovery – Approach & Methodology
Challenges in PII Data Discovery
1. False Positives – Time consuming to eliminate them.
2. Discovery Output – Discovery output is what type of data, but not whose data it is.
3. Continuous Compliance – Compliance requirements are continuous and hence one time scans not sufficient.
PII Data Discovery Tools
16. SACON 2020
Sensitivity: Internal & Restricted
Personal Data Discovery – Approach & Methodology
• Personal Data Discovery solution is pointed to examples of whatever identity data being discovered.
• System uses seed data as learning set to then scan other data sources, initially looking for learned data and then other nearby data with high correlation
back to identities. The system then reiterates on this, building a map of individual’s data across all kinds of data sources ranging from database to file
share, to mainframe to Hadoop to SAP to cloud etc.
Agentless
Any data type
Cloud
Mine Machine Manage
API
Reporting
Analysis
Machine Learning
driven correlation
Personal Data Discovery Tools
17. SACON 2020
Sensitivity: Internal & Restricted
Tools Used for Data Mapping
Usage
Storage
Transfer
Archival
RetentionCollection
Collection
Purge
A visual representation of the end-to-end data
flows of personal information processing
activities identified across the enterprise.
Data Mapping Tools
18. SACON 2020
Sensitivity: Internal & Restricted
Create a “Single Source of Truth” for Personal Information Processing
Business units
/ functions
Business
process
Contracts
Supplier / 3rd party
vendor
PII processing
activity records
PII
Country Contacts Assets
Comprehensive Privacy Reporting
GRC Platform /
Privacy Management
Platform
Privacy
Governance
Alerts &
Notifications
Workflows
Metrics &
Reporting
Privacy Incident
Management
Breach
Notifications
DPO Report System / App Report Top 100 DB Report BU / Function ReportPIA Report
Privacy impact
Assessment(s)
Vendor Privacy
Questionnaire
Data Discovery
Scanning Feeds
Privacy
audits
Inventory Framework
• A comprehensive, accurate
and sustainable source of
information regarding the PII
that an enterprise holds, with
details of its collection, use,
disclosure, retention and
disposal
• Demonstrate compliance to
wider Privacy legal and
regulatory requirements with
the data privacy inventory
20. SACON 2020
Sensitivity: Internal & Restricted
Keep Your Data Map & Data Inventory Current
Integrate & Automate PIA / DPIA
process into Data Inventory
PIA / DPIA Integration
Conduct periodic audits to
ensure data flows remain up to
date. Re-audit certain data
flows or applications on a
different time scale.
Automate Audits
Leverage data discovery solutions to
dynamically populate the inventory
based on discovery scan output.
Ongoing Data Discovery
Get attestation of records in
data inventory by the record
owner
Record Attestation
Feed the ongoing vendor
assessments into the
inventory
Ongoing Vendor
Assessments Leverage technology to
automate the data flow
maps dynamically.
Update Visual Maps