kommits tech day€¦ · 10/14/2015 39 modern data protection rules: giving a boost to businesses...
TRANSCRIPT
![Page 1: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/1.jpg)
Copyright © 2015 Raytheon Company. All rights reserved.
KommITS Tech Day
John Enger
Manager, Sales Engineering
October 2015
![Page 2: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/2.jpg)
Who am I?
John Enger - Manager, Sales Engineering – Benelux & Nordics
– 17 year IT security industry veteran
– 10 years with Websense
Also attending from Websense today – Peter Tornqvist – Public Sector Sales
– Ragnar Modin - Sales Representative
– Patrik Birgersson - Sales Engineer
10/14/2015 1
![Page 3: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/3.jpg)
Copyright © 2015 Raytheon Company. All rights reserved.
Framing the Problem
![Page 4: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/4.jpg)
Legacy Defences are full of holes!
![Page 5: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/5.jpg)
The Enemy is in
your Blind Spots
HTTPS / SSL
Spear Phishing
AD, SAM, Password extraction
Custom Encryption
Malware
![Page 6: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/6.jpg)
Managing multiple systems is HARD!
![Page 7: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/7.jpg)
2017 4.25 million
2013 2.25 million
Market indicators show the need for as many as
4.25 million security professionals by 2017, representing
the potential for a 47% shortage in qualified personnel.
2013 (ISC)2 Global Information
Workforce Study = 250,000
The Skills Gap continues to Grow
![Page 8: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/8.jpg)
© 2015 Websense, Inc.
PwC - The Global State of
Information Security®
Survey 2014 & 2015
3.4 million
9.4 million
22.7 million
24.9 million
28.9 million
42.8 million
SECURITY INCIDENTS GROW BY 66% CAGR
One thing is very clear: Most organizations’
cyber security programs do not rival the
persistence, tactical skills, and
technological prowess of today’s
cyber adversaries.
Total number of security incidents detected by 9,700 survey respondents
![Page 9: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/9.jpg)
© 2015 Websense, Inc.
Nation-states, hackers,
and organized crime
groups are the cyber
security villains that
everybody
loves to hate.
BUT…
* PwC - The Global State of Information
Security® Survey 2014 & 2015
![Page 10: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/10.jpg)
© 2015 Websense, Inc.
EMPLOYEES ARE THE
MOST-CITED CULPRITS
OF INCIDENTS*
* PwC - The Global State of Information
Security® Survey 2014 & 2015
32% of respondents said
insider crimes are more costly
or damaging than incidents
perpetrated by outsiders.
![Page 11: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/11.jpg)
It’s all about the data
![Page 12: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/12.jpg)
All recent examples
Anthem Blue Cross
Ashley Madison Dating Site
Bonnier Publications
CVS Pharmacies
Experian
Hacking Team
Hilton Hotels
Postnord Ransonware
UK.gov HM Revenue & Customs
US.gov Census Bureau
US.gov Internal Revenue Service
US.gov Office of Personnel Management
Various UK hospitals
The list goes on! 10/14/2015 11
![Page 13: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/13.jpg)
© 2015 Websense, Inc.
What is the way out? What is the way out?
![Page 14: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/14.jpg)
Copyright © 2015 Raytheon Company. All rights reserved.
Understanding how
modern attacks work
![Page 15: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/15.jpg)
The 7 Stages of Advanced Attacks
10/14/2015 14
RE
CO
N
01
LU
RE
02
RE
DIR
EC
T
03
EX
PL
OIT
KIT
04
DR
OP
PE
R
FIL
E
05
CA
LL
HO
ME
06
DA
TA
TH
EF
T
07
![Page 16: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/16.jpg)
© 2015 Websense, Inc.
Target Organisation
Employee Email
server
Compromised
machine
Attacker
Web proxy Control server
RECON LURE REDIRECT EXPLOIT KIT DROPPER FILE CALL HOME DATA THEFT
Compromised
Website
The 7 Stages of Advanced Attacks
![Page 17: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/17.jpg)
Postnord example
10/14/2015 16
![Page 18: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/18.jpg)
Postnord: Multiple Layers of Protection
10/14/2015 17
RE
CO
N
01
LU
RE
02
RE
DIR
EC
T
03
EX
PL
OIT
KIT
04
DR
OP
PE
R
FIL
E
05
CA
LL
HO
ME
06
DA
TA
TH
EF
T
07
![Page 19: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/19.jpg)
Postnord: Multiple Layers of Protection
10/14/2015 18
RE
CO
N
01
LU
RE
02
RE
DIR
EC
T
03
EX
PL
OIT
KIT
04
DR
OP
PE
R
FIL
E
05
CA
LL
HO
ME
06
DA
TA
TH
EF
T
07
![Page 20: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/20.jpg)
OPM Breach: Multiple Layers of Protection
10/14/2015 19
RE
CO
N
01
LU
RE
02
RE
DIR
EC
T
03
EX
PL
OIT
KIT
04
DR
OP
PE
R
FIL
E
05
CA
LL
HO
ME
06
DA
TA
TH
EF
T
07
![Page 21: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/21.jpg)
Copyright © 2015 Raytheon Company. All rights reserved.
