Entersoft Cybersecurity & GDPR Hellenic – Romanian Bilateral Chamber of Commerce Cyber Risk & GDPR Workshop Novotel 11 Iulie 2018 This is a sales presentation aiming to show we know what GDPR is and that we can support the client with setting up and managing GDPR compliance. It is a tool more suiting in the ‘deal based’ sales approach and not on ‘implementation based’ sales approach as it does NOT deal with specific features or tasks that could be involved in GDPR compliance. This is because GDPR is NOT an IT system requirement but an Organisational compliance issue, involving roles, processes, policies and more. There is and neither will ever be (IMHO) no system certified for GDPR compliance, like there is no system certified for accounting compliance etc. Furthermore in the sales stage discussing GDPR is very uncommon or premature to do it in details, as in our case it will be just another topic among the more important ones in functionality. However clients may fail to understand that and also it can be a topic to differentiate from competition significantly. Thus the proposal to go about this specific issue in a deal based approach and only if needed go into specifics (if client can also discuss specifics, which will be very rare and if they do, they will surely be needing a large custom project just for that). I think there is nothing that we can’t provide or follow up in more detail in this presentation (based on AVR input and some research) and it can be used as of today and enriched later on if and when we have more detailed info from the product. The main message is ‘lets do business together, GDPR is a corporate issue, we follow it and are serious, our system can do anything with customization once you define what you want’ Secondary messages can be supported by this presentation promoting CRM for questionnaires and tracking the compliance project they will do Support portal (responsive so it goes on mobiles as well) to manage requests of individuals CRM again for ops and tracking data/actions within the organization in its operation The presentation has a version number in the last slide that I will be updating in case we add things after news from dev or any ideas you have to propose for inclusion Cristi Cozic Mob:0733.942.944 Email: cco@entersoft.ro  

Elementele cheie ce tin de Cybersecurity: Securitatea retelelor de calculatoare si a infrastructurii; Securitatea aplicatiilor software; Securitatea Bazelor de Date si a stocarii acestora in medii diferite: Cloud vs. On Premise vs. Data Center; Securizarea parolelor si accesului la date; Managementul echipamentelor mobile(tablete, smartphones, IoT devices); Securitatea diferitelor medii de testare/Disaster Recovery; Educarea si training-ul permanent al utilizatorilor finali;

Factori de risc Lipsa implementarii unei politici de securitate la nivelul organizatiei; Utilizarea aplicatiilor software free of charge, platforme tip open source si descarcarea acestora din medii nesecurizate( app store); Inexistenta unor module de securitate avansate in cadrul aplicatiilor software utilizate in companie; Utilizarea unui numar mare de aplicatii software; Existenta mai multor baze de date si integrarea acestora/schimbul de date; Pierderea echipamentelor (laptop, tableta, smartphone) si accesul facil la aplicatiile instalate/bazele de date de pe acele echipamente; Managementul device-urilor – conectarea acestora la infrastuctura si BD a companiei (Ex: smartphone personal, access mail pe telefon de acasa);

Solutii Securizarea infrastructurii & a mediului de lucru; Utilizarea aplicatiilor software ce garanteaza existenta unui modul de securitate avansat si implementarea acestuia conform noilor reglementari UE/GDPR; Aplicatiile software a fie hostate in acelasi mediu(Cloud vs. On Premise); Utilizarea certificatelor digitale si managementul parolelor; Existenta unui numar limitat de baze de date/aplicatii, utilizand aceleasi tipuri de BD (SQL Server, Oracle etc); Aplicatiile pentru smartphone & tablete sa fie descarcate din Google Play si/sau AppStore; Securizarea mediul de testare & disaster recovery plan;

Solutii Utilizarea algoritmilor de criptare a pachetelor de date in cazul aplicatiilor mobile; Managementul device-urilor si a aplicatiilor/BD de pe acestea in caz de furt/pierdere a device-ului; Aplicatiile software sa permita schimbul de date cu terte aplicatii printr-un conector securizat( API - Application Programming Interface); Managementul politicilor de delegare in cadrul organizatiei si transpunerea acestora la nivelul aplicatiilor software, BD etc; Upgrade-ul permanent al aplicatiilor software la noile versiuni(noile versiuni vin si cu hotfix-uri ce tin de securitarea acestora si a integrarii acestora in mediul de lucru in care ruleaza); Existenta personalului dedicat si training permanent;

Q & A Cristi Cozic Mob: 0733.942.944 Email: cco@entersoft.ro