Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISecurity for GDPR 1.

Published byVincent Butler Modified over 7 years ago

Similar presentations

Presentation on theme: "ISecurity for GDPR 1."— Presentation transcript:

1 iSecurity for GDPR 1

2 iSecurity for GDPR- Executive Overview & Summary
Raz-Lee’s iSecurity solutions can help companies using IBM i (AS/400) to accelerate adoption of the assessment, preventive and detective controls which are mandated by GDPR. iSecurity’s more than 20 security, encryption, auditing and compliance solutions are easy-to-use, with a similar user interface and manner of operation. So using iSecurity will ease the implementation of many of the data security principles mandated by GDPR. This presentation summarizes key GDPR requirements which are relevant to iSecurity solutions and maps these requirements to specific iSecurity solutions. 2

3 What is GDPR? GDPR: General Data Protection Regulation (European Regulation 2016/679) Supersedes the European Union Data Protection Directive of appx which led to different privacy laws in different European countries. Ever-changing personal data protection needs since then have led to GDPR: More security breaches Major technological developments Globalization of business Important to note: GDPR is a law, to which companies MUST abide! Security is no longer an option, it is a requirement! 3

4 About Raz-Lee Security?
Internationally renowned IBM i solutions provider Founded in 1983, 100% focused on IBM i (AS/400) Corporate offices in: US, Italy, Germany Installed in more than 40 countries, over 12,000 licenses IBM Business Partner, Integration Partner with Tivoli and QRadar Partnerships with other major global SIEM & DAM solution providers: Official partnerships with McAfee, RSA enVision, HP OpenView, GFI, NNT OEM by Imperva SecureSphere Proven integration with ArcSight, CA UniCenter, Splunk, Juniper… Worldwide distribution network 4

5 Raz-Lee Security – Mission & Product Lines
To provide the best and most comprehensive IBM i compliance, auditing and security solutions Infrastructure Security: Network access, QAUDJRN monitoring & reporting, user profile management, monitor and set object authorities, native object security, anti virus protection Application Security: Field & PGP encryption, DB activity (journal) auditing, Cross-Application business item reporting with real-time alerting, Business Intelligence over transaction data, application screen recording… IT Operations: User screen timeout, monitor system events, user-initiated password reset, automatic tracking of software changes, multi-LPAR management, multi-platform integration with SIEM and DAM Programmer and System tools: File editor, RPG/COBOL and interactive access to MS SQL, Oracle, MySQL, Excel,… 5

6 iSecurity: Selected Customers
CHS (Community Health Systems, US) appx systems and growing, replaced Powertech Royal Bank of Scotland purchased iSecurity after POCs of nearly ALL competitors! Venetian Casinos (multi-national) purchased iSecurity following extensive compliance POC. Euronet Worldwide banking clearinghouse in Europe & Asia, replaced competitor with iSecurity. Svenska Handelsbanken, one of the largest banks in Scandinavia, used competitor for several years; replaced it with iSecurity. Unicredit, SkyTV, IKO Industries, JPMorgan Chase, Boyd Gaming, Bank of China, MasterCard, Avis 6

7 iSecurity Suite of Products
PCI, HIPAA, SOX, JSOX, FDA, Local Regulations, Auditor’s Requests… Security Breach Management Decision Auditing Audit QAUDJRN, Status… Real-time Actions, CL scripts Capture screen activity Compliance: Users, Native, IFS Change Tracker User Provisioning Evaluation Visualizer- Business Intelligence for Security Compliance Evaluator for SOX, PCI, HIPAA… SIEM/DAM Support Syslog, SNMP Central Admin Multi LPARs Protection Firewall FTP, ODBC,… access Obtain Authority on Demand Monitor CL Commands Password Reset 2 Factor Authentication Anti-Virus protection Security Assessment (free) Encryption DB2 Field Encryption (FIELDPROC) PGP Encryption Database AP-Journal DB Audit, Filter, Alerts, SIEM DB-Gate Native SQL to Oracle, MSSQL.. FileScope Secured file editor 7

8 iSecurity – Outstanding Characteristics
Full GUI and green screen - short learning curve, ease of use Visualizer Business Intelligence analysis Hundreds of built-in, customizable reports. Report/Query Generator and Scheduler produces print, screen, HTML, PDF, CSV ed reports. Supports SYSLOG, SNMP, Twitter, & CEF / LEEF formats Cross-enterprise reporting, definitions, logs Exceptional performance on all sizes of systems The Bottom Line: The most comprehensive IBM i (AS/400) security, encryption, auditing and compliance solution suite 8

