Protecting Sensitive Data Using Informatica s Test Data Management Solution Denise Jeffries Director Data Warehouse
|
|
- Rafe Austin
- 6 years ago
- Views:
Transcription
1
2 Protecting Sensitive Using Informatica s Test Management Solution Denise Jeffries Director Warehouse Karen Hsu Director Product Marketing 2
3 Agenda Trends & Challenges Privacy Best Practices Methodology BBVA Compass Informatica Persistent Masking Summary 3
4 Must Be Protected Devastating Costs Of A Breach Ponemon Institute 2012 The cost of a breach averages $5.5 million 50% of cases involve malicious insider 73% of DBA s can view all data, increasing risk of breach 4
5 Security Challenges are Growing Key Takeaways from leading analysts Analyst Analyst Estimates 15% of attacks occur without the enterprise ever knowing that such an attack took place 50% say sensitive data has been compromised or stolen by malicious insider such as a privileged user 66% say their organizations find it difficult to comply with privacy data protection regulations 5
6 Must Be Protected Privacy Regulations Expending & More Enforceable Source: 2010 Breach Investigation Report, Verizon Risk Team in conjunction with United States Secret Service 6
7 Best Practices for Enterprise Privacy Quickly discover sensitive data throughout enterprise Identify fields table relationships Discover consistent data masking policies Classify data types assign risk mitigation policy Validate protected data prove compliance Reduce hardware manual costs reuse subset policies reuse global data masking policies Business/IT collaboration 7
8 Sensitive Requirements Discover 8
9 Discover Sensitive Classify Based on Patterns Discover 9
10 Discover Sensitive Identify Sensitive Fields Table Relationships 10
11 Rules Reusable Subset Masking Policies Discover Perform data subset using entities with filter criteria Choose which masking policies to use 11
12 Subset for Nonproduction Filter Production base Discover Time, Functional or Geographic Slice Time Savings Here Space Savings Here 10 TB Production base 30TB Subset 10 TB 10 TB 10 TB 10 TB 12
13 Protect Sensitive Test Mask Nonproduction Discover Permanently alter sensitive data such as credit cards, address information, or names Variety of Techniques: Shuffle Employee ID s Substitute Names Constant for City Special Credit Card Technique ID Name City Credit Card 0964 Mike John Wilson Smith Fresno Plano Jerry Mark Morrow Jones Andy Rob Davis Sers Jeff Josh Richards Phillips Modesto Fresno Hartford Fresno Fresno Tampa
14 Protect Sensitive Test Accelerate implementation with Masking Packs Predefined rules policies for masking sensitive data in specific segments Assign data masking policies to columns you want to mask Edit data masking rule within a policy to define masked output 14
15 Protect Sensitive Test Purpose-Built UI On Industry Leading Platform Discover Purpose built user interface Abstract policy definition Powerful engine to hle bulk processing Most comprehensive connectivity Generate 15
16 Connectivity to Any Platform Broad Application, base Support Discover Informatica Test Management Subset Masking Application Aware Accelerators Oracle e-business PeopleSoft Siebel SAP Universal Connectivity Oracle SQL Server DB2 UDB Teradata Sybase DB2 z/os VSAM Other 16
17 Validate Effectiveness of Masking Program Discover 17
18 Pervasive Privacy Differentiation Mask any type of data, including semistructured unstructured Rapid implementation maintenance with purpose built interface application aware accelerators High performance scalability Integrated platform with powerful engine Most comprehensive connectivity 18
19 BBVA Compass Informatica Persistent Masking What it is, how to do it Denise Jeffries Director Warehouse 19
20 Legislative Security Drivers Key Point Personally identifiable information (PII) is defined as information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. US Legislation Health Information Privacy Accountability Act -- Office for Civil Rights U.S. Department of Health Human Services protects the privacy of individually identifiable health information. Financial Services Modernization Act (GLB), 15 U.S. Code stipulates protections of financial customers non-public personal information. Final Rule on Privacy of Consumer Financial Information, 16 Code of Federal Regulations, Part 313 further defines GLB 504a. Fair Credit Reporting Act (FCRA), 15 U.S. Code u Fair Debt Collections Practices Act (FDCPA), 15 U.S.C Massachusetts General Law Chapter 93H its new regulations 201 CMR Non-US Legislation European Directive of 1995 (EU) was enacted to protect people's fundamental rights freedoms in particular their right to privacy with respect to the processing of personal data. Protection Act of 1998 (UK) further stipulates that Entities holding personal information are required to have adequate security measures in place, physical logical. 20
