GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov.
|
|
- Todd Parrish
- 6 years ago
- Views:
Transcription
1 You Trust IT Путь к безопасности бизнеса GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services Konstantin Sviridov Andrey Ivanov 06 September 2017 This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
2 What is the EU General Data Protection Regulation (GDPR) Applies to all organizations that process personal data of EU residents New comprehensive European privacy law replacing the 1995 Data Protection Directive Regulation already in place EU starts enforcement 25 May 2018
3 How does GDPR affect organizations? The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights. Increased duty for protecting data. Mandatory breach reporting. Significant penalties for non-compliance. Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights
4 Year once upon a time 17 years ago
5 GDPR - 26 million EU organizations impacted
6 26 million EU organizations effected Likely a panic zone GDPR requirements don t go away
7 What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Individuals have the right to: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Organizations will need to: Protect personal data using appropriate security Notify authorities of personal data breaches Obtain appropriate consents for processing data Keep records detailing data processing Organizations are required to: Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies Organizations will need: Train privacy personnel & employee Audit and update data policies Employ a Data Protection Officer (if required) Create & manage compliant vendor contracts
8 European Convention on Human Rights 1953 European Convention 108 Directive 95/46/EC REGULATION (EU) 2016/ Nov Sep Jan Oct Dec Oct Apr May 2018 Article 8 of the European Convention on Human Rights provides a right to respect for one's "private and family life, his home and his correspondence", subject to certain restrictions that are "in accordance with law" and "necessary in a democratic society". The treaty regarding the protection of individuals with regard to automatic processing of personal data was signed as Council of Europe Convention 108. All 47 members of the Council of Europe have ratified the treaty, except Turkey. Data Protection Directive 95/46/EC created to regulate the processing of personal data. The directive agrees to a new, advanced standard in the protection of individuals with regards to the processing of their personal data and its free movement. The directive is brought into force after a three-year grace period. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.
9 Secure digital environment helps building trust, enables digital transformation and increases prosperity in the EU and globally: Approved Applied from onwards Approved National implementation by 9 May 2018 COM proposal January 2017 COM guidelines January 2017 Approved National implementation by 23 September 2018 All organizations Critical sectors All organizations All organizations Public sector organizations
10 ISO/IEC Code of Practice for Protecting Personal Data in the Cloud European Union Model Clauses SSAE 16/ISAE 3402 ISO/IEC In 2014, the ISO adopted ISO/IEC 27018:2014, an addendum to ISO/IEC 27001, the first international code of practice for cloud privacy. Based on EU data-protection laws, it gives specific guidance to cloud service providers (CSPs) acting as processors of personally identifiable information (PII) on assessing risks and implementing state-of-the-art controls for protecting PII. At least once a year, Microsoft Azure and Azure Germany are audited for compliance with ISO/IEC and ISO/IEC by an accredited third party certification body, providing independent validation that applicable security controls are in place and operating effectively. By following the standards of ISO/IEC and the code of practice embodied in ISO/IEC 27018, Microsoft the first major cloud provider to incorporate this code of practice European Union (EU) data protection law regulates the transfer of EU customer personal data to countries outside the European Economic Area (EEA), which includes all EU countries and Iceland, Liechtenstein, and Norway. The EU Model Clauses are standardized contractual clauses used in agreements between service providers (such as Microsoft) and their customers to ensure that any personal data leaving the EEA will be transferred in compliance with EU data-protection law and meet the requirements of the EU Data Protection Directive 95/46/EC. Microsoft provided its Standard Contractual Clauses to the EU's Article 29 Working Party for review and approval. The Article 29 Working Party includes representatives from the European Data Protection Supervisor, the European Commission, and each of the 28 EU data protection authorities (DPAs). SSAE 16 (Statement on Standards for Attestation Engagements No. 16), the successor to SAS 70, and ISAE 3402 (International Standards for Attestation Engagement No. 3402), are audit standards established by the American Institute of Certified Public Accountants (AICPA) and the International Auditing and Assurance Standards Board of the International Federation of Accountants, respectively, and are geared towards service organizations. Service organizations are typically entities that provide outsourcing services that impact the control environment of their customers. Examples of service organizations are insurance and medical claims processors, hosted data centers, application service providers (ASPs), and managed security providers. SSAE 16 and ISAE 3402 audits are independent verifications of compliance with security controls and effectiveness of security controls. ISO/IEC is an information security management system (ISMS) standard, part of the ISO/IEC family of standards that address privacy, confidentiality and technical security issues and have "established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization." The standards outline hundreds of potential controls and control mechanisms. ISO/IEC in particular is one of the most widely recognized certifications for a cloud service, and thus one of the most valued by our customers. ISO defines how to implement, monitor, maintain, and continually improve the ISMS. The Microsoft Online Services Information Security Policy aligns with ISO 27002, augmented with requirements specific to online services.