Finding the Solution
![Page 22: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/22.jpg)
Use Threat Modelling
A structured approach that enables you to identify, quantify and address security risks
A good threat model enables you to: – Identify key assets
– Identify data owners and threat actors
– Quantify the business impact of any realised risks
– Predict future attacks before they happen
– Identify effective mitigations
Threat Modelling is a process, not a product
![Page 23: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/23.jpg)
Fundamentals to Success
1. What am I trying to protect?
2. How am I trying to protect it?
3. Does it make sense?
4. Is it cost effective?
10/14/2015 22
![Page 24: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/24.jpg)
Questions, Questions…
Would you protect your staff laptops by keeping them in a bank vault?
Would you protect your database server by posting an armed guard next to it?
Are either of these really any different to investing in IT Security solutions that don’t protect your assets?
If you spent so much money on a steel door to your house that you couldn’t afford any windows, have you really protected your home?
Is that any really different to using all your IT Security budget to only address half the risk to the business?
![Page 25: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/25.jpg)
The wrong protection could derail you…
10/14/2015 24
![Page 26: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/26.jpg)
Rethinking the Security Journey
25 TIME Infrastructure Compliance Threat
• Breach detection
• Malware forensics
• Threat intel feeds
• Threat modelling
FW/NGFW/UTM
• SIEM
• Anti-Virus
• Device Encryption
Perimeter Baseline Business Threat
3
2
1
MAT
UR
ITY
Business Risk
4
• Full DLP/DTP
• Data discovery
• Data encryption
• Behaviour analysis
• Predictive analytics
Risk (Data-centric)
![Page 27: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/27.jpg)
Perimeter security approach
10/14/2015 26
Multi-layered Security
![Page 28: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/28.jpg)
Data Security approach
10/14/2015 27
Enforcement
Points
Content
Classifiers
![Page 29: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/29.jpg)
© 2014 Websense, Inc. Page 28
The Enemy is in
your Blind Spots
HTTPS / SSL
Spear Phishing
AD, SAM, Password extraction
Custom Encryption
Malware
![Page 30: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/30.jpg)
Copyright © 2015 Raytheon Company. All rights reserved.
Websense Data Security
![Page 31: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/31.jpg)
Where can we protect ?
10/14/2015 30
Data in Motion
Data that is traversing a
medium, such as a
network, via email, web,
FTP protocols etc.
Sensitive data exists in multiple contexts
Data in Use
Data that is being used
by a system or an
operator, via an
application, such as a
browser, a word
processor etc.
Data at Rest
Data that is being stored
on a medium, such as a
file share, a database or
on a user’s hard disk.
![Page 32: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/32.jpg)
Use plain language
10/14/2015 31
Rule Properties |
Severity: (High)
Action Plan: (Block_All) Rule Properties | Source |
Edit: Directory Entries
Rule Properties | Destinations |
R Email
R Web
R HTTP/HTTPS
R Chat
Rule Properties | Condition |
Add: PreciseID FP – DB Records
Rule Properties | Destinations |
R Email: All
R Web: All
Do not allow doctors to send patient records to…
(Action)
(Who: From)
(How)
(What)
(Who: To)
![Page 33: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/33.jpg)
Detection technologies
10/14/2015 32
![Page 34: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/34.jpg)
Context-aware data centric policies
10/14/2015 33
Who
Human Resources
Customer Service
Finance
Accounting
Legal
Sales
Marketing
Technical Support
Engineering
What
Source Code
Business Plans
M&A Plans
Employee Salary
Patient Information
Financial Statements
Customer Records
Technical Document
Competitive Info
Where
Benefits Provider
Personal Web Storage
Blog
Customer
USB
Spyware Site
Business Partner
Competitor
Analyst
How
File Transfer
Instant Messaging
Peer-to-Peer
Web
Audit
Notify
Remove
Quarantine
Encrypt
Block
Removable Media
Copy/Paste
Print Screen
Action
Confirm
![Page 35: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/35.jpg)
OCR
10/14/2015 34
• What is it? (OCR – Optical Character Recognition)
– Extract text from images and scanned documents for analysis
– Screenshots, Smartphone / Tablet photos
– Scanned documents, checks, receipts, and fax pages
Picture of PII
X OCR analyzes
Image text
INDUSTRY FIRST
![Page 36: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/36.jpg)
Behavioral analytics
10/14/2015 35
Data Risk Indicators
Indicators of
compromise Suspicious User Activity Description of
behavior and
rules that led to
warning flag
![Page 37: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/37.jpg)
Drip DLP
10/14/2015 36
Old Way:
1 x 1 Analysis
New Way:
Analysis
Over Time
Examples: 1 customer record every hour from a PC to Web
1 or 2 records of confidential data per day
Low and slow attacks below the radar
Drip DLP
Standard DLP
INDUSTRY FIRST John Doe Joe Smith
4:57 PM
Customer Information
Joe,
Customer cc# 4321 1234 5678
John Doe Joe Smith
12:02 PM
Customer Information
Joe,
Here is a customer information:
John Doe Joe Smith
1:15 PM
Customer Information
Joe,
Here is a customer information:
John Doe Joe Smith
2:32 PM
Customer Information
Joe,
Here is a customer information:
John Doe Joe Smith
3:42 PM
Customer Information
Joe,
Here is a customer information:
John Doe Joe Smith
4:57 PM
Customer Information
Joe,
Customer cc# 4321 1234 5678
Low Impact Incident
High Impact Event
![Page 38: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/38.jpg)
IP and Compliance policies
10/14/2015 37
Explanation
Types of IP
to secure
Compliance
&
Regulations
![Page 39: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/39.jpg)
Copyright © 2015 Raytheon Company. All rights reserved.
