What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal policies and controls? Are insiders creating vulnerabilities? Are intruders gaining access and removing data? Competitive Advantage Are insiders putting the organization at risk? Are you better able to protect your customers’ and partners’ data?

Data Loss is Expensive $204 Per Consumer Record $600 Billion IP Theft a Year Globally Across all industries, data loss is challenging

C OST OF D ATA B REACHES A VERAGE T OTAL P ER -I NCIDENT C OST Ponemon Institute 5 th Annual US Cost of Data Breach Study

C OST OF D ATA B REACHES C OST PER C OMPROMISED R ECORD Ponemon Institute 5 th Annual US Cost of Data Breach Study

Complexities Where is the Data “The big issue is knowing where the information is in the first place.“ John Geater Bridging the gap between RCM and Data Protection

Data Identification Actionable Auditing Policy Design Policy Implementation WEBSENSE Data Discover WEBSENSE Data Monitor Quick Start Services Policy Tuning Services Deployment Services Product Evaluation  How is my data used?  Where is my data going?  Is it violating my policies or external regulations?  How is it leaving?  Where is my data?  How much is there?  Is it at risk?  How do I enforce inline with business processes?  How do I extend policies across the network and to remote workers?

 Executive level sponsorship and involvement to successfully protect data, change business processes and shape employee behavior  Cross-functional teams of business, legal and technical staff focused on a comprehensive program to reduce risk across the enterprise  A prioritized approach - confidential data has many forms and many locations - target the most critical data first  A trained Incident Response Team (IRT)  Clearly defined roles, responsibilities, and procedures  Employee education to enforce data protection policies

DLP Analysis Who are your users? Who are the data stakeholders? Who should/not use your data? Data What type of data do you have? Where is your data located? What is the value of your data? What communication channels are in use? What are your data security policies? What are good/bad data processes? People Process

Accuvant: Complete Data Protection Protection and Compliance Phased deployment path to complete data protection Block unauthorized devices Encrypt laptops Monitor and secure all data routes Discover and Classify Data Audit and Forensics

Architectural-level examination of the enterprise environment Assess current state of data security Focus on industry best practices and applicable regulations (e.g., PCI, HIPAA, GLBA, SOX) Identify potential enterprise risks and exposures Propose opportunities for improvement and mitigation Utilize DLP kit for data monitoring and analysis Understand your organization’s current exposure to data loss and then design a DLP strategy

Control Framework Policy and Awareness Assessments Audit Treat Risks Improve Controls Automate Controls Risk Assessment Partners/ Customers Regulations World Class Expertise  Business Need:  Understand risks to the business with regard to credit card information residing on laptops across the company.  Solution:  Accuvant found over 240,000 files containing credit card numbers and 70,000 sensitive files identified and tagged  Delivered detailed findings report (e.g., end users had sensitive information sprawled throughout disk drives)  Reduced risk by having end users delete or encrypt the sensitive files identified  Implemented a new security education program Case Study – Fortune 500 Retailer

Control Framework Policy and Awareness Assessments Audit Treat Risks Improve Controls Automate Controls Risk Assessment Partners/ Customers Regulations World Class Expertise  Business Need:  Driven by compliance requirements associated with SB 1386, Personally Identifiable Information (PII)  Driven by a State of CA Mandate tied specifically to Medi-Cal data  Solution:  Accuvant assisted with the vendor evaluation and proof of concept  Data lifecycle management was performed to locate critical data assets and create sensitive data classification levels  Data discovery exercise was completed to identify unknown data stores and develop data ownership matrix  Implemented a DLP solution with a phased approach, starting with network, endpoints and then data shares Case Study – Largest County in US

World Class Experience - Mature, very well-rounded team - Combining Information Security expertise with RCM focus - Insight into multi-vendor solutions - Industry known – authors and speakers Why Accuvant