Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015.

Published byValentine Johnson Modified over 9 years ago

Similar presentations

Presentation on theme: "Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015."— Presentation transcript:

1 Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015

2

3 Sensitive Data

4 PII Data can be… ethnic or racial origin; political opinion; religious beliefs; physical or mental health details; personal life; or criminal or civil offences. Color…. Age… disability status DOB SSN Driver’s License # Phone #s Addresses… …and more

5 Employee Information Proprietary Company Information Financial/Credit Cards Federally Protected Data State Protected Data Sensitive Data is……..“Sensitive”

6 Data Breaches

7 Data Breach… an incident that results in unauthorized access of data, applications, services, networks, and/or devices by perpetrators bypassing underlying security mechanisms.

8 Archive Systems, Inc. What does Vulnerability mean? Vulnerability… cyber-security term, refers to a flaw in a system that can leave it open to attack.

9 Archive Systems, Inc. Thriving black market in software vulnerabilities driven by:

10 Archive Systems, Inc. Threat Categories

11 Archive Systems, Inc. Phishing  Process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.  Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.  Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies.

12 Most breaches are very sophisticated Threats are coming from the outside only They are inevitable so focus on response rather than prevention Patching systems is sufficient enough to thwart all breaches Common Misconceptions of Data Breaches

13 Examples of Sensitive Data 201 4 THE YEAR OF THE DATA BREACH

14 Keep Sensitive Data Protected

15 Inventory your Information Assets Inventory your assets & Interview relevant staff What you have? Who has access to it? How does it come into company? 1

16 Less is More 2

17 3 Encrypt Sensitive Data “At Rest”… AND “In Transit”

18 4 Disposal of Informatio n Assets

19 5 User Awareness Training

20

21 What to look for in a cloud-based solution

22 Security, Security

23 Security related questions to ask a Cloud-Based provider Will my data be encrypted in transit and while at rest? What is the configurability of password length and complexity? Do you support IP address-based access control (IP restrictions) Do you support Two-Factor authentication? Are all user activities in an accessible audit log? Do you annual go through an SSAE 16 audit? Do you annually subject your solution to 3 rd party vulnerability scanning and penetration testing annually?

24 Example: Archive Systems Data Security Measures Data in Transit 256-bit SSL encryption for web applications 1024-bit RAS public keys for data transfer Data at Rest AES 256-bit encryption of data Audit logs for all user activities Secure usernames and passwords Encrypted/hashed with SHA-2 Password complexity requirements Scheduled expiration Restricted password re-use Role-based access control SAML 2.0 Single Sign On (SSO) IP address-based access control Encrypted session ID cookies to uniquely identify each user Two-factor authentication availability 3rd party penetration testing SSAE16 audited annually

25 Physical Security Measures (Data Centers) Three-factor authentication Proximity Card / Biometric fingerprint reader / facial geometry scanner Anti-tailgating / Anti pass-back turnstile gate Single entry point into colocation facility Access to private cage: biometric fingerprint scan and proximity card 24/7 on-site security High Def CCTV of all interior and external strategic locations and access points with 90 day retention SSAE16 audited Example: Archive Systems

26 Key take away… Sensitive Data (PII) is valuable to you – and others that should not have it! Data breaches and vulnerabilities are not going away IT certainly plays a key role in creating and preserving a secure environment HR Departments must actively partner with IT to protect Sensitive data Employees play a critical part to keeping Sensitive Data where it belongs Information Governance also implies to restricting access to HR data as well as its timely destruction Cloud providers must have secure environments and the good providers are very secure.

27 Jim Farrell www.archivesystems.com jfarrell@archivesystems.com

Download ppt "Prevent Data Breaches and PII from Walking Out the Door Jim Farrell, Senior Vice President Products Archive Systems 9/18/2015."

Similar presentations

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
1 MIS 2000 Class 22 System Security Update: Winter 2015.

1 MIS 2000 Class 22 System Security Update: Winter 2015.
Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.

Network Security aka CyberSecurity Monitor and manage security risks at the network level for the entire Johns Hopkins Network.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.

FIT3105 Security and Identity Management Lecture 1.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.

Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Controls for Information Security

Controls for Information Security
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Administrative Practices Outcome 1

Administrative Practices Outcome 1
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
OV 11 - 1 Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.

E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Similar presentations

Ads by Google