220 likes | 456 Views
Security & Privacy. The changing world of Privacy and the core drivers. Privacy Issues. Authentication of a customer prior to disclosure of information.
E N D
Security & Privacy The changing world of Privacy and the core drivers.
Privacy Issues • Authentication of a customer prior to disclosure of information. • There is a need to beef up practices, policies and governance while remaining sensitive to customer circumstances in order to anticipate possible privacy issues.
Privacy Issues • Negotiation of confidentiality and privacy provisions in service provider contracts • Service providers must be clear in identifying their obligations, we are not responsible for their compliance obligations.
Privacy Issues • Identity Theft • Limit the data that is shared with third party service providers. • Minimize the data to that required for them to perform their service. • Limit data included on customer communications • Needs to know policy and governance
Privacy Impacts • Privacy impacts to Infrastructure Protection operations. • LEA Requests …electronic wiretap • Background checks … (potential) employees • Security Clearances …personal employee data • Fraud … customer information protection
Privacy Driver SOX
Tactical Response Data Mining and Correlation Does the need for protection of privacy override the Business operational needs?
Audit Checklist ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü ü Requirement 10 10.1 Establish a process for linking all data access activities (especially those with root or administrative privileges) to an individual user or system. 10.2 Implement automated audit trails to reconstruct the following events: 10.2.1 All accesses to customer data 10.2.2 All actions taken by any individual with root or administrative privileges 10.2.3 Access to all audit trails 10.2.4 Invalid logical access attempts 10.2 5 Use of identification and authentication mechanisms 10.2.6 Initialization of the audit logs 10.2.7 Creation and deletion of system level objects 10.3 Record at least the following audit trail entries for each event: 10.3.1 User identification 10.3.2 Type of event 10.3.3 Date and time 10.3.4 Success or failure indication 10.3.5 Origination of event 10.3.6 Identity or name of affected data, system component, or resource 10.5 Secure audit trails so they cannot be altered in any way. 10.6 Review logs for all system components at least daily. 10.7 Retain your audit trail history for a period that is consistent with its effective use, as well as legal regulations. An audit history usually covers a period of 2 years or more.
The SOX Compliance Challenge Section 404 of the Sarbanes-Oxley Act requires enterprises to have insight into and control over systems that can impact their ability to faithfully report financial status. Non-compliance and/or incorrect information can result in punitive penalties.
COBIT 13.6 and ISO 17799 • SOX doesn’t explicitly define operational control methodologies. COBIT and ISO 17799 are the two most commonly used frameworks for SOX compliance. • Both of these standards demand that a company have insight into the following areas key to maintaining control over critical data activities: • Logins and Logouts • Application and data trigger modifications • Changes to user definitions and privileges • Data structure changes • Access to and usage of sensitive data • Errors and exceptions • Sources of client access • Time of access
The Information Protection and Privacy Challenge Across the country and around the world, organizations are discovering how serious the threat of information and identity theft can be. Some are discovering the hard way, as the recent large identity theft incidents major corporate databases illustrate. The cost of failure has proven to include the loss of brand equity and public trust. Because information and identity theft incidents are typically perpetrated by authorized users, stronger perimeter security and encryption have limited benefit in detecting and stopping them.
Use Cases for Information and Identity Theft MASQUERADER Phishing, Key log, Spyware INACTIVE ACCOUNTS Incomplete Account Decommissioning WEAK AUTHENTICATION Lost passwords SECONDARY ATTACKS Worms/viruses, Trojans ACCIDENTAL MISUSE “innovative” employee INSIDER Good guy gone bad OUTSOURCING Trusted partner gone bad
Tactical Response Data Management “Needs to know” Privacy can be protected and business can continue with a good strategy and a practical tactical response.
The Compliance Reality Traditional security products are not designed to monitor user activities at the data server • Database Logging • Traffic Anomaly Systems • Intrusion Detection Systems • Content Filtering
Detection of Information Theft Catching Information Theft requires determining in real time that the BEHAVIOR of an individual’s information access is ANOMALOUS compared to his/her normal access behavior. • Behavior of information access: • “WHO is doing WHAT to WHICH and HOW MUCH critical information, WHEN and from WHERE”
Traditional Audit Solutions Traditional audit solutions are not user behavior aware.Theyhave been point application-driven, custom-coded, after-the-fact report-driven and lacking correlation and analytics.
Solution: Activity Auditing • Provides a comprehensive, granular view into key compliance activities • Transparent solution that scales across the enterprise • Policy-based flexibility to respond to changing auditing requirements • Inherently real-time architecture that supplies compliance-driven audit reports and real-time security alerts and forensic information • Intelligent solution that provides automated correlation and analytics to specify and detect composite or anomalous behavior
PCI Compliance Solves the difficult challenge to monitor all access to cardholder information including: • Identify sensitive data to reduce audit “information glut” • Monitor and log access to sensitive data across multiple applications • Audit all actions taken by individuals with root or administrative privileges • Capture full context for each event record, including exact commands given to data server to facilitate forensic reconstruction of activity and the precise exposure of a PCI violation • Generate audit reports • Detect unauthorized access to sensitive information while it’s happening, in real-time
SOX Compliance Provides a single, flexible, enterprise level solution that can handle both current and future requirements including: • IdentifySOX-appropriate assets and activities • Monitor privileged user activity to ensure accuracy of financial information • Audit specific data access activity to demonstrate compliance with documented policies and procedures • Capture full context for each event record, including exact commands given to data server to facilitate forensic reconstruction of activity • Generate audit reports
Information and Identity Theft Protection • Identify sensitive data to reduce audit “information glut” • Monitor and log access to sensitive data across multiple applications • Audit all actions taken individuals with root or administrative privileges Monitor user activity to mission-critical information and applications • Detect unauthorized access to high-risk information while it’s happening, in real-time • Real-time alerting to minimize the impact of breach
William (Bill) G. O’Brien Systems Security Architect Bell Canada william.obrien@bell.ca 905-212-0236 Contact