1. SAM GDPR Assessment <Insert partner logo here>
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. GDPR implements detailed definitions on the use personal data
11/12/ :31 AM
GDPR implements detailed definitions on the use personal data
GDPR expands the definition of personal data and invokes high penalties for violation of personal data
Fines for GDPR non-compliance can be up to €20M or 4% of global annual revenue
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Asset management is fundamental to cybersecurity
93%
$600B
70%
81%
of all breaches in could have been avoided with simple cyber hygiene practices
in damages from unpatched or unsupported software
of unauthorized software is infected with malware
of data breaches in leveraged stolen or weak passwords
93% of all breaches in 2017 could have been avoided with simple cyber hygiene practices
Regularly updating software, blocking fake messages, and training employees to recognize phishing attacks.
$600B in damages from unpatched or unsupported software
Including damage from WannaCry, Petya, and the Equifax breach
Sources:
primary-source-of-malware&id=66383
estimates/
The Verizon Data Breach Investigations report which states the following for 2017:
75% of breaches were perpetrated by outsiders
62% featured hacking
81 % leveraged stolen or weak passwords
51% included malware
24% of the victims were financial institutions
66% of malware was distributed via infected attachments
61% of the data breach victims in this year’s report are businesses with under 1,000 employees
95% of phishing attacks that led to a breach were followed by some sort of software installation
“You cannot protect what you cannot manage.”
Enterprise IT Manager, Germany
A SAM GDPR Assessment provides discovery of unmanaged and vulnerable devices across the IT estate, and provides recommendations from the Center for Internet Security (CIS) to avert risk of attack.

4. SAM GDPR Assessment identifies your vulnerabilities
A SAM GDPR Assessment looks across your entire ecosystem to provide a comprehensive evaluation of your environment and all the factors that support GDPR compliance*. Key insights help you prioritize areas of risk and ensure compliance and safety.
Every Cybersecurity Assessment has four phases
PLANNING
DATA COLLECTION
DATA ANALYSIS
FINAL RECOMMENDATIONS
*This assessment does not guarantee compliance, it helps you identify areas of in need of remediation

5. A comprehensive framework
A SAM GDPR Assessment looks across all your products and systems to clarify where you are on the path to compliance, then helps you identify immediate next steps
Discover Identify what personal data you have and where it resides
Manage Govern how personal data is used and accessed
Protect Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches
Report Keep required documentation, manage data requests, and breach notifications
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. What to expect from a SAM GDPR Assessment
Every assessment focuses on four phases
PLANNING
Identify your needs & goals
Gather information on licensing, IT landscape & business organization
Discuss project and arrange access & resources
DATA COLLECTION
Take inventory of hardware, software, and licenses using tools, questionnaires, and stakeholder interviews
Gather information on process & procedures
DATA ANALYSIS
Review & validate all collected data
Compare deployed assets with current utilization
Map to an optimized environment based on your goals
FINAL RECOMMENDATIONS
Discuss final recommendations and engage in data-driven discussions to ensure your business needs & goals are met
Every engagement will be slightly varied depending on your infrastructure, needs, and goals. At a high level, an engagement can be broken down into four phases: Planning, Data Collection, Data Analysis, and Final Presentation.
Planning – The planning phase consists of gathering information from you on your infrastructure, identifying engagement goals, securing appointments and meetings, and arranging access to begin data collection and analysis.
Data Collection – The data collection phase consists of the discovery and inventory of software assets using an inventory tool followed by the mapping of inventory data, usage, and license entitlements. This may include a questionnaire and interviews with key stakeholders to ensure all relevant data and information is collected to provide a full and accurate analysis of software deployments, licensing entitlements, and current management processes.
Data Analysis – The data analysis phase includes the review and validation of all collected data, the identification of Microsoft license agreements, and the analysis of your long-term virtualization strategy. During this phase, ways to optimize virtual environments and licensing are explored to provide final engagement considerations and recommendations.
Final Recommendations – At the conclusion of the SAM Engagement your SAM partner will present their results, recommendations, and next steps in an overview presentation along with a set of detailed reports.
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. Find out more Learn more about Microsoft’s SAM assessments
11/12/2018
Find out more
Learn more about Microsoft’s SAM assessments
Contact your partner for further information
<Insert partner logo here>
John Doe
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.