21 Obfuscation versus Masking Obfuscation allows connections by using a library to replace values Masking obliterates the data ob fus cate äb-fə-skāt; äb-fəs-kāt verb Inflected Form(s): ob fus cat ed; ob fus cat ing Etymology: Late Latin obfuscatus, past participle of obfuscare, from Latin ob- in the way + fuscus dark brown more at ob-, dusk 1a: darken b: to make obscure <obfuscate the issue> 2: confuse <obfuscate the reader> intransitive verb to be evasive, unclear, or confusing ob fus ca tion \äb-(fəs-kā-shən\ noun ob fus ca to ry \äb-fəs-kə-to r-ē\ adjective mask mæsk, mɑsk/ Show Spelled[mask, mahsk] noun 1. a covering for all or part of the face, worn to conceal one's identity. 2. anything that disguises or conceals; disguise; pretense: His politeness is a mask for his fundamentally malicious personality. 21
22 Discover Sensitive BBVA Compass process Work with legal to define sensitive data Involve a number internal teams BBVA Compass identified sensitive fields as Names Addresses Zip Codes Phone Numbers Addresses Dates Tax Information Number (TIN) Social Security Number (SSN) Free-flow Text or Comment Fields 22
23 Discover Discover Sensitive 23
24 Discover Masking Rules Informatica s Masking Assists BBVA Compass to meet Federal mates that regulate the privacy of confidential or sensitive data by masking it so it can be replicated to a non-production environment for development, testing, training purposes. The obfuscation process masks customer data that has been identified as sensitive. 24
25 High Level Overview of Obfuscation Process Discover 25
26 Discover Masking Methodology The flow of the masking process Extract all records from the master source. Obfuscate data using the data masking transformation. Perform any transformations that may use a combination of obfuscated data, such as concatenations or string replacements of masked data. Build cross-references from masked data write data in a test master target file. 26
27 Discover Masking Dictionaries dictionaries used in masking process: 1. First Name Dictionary 2. Last Name Dictionary 3. Address Dictionary 4. Company Name Dictionary 27
28 Discover Example of Masking: Names Customer names company are assigned new identities from the First Name, Last Name Company Name masking dictionaries Dictionaries each contain approximately 80,000 possible names With more than 80,000 customers on file, there is repetition of names or addresses with different customer account numbers. First Name Last Name Company Account John Smith Acme John Smith Boulder John Smith Crystol NOTE: Masked first names are not tied to the source name s gender. In other words, Jane Doe may end up as John Smith when masked. 28
29 Discover Reusable Masking Policy MPLT_STREET_MASKING_ADDRESS 29
30 Discover Reusable Address Masking Policy Accepts a customer real street address name as an input, obfuscates the name against the Address Dictionary, generates the obfuscated Street, City, State, Zip Country as output. STREET name is used as an input the same is passed on to the exp_anchor transformation then passed to the exp_md5_to_numberstring where expressions such as trimming the spaces on both sides of the string determining if the inputstring is empty or is all spaces are applied. If the inputstring is determined to be empty or is all spaces, then the address is computed to the default A. Next, the MD5 value of the trimmed inputstring is computed to get a unique 32-character string of hexadecimal digits using the MD5 function. Next, a REPLACECHR function is used to on the MD5 string output to replace case sensitive A with 1, B with 2, C with 3 so on until F for 6, to ensure that the output is all numbers. Next, the output string is passed through the data masking transformation then passed to the expression exp_mod where it is converted to a decimal a MOD function is used to calculate the remainder of the division of the converted decimal value the $$VarAddrBase variable in the mapping. The remainder is increased by 1. The output column (out_randid3) is used as a lookup on the LKPADDRESS flatfile (dictionary) transformation using the condition SNO=out_RANDID3 the column with a matched lookup condition are moved to the expression expoutput where the final cleansing of the data is completed. The output column is moved to exp_all_caps where all the columns are converted to Uppercase using the UPPER function the STREET, CITY, STATE, ZIP COUNTRY column are moved on to the OUTPUT transformation of the mapplet. 30
