![Page 1: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/1.jpg)
Helping you grow your business with
scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.
© 2018 Peters & Associates, Inc. All rights reserved.
GDPR Reasonable Plans and Readiness
Bruce Ward, VP of Business StrategyPeters & Associates
Kevin Barnicle, Founder and CEO, Controle
![Page 2: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/2.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsPartnership
• Mission: Help “Controle” data for Compliance (GDPR)
• Microsoft - Security and Compliance
• 450+ highly regulated/ litigious industries
• Fast growing company
![Page 3: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/3.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsSecurity
DATA
“Data Focused”
“Control Focused”
![Page 4: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/4.jpg)
© 2018 Peters & Associates, Inc. All rights reserved.
GDPR Basics
![Page 5: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/5.jpg)
Business Intelligence
© 2018 Peters & Associates, Inc. All rights reserved.
What is it?
![Page 6: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/6.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsGDPR Explained
Simon Natalia
![Page 7: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/7.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsGDPR Explained
The GDPR bill of rights for individuals:1. The right to be informed2. The right of access3. The right to rectification4. The right to erasure5. The right to restrict processing6. The right to data portability7. The right to object8. Rights in relation to automated decision
making and profiling.
![Page 8: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/8.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsGDPR Explained
Privacy PolicyIdentify Data/PII
Technical Data Assessment
Data Protection Officer (DPO)Classification / LabelsData Subject Requests (DSR)
Technical Controls AssessmentPrivacy TrainingEncryption
Detect / Respond72 Hour Notification / IRP
Activity Recording / Reporting
Uncover, Search and Make Personal Data Visible
Articles: 15,16,17,18,20,30
Place Controls Around Personal Data
Articles: 5,17,32
Protect Personal Data from Loss, Damage or Breach Articles: 5,25,32,33,34,35
Ensure Continual
Adherence to GDPR
Standards Articles:
5,15,16,17,18,20,24, 35, 42, 44, 45
![Page 9: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/9.jpg)
© 2018 Peters & Associates, Inc. All rights reserved.
GDPR: DISCOVER AND MANAGE
![Page 10: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/10.jpg)
10Sensitivity: Internal
Journey to GDPR with Controle
Month 1:Analysis and Preparation
GDPR101
DetailedAssessment
DataDiscovery
Month 2:Planning
Month 6:End User Training &
Adoption
Contracting &Procurement
Project Planning
Internal Audit
End User Training & Adoption
Month 3:Privacy & Compliance
Month 4 & 5:Implementation & Migration
Data Classification Strategy& AIP Implementation
Data Governance& Classification
Email & Data MigrationGDPR Related
Polices & Procedures
Office 365 for GDPR by Controle
Configuration
Response Protocolfor Data Subject Access
Planning and Testing
GDPR Technology Workshops
GDPR team finalization
Transition Planning
![Page 11: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/11.jpg)
11Sensitivity: Internal
GDPR Best Practices
1. Get Legal/Compliance and IT on the same page.
2. Late to planning = focus on highest risk areas:
1. Privacy Policies
2. Data Subject Requests
3. Breach prevention, detection and notification
3. Data classification, less is more initially
– Label PII as Confidential, Sensitive, etc
– Automate. Minimize end user involvement.
4. Practice and mock up Data Subject Requests
5. Journey. Get started. Avoid analysis paralysis.
![Page 12: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/12.jpg)
12Sensitivity: Internal
GDPR Technical Risk Areas
1. Data Subject Requests (DSR, DSAR)• Have obligation to find, produce, and delete/change
PII– Extremely difficult (data all over the place, O365, file
shares, etc)– Need to comb through a lot of data in a short period of
time (30 days) – Need full audit trail/technology enablement– Need a repeatable and defensible process
2. Breach prevention/notification – Protect data at perimeter, source, and in-transit– Detect and notify of breaches
![Page 13: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/13.jpg)
13Sensitivity: Internal
Walk-Thru
![Page 14: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/14.jpg)
© 2015 Peters & Associates, Inc. All rights reserved.© 2018 Peters & Associates, Inc. All rights reserved.
To ask questions, either:
1) Take phone off mute, ask.
