Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011.

Slides:

Advertisements

Similar presentations

© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon.

Advertisements

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Mobile Devices and Wireless Tracy Jackson Liz Nenni Matt Hinson Chris Eiben.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Drafting and Reviewing Confidentiality Agreements West LegalEdcenter 2012.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Information Security Information Security for Research Thursday October 14 th 2010.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Auditing Computer Systems

Information Systems Audit Program. Benefit Audit programs are necessary to perform an effective and efficient audit. Audit programs are essentially checklists.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.

The Demand for Audit and Other Assurance Services Chapter 1.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Session 3 – Information Security Policies

©2011 Kingston Technology Corporation. All rights reserved. All trademarks and registered trademarks are the property of their respective owners. Best.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Information Systems Security Computer System Life Cycle Security.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

PwC Internal Control Reports: Facts, Myths and Best Practices FIRMA National Risk Management Training Conference – San Francisco, CA Wednesday March 31,

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

1 - 1 ©2006 Prentice Hall Business Publishing, Auditing 11/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

September 14, David A. Reed Attorney at Law Reed & Jolly, PLLC (703)

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Murphy’s Law If anything can go wrong, it will.. 2 Data Security and Confidentiality “… a firm belief in Murphy’s Law and in the necessity to try and.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

Internal Audit Considerations for Cybersecurity Risks Posed by Vendors October th, 2015 Chicago IIA Chapter’s 2 nd Annual IIA Chicago IT Hacking.

August 21 th, 2007 Board of Directors Meeting Semi-Annual Audit, Compliance, and Enterprise Risk Management Update Steve Byone Chief Financial Officer.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

DriveSavers and the Shared Assessments Program Helping Set New Standards for the Data Recovery Industry Presented by: Lynda C. Martel, Director, Privacy.

IT Summit November 4th, 2009 Presented by: IT Internal Audit Team Leroy Amos Sue Ann Lipinski Suzanne Lopez Janice Shelton.

Albany Bank Corporation Security Incident Management Program.

Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.

The NIST Special Publications for Security Management By: Waylon Coulter.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Wisconsin Department of Health Services Purchase of Services Contract Guide Julie Anstett and Lucinda Champion Friday, May 6, 2016 Wisconsin Department.

Information Security and Privacy in HRIS

CPA Gilberto Rivera, VP Compliance and Operational Risk

Demystifying cybersecurity: Best practices to help strengthen your program Chris Candela Senior Consultant Business Consulting Services Charles Schwab.

The Demand for Audit and Other Assurance Services

JU September Stakeholder Engagement Conference Webinar #1

Current ‘Hot Topics’ in Information Security Governance Auditing

IS4680 Security Auditing for Compliance

Service Organization Control (SOC)

Vendor Management & Business Value

Chapter 3: IRS and FTC Data Security Rules

CYB 110 Competitive Success/snaptutorial.com

CYB 110 Education for Service-- tutorialrank.com

Agenda Introduction Why is cybersecurity important? Laws & Regulations

Audit Planning Presentation - Disaster Recovery Plan

Security Awareness Training: System Owners

County HIPAA Review All Rights Reserved 2002.

Colorado “Protections For Consumer Data Privacy” Law

Guidelines for building security policies. Building a successful set of security policies will ensure that your business stands the best possible chance.

Presentation transcript:

Fast Reliable Certified Secure Data Recovery Does Your Enterprise Have A Security Gap ? HDI Sacramento Chapter August 16th, 2011

Fast Reliable Certified Secure Data Recovery What Is The Data Security Gap? How Can You Close That Gap? Questions & Answers Agenda

Fast Reliable Certified Secure Data Recovery All Storage Devices Fail

Fast Reliable Certified Secure Data Recovery I NEED MY DATA NOW!

Fast Reliable Certified Secure Data Recovery Main Causes of Device Failure and Data Loss Hardware Failure Requires Professional Data Recovery

Fast Reliable Certified Secure Data Recovery Who Can You Trust?

