1 / 15

Data-Centric Security Framework

Data-Centric Security Framework. Matt Bossom – Program Manager. What Keeps You Awake at Night. C. C. C. C. Compliance. Are there regulatory risks?. Critical Infrastructure. Competitive Advantage. Are insiders creating vulnerabilities? Are intruders gaining access and removing data?.

cally-lowe
Download Presentation

Data-Centric Security Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data-Centric Security Framework Matt Bossom – Program Manager

  2. What Keeps You Awake at Night C C C C Compliance Are there regulatory risks? CriticalInfrastructure Competitive Advantage Are insiders creating vulnerabilities? Are intruders gaining access and removing data? Are insiders putting the organization at risk? Are you better able to protect your customers’ and partners’ data? Corporate Governance Do employees respect and adhere to internal policies and controls?

  3. Data Loss is Expensive $204 Per Consumer Record $600 Billion IP Theft a Year Globally Across all industries, data loss is challenging

  4. Cost of Data BreachesAverage Total Per-Incident Cost Ponemon Institute 5th Annual US Cost of Data Breach Study

  5. Cost of Data BreachesCost per Compromised Record Ponemon Institute 5th Annual US Cost of Data Breach Study

  6. Complexities “The big issue is knowing where the information is in the first place.“ John Geater Bridging the gap between RCM and Data Protection

  7. How is my data used? • Where is my data going? • Is it violating my policies or external regulations? • How is it leaving? • Where is my data? • How much is there? • Is it at risk? Deployment Services Quick Start Services Product Evaluation Policy Tuning Services DLP projects are complex…. • How do I enforce inline with business processes? • How do I extend policies across the network and to remote workers? WEBSENSE Data Monitor WEBSENSE Data Discover

  8. Characteristics of a Successful DLP Program Executive level sponsorship and involvement to successfully protect data, change business processes and shape employee behavior Cross-functional teams of business, legal and technical staff focused on a comprehensive program to reduce risk across the enterprise A prioritized approach - confidential data has many forms and many locations - target the most critical data first A trained Incident Response Team (IRT) Clearly defined roles, responsibilities, and procedures Employee education to enforce data protection policies

  9. DLP Analysis People Data Process Who are your users? What communicationchannels are in use? What type of data do you have? What are your datasecurity policies? Who are thedata stakeholders? Where is your data located? Who should/notuse your data? What is the valueof your data? What are good/baddata processes?

  10. Accuvant: Complete Data Protection Encrypt laptops Block unauthorized devices Monitor and secure all data routes Discover and Classify Data Audit and Forensics Phased deployment path to complete data protection Protection and Compliance

  11. Understand your organization’s current exposure to data loss and then design a DLP strategy • Architectural-level examination of the enterprise environment • Assess current state of data security • Focus on industry best practices and applicable regulations (e.g., PCI, HIPAA, GLBA, SOX) • Identify potential enterprise risks and exposures • Propose opportunities for improvement and mitigation • Utilize DLP kit for data monitoring and analysis DLP Risk Assessment

  12. Case Study – Fortune 500 Retailer • World Class Expertise • Business Need: • Understand risks to the business with regard to credit card information residing on laptops across the company. • Solution: • Accuvant found over 240,000 files containing credit card numbers and 70,000 sensitive files identified and tagged • Delivered detailed findings report (e.g., end users had sensitive information sprawled throughout disk drives) • Reduced risk by having end users delete or encrypt the sensitive files identified • Implemented a new security education program Regulations Control Framework Partners/ Customers Policy and Awareness Risk Assessment Automate Controls Assessments Audit Improve Controls Treat Risks

  13. Case Study – Largest County in US • World Class Expertise • Business Need: • Driven by compliance requirements associated with SB 1386, Personally Identifiable Information (PII) • Driven by a State of CA Mandate tied specifically to Medi-Cal data • Solution: • Accuvant assisted with the vendor evaluation and proof of concept • Data lifecycle management was performed to locate critical data assets and create sensitive data classification levels • Data discovery exercise was completed to identify unknown data stores and develop data ownership matrix • Implemented a DLP solution with a phased approach, starting with network, endpoints and then data shares Regulations Control Framework Partners/ Customers Policy and Awareness Risk Assessment Automate Controls Assessments Audit Improve Controls Treat Risks

  14. Why Accuvant World Class Experience - Mature, very well-rounded team - Combining Information Security expertise with RCM focus - Insight into multi-vendor solutions - Industry known – authors and speakers Why Accuvant TS Services?

  15. Questions?

More Related