2) Type question in IM Window
![Page 15: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/15.jpg)
© 2018 Peters & Associates, Inc. All rights reserved.
GDPR: PROTECT
![Page 16: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/16.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsGDPR Explained
Privacy PolicyIdentify Data/PII
Technical Data Assessment
Data Protection Officer (DPO)Classification / LabelsData Subject Requests (DSR)
Technical Controls AssessmentPrivacy TrainingSecurity Program
Detect / Respond72 Hour Notification / IRP
Activity Recording / Reporting
Protect Personal Data from Loss, Damage or Breach Articles: 5,25,32,33,34,35
![Page 17: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/17.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsCompliance Walk-Thru
https://ServiceTrust.Microsoft.com
![Page 18: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/18.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsTechnical Controls Assessment
![Page 19: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/19.jpg)
© 2018 Peters & Associates, Inc. All rights reserved.
PULSE Aware – Security Awareness Training
19
1) Security Awareness Training Library
2) Monthly Social Engineering Evaluation• Baseline and monthly reporting • Customized phishing email and landing pages
3) Reinforce good employee habits consistently• Scenario-based training exercises • Security tips and tricks email (at your pace)• Training assessments & reporting on results
Training course examples:• Intro security awareness
training • Handling sensitive information
securely • Basics of credit card security • Ransomware • Mobile data security • PCI & GLBA compliance • Strong passwords • Safe web browsing • Financial institution physical
security
![Page 20: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/20.jpg)
![Page 21: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/21.jpg)
![Page 22: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/22.jpg)
![Page 23: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/23.jpg)
Weekly O365 Security Check
Mailbox Auditing Inbox Forwarding Mailbox Retention
Office 365 Domains Office 365 Settings MFA Phone Numbers
Foreign Mailbox Logons Old / Unused Mailboxes Roles assigned
![Page 24: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/24.jpg)
Discuss then Demo1. Secure Score2. Azure Active Directory (Conditional Access,
MFA)3. Azure Identity Protection4. Advanced Threat Analytics5. Intune (MDM and MAM)6. Azure Information Protection (AIP): Data
Classification – Manual or Automatic7. O365 Data Loss Prevention
8. Cloud App Security9. eDiscovery, Advanced eDiscovery10. Audit and Activity Reporting11. O365 ATP12. O365 Advanced Security13. O365 Threat Intelligence14. Advanced Governance15. Windows 10 - Defender ATP, Bitlocker, Hello, Direct Access
![Page 25: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/25.jpg)
© 2018 Peters & Associates, Inc. All rights reserved.
GDPR: REPORT
![Page 26: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/26.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsGDPR Explained
Privacy PolicyIdentify Data/PII
Technical Data Assessment
Data Protection Officer (DPO)Classification / LabelsData Subject Requests (DSR)
Technical Controls AssessmentPrivacy TrainingSecurity Program
Detect / Respond72 Hour Notification / IRP
Activity Recording / Reporting
Ensure Continual
Adherence to GDPR
Standards Articles:
5,15,16,17,18,20,24, 35, 42, 44, 45
![Page 27: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/27.jpg)
© 2017 Peters & Associates, Inc. All rights reserved.
IT SecuritySolutionsAudit Walk-Thru
![Page 28: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/28.jpg)
![Page 29: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/29.jpg)
29Sensitivity: Internal
Discussion
![Page 30: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/30.jpg)
http://www.peters.com/events http://www.peters.com/blog/
Events, Webinars & Blogs
![Page 31: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/31.jpg)
© 2015 Peters & Associates, Inc. All rights reserved.© 2018 Peters & Associates, Inc. All rights reserved.
To ask questions, either:
1) Take phone off mute, ask.
2) Type question in IM Window
![Page 32: GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing pages 3) Reinforce good employee habits consistently • Scenario-based training exercises](https://reader033.vdocument.in/reader033/viewer/2022052104/603e9c7a73521c10ad2e56d8/html5/thumbnails/32.jpg)
1801 S. Meyers Road, Suite 120Oakbrook Terrace, IL 60181
(630) 832-0075
Thank you!
© 2018 Peters & Associates, Inc. All rights reserved.
Bruce Ward
Kevin Barnicle