Confidential Data Security Strategies Based upon the ESG “Outside-In” Confidential Data Security Model © 2009 Enterprise Strategy Group Vendor Channel.

Slides:

Advertisements

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Advertisements

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

© 2005, QEI Inc. all characteristics subject to change. For clarity purposes, some displays may be simulated. Any trademarks mentioned remain the exclusive.

Secure Computing Network

Module 3 Windows Server 2008 Branch Office Scenario.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

IT Retreat 2009 IT Security Controls and Initiatives.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Chapter 7 HARDENING SERVERS.

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Using RADIUS Within the Framework of the School Environment Charles Bolen Systems Engineer December 6, 2011.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

Remote Access Chicca Kusumawardani Spring Introduction Company using a remote access Is it a good idea giving employees remote access? Is it expensive.

New Data Regulation Law 201 CMR TJX Video.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 IPSec or SSL VPN? Decision Criteria.

Clinic Security and Policy Enforcement in Windows Server 2008.

Your storage on the ground; Your files in the cloud.

Data Access and Data Sharing KDE Employee Training Data Security Video Series 2 of 3 October 2014.

Unified Student-Centric Authentication and Authorization Nathan Wilder Special Assistant - Technology Office of the CIO.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

Module 9: Planning Network Access. Overview Introducing Network Access Selecting Network Access Connection Methods Selecting a Remote Access Policy Strategy.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

DHCH IT Orientation Introduction to DHCH Computer and Information Systems.

Networking Basics Lesson 1 Introduction to Networks.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Mobile Device Management Central Management of Wintel Laptop Software and Hardware in a Secure Environment.

Chapter 6 of the Executive Guide manual Technology.

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone Network Access Technology: Secure Remote Access S Prasanna Bhaskaran.

Module 11: Remote Access Fundamentals

TECHNOLOGY GUIDE THREE Protecting Your Information Assets.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

SPH Information Security Update September 10, 2010.

Information Technology Acceptable Use Policy The acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Chapter 8 Auditing in an E-commerce Environment

1 Chapter 13: RADIUS in Remote Access Designs Designs That Include RADIUS Essential RADIUS Design Concepts Data Protection in RADIUS Designs RADIUS Design.

Configuring, Managing and Maintaining Windows Server® 2008 Servers Course 6419A.

Be Microsoft’s first and best customer Enabling world-class and predictable customer, client, and partner experience Protecting Microsoft’s physical and.

Network Access Control

Introduction to Microsoft Windows 2000 Security Microsoft Windows 2000 Security Services Overview Security subsystem components Local security authority.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

BYOD: An IT Security Perspective. What is BYOD? Bring your own device - refers to the policy of permitting employees to bring personally owned mobile.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

Virtual Private Network Technology Nikki London COSC 352 March 2, 2010.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data Version 2.6 | July 2014.

Barracuda SSL VPN Remote, Authenticated Access to Applications and Data.

Chapter 5 Electronic Commerce | Security Threats - Solution

TECHNOLOGY GUIDE THREE

Chapter 5 Electronic Commerce | Security Threats - Solution

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

12 STEPS TO A GDPR AWARE NETWORK

Implementing Client Security on Windows 2000 and Windows XP Level 150

IS4680 Security Auditing for Compliance

Introduction to the PACS Security

Information Security in Your Office

Presentation transcript:

Confidential Data Security Strategies Based upon the ESG “Outside-In” Confidential Data Security Model © 2009 Enterprise Strategy Group Vendor Channel End UserMedia Financial Source: ESG Research Report, Protecting Confidential Data Revisited, April ZoneLocationVolume of users and devicesData mobilityProximity to ITSample recommendations 5 Public network/ non-employee users High. Likely to grow as more external users are given network access. High and uncontrollable Not available. IT may provide a support role but no security role.  Strong authentication  Contractual/legal protections  Cooperative training with business partners  Read-only access or ERM  Network/application layer encryption  SSL VPN access only  DLP 4 Public network/ remote employee access High. Increase is related to new devices, employee growth, and telecommuting High. Large population of laptops and unrestrained mobile devices Low. Users and devices may be invisible to IT for extended periods of time.  Specialized user training, frequent updates  Employee contract stipulating policies and penalties  Strong authentication  Entitlement controls based upon employee role  User behavior auditing  Access policies based upon network location and device health (NAC)  SSL VPN access only  Full-disk encryption  Approved and authenticated mobile devices only with encryption  ERM 3WAN Medium to high depending upon organizational size Low to medium. May have remote staff.  Multi-tiered user training depending upon mobility, quarterly updates  Employee contract stipulating policies and penalties  Strong password and password management  Entitlement controls based upon employee role  User behavior auditing  NAC policies tailored for local users. Mobile workers inherit controls from Zone 4 above  Backhaul all Internet access through data centers  Full-disk encryption for laptops  Approved and authenticated mobile devices only with encryption  ERM  Specialized controls for local IT devices (ex. file servers, tape drives, etc.) 2LAN Medium to high depending upon organizational size Medium to high. Use of wireless networks and mobile devices Medium to high. Ratio of IT/security staff to users varies by organizational size.  Strong physical security with links to electronic security controls  Multi-tiered user training depending upon mobility, quarterly updates  Employee contract stipulating policies and penalties  Strong password and password management  Entitlement controls based upon employee role  User behavior auditing  NAC policies tailored for local users. Mobile workers inherit controls from Zone 4 above  Full-disk encryption for laptops  Approved and authenticated mobile devices only with encryption  ERM  Network-based DLP 1Data center Low. Should be limited to IT staff and approved devices Low with the exception of backup tapes shipped off-site High. Non-IT personnel should have limited access.  Strong physical security with links to electronic security controls  Role-based access controls  Administrator authentication linked to Active Directory, RADIUS, etc.  Hardened configurations of all systems  Approved mobile devices only  IT behavior auditing  Tape encryption  Data destruction of hard drives that leave data center