Ponemon Institute Survey: First national study on security of data recovery operations 636 IT Security/IT Support professionals surveyed All verticals, including business and government Focus on third-party data recovery services Goal: Confirm or dispel belief that confidential and sensitive data may be at risk when in the possession of a disreputable third-party data recovery service provider. The Risk of Choosing the Wrong Recovery Vendor

Fast Reliable Certified Secure Data Recovery Myth Buster: We never send data out for recovery! Source: The Ponemon Institute Study: Security of Data Recovery Operations

Fast Reliable Certified Secure Data Recovery Surprise Factor: Loss of Sensitive Data Drives Vendor Engagements Source: The Ponemon Institute Study: Security of Data Recovery Operations

Fast Reliable Certified Secure Data Recovery Known Factor: Data Recovery Vendors Selected by IT Support Source: The Ponemon Institute Study: Security of Data Recovery Operations

Fast Reliable Certified Secure Data Recovery Risk Factor: IT Security Not Involved In Selection Process Source: The Ponemon Institute Study: Security of Data Recovery Operations

Fast Reliable Certified Secure Data Recovery 83% reported a breach 19% breached at data recovery vendor 43% due to vendors lack of security protocols Data Recovery Providers Could Put Your Data at Risk Source: The Ponemon Institute Study: Security of Data Recovery Operations

Fast Reliable Certified Secure Data Recovery The Smoking Gun

Fast Reliable Certified Secure Data Recovery Closing the Data Security Gap

NIST Special Publication (SP) Updated language to Section Organizations may use third-party vendors to recover data from failed storage devices. Organizations should consider the security risk of having their data handled by an outside company and ensure that proper security vetting of the service provider is conducted before turning over equipment. The service provider and employees should sign non discloser agreements, be properly bonded, and adhere to organization-specific security policies." Source: Contingency Planning Guide for Federal Information Systems, Section 5.1.3: Protection of Resources New NIST Guideline: Proper Security Vetting

Fast Reliable Certified Secure Data Recovery BITS/Financial Roundtable/Shared Assessments Standardized Information Gathering (SIG) tool (SIG.V6) updated October, 2010 Do third party vendors have access to Scoped Systems and Data? (backup vendors, service providers, equipment support maintenance, software maintenance vendors, data recovery vendors, etc)? If so, is there: Security review prior to engaging their services (logical, physical, other corp controls) Security review at least annually, on an ongoing basis Risk assessments or review Confidentiality and/or Non Disclosure Agreement requirements Requirement to notify of changes that might affect services rendered SIG/AUP Auditing Tools

Fast Reliable Certified Secure Data Recovery FDIC Action items discussed Internal memo to be distributed to FDIC Examiners Letter to be distributed to Financial Institutions Updates to FFIEC handbook FDIC Vendor Mgt Guidelines

Fast Reliable Certified Secure Data Recovery Negligent or unethical data recovery technicians Unprotected networks housing restored data files Lost or compromised data during transit Switch-up of client data Improper disposal of unwanted storage devices Recovered data returned with viruses or malware Risk Points During Data Recovery

Fast Reliable Certified Secure Data Recovery Vet Your Data Recovery Vendors

Fast Reliable Certified Secure Data Recovery Demand Proof: Proof of internal information technology controls and data security safeguards, such as SAS 70 Type II audit reports Certification by leading encryption software companies Proof of chain-of-custody protocols and certified secure network Vetting and background checks of all employees Secure and permanent data destruction when required Use of encryption for data files in transit Proof of a certified ISO-5 (Class 100) Cleanroom Source: The Ponemon Institute Study: Security of Data Recovery Operations Checklist for Vetting Data Recovery Vendors

Fast Reliable Certified Secure Data Recovery Technology Certifications Protocols DriveSavers Best Practices Authorized by leading Data Storage Mftrs DOD Approved Data Destruction Certified by Leading Encryption Vendors Certified ISO-5 (Class 100) Cleanroom SAS 70 Type II Audit Reports

Fast Reliable Certified Secure Data Recovery We Can Save It!

Choose Your Service Option

Live 24/7 Support

Approved GSA Contractor - #GS-35F-0121S Annual SAS 70 II Security Audits High Security Service Available Certified to recover encrypted data DOD-approved data erasure process

Fast Reliable Certified Secure Data Recovery Recap D ata loss does occur D ata recovery companies are used often C ritical data is at risk of breach Y ou can close the security gap V et the security protocols of data recovery service providers

Fast Reliable Certified Secure Data Recovery Q & A

Fast Reliable Certified Secure Data Recovery Michael Hall, CISO ext 126 Rob Matheson Corporate Account Executive ext 136 Thank you