Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
•
1 like•447 views
This document discusses digital information security and principles of security such as confidentiality, integrity, and availability. It emphasizes classifying data and defining control points, and implementing controls across different levels including clients, applications, servers, and networks. It also discusses risk-based access models where access is determined based on attributes like user identity, device/location, role, data classification and more. The goal is to evolve security by focusing on people, processes and technology in a holistic manner.
More Related Content
Viewers also liked
Viewers also liked (13)
Similar to Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
Similar to Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist (20)
More from Ministerio TIC Colombia
More from Ministerio TIC Colombia (20)
Recently uploaded
Recently uploaded (20)
Seguridad en información digital Carlos Galeano EMC2 Regional Storage Specialist
- 1. © Copyright 2012 EMC Corporation. All rights reserved. Carlos Galeano EMC2 Regional Storage Specialist Carlos.galeanocantillo@emc.com Seguridad en información digital
- 2. © Copyright 2012 EMC Corporation. All rights reserved. La transformación es continua MovilidadConsumo masivo Sociabilidad
- 3. © Copyright 2012 EMC Corporation. All rights reserved. La información como fuente de transformación • Es siginificativa para el usuario. • Es el activo mas valioso de una organización. • Representa nuevas oportunidades o ventajas competitivas
- 4. © Copyright 2012 EMC Corporation. All rights reserved. La información como fuente de transgresión Puede usarse con fines cuestionables o poco éticos. Puede divulgarse sin la debida autorización de su propietario o autor. Eventualmente puede robarse, sabotearse o emplearse con fines fraudulentos.
- 5. © Copyright 2012 EMC Corporation. All rights reserved. Principios básicos de seguridad • Confidencialidad • Integridad • Disponibilidad
- 6. © Copyright 2012 EMC Corporation. All rights reserved. Adaptarse a la dinámica actual de la tecnología Gestion de Acceso a los datos Application Platform TransportUser App / Data
- 7. © Copyright 2012 EMC Corporation. All rights reserved. Regresando a lo básico Clasificar los Datos
- 8. © Copyright 2012 EMC Corporation. All rights reserved. Ejemplos de Clasificación y Control Classification Preventive Controls Auth Monitoring Sensitive Restricted DLP, Encryption, Registered Asset Data / App / User / Machine Activity & Access Logs / Search / posting / content Confidential DLP, Encryption, Registered Asset App Access Control/ Role based Access log / search / posting / content Internal Use Only Host intrusion App Access Control/ Role based Search / posting / content Registered Public Registered account App Access Control/ Role based Search / posting / content Public Uploading executable content blocked Anonymous access Search / content
- 9. © Copyright 2012 EMC Corporation. All rights reserved. Regresando a lo básico Definir Puntos de Control Clasificar los Datos
- 10. © Copyright 2012 EMC Corporation. All rights reserved. Evolucionar en los puntos de control Controles a través de todos los niveles Client App App Container OS / Platform Network Server App Authentication Posture Anti-malware Data leakage Transport encryption At rest encryption — Tradicional Futuro
- 11. © Copyright 2012 EMC Corporation. All rights reserved. Back To Basics Definir Puntos de Control Clasificar los Datos Implementar Controles
- 12. © Copyright 2012 EMC Corporation. All rights reserved. No importa donde se aplican los controles….. Gestion de Acceso a los datos Application Platform TransportUser App / Data
- 13. © Copyright 2012 EMC Corporation. All rights reserved. No todo es bueno para todos: Acceso con base en el riesgo. Quién es usted? Qué esta usando? De donde viene usted? Cómo llegó hasta aquí? Hacia dónde va usted? Cuál es su historia?
- 14. © Copyright 2012 EMC Corporation. All rights reserved. Risk History Click happy? Intel Easy target? Education & Awareness Test performance? Threat Score Modelamiento con base en el riesgo Who are you? User Identity What you have Device and controls Where are you Location Who are you Application role What do you want Data classification Where is the data Data location Trusted Access Published Access Blocked Access Source Score Destination Score Level of Access
- 15. © Copyright 2012 EMC Corporation. All rights reserved. Application Integration Cloud App Server Data Fabric Monitoring & Management Integration, Batch, Web Services Common Data Model EMC PRIVATE CLOUD Device Security Enterprise App Store Authentication Access Control Encryption Anti-Malware Management Logging Monitoring Cloud Security Authentication Access Control Posture Data Leakage Encryption Device Mgmt Logging Monitoring Legacy Apps New Apps E N T E R P R I S E A P P L I C A T I O N S Data Warehouse CRMERP Mobile Experience
- 16. © Copyright 2012 EMC Corporation. All rights reserved.
- 17. © Copyright 2012 EMC Corporation. All rights reserved. Network Access Tiers Functiona l Apps Eng Apps Corp Apps Smart Device Windows Laptop Windows Desktop Apple Deskto p Apple Laptop Linux Laptop Linux Deskto p Thin Client User Role Ownership Trust Assessment Roaming Controls Trusted Access Published Access Operational and Security Intelligence EnVision NetWitness Archer eGRC Published Services Modelo de Acceso con base en niveles de confianza
- 18. © Copyright 2012 EMC Corporation. All rights reserved. Puntos clave a tomar en cuenta Pensar diferente e innovar La seguridad es un camino constante Impulsar el cambio La Seguridad es responsabilidad de todos