Quick Wins with Data Loss Prevention How to Make DLP Work for You

Size: px
Start display at page:

Download "Quick Wins with Data Loss Prevention How to Make DLP Work for You"

Transcription

1 Quick Wins with Data Loss Prevention How to Make DLP Work for You Rich Mogull, CEO & Analyst Securosis, L.L.C. Mark Moroses, Assistant CIO, Continuum Health Partners John Dasher, Senior Director, Data Protection, McAfee

2 Agenda Rich Mogull, CEO & Analyst, Securosis, L.L.C. Low-Hanging Fruit: Quick Wins with DLP Mark Moroses, Assistant CIO, Continuum Health Partners How Continuum uses McAfee DLP to protect sensitive patient data John Dasher, Senior Director, Data Protection, McAfee McAfee DLP solution overview 2

3 Quick Wins with Data Loss Prevention! Rich Mogull! Securosis, LLC!

4 Too complex to deploy.! Too many false positives.! DLP Fears!

5 The Quick Wins Process!

6 "Products that, based on central policies, identify, monitor, and protect data at rest, in motion, and in use through deep content analysis."! -Rich Mogull!

7 What DLP Provides! Helps you identify where you store sensitive information.! Helps you understand how that information is used and moved throughout your organization.! Proactively protects your information, while limiting impact on legitimate business processes.!

8 Defining Process!

9 Process Workflow!

10 Prepare Directory Why? DLP policies are typically user and group based.! Need to correlate activities back to warm bodies.! Poor directories are a leading obstacle to DLP deployments.! vs. Web vs. Endpoint! Servers!

11 Integrate with Infrastructure! Passive sniffer (SPAN/ Mirror)! (MTA)! Network! Software deployment! Endpoint! Admin credentials! Storage!

12 Integration Recap! For all deployments: Directory services (usually your Active Directory and DHCP servers).! Network deployments: Network gateways and mail servers.! Endpoint deployments: Software distribution tools.! Discovery/storage deployments: File shares on the key storage repositories (you generally only need a username/password pair to connect).!

13 Choose Flavor! Single Data Type! Information Usage!

14 Choose Deployment Type! Network! Storage! Endpoint!

15 Define Policies! Single Type! Information Usage! Leverage an existing category when possible.! Tune later.! False positives are good!! Turn on (nearly) everything.! Collect as much as possible to identify usage patterns.!

16 Monitor! ID! Time! Policy! Channel! Severity! User! Action! Status! 1138! 1625! PII! ! 1.2 M! rmogull! Blocked! Open! 1139! 1632! HIPAA! IM! 2! jsmith! Notified! Assigned! 1140! 1702! PII! HTTP! 1! ! None! Closed! 1141! 1712! R&D/Product X! USB! 4! bgates! Notified! Assigned! 1142! 1730! Financials! Storage! 4! ! Encrypt! Escalated! 1143! 12/1/08! Source Code! Cut/Paste! 12! sjobs! Confirm! Open!

17 Analyze! Top violations by data type.! Top violations by business unit.! Top violations by volume.! False positive patterns.! Different violations from same source.! Unusual origins.!

18 What Did We Accomplish?! Established a flexible incident management process.! Integrated with major infrastructure components.! Assessed broad information usage.! Set foundation for later.!

19 Deployment Best Practices! Evaluate results! Integrate with Infrastructure! Define Initial Policy! Baseline scan! Tune policy! Expand scan scope! Add protection!

20 Rich Mogull! Securosis, L.L.C.! AIM: securosis! Skype: rmogull! Twitter: rmogull!

21 Continuum Health Partners Deploying Data Loss Prevention Mark Moroses, Assistant CIO, Continuum Health Partners

22 Background Who is Continuum Health Partners? Drivers Regulations - HIPAA Joint commissions to certify best practices Regular audits Failure not an option Policy Must be able to ensure enforcement Need to prove policies are being followed 22

23 Solution Business Enablement IT supporting physician s needs Allow liberal web access while still having monitoring capabilities Data Risk Assessment Documented inappropriate data leakage, which helped secure budget Investigative Support McAfee DLP has become the starting point for investigations Investigations now able to occur much faster Passing Audits Proving compliance with policies and demonstrating working controls Predictable technology and process speed future audits, reduce manpower requirements 23

24 Lessons Learned Executive sponsorship Physician with prior first-hand experience Deployment Soft opening Communicated roll-out plan Response Plan No ready, fire, aim Work closely with HR & Legal stakeholders 24

25 McAfee Data Loss Prevention John Dasher, Senior Director, Data Protection, McAfee

26 Static DLP Leaks Data Data Violations 26 McAfee Data Protection

27 Static DLP Leaks Data Data Violations Bit Bucket 27 McAfee Data Protection

28 McAfee DLP Leverages Data Data Violations 28 McAfee Data Protection

29 McAfee DLP Leverages Data Data Violations Data Intelligence Capture Fast, accurate policy creation and rapid, indepth investigations 29 McAfee Data Protection