11
12 INTELLIGENT SECURITY GRAPH Unique insights, informed by trillions of signals. This signal is leveraged across all of Microsoft s security services 1.2B devices scanned each month Malware data from Windows Defender Shared threat data from partners, researchers and law Enforcement worldwide 400B s analyzed 200+ global cloud consumer and Commercial services Botnet data from Microsoft Digital Crimes Unit Enterprise security for 90% of Fortune M+ Azure user accounts 18+B Bing web pages scanned 450B monthly authentications
13 Industry Partners Antivirus Network INTELLIGENT SECURITY GRAPH CERTs Cyber Defense Operations Center Malware Protection Center Cyber Hunting Teams Security Response Center Digital Crimes Unit PaaS IaaS SaaS Identity Apps and Data Infrastructure Device
14 SECURITY MANAGEMENT IMPERATIVES IDENTITY DEVICES APPS / DATA INFRASTRUCTURE VISIBILITY Understand the security state and risks across resources CONTROL Define consistent security policies and enable controls GUIDANCE Elevate security through built-in intelligence and recommendations
15 DEFINE CONSISTENT SECURITY POLICIES AND ENABLE CONTROLS FOR USERS IDENTITY
16 Information Protection lifecycle example File is created (via multiple sources) User opens the file for editing Collaborate through SharePoint Online User opens the file on mobile Upload to other cloud service for external sharing Azure Information Protection client Windows Information Protection Office 365 Data Governance Intune Microsoft Cloud App Security (MCAS) Persistent labels enable a unified information protection language
17 How do I get started 1 Discover Identify what personal data you have and where it resides 2 Manage Govern how personal data is used and accessed 3 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 4 Report Keep required documentation, manage data requests and breach notifications
18 Discover Right to Erasure Right to Data Portability GDPR Workshops ETA Q1 FY18 Microsoft (and optional with Partner) workshops on GDPR awareness and scoping establishment. Secure Productive Enterprise PoC ETA Q1 FY18 Customer seeking guidance and support from Advisory Firm(s) + Microsoft to assess their current environment towards the GDPR controls. Deliverables: Gap analysis and reports. Advice/Roadmap how to address and become compliant. Fast Start Enterprise Mobility + Security Guided small implementation of EM+S to enable the capabilities in the environment Manage Documentation Privacy by Design Protect Data Security Data Transfer Foundation Capabilities Consulting Services Mapping Report Documentation Breach Response and Notification Data Insights GDPR Data Discovery pilot Known data sources/files are uploaded to Azure after which inventory is done on PII (NOT PUBLISHED YET) Microsoft Data Classification Toolkit Downloadable toolkit intended to help organizations simplify the ability to search, identify, and apply rules to data you specify. Secure Modern Enterprise (Security Foundation) OMS Log Analytics unlock the power of your own data and understand the valuable operational insights through the Hybrid Cloud Monitoring engagement RAP as A Service Microsoft Security This service is available for any organization that is seeking to evaluate and improve their Security Program Management. Azure Information Protection Implementation Services Initial configuration of Azure Information Protection tenant and optionally integrated with on-premises services. Formulate and execute on a classification and DLP strategy. Advanced Threat Analytics Implementation Service Implements ATA in a production environment, including Incident Management Process Advanced Analytics Essentials Predictive Solutions, such as Predictive Maintenance, Demand Forecasting, Attrition, and Personalization for qualified customer opportunities. Measure and demonstrate the business value using a performance dashboard Dynamic Identity Framework Assessment + Online Assessment Active Directory Service (OAADS) Assessments that cover the current posture and risks on your identity management processes and services, together with a thorough assessment of your Active Directory Services Windows 10 Security Implementation Service Includes Windows 10 Security Foundation (BitLocker, Credential Guard, Defender, SmartScreen, Security Baseline) and Windows Information Protection Privileged Access Workstation Security hardened administrative workstation for cloud tenant management, Tier 0 (Active Directory), Tier 1 (Servers), Tier 2 (Workstations) zone management to prevent breach of administrative accounts. POP-Security Incident Management Create or revise your Security Incident Management processes to enable the 72 hour breach notification requirement Persistent Adversary Detection Service (PADS) Productivity Governance and Compliance delivers a governance plan that will help organizations control, administer, and manage their SharePoint Online investments to secure applications and data when users are located remotely, and ensure compliance requirements are met. SQL Server Data Protection Plan Maintain a healthy business by preventing Data loss and having a reliable and AlwaysOn SQL Server infrastructure More foundational, medium and longer term offerings see overview in appendix
19 Partner with Microsoft Services Security Data Platform Cloud Modern Workplace Privacy Controls Notifications Policies Training GDPR Workshop Risk & Data Management Foundation GDPR Program Partner Education, Awareness, Discovery: Microsoft Roadmap Modernize your IT Environment (Partner) Discover, Manage, Protect, Report (projects based on gap analysis outcomes, and roadmap alignment) Microsoft does not provide legal advice.