31 Discover 31
32 Next Steps Contact Follow Up Information Contact Denise Jeffries Phone: Karen Hsu Visit our website for more information resources Solutions > Application ILM > Privacy Related Resources White Paper Best Practices for Ensuring Privacy in Production Non-Production Systems Upcoming Events Gartner Security Risk Conference June in Washington D.C., USA RSA Europe October 9-11 in London, United Kingdom 32
33 Thank You 33
www.informatik-aktuell.de Wolfgang Epting: Testdaten versteckte Geschäftschance oder immanentes Sicherheitsrisiko? Test Data Management: Testing Matters Testing is not noticed when it goes well Challenges
More informationOracle Data Masking and Subsetting
Oracle Data Masking and Subsetting Frequently Asked Questions (FAQ) S E P T E M B E R 2 0 1 6 Product Overview Q: What is Data Masking and Subsetting? A: Data Masking or Static Data Masking is the process
More informationOptim. Optim Solutions, Benefits and Value Propositions. Kari Hirvonen - SoftwareGroup/Techsales IBM Finland
Optim Solutions, Benefits and Value Propositions Kari Hirvonen - SoftwareGroup/Techsales IBM Finland Template Documentation 29/10/2008 Optim Solutions 1. Data Growth Solution (Archiving) 4. Database consolidation
More informationTest Data Management for Security and Compliance
White Paper Test Data Management for Security and Compliance Reducing Risk in the Era of Big Data WHITE PAPER This document contains Confidential, Proprietary and Trade Secret Information ( Confidential
More informationSponsored by Oracle. SANS Institute Product Review: Oracle Audit Vault. March A SANS Whitepaper. Written by: Tanya Baccam
Sponsored by Oracle SANS Institute Product Review: Oracle Audit Vault March 2012 A SANS Whitepaper Written by: Tanya Baccam Product Review: Oracle Audit Vault Page 2 Auditing Page 2 Reporting Page 4 Alerting
More informationBrochure. Data Masking. Cost-Effectively Protect Data Privacy in Production and Nonproduction Systems
Brochure Data Masking Cost-Effectively Protect Data Privacy in Production and Nonproduction Systems How Can Your IT Organization Protect Data Privacy? The High Cost of Data Breaches It s estimated that
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved.
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Subsetting and Masking: Advanced Techniques for Test Management Jagan R. Athreya, Director, base and Exadata Manageability Derek Messie,
More informationData Privacy and Protection GDPR Compliance for Databases
Data Privacy and Protection GDPR Compliance for Databases Walo Weber, Senior Sales Engineer September, 2016 Agenda GDPR: who, what, why, when Requirements for databases Discovery Classification Masking
More informationSecure Sensitive Data in Virtual Test Environments
Secure Sensitive Data in Virtual Test Environments The Joint Solution of Informatica Dynamic Data Masking and NetApp FlexClone WHITE PAPER This document contains Confidential, Proprietary and Trade Secret
More informationDenver SAS User Group. SAS Enterprise Data Integration and Data Quality. John Motler Sales Engineer. January 13, 2010
Denver SAS User Group SAS Enterprise Data Integration and Data Quality John Motler Sales Engineer January 13, 2010 Gartner Market Validation Data Quality Tools June 2009 Data Integration Tools September
More informationSecurity Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationidiscover RELATIONSHIPS Next find any documented relationships (database level). Ex., foreign keys
idiscover Discover Accurately In every implementation without exception, MENTIS has found unprotected data in tens to hundreds, and in some cases, thousands of undocumented locations. If you aren t finding
More information2017 Varonis Data Risk Report. 47% of organizations have at least 1,000 sensitive files open to every employee.
