LBI Public Information. Please consider the impact to the environment before printing this.

Transcription

1 LBI Public Information. Please consider the impact to the environment before printing this.

2

3

4

5 DGPC Framework People Executive management commitment Engaged management team Integrated governance organization Trained, aware, and accountable Process Structured and repeatable processes Practical and enforceable policies Harmonized frameworks and standards Effective internal control environment Technology Secure infrastructure Identity and access control Information protection Auditing and reporting DGPC Aware Culture DGPC Embedded in Processes DGPC Enabled in Technology

6 The DGPC Framework: Technology

7 Transfer (New Lifecycle)

8 Secure Infrastructure Safeguards against malware Safeguards against unauthorized access to sensitive info Protect systems from evolving threats Identity and Access Control Protect personal information from unauthorized access or use Provide management controls for identity, access and provisioning Information Protection Protect sensitive personal information in structured databases Protect sensitive personal information in unstructured documents, messages and records, through encryption Protect data in transit Auditing and reporting Monitor to verify integrity of systems and data Monitor to verify compliance with business processes

9

10 Secure Infrastructure Identity and Access Control Information Protection Auditing and reporting Manual Controls Collect Update Process Delete Transfer Storage 1. Honor policies throughout the information lifecycle 2. Minimize risk of data misuse 3. Minimize impact of data loss 4. Demonstrate effectiveness of data protection policies and measures

11 Risk/Gap Analysis process

12 Establish a context for analysis Evaluate effectiveness Determine risk treatment 1. Clearly Identify define the business (model) purpose potential of the flow 2. Identify threats privacy, security and compliance objectives for the flow 3. Identify systems using the data 4. Define the Use Cases for the data Analyze risks

13 App. Servers Trust Boundary Log Storage Cloud Provider Trust Boundary

14 Establish a context for analysis Diagram of flow Evaluate effectiveness Identify (model) potential threats 1. Data Flow Diagrams (DFD) 2. Data stores & Data Flows 3. Place Trust Boundaries! Threat Identification Determine risk treatment Analyze risks

15 Establish a context for analysis Diagram of flow Evaluate effectiveness Identify (model) potential threats Threat Identification Determine risk treatment 1. Experts can brainstorm 2. How to do this without being an expert? a) Use a method Analyze risksto step through b) Get specific about threats

16 Use the Privacy Frame to step through elements Ask Frame questions on Each Element to get Threats Property Question to Ask _ Information Protection Access Accountability Choice & Consent Data Quality Compliance Ensure Confidentiality, Integrity and Availability? Verify correctness of identifying information? Means to enforce privacy policies, regulations and laws? Provide notice and consent to collection, use, disclosure and control? Ensured to be accurate, timely, and relevant? Verified through logs, reports and controls?

17

18

19 Microsoft s IT Infrastructure Threat Modeling Guide:

20

21 Establish a context for analysis Evaluate effectiveness 1. Build Identify the Risk/Gap analysis (model) matrix potential 2. Apply threats existing mitigations 3. Identify residual risk Determine risk treatment Analyze risks

22 Evaluate effectiveness Establish a context for analysis 1. Identify additional mitigations to eliminate Leverage what you all ready have!!! 2. Determine risk treatment a) Mitigate b) Transfer c) Assume Identify (model) potential threats Determine risk treatment Analyze risks

23 Secure Infrastructure Identity and Access Control Information Protection Auditing and reporting Manual Controls Collect / Update Servers are on regular OS and App. Patch cycle, and upto-date in malware signatures Incoming data is correctly classified and tagged as per customer choice and consent Transaction log data is encrypted in transit and at rest All material transactions are to be logged as per logging framework Communications channel to, and log servers are monitored. Failover process to local log servers in processor facilities is up and running

24 Secure Infrastructure Identity and Access Control Information Protection Auditing and reporting Manual Controls Collect / Update Servers are on regular OS and App. Patch cycle, and upto-date in malware signatures Incoming data is correctly classified and tagged as per customer choice and consent All transactions to take place on authenticated communications channel Transaction log data is encrypted in transit and at rest All material customer transactions arrive over encrypted comms channel All material transactions are to be logged as per logging framework Communications channel to, and log servers are monitored. Failover process to local log servers in processor facilities is up and running Alerts and alert recipients defined and operational Set of access and use reports, along with recipients and deliver schedules are defined

25 Secure Infrastructure Identity and Access Control Information Protection Auditing and reporting Manual Controls Transfer Cloud infrastructure protection requirements specified contractually All transfers to take place on authenticated communications channel Provision of access to stored information specified contractually All transfers to cloud take place over encrypted communications channel Encryption methods for data on cloud are specified contractually Data backup process and integrity requirements are specified contractually Access and use reports from cloud defined and schedule in place Cloud incident response and notification processes in place Compliance requirements from Cloud provider specified contractually

26 Secure Infrastructure Identity and Access Control Information Protection Auditing and reporting Manual Controls Storage Log servers are on regular OS and App. Patch cycle, and up-todate in malware signatures Access to transaction logs and transaction log reports is granted on a per-role basis Periodic review of log access privilege lists, as per policy Transaction log data is encrypted while at rest Log failover data transfer and backup procedures in place Log backup process and schedule in place

27 Establish a context for analysis Evaluate effectiveness Determine risk treatment Identify 1. Ensure you are covering the (model) entire data lifecycle potential threats 2. Examine each trust boundary 3. Have you made a clear decision of how each risk will be treated? 4. Are mitigations done right? Analyze risks

28 the specific confidential data elements that need to be protected

29 A Guide to Data Governance for Privacy, Confidentiality, and Compliance. The series

30 DGPC Framework People Executive management commitment Engaged management team Integrated governance organization Trained, aware and accountable DGPC Aware Culture Process Structured and repeatable processes Practical and enforceable policies Harmonized frameworks and standards Effective internal control environment DGPC Embedded in Processes

31 DGPC Framework People Executive management commitment Engaged management team Integrated governance organization Trained, aware and accountable DGPC Aware Culture Process Structured and repeatable processes Practical and enforceable policies Harmonized frameworks and standards Effective internal control environment DGPC Embedded in Processes Technology Secure infrastructure Identity and access control Information protection Auditing and reporting DGPC Enabled in Technology

32

33 DGPC Framework People Executive management commitment Engaged management team Integrated governance organization Trained, aware and accountable DGPC Aware Culture Process Structured and repeatable processes Practical and enforceable policies Harmonized frameworks and standards Effective internal control environment DGPC Embedded in Processes Technology Secure infrastructure Identity and access control Information protection Auditing and reporting DGPC Enabled in Technology

34 Conclusion

35

36

37

38