Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strategies & Tactics for Data Security

Published byAlbert Sparks Modified over 6 years ago

Similar presentations

Presentation on theme: "Strategies & Tactics for Data Security"— Presentation transcript:

1 Strategies & Tactics for Data Security
2015 IAEWS Fall Congress Strategies & Tactics for Data Security Panel Discussion David Lewis, OperationsInc; Patrick Manzo, Monster; Steve Roosa, Holland & Knight; Andy Hibel, HigherEdJobs

2 IAEWS Fall Congress Data Security?

3 2015 MasterCard Security Survey
IAEWS Fall Congress 2015 MasterCard Security Survey Concerned About Behaviors Being Pick Pocketed 46% Home Being Robbed 59% Being Hacked 62% Financial Info Stolen 77% Check Financial Info on Public Networks 39% “Rarely if at All” Change Passwords for Financial Info 46%

4 IAEWS Fall Congress Naked But Secure . . . 55% of Americans Would Prefer Naked Leaked Pictures Than Financial Data

5 IAEWS Fall Congress Matter of Trust Trust Career Site Job Seeker

6 Distinguishing Security v. Privacy

7 Privacy Issues—Intentional Collection, Use, and Sharing
Privacy Involves the Consequences of Collection, Use, and Sharing of Data (Especially Personally Identifiable Information) with: Advertisers and marketing companies Analytics companies Hosted solutions Social network functions 3rd party service providers Other users Other businesses Data brokers

8 Security Issues—When Things Break
Unintended or Unauthorized Access/Disclosure: Malware Stolen passwords Exploits of vulnerabilities (e.g., Heartbleed) Insider data theft Remote hacks and network intrusion Injection attacks against databases

9 Technical Safeguards, Protections, Countermeasures
Intrusion detection systems Logging Firewalls 2FA Anti-Virus Sanitizing database inputs Encryption in transit Encryption at rest Secure coding practices

10 Incident Response Plans
Train on them Update them Must be short enough to be actionable Communications should maintain privilege Involve: Legal, PR, and Information Security Have breach counsel and response vendor vetted and selected in advance

11 The Cloud…

12 Cloud Services Determine if you can even use a cloud solution based on legal requirements. If you don’t encrypt data before it is sent to the cloud, the cloud provider technically has physical access to the data Have your security team compare the security procedures you follow internally to those of the cloud, and identify any shortcomings on the part of the cloud provider. Push back against cloud providers on terms AWS v. Azure Begin with the end in mind: intercloud transition

13 Managing 3rd Party Risk Contractual Constraints Indemnity
Right to audit Insurance requirements Reps and Warranties Incident Response provisions Static code analysis for 3rd party vulnerabilities Compliance with OWASP ASVS Level 2 (see next slide) Other due diligence

14 OWASP’s Standards Are Excellent (Open Web Application Security Project)
ASVS – Application Security Verification Standard Project The primary aim of the OWASP Application Security Verification Standard (ASVS) Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open standard. The standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection.

15

16

17 IAEWS Fall Congress Conclusion - Contact Info Write Down Something You Will Do As First Step David Lewis, OperationsInc Patrick Manzo, Monster Steve Roosa, Holland & Knight Andy Hibel, HigherEdJobs

Download ppt "Strategies & Tactics for Data Security"

Similar presentations

Common Web Application Vulnerabilities Know Your Enemy.

Common Web Application Vulnerabilities Know Your Enemy.
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
Information Security Policies and Standards

Information Security Policies and Standards
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
SiteLock Internet Security: Big Threats for Small Business.

SiteLock Internet Security: Big Threats for Small Business.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
© 2010 RightNow Technologies, Inc. ASU – CABIT – Privacy Day Privacy in the Cloud Ben Nelson CISO, RightNow Technologies.

© 2010 RightNow Technologies, Inc. ASU – CABIT – Privacy Day Privacy in the Cloud Ben Nelson CISO, RightNow Technologies.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.

Similar presentations

Ads by Google