2017 Varonis Data Risk Report 47% of organizations have at least 1,000 sensitive files open to every employee. An Analysis of the 2016 Data Risk Assessments Conducted by Varonis Assessing the Most Vulnerable
More informationMEETING ISO STANDARDS
WHITE PAPER MEETING ISO 27002 STANDARDS September 2018 SECURITY GUIDELINE COMPLIANCE Organizations have seen a rapid increase in malicious insider threats, sensitive data exfiltration, and other advanced
More informationThe Realities of Data Security and Compliance: Compliance Security
The Realities of Data Security and Compliance: Compliance Security Ulf Mattsson, CTO, Protegrity Ulf.mattsson @ protegrity.com Bio - A Passion for Sailing and International Travel 2 Ulf Mattsson 20 years
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationBest Practices. Contents. Meridian Technologies 5210 Belfort Rd, Suite 400 Jacksonville, FL Meridiantechnologies.net
Meridian Technologies 5210 Belfort Rd, Suite 400 Jacksonville, FL 32257 Meridiantechnologies.net Contents Overview... 2 A Word on Data Profiling... 2 Extract... 2 De- Identification... 3 PHI... 3 Subsets...
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationApplication Information Lifecycle Management Control Both the Size of Your Data and the Cost of Managing It
Application Information Lifecycle Management Control Both the Size of Your Data and the Cost of Managing It Data volume isn t just growing it s exploding. The amount of data housed in large data warehouses
More informationGDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location.
1 3 5 What is GDPR? The European Union s ( EU ) General Data Protection Regulation ( GDPR ) replaces the 1995 Data Protection Directive, and while the new requirement became effective May 25, 2018, Data
More informationIPLocks Vulnerability Assessment: A Database Assessment Solution
IPLOCKS WHITE PAPER September 2005 IPLocks Vulnerability Assessment: A Database Assessment Solution 2665 North First Street, Suite 110 San Jose, CA 95134 Telephone: 408.383.7500 www.iplocks.com TABLE OF
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationThe 10 Principles of Security in Modern Cloud Applications
The 10 Principles of Security in Modern Cloud Applications Nigel King, Vice President, Oracle In-Depth Seminars D11 1 Safe Harbor Statement The following is intended to outline our general product direction.
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationEmergency Compliance DG Special Case DAMA INDIANA
1 Emergency Compliance DG Special Case DAMA INDIANA Agenda 2 Overview of full-blown data governance (DG) program Emergency compliance with a specific regulation We'll use GDPR as an example What is GDPR
More informationCipherCloud CASB+ Connector for ServiceNow
ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level
More informationHow the GDPR will impact your software delivery processes
How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationThe Challenge of Spam An Internet Society Public Policy Briefing
The Challenge of Spam An Internet Society Public Policy Briefing 30 October 2015 Introduction Spam email, those unsolicited email messages we find cluttering our inboxes, are a challenge for Internet users,
More informationKeeping It Under Wraps: Personally Identifiable Information (PII)
Keeping It Under Wraps: Personally Identifiable Information (PII) Will Robinson Assistant Vice President Information Security Officer & Data Privacy Officer Federal Reserve Bank of Richmond March 14, 2018
More informationPrivacy Policy GENERAL
Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationThe Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks
The Gartner Security Information and Event Management Magic Quadrant 2010: Dealing with Targeted Attacks Mark Nicolett Notes accompany this presentation. Please select Notes Page view. These materials
More informationEnsuring Compliance with Data Privacy Directives using Virtual Databases
Ensuring Compliance with Data Privacy Directives using Virtual Databases June 2017 Steve Karam, Director of Customer Education and Experience at Delphix Agenda 1 2 3 Ensure compliance to disparate data
More informationData Leak Protection legal framework and managing the challenges of a security breach
Data Leak Protection legal framework and managing the challenges of a security breach ACC Europe's Annual Conference 2009 June 7-9, 2009 Geneva Alexander Duisberg Partner, Bird & Bird LLP About Bird &
More informationEssentials for Data Masking for Siebel
Essentials for Data Masking for Siebel Agenda The Latest on Data Privacy Understanding Data Governance The Easiest Way to Expose Private Data Understanding the Insider Threat Considerations for a Privacy
More informationEBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS
EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks
More informationGDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018
GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine
More informationAUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03
AUDIT REPORT Network Assessment Audit Audit Opinion: Needs Improvement Date: December 15, 2014 Report Number: 2014-IT-03 Table of Contents: Page Executive Summary Background 1 Audit Objectives and Scope
More informationCyber Security Issues
RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare
More informationProtecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors
Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors Presented by the Office of Housing Counseling and The Office of the Chief Information Officer Privacy Program
More informationHot Topics in Privacy
Hot Topics in Privacy Gretchen S. Herault Monster Worldwide SCCE Conference April 12, 2013 Agenda Privacy Landscape current state of regulatory coverage > Global > Industry Sector > Technology Hot Topics
More informationHot Topics in Privacy
Hot Topics in Privacy Gretchen S. Herault Monster Worldwide SCCE Conference April 12, 2013 Agenda Privacy Landscape current state of regulatory coverage > Global > Industry Sector > Technology Hot Topics
More informationOptim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales
Optim Solutions for Data Governance R. Kudžma Information management technical sales kudzma@lt.ibm.com IBM Software Group 10/23/2009 2008 IBM Corporation What is Data Governance Data Governance is the
More informationUnderstanding the Impact of Data Privacy January 2012
Understanding the Impact of Data Privacy January 2012 Presented By: Eric Dieterich Agenda Why is data privacy important Quantifying the costs of a data breach Clarifying the differences between a privacy
More informationData Privacy for Multinationals: How to Build and Implement a Compliance Plan
Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Augusta Speiser is responsible for guiding DENTSPLY Internationals efforts relating to ethics and compliance worldwide with
More informationInformatica Enterprise Information Catalog
Data Sheet Informatica Enterprise Information Catalog Benefits Automatically catalog and classify all types of data across the enterprise using an AI-powered catalog Identify domains and entities with
More informationSecurity Takes Center Stage
Security Takes Center Stage Rajesh De Partner Chair, Global Cybersecurity & Data Privacy Practice +1 202 263 3366 rde@mayerbrown.com June 7, 2016 Cyber Attacks Are Increasing in Cost and Frequency Breaches
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationRSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE
WHITEPAPER RSA RISK FRAMEWORKS MAKING DIGITAL RISK MANAGEABLE CONTENTS Executive Summary........................................ 3 Transforming How We Think About Security.......................... 4 Assessing
More informationCA Test Data Manager Key Scenarios
WHITE PAPER APRIL 2016 CA Test Data Manager Key Scenarios Generate and secure all the data needed for rigorous testing, and provision it to highly distributed teams on demand. Muhammad Arif Application
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationOracle Audit Vault Implementation
Oracle Audit Vault Implementation For SHIPPING FIRM Case Study Client Company Profile It has been involved in banking for over 300 years. It operates in over 50 countries with more than 1, 47,000 employees.
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationCOMMENTARY. Information JONES DAY
February 2010 JONES DAY COMMENTARY Massachusetts Law Raises the Bar for Data Security On March 1, 2010, what is widely considered the most comprehensive data protection and privacy law in the United States
More informationSupercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness
Supercharge Your SIEM: How Domain Intelligence Enhances Situational Awareness Introduction Drowning in data but starving for information. It s a sentiment that resonates with most security analysts. For
More informationInformatica Dynamic Data Masking
Informatica Dynamic Data Masking Preventing Data Breaches with Benchmark-Proven Performance WHITE PAPER This document contains Confidential, Proprietary and Trade Secret Information ( Confidential Information
More informationBreach Notifications: How to Handle Breaches Across Jurisdictions. Moderated by: Zach Warren, Editor-in-Chief, Legaltech News
Breach Notifications: How to Handle Breaches Across Jurisdictions Moderated by: Zach Warren, Editor-in-Chief, Legaltech News 1 States with/without breach notification laws 47 states, plus the District
More informationGeneral Data Protection Regulation (GDPR) and the Implications for IT Service Management
General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection
More informationIBM services and technology solutions for supporting GDPR program
IBM services and technology solutions for supporting GDPR program 1 IBM technology solutions as key enablers - Privacy GDPR Program Work-stream IBM software 2.1 Privacy Risk Assessment and Risk Treatment
