80 likes | 169 Views
Defending your Data in the Modern Corporate Environment. Nigel Stanley Practice Leader, Security Bloor Research. The biggest threats. Ignorance and complacency Dodgy websites Phishing Spam ID theft New and emerging ...and then we have data loss.
E N D
Defending your Data in the Modern Corporate Environment Nigel Stanley Practice Leader, Security Bloor Research
The biggest threats... • Ignorance and complacency • Dodgy websites • Phishing • Spam • ID theft • New and emerging ...and then we have data loss
Citigroup Blames UPS forCustomer Data Loss3.9 million records lost on computer tapes Daily News 50p 6th June 2005 Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy http://www.forbes.com/facesinthenews/2005/06/06/0606autofacescan09.html
Zurich Insurance Loses DataUnencrypted tapes go missing Daily News 50p 24th March 2010 Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy http://www.theregister.co.uk/2010/03/24/zurich_insurance_data_security_breach/
The inside threat • Incompetent and non-malicious • Competent and malicious
US Compliance • State level data breach notification laws • Regulation 201 CMR 17.00 • Health Insurance Portability and Accountability Act of 1996 • Sarbanes-Oxley Act (SOX) • Gramm-Leach-Bliley Act
EU compliance • Data Protection Act • EU data breach notification laws • Some national legislation amongst EU countries ... • Federal Data Protection Act (BDSG) • PCI DSS (Intl.)
Summary • We all need to defend our data • Compliance is set to increase • IT Sec people need to be on top of their game