9 GDPR- Security Objectives
Establish data privacy as a fundamental right Protect personal data for anyone based in the EU or anyone handling the personal data of someone in the EU Protect this personal data via processes, technology and automation Establish responsibilities of companies based in the EU or a company providing goods or services to someone in the EU Establish a baseline for data protection based on GDPR requirements Elaborate on data protection principles  not only encryption but also assessment, prevention, detection controls Enforce compliance via huge fines (up to 4% of the global annual corporate revenue) 9

10 Key GDPR Data Security Requirements (1/2)
Threats originating from unauthorized data access should be secured via: Assessment Prevention Detection Conduct impact assessments when processing personal data is causing major risk to the person involved Also assess the company’s processes and profiles, and how these protect personal data 10

11 Key GDPR Data Security Requirements (2/2)
Prevent Attacks via the following Suggested Techniques: Encryption- nullifies the need for a company to inform a customer of a breach Data Anonymization- making the data unintelligible/unclear Pseudonymization- reducing the linkability of data with the identity of a person Control Access by Privileged Users- minimize insider attacks & compromised user accounts Further Control of Access- ensure personal data is accessed selectively and only for a specific purpose Data Minimization- limit as much as possible the amount of personal data kept and the period of time it is kept Monitor & Alert to Detect Breaches via Suggested Mechanisms: Audit Data- GDPR mandates untamperable recording & auditing of activities on personal data Monitor and Timely Alert- Activities on personal data must be constantly monitored, including timely notifications of a breach 11

12 GDPR Raises the Quality of Protection
Need to properly plan for implementing and administrating data security Since GDPR is mandatory, it includes provisions to ease the administrative overhead of the security controls and increase the quality of protection: Data Security by Design and by Default Data protection must be a core part of systems; this increases the built-in security capabilities of systems Centralized Administration of security in multiple applications and systems To enable immediate actions in case of a breach To enforce uniformity across multiple targets To reduce the chances of errors on individual targets To leverage best practices across the enterprise Comprehensive Security - Personal data should be protected at all data-related stages including data-at-rest and data-in-transit. 12

13 Mapping iSecurity Solutions to GDPR Guidelines (1/4) Refer to http://www.privacy-regulation.eu/en/
Reference GDPR Guideline iSecurity Solutions Assess Article 35 Data protection impact assessment: “… the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.” Anti-Virus Assessment Audit Central Administration Compliance Evaluator Firewall Native Object Security System Control Visualizer Recital 84 “... where the processing operations are likely to result in a high risk for the rights and freedoms of individuals, the controller should be responsible for the carrying out of a data-protection impact assessment to evaluate, in particular, the origin, nature, particularity and severity of that risk …" 13

14 Mapping iSecurity Solutions to GDPR Guidelines (2/4) Refer to http://www.privacy-regulation.eu/en/
Prevent Article 6 “… 4.) Where the processing for another purpose than the one for which the data have been collected is not based on the data subject’s consent...the controller shall, in order to ascertain whether processing for another purpose is compatible with the purpose for which the data are initially collected, take into account, inter alia: 4.e.) the existence of appropriate safeguards, which may include encryption or pseudonymization…”  iSecurity Solutions Action Anti-Virus Command Encryption Firewall Native Object Security Screen Article 32 “… the controller and the processor shall implement appropriate technical and organisational measures, to ensure a level of security appropriate to the risk, including inter alia, as appropriate: the pseudonymization and encryption of personal data …” Recital 28 “The application of pseudonymization to personal data can reduce the risks for the data subjects concerned and help controllers and processors meet their data- protection obligations.” Recital 83 “In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent to the processing and implement measures to mitigate those risks, such as encryption. 14

