Presentation is loading. Please wait.

Presentation is loading. Please wait.

Neil Thacker, Information Security & Strategy Officer, EMEA EU DATA PROTECTION -

Similar presentations


Presentation on theme: "Neil Thacker, Information Security & Strategy Officer, EMEA EU DATA PROTECTION -"— Presentation transcript:

1 Neil Thacker, Information Security & Strategy Officer, EMEA EU DATA PROTECTION - PII @nt_hacker

2 Disclaimer

3 © 2013 Websense, Inc. Page 3 Name the year…

4 © 2013 Websense, Inc. Page 4 Current directive - highlights http://ec.europa.eu/justice/policies/privacy/docs/95-46-ce/dir1995-46_part1_en.pdf 1.Notice: subjects whose data is being collected should be given notice of such collection. 2.Purpose: data collected should be used only for stated purpose(s) and for no other purposes. 3.Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s). 4.Security: once collected, personal data should be kept safe and secure from potential abuse, theft, or loss. 5.Disclosure: subjects whose personal data is being collected should be informed as to the party or parties collecting such data. 6.Access: subjects should granted access to their personal data and allowed to correct any inaccuracies. 7.Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles. 8.International transfer of data: obligation not to transfer data outside of EEA unless that country has an adequate level of protection.

5 New EU Data Protection (#EUDataP) Process >5000 data subjects = Data Protection Officer Right to be “Erased” requirement Mandatory disclosure of data incidents within 24-72hrs Fines 5% of WW revenue

6 OWNERS DPO VULNERABILITIES value wish to minimise reduce RISKS THREAT AGENTS ASSETS PII THREATS leading to give rise to wish to abuse, steal and/or damage that increase COUNTERMEASURES impose may be aware of that exploit to that may be reduced by

7 Data protection - Catalyst Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential to grow to nearly EUR 1 trillion by 2020. Yet to fully unlock the value of data, we will have to ensure we have a true digital single market. Our reform does just that. It is a market opener.” Martine Reicherts, EU Justice Commissioner #MomentofTruth

8 Ponemon – Exposing the security cracks The study surveyed 4,881 IT security practitioners in 15 countries with an average of 10 years’ experience in the field. This report covers the consolidated global findings. 57% of respondents do not think their organization is protected from advanced cyber attacks and 63% doubt they can stop the exfiltration of confidential information. 80% of respondents say their company’s leaders do not equate losing confidential data with a potential loss of revenue 35% of those who had lost sensitive or confidential information did not know exactly what data had been stolen.

9 DETECT RESPOND RECOVER PROTECTIDENTIFY INFOSEC PRO IPDRR STRATEGY TACTICS

10 Information protection challenges Support Productivity while managing Compliance & Risk Four Challenges Minimize Accidental Data leakageMinimize Accidental Data leakage Demonstrate ComplianceDemonstrate Compliance Prevent Malicious Data TheftPrevent Malicious Data Theft Enable Adoption of Cloud Applications and InfrastructureEnable Adoption of Cloud Applications and Infrastructure

11 Minimize accidental data leakage Monitor across email and web channelsMonitor across email and web channels Educate employees on information protection policiesEducate employees on information protection policies Identify broken or bad business processesIdentify broken or bad business processes

12 Demonstrate compliance Interpret regulations for city, state, county, and industryInterpret regulations for city, state, county, and industry Incident management and remediationIncident management and remediation Auditable protections for regulated informationAuditable protections for regulated information

13 Prevent malicious data theft Comprehensive monitoring of potential leakage channelsComprehensive monitoring of potential leakage channels Integrated threat prevention from malware attacksIntegrated threat prevention from malware attacks Identify and block concealed data exfiltration (custom encryption)Identify and block concealed data exfiltration (custom encryption)

14 Business enablement Classify and protect sensitive data at restClassify and protect sensitive data at rest Monitor and control sensitive data flowsMonitor and control sensitive data flows

15 Other advice…

16 Identify risk to data Websense User Service > real-time user ID WHO Websense Web Intelligence > real-time destination awareness WHERE WHAT Websense DLP > real-time data awareness

17 Monitoring & Alerting Security Alert B Source: Destination: PCI & PII, customer database Data: Joe User x1234, juser@company.com Title: Associate Dept: Finance Manager: Jane Manager x1234, jmanager@company.com mail.google.com Type: Personal webmail site Location: Mountain View, CA Channel:Web Security Alert A PCI & PII 10.14.222.21 93.10.219.62 Web Data: Source: Channel: Destination:

18 Channels for endpoint data leakage USB Drives Local Printer LAN Storage Internet Print Server Network Printer 2 Network Printer 1 Removable Media Applications

19 © 2013 Websense, Inc. Page 19 Insider threat “The financial impact of insider attacks is substantial. The impact from IP theft from insiders was over $1,000,000 USD in 48% of cases” CERT CMU

20 Summary – How to be prepared Review proposal and identify gaps in your people, process and technology…today, tomorrow but definitely this week! Build a coalition including your Internal Audit and DPO and define a vision for how the new proposal will affect your role, responsibility and relationship Identify business processes involving PII and protect using technology. Identify broken or rogue business processes as the exceptions (Talk to Bytes SP & Websense) Communicate and share quick wins with a revised risk-based, data-centric approach Ensure absorption into the corporate strategy for data handling and protect EU citizen information…including your own

21 Neil Thacker, Information Security & Strategy Officer THANK YOU – QUESTIONS NTHACKER@WEBSENSE.COM @nt_hacker


Download ppt "Neil Thacker, Information Security & Strategy Officer, EMEA EU DATA PROTECTION -"

Similar presentations


Ads by Google