Presentation is loading. Please wait.

Presentation is loading. Please wait.

IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

Published byAlivia Laurie Modified over 9 years ago

Similar presentations

Presentation on theme: "IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy."— Presentation transcript:

1 IAPP 2004

2 2 CONFIDENTIAL Insider Leakage Threatens Privacy

3 3 CONFIDENTIAL Typical Customer Data Leakage Scenario 1 Ferris Research 2, 3 Based on Vontu Risk Assessment Data

4 4 CONFIDENTIAL Cost of Customer Data Breach Plus potential embarrassment, damage to company’s brand, regulatory fines, and civil lawsuits. 12004 Ponemon Institute Customer Trust Study 2Including incentives (e.g. free credit report), notification, PR and customer support costs

5 5 CONFIDENTIAL Vontu Protect Data Firewall software to accurately identify, report and help prevent confidential customer and company information leakage.

6 6 CONFIDENTIAL Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment Define policies to enforce: Customer data and compliance Employee data Intellectual property Acceptable use Customize for the environment

7 7 CONFIDENTIAL Monitor outbound flow of information Support email, web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points Monitor outbound flow of information Support email, web, FTP, and IM Monitoring does not impact network performance Multiple monitors for all exit points

8 8 CONFIDENTIAL Example Customer Data Incident

9 9 CONFIDENTIAL Executive Summary Report Policy Trends for a Period Top Policy Violations Incident Status Incidents with most matches

10 10 CONFIDENTIAL Secure Data Profiles Drive Accuracy Heuristics are limited to approximate guesses. SDPs drive exact matches. False positive: not customer Social Security number False positives: not Social Security numbers False positives: not Social Security numbers Usernames, passwords, customer names can only be detected with SDP Known customer record fields

11 11 CONFIDENTIAL Goal –Executive “mandate” to monitor for customer data loss (RFP) –Regulatory requirements (PATRIOT Act, CA SB1386) –Enforce other “acceptable use” policies Configuration –Real-time scan of SMTP, HTTP, IM, and FTP for customer NPI –Geographically distributed system Results –Amount of leakage dramatically decreased –Monitoring over 10GB of email and web mail traffic in U.S. per day –Global rollout to monitor to over 150k employees worldwide –NPI incident detection and response process in place Fortune 25 Bank Case Study

12 12 CONFIDENTIAL Balancing employee privacy vs. consumer privacy Complexity of incident remediation for insider issues Confusing regulatory environment Classifying and identifying confidential information Consistent policies across all channels, not just email Slow adoption of encryption and DRM technologies Challenges and Opportunities

13 Michael Wolfe michael.wolfe@vontu.com (415) 227-8107

Download ppt "IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy."

Similar presentations

Kit Robinson Director Data Loss Prevention and HIPAA.

Kit Robinson Director Data Loss Prevention and HIPAA.
IT Security Policy Framework

IT Security Policy Framework
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.

COMPREHENSIVE APPROACH TO INFORMATION SECURITY IN ADVANCED COMPANIES.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.
Financial Services Technology Consortium March 18, 2008, Yale University Dan Schutzer Executive Director FSTC CyberTrust – PI meeting Unsolved Problems.

Financial Services Technology Consortium March 18, 2008, Yale University Dan Schutzer Executive Director FSTC CyberTrust – PI meeting Unsolved Problems.
Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
E-Commerce: Regulatory, Ethical, and Social Environments

E-Commerce: Regulatory, Ethical, and Social Environments
Toolbox Helping You Define Value and Close Business The Business Value of Managed Security Services.

Toolbox Helping You Define Value and Close Business The Business Value of Managed Security Services.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google