Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015.

Slides:



Advertisements
Similar presentations
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Advertisements

Confidentiality and Privacy Controls
1 MIS 2000 Class 22 System Security Update: Winter 2015.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Internet Phishing Not the kind of Fishing you are used to.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Controls for Information Security
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Administrative Practices Outcome 1
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Information Security Technological Security Implementation and Privacy Protection.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Information Security Phishing Update CTC
Introduction to Information and Computer Science Security Lecture b This material (Comp4_Unit8b) was developed by Oregon Health and Science University,
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Component 4: Introduction to Information and Computer Science Unit 8: Security Lecture 2 This material was developed by Oregon Health & Science University,
BUSINESS B1 Information Security.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
Software Security Testing Vinay Srinivasan cell:
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
INTRUDERS BY VISHAKHA RAUT TE COMP OUTLINE INTRODUCTION TYPES OF INTRUDERS INTRUDER BEHAVIOR PATTERNS INTRUSION TECHNIQUES QUESTIONS ON INTRUDERS.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Chapter 7 Phishing, Pharming, and Spam. Phishing Phishing is a criminal activity using computer security techniques. Phishers try to acquire information.
Security in ERP Systems By Jason Rhodewalt & Marcel Gibson.
About Phishing Phishing is a criminal activity using social engineering techniques.criminalsocial engineering Phishers attempt to fraudulently acquire.
Phishing Internet scams. Phishing phishing is an attempt to criminally and fraudulently acquire sensitive information, such as usernames, passwords and.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Data Breach: How to Get Your Campus on the Front Page of the Chronicle?
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
CONTROLLING INFORMATION SYSTEMS
Cybersecurity Test Review Introduction to Digital Technology.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Created by the E-PoliceSlide 122 February, 2012 Dangers of s By Michael Kuc.
Internet Security TEAMS March 18 th, ISP:Internet Service Provider.
CNP Fraud. Occurs when a fraudster falsifies an application to acquire a credit card using an individual’s personal information. (Eg: postal intercept)
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Securing Information Systems
Cybersecurity - What’s Next? June 2017
Security Standard: “reasonable security”
Administrative Practices Outcome 1
Secure Software Confidentiality Integrity Data Security Authentication
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Social Engineering Brock’s Cyber Security Awareness Committee
Robert Leonard Information Security Manager Hamilton
Security Essentials for Small Businesses
County HIPAA Review All Rights Reserved 2002.
How to Mitigate the Consequences What are the Countermeasures?
Protecting Your Company’s Most Valuable Asset
Lorenzo Biasiolo 3°AI INFORMATION SECURITY.
Technology Solutions Cybersecurity Report to the KCTCS Board of Regents March 14, 2019.
Cybersecurity and Cyberhygiene
Spear Phishing Awareness
Security in mobile technologies
Presentation transcript:

Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015

Sensitive Data

PII Data can be… ethnic or racial origin; political opinion; religious beliefs; physical or mental health details; personal life; or criminal or civil offences. Color…. Age… disability status DOB SSN Driver’s License # Phone #s Addresses… …and more

Employee Information Proprietary Company Information Financial/Credit Cards Federally Protected Data State Protected Data Sensitive Data is……..“Sensitive”

Data Breaches

Data Breach… an incident that results in unauthorized access of data, applications, services, networks, and/or devices by perpetrators bypassing underlying security mechanisms.

Archive Systems, Inc. What does Vulnerability mean? Vulnerability… cyber-security term, refers to a flaw in a system that can leave it open to attack.

Archive Systems, Inc. Thriving black market in software vulnerabilities driven by:

Archive Systems, Inc. Threat Categories

Archive Systems, Inc. Phishing  Process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.  Phishing is typically carried out by or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.  Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies.

Most breaches are very sophisticated Threats are coming from the outside only They are inevitable so focus on response rather than prevention Patching systems is sufficient enough to thwart all breaches Common Misconceptions of Data Breaches

Examples of Sensitive Data THE YEAR OF THE DATA BREACH

Keep Sensitive Data Protected

Inventory your Information Assets Inventory your assets & Interview relevant staff What you have? Who has access to it? How does it come into company? 1

Less is More 2

3 Encrypt Sensitive Data “At Rest”… AND “In Transit”

4 Disposal of Informatio n Assets

5 User Awareness Training

What to look for in a cloud-based solution

Security, Security

Security related questions to ask a Cloud-Based provider Will my data be encrypted in transit and while at rest? What is the configurability of password length and complexity? Do you support IP address-based access control (IP restrictions) Do you support Two-Factor authentication? Are all user activities in an accessible audit log? Do you annual go through an SSAE 16 audit? Do you annually subject your solution to 3 rd party vulnerability scanning and penetration testing annually?

Example: Archive Systems Data Security Measures Data in Transit 256-bit SSL encryption for web applications 1024-bit RAS public keys for data transfer Data at Rest AES 256-bit encryption of data Audit logs for all user activities Secure usernames and passwords Encrypted/hashed with SHA-2 Password complexity requirements Scheduled expiration Restricted password re-use Role-based access control SAML 2.0 Single Sign On (SSO) IP address-based access control Encrypted session ID cookies to uniquely identify each user Two-factor authentication availability 3rd party penetration testing SSAE16 audited annually

Physical Security Measures (Data Centers) Three-factor authentication Proximity Card / Biometric fingerprint reader / facial geometry scanner Anti-tailgating / Anti pass-back turnstile gate Single entry point into colocation facility Access to private cage: biometric fingerprint scan and proximity card 24/7 on-site security High Def CCTV of all interior and external strategic locations and access points with 90 day retention SSAE16 audited Example: Archive Systems

Key take away… Sensitive Data (PII) is valuable to you – and others that should not have it! Data breaches and vulnerabilities are not going away IT certainly plays a key role in creating and preserving a secure environment HR Departments must actively partner with IT to protect Sensitive data Employees play a critical part to keeping Sensitive Data where it belongs Information Governance also implies to restricting access to HR data as well as its timely destruction Cloud providers must have secure environments and the good providers are very secure.

Jim Farrell

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.