New EU Legislation
Covering Data Security
![Page 40: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/40.jpg)
EU Data Security Legislation Summary
The new EU Data Security regulations are intended to replace the 1995 EU Data Directive (95/45/EC)
The motivation is to ultimately help give a boost to business while maintaining privacy rights for individuals
Link to the EU: – http://www.consilium.europa.eu/en/policies/data-protection-reform/data-protection-regulation/
10/14/2015 39
Modern data protection rules: giving a boost to businesses
“In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential to grow
to nearly EUR 1 trillion by 2020. Yet to fully unlock the value of data, we will have to ensure
we have a true digital single market. Our reform does just that. It is a market opener.”
Martine Reicherts, EU Justice Commissioner
![Page 41: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/41.jpg)
Who What When?
Q: Who will the new legislation apply to?
A: All companies established in EU, PLUS EU rules will apply to any companies not established in the EU that offer goods or services within the EU, or any companies that monitor the online behaviour of citizens.
Q: What is the difference between an EU “Directive” and an EU “Regulation”?
A: A "directive" is a legislative act that sets out a goal that all EU countries must achieve. However, the individual countries get to decide how to reach the goal. By contrast, a "regulation" is a binding legislative act which must be applied in its entirety across the EU.
Q: How much time do we have to complete our implementation?
A: There will be a Two year implementation period from the legislation passing into law to help businesses prepare in a controlled manner.
10/14/2015 40
![Page 42: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/42.jpg)
What are the main changes?
Companies that process >5,000 data subjects will be required to have a Data Protection Officer.
Mandatory disclosure of incidents within 72 hours to the local regional body
Businesses will need to know WHAT was stolen – Not knowing what was stolen, or being notified of a breach by 3rd parties will be
considered negligent = bigger fines
– (From a DPO point of view, this makes Data Security solutions critically important!)
10/14/2015 41
NOTE: THIS MAY CHANGE!
• These details are the current status
• However this is all currently under
Trilogue discussion - some details
may change
Maximum fines of up to 1m euro or 2% or worldwide revenue – Although a reduction in earlier fine levels, it seems the cost/benefit of the level of fines has been modelled, with the likelihood of achieving the
desired result – essentially, if the fines are too big, it will encourage organisations to mount a legal challenge instead of accept the punishment
The Data Controller and Data Processer will be accountable
“Right to be Erased” requirement
Stricter rules for consent to use personal data – explicit consent must be obtained rather than consent assumed
Easier access to personal data, plus the right to data portability
![Page 43: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/43.jpg)
How Websense Products Can Help
A number of specific legislative articles directly encourage
business to implement data security solutions, including:
– Article 30 - Security of processing - “….shall implement appropriate technical and
organisational measures to ensure a level of security appropriate to the risks…”
– Article 31 - Notification of a personal data breach to the supervisory authority
– Article 32 - Communication of a personal data breach to the data subject
24h or 72h time limit
– Article 33 - Data protection impact assessment
Each of the articles above are directly addressed by Data Loss and
Data Theft protection solutions.
10/14/2015 42
![Page 44: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/44.jpg)
Would you like to know more?
Websense “Office of the CSO” – Team of proven Security Leaders
Pro-bono Services available: – Threat Strategy Assessments
– Security Framework Reviews
– CSO “Toolkit for Success”
– Custom Consultations
– Best Practise Sharing Summits
www.websense.com/cso (automatically redirects to): – http://www.websense.com/content/websense-office-of-the-cso.aspx
![Page 45: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/45.jpg)
Summary
Legacy defences don’t work against modern threats
Realtime content analysis and security scanning are required
Remember the 4 key questions!
DLP solutions are your last (and often your BEST) line of
defence against modern targeted attacks
10/14/2015 44
![Page 46: KommITS Tech Day€¦ · 10/14/2015 39 Modern data protection rules: giving a boost to businesses “In 2011, the data of EU citizens was worth EUR 315 billion. This has the potential](https://reader036.vdocument.in/reader036/viewer/2022081616/600043b3e604132f511b3a28/html5/thumbnails/46.jpg)
Tack för att ni har lyssnat!
10/14/2015 45