20 Data Discovery Offering This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
21 Global enterprises are mandated to comply with new EU regulations and non compliance will result in fines equaling 2-4% of global revenues. Most enterprises are using this requirement to establish systematic IT Asset Management Service and reporting capabilities. Objectives of the engagement: Drive a centralized data store to host the asset data from various sources. Drive data consistency and data quality. Drive centralized reporting capability to provide insights for Legal, Business and Technical Decision Makers. Benefits & outcomes Solution built on Azure IaaS or PaaS with Power BI for data visualization needs. Drive focused workshop and quick proof of value. Assist the customer to meet their regulatory compliance needs. Components
22 Data Subject Rights depend on the relationship with the customer Consumers Employees Vendors (Suppliers, Commercial Customers) Shareholders Application EU Authorities Data Transfer Audit and Compliance 3 rd Parties
23 GDPR webpage on the Microsoft Trust Center Customer whitepaper: Beginning your GDPR journey Video of Brendon Lynch Sharing his Perspective on the GDPR Microsoft FAQ on the GDPR Blog Post: Earning your trust with contractual commitments to the General Data Protection Regulation Blog Post: Get GDPR compliant with the Microsoft cloud
24 Thank You! You Trust IT Путь к безопасности бизнеса
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationThis presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas Tamosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide
More informationAccelerate GDPR compliance with the Microsoft Cloud Agustín Corredera
Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are
More informationMicrosoft Security Management
Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationCAN MICROSOFT HELP MEET THE GDPR
CAN MICROSOFT HELP MEET THE GDPR REQUIREMENTS? Danny Uytgeerts Microsoft 365 TSP / P-Seller Privacy Consultant (certified DPO) Member of DPO-Pro (Professional association of Belgian DPOs) danny.uytgeerts@realdolmen.com
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationEvolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa
Evolution of Cyber Security Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Nasser.Kettani@microsoft.com @nkettani MODERN SECURITY THREATS THERE ARE TWO KINDS OF BIG COMPANIES:
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationBy 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1
By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 The question is no longer: How do I move to the cloud? Instead, it s Now that I m in the cloud, how do I make sure
More informationSmart Software Licensing tools and Smart Account Management Privacy DataSheet
Smart Software Licensing tools and Smart Account Management Privacy DataSheet This Privacy DataSheet describes the processing of personal data (or personal identifiable information) by Smart Software Licensing
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationcelerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta
celerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta Regulations Digital Economy Externa al Challenges g Cyber Crime
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationMicrosoft 365 Business FAQs
Microsoft 365 Business FAQs Last updated April 27 th, 2018 Table of Contents General... 3 What is Microsoft 365 Business?... 3 Who should consider adopting Microsoft 365 Business?... 3 How can I get Microsoft
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationU susret GDPR regulativi Dočekajmo spremni Maj 2018
U susret GDPR regulativi Dočekajmo spremni Maj 2018 Dragan Tasić Technology Solutions Professional This presentation is intended to provide an overview of GDPR and is not a definitive statement of the
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationG DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know
G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationAccelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway
Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway This presentation is intended to provide an overview of GDPR and is not a definitive statement
More informationIdentity & Access Management
Identity & Access Management THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY WITHOUT COMPROMISING SECURITY? S E C U R I T Y OR P R O D U C T I V I T Y On-premises THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY
More informationSDL Privacy Policy Cloud Services
SDL Privacy Policy Cloud Services Software-As-A-Service Products Version 11-04-2017 v1.4 SDL plc Globe House Clivemont Road, Maidenhead SL6 7DY England www.sdl.com SDL Tridion Infrastructure Summary This
More informationCisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th
Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationWorkday s Robust Privacy Program
Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationGeneral Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant
General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall
More informationManaging Microsoft 365 Identity and Access
Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential
More informationGeneral Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant
General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationMicrosoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz Installation von 2000 Servern in 3 Stunden Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationAgenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2
GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure
More informationGDPR Compliance. Clauses
1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The
More informationQ&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )
Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection
More informationGeneral Data Protection Regulation (GDPR) and the Implications for IT Service Management
General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection
More informationAvanade s Approach to Client Data Protection
White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success
More informationDoes a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?
Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA? A brief overview of security requirements for Federal government agencies applicable to contracted IT services,
More informationAccelerate GDPR compliance with the Microsoft Cloud
Accelerate GDPR compliance with the Microsoft Cloud Michal Jaworski National Technology Officer Microsoft Poland This presentation is intended to provide an overview of GDPR and is not a definitive statement
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationthe SWIFT Customer Security
TECH BRIEF Mapping BeyondTrust Solutions to the SWIFT Customer Security Controls Framework Privileged Access Management and Vulnerability Management Table of ContentsTable of Contents... 2 Purpose of This
More informationData Privacy in Your Own Backyard
White paper Data Privacy in Your Own Backyard Staying Secure Under New GDPR Employee Internet Monitoring Rules www.proofpoint.com TABLE OF CONTENTS INTRODUCTION... 3 KEY GDPR PROVISIONS... 4 GDPR AND EMPLOYEE
More informationService Provider Consulting
From Microsoft Services 1 Industry Overview More and more businesses are looking to outsource IT, decrease management requirements and ultimately save money. With worldwide public cloud spending expected
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationOur agenda. The basics
GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially
More informationCloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015
Cloud Computing Standard Effective Date: July 28, 2015 1.1 INTRODUCTION Cloud computing services are application and infrastructure resources that users access via the Internet. These services, contractually
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationDATA PROCESSING TERMS
DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationCountdown to GDPR. Impact on the Security Ecosystem and How to Prepare
Countdown to GDPR Impact on the Security Ecosystem and How to Prepare Susan Kohn Ross, Esq. Mitchell Silberberg & Knupp LLP Jasvir Gill Alert Enterprise Lora Wilson Axis Communications Affected Countries
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationEU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017
EU Cloud Computing Policy Luis C. Busquets Pérez 26 September 2017 The digital revolution is built on data Most economic activity will depend on data within a decade Potential of the data-driven economy
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationModern Database Architectures Demand Modern Data Security Measures
Forrester Opportunity Snapshot: A Custom Study Commissioned By Imperva January 2018 Modern Database Architectures Demand Modern Data Security Measures GET STARTED Introduction The fast-paced, ever-changing
More informationAWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE
AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE 2018 1 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationData Protection in the AWS Cloud: Implementing GDPR and Overview of C5
Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5 Gerald Boyne, Christian Hesse Security Assurance Germany 25.11.2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationManaging SaaS risks for cloud customers
Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationChanging times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon
Changing times in Swiss Data Privacy: new opportunities? Clara-Ann Gordon Which countries have Data Protection Laws? Source: https://www.taylorwessing.com/globaldatahub/risk_map.html Page 2 Different Data
More informationGetting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions
Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across
More informationGDPR: A GUIDE TO READINESS
SATORI CONSULTING GDPR: A GUIDE TO READINESS The European Union (EU) is implementing the General Data Protection Regulation (GDPR) that takes effect May of 2018. Any businesses offering goods or services
More informationSOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2
Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationDisruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise
Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions
More informationHow icims Supports. Your Readiness for the European Union General Data Protection Regulation
How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection
More informationSolution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites
Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC
More informationThe Etihad Journey to a Secure Cloud
SESSION ID: CCS-T07 The Etihad Journey to a Secure Cloud Georges de Moura Head of Group Information Security, Risk & Compliance Etihad Aviation Group History: Before The Cloud Devolved IT Decision-Making
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationGDPR is here to stay. How prepared are you?
GDPR is here to stay. How prepared are you? KEY TENETS What & Why GDPR? A BRIEF General Data Protection Regulation (GDPR) is the European Union s new law for individuals data privacy & protection that
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationSecuring Data in the Cloud: Point of View
Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More information