Upload File

managing risk and compliance by implementing dlp to ensure data security (166295258)

  • Home
  • Documents
  • Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
26
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258) http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 1/26 Managing Risk and Compliance by Implementing DLP to Ensure Data Security

Upload: educause

Post on 14-Apr-2018

217 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 1/26

Managing Risk and Complianceby Implementing DLP toEnsure Data Security

Page 2: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 2/26

Corporate Sponsor/Presenter

Dave Hendel

Manager – ITProject Office

[email protected]

314.977.4917

Becky Maycock

Director – ProductManagement & Marketing

[email protected]

314.743.1414

Page 3: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 3/26

Agenda

• Overview

• Collect data about our data

• Document our appetite for risk

• Implement DLP mitigation strategy

• Next steps

Page 4: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 4/26

Overview

Page 5: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 5/26

What is SLU’s Strategic Goal?

“to build [SLU into] a world-classCatholic, J esuit university,

which is ranked among the top50 U.S. Universities”

Page 6: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 6/26

ITS Budget to Mitigate Data Loss

FY05 to FY12

SLU Budget

+

42.12%

-

7.38%

ITS Budget

Page 7: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 7/26

Data Loss Prevention – Our History

Page 8: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 8/26

 Threats That Affect Our Data

• BYOD

• Mobile computing

• Social networking

• Cloud computing

Page 9: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 9/26

Collect Data About Our Data

Page 10: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 10/26

Data Classification

System

Name

Security

Classification

Compliance

Requirements

Secondary

Compliance

Requirements

Owners…

SystemA Confidential Data PCI PII

SystemA

System B

Where &

Who

Maintains

Type of 

Data

Server Center /Manager

Credit Card

Restricted Data

Confidential Data

Internal Use Only Data

Public Data

FISMA

HIPAA

PCI

PII

FERPA

Public Data

GLBAAll

Other

Unknown

Intellectual Property

FISMA

HIPAA

PCI

PII

FERPA

Public Data

GLBAAll

Other

Unknown

Intellectual Property

Page 11: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 11/26

Where

Maintained

Type of 

Data

Data Center Credit Card

FISMA Categorization

Product

Name

Data

ClassificationConfidentiality Integrity Availability

Product A Confidential Data Moderate High Moderate

Product B

Product C

Restricted Data

Confidential Data

High

Moderate

Low

High

Moderate

Low

Page 12: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 12/26

Document Our Appetite For Risk

Page 13: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 13/26

Data Loss Risk Ownership• Medium & Low Data Loss Risks

Application owner has responsibility to mitigate risks andto “own” if there is data loss

• High & Urgent Data Loss Risks IT Governance Committee has responsibility to mitigate

risks

IT Governance Committee will “own” if there is data loss

• Monthly meetings

• Members are from 10 different business areas within theUniversity

Page 14: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 14/26

Risk Register Spreadsheet

Risk

Descriptor or 

Definition

Risk Impact

Category

Risk Category Scope of Risk

Business

Unit/

Owners…

RiskABrandor

ReputationCompliance Division

VP of Advancement

Risk B

Risk C

Likelihood of 

Risk

Exposure

Impact

High$50,000 -$100,000

Brand or Reputation

Compliance

Financial

Business Operations

Integrity

Availability

Security

Privacy

Compliance

Project

Financial

People

 Technology Failure

Natural Disaster

University Wide

Division

Department

Individuals

Negligible

Low

Medium

High

Very High

Risk Overview Entity Description Initial Risk Assessment

Page 15: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 15/26

Risk Register Spreadsheet (cont)

Risk

Description

Treatment

Status for the

Risk

Risk Response

Prioritization

Due Date Risk Response Treatment Cost

Opened Business Case 5/15/2013 Mitigate $50,000 - $100,000

Opened

Assessed

Allocated

Closed

Quick Win

Defer

Business Case & Project

Recommended Treatment Plan

Accept

 Transfer

Mitigate

Avoid

Page 16: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 16/26

Implement DLP Mitigation Strategy

Page 17: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 17/26

Our Approach to Data Protection• Multi-layered network

• Multi-firewalled network

• Intrusion prevention

• Creation of FISMA / NCS /ITAR secure environment

• Anti-virus and anti-spam

• Data Loss Prevention Appliances

Page 18: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 18/26

DLP Deployment Considerations

• Where can we lose data?

• Should we be concerned about socialmedia and data loss?

• Filtering out specific documents that “looklike” they contain PCI or PII, or should we?

• Filtering out ancillary businesses that

utilize SLU internet, but are not part of SLU, or should we?

