AN SSIS DATA MASKING SOLUTION

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

IT Security Policy Framework

What we all need to know. Approval Date: April 30, 2012 Approved by: President's Council.

Troy Leach April 2012 The PCI Security Standards Council.

Complying With Payment Card Industry Data Security Standards (PCI DSS)

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Data Security Standard. What Is PCI ? Who Does It Apply To ? Who Is Involved With the Compliance Process ? How We Can Stay Compliant ?

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Information Security Policies Larry Conrad September 29, 2009.

Security Controls – What Works

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Introduction to PCI DSS

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger

PCI 3.0 Boot Camp Payment Card Industry Data Security Standards 3.0.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

Protecting Sensitive Information PA Turnpike Commission.

© 2008 Authorize.Net 1 Welcome to Authorize.Net New Reseller Overview 2008.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

PCI requirements in business language What can happen with the cardholder data?

PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

1 ZIXCORP The Criticality of Security Kevin Cloutier Oct 2015.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

PCI Training for PointOS Resellers PointOS Updated September 28, 2010.

Langara College PCI Awareness Training

PCI-DSS: Guidelines & Procedures When Working With Sensitive Data.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

VeriShield Protect Revolutionary technology that simplifies PCI DSS compliance with no system upgrades Now available on V x Solutions!

MudiamPCI provide the solution for SAP credit card processing, payment card and card tokenization with aes 256 encryption.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Standards in Use. EMV June 16Caribbean Electronic Payments LLC2.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.

WHAT NEW, WHAT NEXT IN PAYMENT PROCESSING. EMV WHAT IS EMV? 3  An acronym created by Europay ®, MasterCard ® and Visa ®  The global standard for the.

Overview Bridging Strategy and Data Version

Merchant Services for Website Paycron. About Paycon Paycron is purposive in meeting immediate solutions in crafting merchant account services and credit.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

PCI COMPLIANCE & A/R AUTOMATION 101 Nodus Technologies, Inc.

Payment Card Industry (PCI) Rules and Standards

Ferreting out Sensitive Data

Protecting a Tsunami of Data in Hadoop

Payment Card Industry (PCI) Rules and Standards

PCI-DSS Security Awareness

Decrypting Tokenization What is it and why is it important?

Regulatory Compliance

Data Sharing, Storage, & Consent

Internet Payment.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.

My First Template.

Chapter 3: IRS and FTC Data Security Rules

DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat

IS4680 Security Auditing for Compliance

FORECASTED ONLINE GROWTH VS IN STORE GROWTH

Connor Griesemer and Kevin Wu

Data Sharing, Storage, & Consent

Cyber Security in the Mortgage Industry

DATA MASKING SOLUTIONS Microsoft and not so much

DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat

PCI DSS Erin Carrick.

CIT 485: Advanced Cybersecurity

PCI, PII & 2015 Accounting.

Presentation transcript:

AN SSIS DATA MASKING SOLUTION

AVERAGE ORGANIZATIONS RISKS OF EXPOSED PII Personally Identifiable Information sensitive and critical organizational resource Credit Card Numbers Social Security Numbers Names DOBs PII PII Data in non-production environments is exposed to domestic and international development personnel Of the 80 of internal fraud cases, 34 % involved Personally Identifiable Information

HIGH PROFILE PRIVACY BREACHES MONEY GRAM $100,000,000 fine Involved in fraud due to PII exposure in 2009, 2012 Now uses IBM data masking software Optim per GLBA The software installation itself costs millions of $$$ HEARTLAND PAYMENT SYSTEMS 130M credit card numbers Albert Gonzalez used SQL injection in internal storage Now it implements end-to-end encryption

PRIVACY COMPLIANCE FINANCIAL HEALTH / PHARMA ECOMMERCE SOLUTION The Gramm-Leach-Bliley Act (GLBA) , US Congress 1999. HEALTH / PHARMA Health Insurance Portability and Accountability Act(HIPAA/HITECH), US Congress 1996. ECOMMERCE Payment Card Industry Data Security Standard (PCI DSS), Payment Card Industry Security Standards Council. SOLUTION Masking data in non-production environments. Identity based masking in production environments.

DATA MASKING DEFINITION The process of masking specific data elements within data store while preserving data look and feel and usability in applications. ALGORITHMIC CHALLENGE DATA INTEGRITY CHALLENGE

WHY HUSH HUSH? SIMPLE DRAG N DROP ALGORITHMS LOWERING OVERALL COST Easy to use Little training required “Time to Market” DRAG N DROP ALGORITHMS Yet highly customizable. LOWERING OVERALL COST INTRODUCING JUST IN TIME PRIVACY PROTECTION

ESSENCE OF IMPLEMENTATIONS VARIETY OF ALGORITHMS Format Preserving Encryption (FPE) variation: performance and less development time vs acceptable degrees of security risks (AES–like, Advanced Encrypion Standard) Random substitution: inability to decrypt due to randomness, yet much longer development, need to maintain additional structures HIGHLY CUSTOMIZABLE We can customize components per request and roll into the next version, providing support Changing City, State and Zip in conjunction for reporting Specific Credit Cards based on the Vendor Keeping a domain in email preserved Gender Based First Names

AT EXTRA FEE: CONTACT US : Customization SSIS framework development Integration into SDLC CONTACT US : E-mail: info@mask-me.net Phone: 213.631.1854