30 McAfee DLP 9 Advantages Tight Product Integration Integrated technologies provide superior protection Optimized oversight and control Deployment Velocity Protected sensitive data more quickly Drive down deployment and ongoing costs Data Analytics Build better policy, conduct fast investigations Anticipate risks before they become problems

31 McAfee DLP Solution What Others Say NetworkWorld found that McAfee has a very practical understanding of the role of DLP in a modern organization with innovative features, excellent user interfaces, and a clear vision for the future of DLP. SC Magazine finds McAfee Host DLP to be a good value for customers looking for a lot of features and a lot of flexibility in both data leakage control and enterprise rights management. 31

32 McAfee DLP Resources Optimized Security Architecture for Data Protection 10 Steps to Protecting Your Data Low Hanging Fruit: Quick Wins with DLP Forrester Research Total Economic Impact of McAfee DLP McAfee 48-hour Data Risk Assessment Data Protection section of McAfee.com data_loss_prevention/index.html Continuum and BCI customer case studies Data Protection Blogs 32

33 Q&A

Quick Wins With DLP. Applying the Quick Wins process to deploy a high impact solution, Rich Mogul, Securosis. Sponsors of Today's Event:

Quick Wins With DLP. Applying the Quick Wins process to deploy a high impact solution, Rich Mogul, Securosis. Sponsors of Today's Event: Safeguarding the Digital World Quick Wins With DLP Applying the Quick Wins process to deploy a high impact solution, Rich Mogul, Securosis Sponsors of Today's Event: Today s Agenda Introduction Peer Group

More information

Pragmatic Data Security. Rich Mogull Securosis

Pragmatic Data Security. Rich Mogull Securosis Pragmatic Data Security Rich Mogull Securosis Do you feel the pain? No standards No architectures No money Many products None of which work together All of which make the same claims, despite conflicting

More information

Low Hanging Fruit: Quick Wins with Data Loss Prevention

Low Hanging Fruit: Quick Wins with Data Loss Prevention Low Hanging Fruit: Quick Wins with Data Loss Prevention Version 1.0 Released: March 24, 2010 Securosis, L.L.C. http://securosis.com 1 Author s Note The content in this report was developed independently

More information

Low Hanging Fruit: Quick Wins with Data Loss Prevention

Low Hanging Fruit: Quick Wins with Data Loss Prevention Low Hanging Fruit: Quick Wins with Data Loss Prevention Version 2.0 Released: March 31, 2011 Securosis, L.L.C. http://securosis.com 1 Author s Note The content in this report was developed independently

More information

McAfee Total Protection for Data Loss Prevention

McAfee Total Protection for Data Loss Prevention McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure

More information

01.0 Policy Responsibilities and Oversight

01.0 Policy Responsibilities and Oversight Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities

More information

Microsoft Security Management

Microsoft Security Management Microsoft Security Management MICROSOFT SECURITY MANAGEMENT SECURITY MANAGEMENT CHALLENGES Some large financial services organizations have as many as 40 or more different security vendors inside their

More information

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2019 NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate

More information

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

RSA pro VMware. David Matějů. RSA, The Security Division of EMC RSA pro VMware David Matějů RSA, The Security Division of EMC david.mateju@rsa.com How secure are you? Does your IT security address the risks associated with virtualization and private cloud before they

More information

NERC Staff Organization Chart Budget 2019

NERC Staff Organization Chart Budget 2019 NERC Staff Organization Chart Budget 2019 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Officer Senior Vice President, General Counsel and Corporate

More information

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp

HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements

More information

NERC Staff Organization Chart Budget 2018

NERC Staff Organization Chart Budget 2018 NERC Staff Organization Chart Budget 2018 President and CEO Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel and Corporate

More information

Don t Be the Next Data Loss Story

Don t Be the Next Data Loss Story Don t Be the Next Data Loss Story Titus: Blair Canavan McAfee: Chris Ellis Date The Importance of Data Protection McAfee DLP + TITUS Data Classification About McAfee Founded in 1987 as the world s largest

More information

Security and Privacy Governance Program Guidelines

Security and Privacy Governance Program Guidelines Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Sensitive Data Loss is NOT Inevitable

Sensitive Data Loss is NOT Inevitable Sensitive Data Loss is NOT Inevitable Dan Geer, CISO In-Q-Tel Featured Speaker Heidi Shey, Security Analyst, Forrester Research Agenda Introduction Time for a Change Dan Geer, In-Q-Tel How to Overcome

More information

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security

Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security Reducing Operational Costs and Combating Ransomware with McAfee SIEM and Integrated Security Healthcare provider manages threats with ease Atrius Health Customer Profile Large regional healthcare provider

More information

Speakers. Shellie Zavatsky Director of Internal Audit at Hurley Medical Center. Trent Long Director of Managed Privacy Services at FairWarning, Inc

Speakers. Shellie Zavatsky Director of Internal Audit at Hurley Medical Center. Trent Long Director of Managed Privacy Services at FairWarning, Inc View the Replay Speakers Shellie Zavatsky Director of Internal Audit at Hurley Medical Center Trent Long Director of Managed Privacy Services at FairWarning, Inc Agenda What are the new advanced threats

