IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

Slides:

Advertisements

Similar presentations

Kit Robinson Director Data Loss Prevention and HIPAA.

Advertisements

IT Security Policy Framework

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Financial Services Technology Consortium March 18, 2008, Yale University Dan Schutzer Executive Director FSTC CyberTrust – PI meeting Unsolved Problems.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Why Comply with PCI Security Standards?

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

E-Commerce: Regulatory, Ethical, and Social Environments

Toolbox Helping You Define Value and Close Business The Business Value of Managed Security Services.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

© 2014 PayPal Inc. All rights reserved. Confidential and proprietary. Leveraging Information to Detect and Prevent Insider Attacks Phoram Mehta Senior.

Introduction to Barracuda IM Firewall. Two Security Products in One Public IM Management –Manages traffic from public IM clients, including AIM, Yahoo!

Crimeware: An Emerging, Acute Threat Dave Green.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Pedigree: Network-wide Protection Against Enterprise Data Leaks Team: Nick Feamster, Assistant Professor, School of CS Anirudh Ramachandran, PhD candidate,

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Managing your Institution-Specific HIPAA Compliance Policies and Procedures Cutting Edge Issues Thursday, December 13, 2007.

Scott Charney Cybercrime and Risk Management PwC.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

© 2009 WatchGuard Technologies WatchGuard XCS Data Loss Prevention Ensuring Privacy & Security of Outbound Content.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Privacy Advisory Services … … A Best Practices, Integrated Approach Insert Firm Name Here.

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

Screening activities Mike E. Farrell James E. Bartlett and Ghislaine C.Y. Gillessen Munich, January 2014.

Identity Awareness and Data Loss Prevention Effective DLP David Miller Sr. Director, Security Products October 15, 2009.

Reach us at Call: | Visit:

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

Cybersecurity as a Business Differentiator

Introduction to Barracuda IM Firewall

Cisco Compliance Management and Configuration Service

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Gift Card Risk Mitigation – Presentation A

Security Standard: “reasonable security”

Real-time protection for web sites and web apps against ATTACKS

Capabilities Matrix Access and Authentication

Current ‘Hot Topics’ in Information Security Governance Auditing

Information Security based on International Standard ISO 27001

Chapter 3: IRS and FTC Data Security Rules

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

SAP Dynamic Authorization Management by NextLabs

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance

Office 365 Security & Compliance: Exchange Online Protection

Anatomy of a Large Scale Attack

Comodo Dome Data Protection

2019 Thales Global Cloud Security Study

Presentation transcript:

IAPP 2004

2 CONFIDENTIAL Insider Leakage Threatens Privacy

3 CONFIDENTIAL Typical Customer Data Leakage Scenario 1 Ferris Research 2, 3 Based on Vontu Risk Assessment Data

4 CONFIDENTIAL Cost of Customer Data Breach Plus potential embarrassment, damage to company’s brand, regulatory fines, and civil lawsuits Ponemon Institute Customer Trust Study 2Including incentives (e.g. free credit report), notification, PR and customer support costs

5 CONFIDENTIAL Vontu Protect Data Firewall software to accurately identify, report and help prevent confidential customer and company information leakage.

6 CONFIDENTIAL Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment

7 CONFIDENTIAL Monitor outbound flow of information Support , web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points Monitor outbound flow of information Support , web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points

8 CONFIDENTIAL Example Customer Data Incident

9 CONFIDENTIAL Executive Summary Report Policy Trends for a Period Top Policy Violations Incident Status Incidents with most matches

10 CONFIDENTIAL Secure Data Profiles Drive Accuracy Heuristics are limited to approximate guesses. SDPs drive exact matches. False positive: not customer Social Security number False positives: not Social Security numbers False positives: not Social Security numbers Usernames, passwords, customer names can only be detected with SDP Known customer record fields

11 CONFIDENTIAL Goal –Executive “mandate” to monitor for customer data loss (RFP) –Regulatory requirements (PATRIOT Act, CA SB1386) –Enforce other “acceptable use” policies Configuration –Real-time scan of SMTP, HTTP, IM, and FTP for customer NPI –Geographically distributed system Results –Amount of leakage dramatically decreased –Monitoring over 10GB of and web mail traffic in U.S. per day –Global rollout to monitor to over 150k employees worldwide –NPI incident detection and response process in place Fortune 25 Bank Case Study

12 CONFIDENTIAL Balancing employee privacy vs. consumer privacy Complexity of incident remediation for insider issues Confusing regulatory environment Classifying and identifying confidential information Consistent policies across all channels, not just Slow adoption of encryption and DRM technologies Challenges and Opportunities

Michael Wolfe (415)