Page 19: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 19/26

SLU Initial DLP Deployment

GV-2010

GV-2010

Page 20: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 20/26

Real Threats Remediated

May

2012

Jun

2012

Jul

2012

 Aug

2012

Sept

2012

Oct

2012

Nov

2012

Dec

2012

Jan

2013

Feb

2013

SSN

CCN

PHI

2

0

1

1

1

1

1 11

1

2

2222

0

00000

0 0 0 00 5

000

Page 21: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 21/26

Next Steps

Page 22: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 22/26

 The Balancing Act

• Reputation• Compliance

• Financial• Strategic• Operations

• Time• Budget• Personnel

Page 23: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 23/26

Next Steps• rapidDLP deployed this year

Inspect encrypted Google Apps email flows

“Discover” data at rest

Monitor for research data

• Build security around Trust Relationships

Page 24: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 24/26

Summary• Classify and categorize your data

• Document your appetite for risk for dataloss

• Implement DLP to ensure critical and highrisk data stays secure

Page 25: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 25/26

Now it’s your turn…

… and still our turn too!

Page 26: Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)

http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 26/26

 Thank You

Dave Hendel

Manager – ITProject Office

[email protected]

314.977.4917

Becky Maycock

Director – Product Management& Marketing

[email protected]

314.743.1414


2017/03/09 2017/04/17 LCD / DLP - LCD / DLP LS3dgarage.shop/img/cms/MSDS BlueCast original LCD DLP - LS.pdf · Synonym / Description: Photocurable resin for DLP/SLA 3D printers for

DLP Projection systems

DLP Whitepaper

DLP Manual

DLP-2232M MODULE / EVALUATION KIT...DLP-2232M MODULE / EVALUATION KIT >>>> PRELIMINARY

Forcepoint DLP Deployment Guide, v8.4 · Forcepoint DLP Deployment Guide ... Forcepoint DLP Network with Web Content Gateway ... Forcepoint DLP Network can be used to prevent data

Implementing the National Sustainable …...Boost urban regeneration, ensure sustainable urban accessibility and mobility √ √ √ √ Ensure ecosystems restoration and defragmentation,

Forcepoint DLP Installation Guide · Forcepoint DLP Installation Guide ... See Installing Supplemental Forcepoint DLP Servers, page 17, and Installing Forcepoint DLP Agents, page

Viewsonic PJD6241 DLP

XZEED DLP - essay.utwente.nlessay.utwente.nl/67685/1/Paper Exzeed DLP Reinout Holtrup.pdf · XZEED DLP 3 Design and construction of a multi-material 3D DLP printer. Examination board:

Best Practices for Implementing Data Loss Prevention (DLP)

Symantec dlp np

Install DLP

TI DLP System Design: Brightness Requirements … DLP® System Design: Brightness Requirements and ... TI DLP® System Design: Brightness Requirements and Tradeoffs ... TI DLP® System

DLP® Discovery System Optics Application Note...DLP® Discovery Optics 101 Application Note 2510332 – February 2009 DLP® Discovery System Optics Application Note . DLP® Discovery™

Implementing Electrical and Simulation Rule Checks to ensure Signal Quality

DLP & VDI presentation and practical information · DLP & VDI presentation and practical information. Amir H. Shahmahdy – Project Sales Team Legrand DLP & VDI product facts ¼DLP

Dlp System Optics

DLP SERIES

Mr Neil Osborn DLP Planning Consultants DLP Planning Ltd Sophia

Creating and Implementing Rigorous Assessments to Ensure … · 2016. 10. 20. · Creating and Implementing Rigorous Assessments to Ensure Success for All Students Christina Kerns,

LG DLP PROJECTORLG DLP PROJECTOR

Pro8600 DLP Projector - static.highspeedbackbone.netstatic.highspeedbackbone.net/pdf/ViewSonic PRO8600 XGA DLP... · Pro8600 DLP Projector User Guide ... coverage from ViewSonic Corporation,

LG DLP PROJECTORLG DLP · PDF fileLG DLP PROJECTORLG DLP PROJECTOR OWNER’S MANUAL Please read this manual carefully before operating ... Connecting to a D-TV Set-Top Box .....16

Selecting, Implementing and Managing DLP

Dlp Projectors

Samsung DLP

Implementing and Managing DLP.4 - Securosis and managing DLP doesn’t need to be intimidating. Yes, the tools are powerful and sophisticated, but once you know what you’re doing

Paulking dlp

An Opportunity For Discovery DLP TSXV - DLP Resources Inc

Active substance name (INN) EU DLP BfArM / BAH DLP yearly

Poor Mans Dlp

DLP Projector Guide

Intelligent control terminal-DLP panel Programming DLP LCD PANEL Programming Front

DLP INCOME & GROWTH FUND I, LLC - DLP Capital …dlpcapitaladvisors.com/wp-content/uploads/2017/02/DLP...DLP INCOME & GROWTH FUND I, LLC - PRIVATE PLACEMENT MEMORANDUM _____ ASPECTS