More informationGeneral Data Protection Regulation Frequently Asked Questions (FAQ) General Questions
General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into
More informationData Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationData Privacy for Multinationals: How to Build and Implement a Compliance Plan
Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Augusta Speiser is responsible for guiding DENTSPLY Internationals efforts relating to ethics and compliance worldwide with
More information2014 Luxury & Fashion Industry Conference for Multinationals
2014 Luxury & Fashion Industry Conference for Multinationals Privacy, Data Protection, and the Impact of Social Media and Online Behavioral Advertising on the Industry Anna Gamvros, Hong Kong Francesca
More informationLegal, Ethical, and Professional Issues in Information Security
Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN
More informationCONSOLIDATING RISK MANAGEMENT AND REGULATORY COMPLIANCE APPLICATIONS USING A UNIFIED DATA PLATFORM
CONSOLIDATING RISK MANAGEMENT AND REGULATORY COMPLIANCE APPLICATIONS USING A UNIFIED PLATFORM Executive Summary Financial institutions have implemented and continue to implement many disparate applications
More informationOracle Database Vault
An Oracle White Paper July 2009 Oracle Database Vault Introduction... 3 Oracle Database Vault... 3 Oracle Database Vault and Regulations... 4 Oracle Database Vault Realms... 5 Oracle Database Vault Command
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationOracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero
Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1 Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products
More informationCaribbean Cyber Security: Not Only Government s Responsibility
Caribbean Cyber Security: Not Only Government s Responsibility AWARENESS AND VIGILANCE IS EVERYBODY S RESPONSIBILITY Preseted at: ICT Symposium Antigua and Barbuda March 2017 Caribbean Cyber Security Events
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationAll Aboard the HIPAA Omnibus An Auditor s Perspective
All Aboard the HIPAA Omnibus An Auditor s Perspective Rick Dakin CEO & Chief Security Strategist February 20, 2013 1 Agenda Healthcare Security Regulations A Look Back What is the final Omnibus Rule? Changes
More informationAgenda. Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More. Health Law Institute
Health Law Institute Hungry, Hungry HIPAA: Security, Enforcement, Audits, & More Brooke Bennett Aziere October 18, 2017 Agenda Enforcement Trends Phase 2 HIPAA Audits Upcoming Initiatives 1 Enforcement
More informationIBM Security Guardium Analyzer
IBM Guardium Analyzer Highlights Assess security & compliance risk associated with GDPR data Find GDPR data across onpremises and cloud databases Scan for database vulnerabilities Leverage next-generation
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationRSA NetWitness Suite Respond in Minutes, Not Months
RSA NetWitness Suite Respond in Minutes, Not Months Overview One can hardly pick up a newspaper or turn on the news without hearing about the latest security breaches. The Verizon 2015 Data Breach Investigations
More informationWHITE PAPER. Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale
WHITE PAPER Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale Operationalizing Threat Intelligence Data: The Problems of Relevance and Scale One key number that is generally
More informationLaws and Regulations & Data Governance
Executive Development Course: Digital Government for Transformation Towards Sustainable and Resilient Societies the Singapore Experience Laws and Regulations & Data Governance 2-6 April 2018 UNDP Global
More informationProtecting Your Data in the Cloud. Ulf Mattsson Chief Technology Officer ulf.mattsson [at] protegrity.com
Protecting Your Data in the Cloud Ulf Mattsson Chief Technology Officer ulf.mattsson [at] protegrity.com Ulf Mattsson 20 years with IBM Development & Global Services Inventor of 22 patents Encryption and
More information2 The IBM Data Governance Unified Process
2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationData Classification is a Business Imperative. TITUS White Paper
Data Classification is a Business Imperative TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws is the responsibility of the
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationDemonstrating data privacy for GDPR and beyond
Demonstrating data privacy for GDPR and beyond EY data privacy assurance services Introduction The General Data Protection Regulation (GDPR) is ushering in a new era of data privacy in Europe. Organizations
More informationPrivacy: Pre- and Post-Breach
Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach Aug 2007 Points of Discussion Current Breach Statistics Self Assessment Pre-Breach During Breach Post-Breach
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More information