15 Mapping iSecurity Solutions to GDPR Guidelines (3/4) Refer to http://www.privacy-regulation.eu/en/
Prevent Recital 26 “…The principles of data protection should therefore not apply to anonymous information, that is information which does not relate to an identified or identifiable natural person or to data rendered anonymous in such a way that the data subject is not or no longer identifiable. This Regulation does therefore not concern the processing of such anonymous information, including for statistical and research purposes.”  iSecurity Solutions Action Anti-Virus Command Encryption Firewall Native Object Security Screen Article 5 “Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ('data minimization');” Article 29 “The processor and any person acting under the authority of the controller or of the processor who has access to personal data, shall not process those data except on instructions from the controller … “ Article 32 Recital 64 “… 4) The controller and processor shall take steps to ensure that any natural person acting under the authority of the controller or the processor who has access to personal data does not process them except on instructions from the controller…” “… The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers.“ 15

16 Mapping iSecurity Solutions to GDPR Guidelines (4/4) Refer to http://www.privacy-regulation.eu/en/
Detect Article 30 “Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility. “ iSecurity Solutions Action Anti-Virus AP-Journal Audit Capture Change Tracker Command Compliance Evaluator Firewall Native Object Security System Control Visualizer Article 33 Article 34 “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority ...” “When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay.” 16

17 iSecurity and GDPR: The Next Step…
Contact Raz-Lee Security at Thank You! 17

Download ppt "ISecurity for GDPR 1."

Similar presentations

Syslog for SIEM using iSecurity Real-Time Monitoring of IBM i Security Events.

Syslog for SIEM using iSecurity Real-Time Monitoring of IBM i Security Events.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.

ISecurity Complete Product Series For System i. About Raz-Lee Internationally renowned System i solutions provider Founded in 1983; 100% focused on System.
1 Audit Next Generation Monitoring, Compliance & QAUDJRN Reporting.

1 Audit Next Generation Monitoring, Compliance & QAUDJRN Reporting.
1 Password Reset Effortless, Self service User Password Reset.

1 Password Reset Effortless, Self service User Password Reset.
Network security policy: best practices

Network security policy: best practices
Raz-Lee Security iSecurity for iSeries. 2 Facts about Raz-Lee  Internationally renowned iSeries solutions provider  Founded in 1983  100% focused on.

Raz-Lee Security iSecurity for iSeries. 2 Facts about Raz-Lee  Internationally renowned iSeries solutions provider  Founded in 1983  100% focused on.
1 iSecurity GUI for User Management. 2 Internationally renowned IBM i solutions provider Founded in 1983, 100% focused on IBM i Corporate offices in:

1 iSecurity GUI for User Management. 2 Internationally renowned IBM i solutions provider Founded in 1983, 100% focused on IBM i Corporate offices in:
Firewall End-to-End Network Access Protection for IBM i.

Firewall End-to-End Network Access Protection for IBM i.
1 Capture 5250 with Business Items. 2 Internationally renowned IBM i solutions provider Founded in 1983, 100% focused on IBM i Corporate offices in: US,

1 Capture 5250 with Business Items. 2 Internationally renowned IBM i solutions provider Founded in 1983, 100% focused on IBM i Corporate offices in: US,
1 May 2011 Removing the Hay to find… iBi: IBM i Business Intelligence BI Datathe Needles.

1 May 2011 Removing the Hay to find… iBi: IBM i Business Intelligence BI Datathe Needles.
1 Automatic Tracing of Program and File Changes on IBM i Inside Change Tracker.

1 Automatic Tracing of Program and File Changes on IBM i Inside Change Tracker.
1 Action Automated Security Breach Reporting and Corrections.

1 Action Automated Security Breach Reporting and Corrections.
Firewall End-to-End Network Access Protection for IBM i.

Firewall End-to-End Network Access Protection for IBM i.
1 PTF Tracker Automatic Tracking of PTFs and Software Changes.

1 PTF Tracker Automatic Tracking of PTFs and Software Changes.
1 Command Control and Monitor CL Commands. 2 Command- The Need CL commands control nearly all IBM functionality Monitoring, controlling and logging CL.

1 Command Control and Monitor CL Commands. 2 Command- The Need CL commands control nearly all IBM functionality Monitoring, controlling and logging CL.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Encryption DB2 Field Encryption for IBM i. The Need for Encryption PCI-DSS, HIPAA, FDA 21 CFR Part 11, and other regulations Use cases: Credit Card Numbers,

Encryption DB2 Field Encryption for IBM i. The Need for Encryption PCI-DSS, HIPAA, FDA 21 CFR Part 11, and other regulations Use cases: Credit Card Numbers,

Similar presentations

Ads by Google