Fabrizio Patriarca. Come creare valore dalla GDPR

Transcription

1 Fabrizio Patriarca Come creare valore dalla GDPR

2 Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsibility for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. 2 Welcome to the cognitive era.

3 IBM Security solutions QRadar App Exchange Data & App Risk Assessment Incident Response Resilient Incident Response INTEGRATED VALUE Discover personal data assets Data & App Assets; Identify GDPR relevant assets Security Intelligence Breach detection and response Identity attributes and privileged user activity Assess identify/help address risks and exposures Discover personal data assets Data Assess and reconcile user access roles and data activity Identity and Access Protect Pseudonimize, de-identify Data activity monitoring- audit trail Credential data and identity context Identify/mitigate personal data access risks Conform Audit trail, Respond Guardium Data Protection Identity Governance & Intelligence 3 Welcome to the cognitive era.

4 Security & Traceability Guardium Fine grained data access control Discover and classify data, assess vulnerabilities, report on entitlements Encrypt and redact sensitive data Monitor data and file activity Block, mask, alert, and quarantine dynamically Automate auditing 4 Welcome to the cognitive era.

5 Guardium Accelerator for GDPR Guardium GDPR Accelerator Data Discovery and Classification for Personal Data Predefined Policies and Groups Auditing and Monitoring reports Support for GDPR Impact Assessment Workflows and Audit Process Builder for notifications to auditors, controllers and DPO 5 Welcome to the cognitive era.

6 Identify and help address access risks with Identity Governance Process Automation Simplify self-service user access management Automate user and identity lifecycle processes Insider Threat Prevention Manage and audit privileged access Remediate user access policy violations Continuous Conformance and Access Risks Detection Visualize and certify user entitlements to personal data Provide insight into user risks Verify access visibility and context 6 Welcome to the cognitive era.

7 Security & Traceability Infrastructure control and advanced threat detection EXTENSIVE DATA SOURCES QRadar Sense Analytics Security devices Servers&mainframes Network and virtual activity Data activity Application activity Configuration data Vulnerabilities and threats Users &identities Global threat intelligence IDENTIFICATION Data collection, storage, and analysis Real-time correlation and threat intelligence Automatic asset, service and user discovery and profiling Activity baselining and anomaly detection Embedded Intelligence Prioritized incidents REMEDIATION Incident forensics Management, monitoring and detection Incident response 7 Welcome to the cognitive era.

8 Agile 3 Uncover, Analyze and Visualize potential datarelated risks Which lines of business have the highest risk? Who are the data owners? 8 Welcome to the cognitive era. Are the Crown Jewels classified & protected? Where are the Crown Jewels? What compliance issues do we have?

9 Introducing IBM Resilient Resilient integrates with existing security systems create a single hub for IR streamlining organizations security posture. Aligns people, process, and technology across the organization. Enables security teams to automate and orchestrate their IR processes. Ensures IR processes are consistent, intelligent, and configured to team s specific needs 9 Welcome to the cognitive era.

10 IBM Resilient Incident Response Platform Security Module Industry standard workflows (NIST, SANS) Threat intelligence feeds Organizational SOPs Community best practices Action Module Automate processes Enrich incident details Gather forensics Enact mitigation Privacy Module Global breach regulations Contractual obligations Third-party requirements Organizational SOPs Privacy best practices 10 Welcome to the cognitive era.

11 THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com youtube/user/ibmsecuritysolutions Copyright IBM Corporation All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, includingfor use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products andservices are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.