More information

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations FFIEC Cyber Security Assessment Tool Overview and Key Considerations Overview of FFIEC Cybersecurity Assessment Tool Agenda Overview of assessment tool Review inherent risk profile categories Review domain

More information

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not

More information

ISACA Greater Kansas City Chapter

ISACA Greater Kansas City Chapter ISACA Greater Kansas City Chapter Measuring the Maturity of your Information Security Program. Impossible? Presented by: Mark Carney, VP of Strategic Services Agenda Definition of Mature Client Approaches

More information

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2 GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure

More information

Security by Default: Enabling Transformation Through Cyber Resilience

Security by Default: Enabling Transformation Through Cyber Resilience Security by Default: Enabling Transformation Through Cyber Resilience FIVE Steps TO Better Security Hygiene Solution Guide Introduction Government is undergoing a transformation. The global economic condition,

More information

RSA Data Loss Prevention (DLP)

RSA Data Loss Prevention (DLP) RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Aris Zikopoulos, Channel Manager ITWAY HELLAS Copyright 2013 EMC Corporation. All rights reserved. 1 Definition of DLP

More information

Sustainable Security Operations

Sustainable Security Operations Sustainable Security Operations Optimize processes and tools to make the most of your team s time and talent The number and types of security incidents organizations face daily are steadily increasing,

More information

MaaS360 Secure Productivity Suite

MaaS360 Secure Productivity Suite MaaS360 Secure Productivity Suite Frequently Asked Questions (FAQs) What is MaaS360 Secure Productivity Suite? MaaS360 Secure Productivity Suite integrates a set of comprehensive mobile security and productivity

More information

Faculty/Presenter Disclosure

Faculty/Presenter Disclosure Faculty/Presenter Disclosure Faculty: Cindy Convey and Tiffany Chui Fraser Health Authority Relationships with commercial interests: None 1 Disclosure of Commercial Support This program has received no

More information

Demonstrating Compliance in the Financial Services Industry with Veriato

Demonstrating Compliance in the Financial Services Industry with Veriato Demonstrating Compliance in the Financial Services Industry with Veriato Demonstrating Compliance in the Financial Services Industry With Veriato The biggest challenge in ensuring data security is people.

More information

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan

Ready, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

GDPR: An Opportunity to Transform Your Security Operations

GDPR: An Opportunity to Transform Your Security Operations GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)

More information

McAfee MVISION Cloud. Data Security for the Cloud Era

McAfee MVISION Cloud. Data Security for the Cloud Era McAfee MVISION Cloud Data Security for the Cloud Era McAfee MVISION Cloud protects data where it lives today, with a solution that was built natively in the cloud, for the cloud. It s cloud-native data

More information

What It Takes to be a CISO in 2017

What It Takes to be a CISO in 2017 What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge

More information

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential

More information

Mission Defense via Information-Centric Security

Mission Defense via Information-Centric Security Mission Defense via Information-Centric Security Overview It s About the Information Traditional CND Tools are Not Sufficient Not All Data is Created Equal "The views expressed in this presentation are

More information

Enterprise Guest Access

Enterprise Guest Access Data Sheet Published Date July 2015 Service Overview Whether large or small, companies have guests. Guests can be virtually anyone who conducts business with the company but is not an employee. Many of

More information

Security Architecture

Security Architecture Security Architecture RDX s top priority is to safeguard our customers sensitive information. Introduction RDX understands that our customers have turned over the keys to their sensitive data stores to

More information

Datasheet. Only Workspaces delivers the features users want and the control that IT needs.

Datasheet. Only Workspaces delivers the features users want and the control that IT needs. Datasheet Secure SECURE Enterprise ENTERPRISE File FILE Sync, SYNC, Sharing SHARING and AND Content CONTENT Collaboration COLLABORATION BlackBerry Workspaces makes enterprises more mobile and collaborative,

More information

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform

More information

A Risk Management Platform

A Risk Management Platform A Risk Management Platform Michael Lai CISSP, CISA, MBA, MSc, BEng(hons) Territory Manager & Senior Security Sales Engineer Shift to Risk-Based Security OLD MODEL: Prevention-Based Security Prevention

More information

OVERVIEW BROCHURE GRC. When you have to be right

OVERVIEW BROCHURE GRC. When you have to be right OVERVIEW BROCHURE GRC When you have to be right WoltersKluwerFS.com In response to today s demanding economic and regulatory climate, many financial services firms are transforming operations to enhance

More information

Certified Information Security Manager (CISM) Course Overview

Certified Information Security Manager (CISM) Course Overview Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,

More information

McAfee Skyhigh Security Cloud for Citrix ShareFile

McAfee Skyhigh Security Cloud for Citrix ShareFile McAfee Skyhigh Security Cloud for Citrix ShareFile McAfee Skyhigh Security Cloud for Citrix ShareFile helps organizations securely accelerate their business by providing industry-best Data Loss Prevention

More information

MHA Consulting BCM Metrics Resiliency Through Measurement

MHA Consulting BCM Metrics Resiliency Through Measurement 0 MHA Consulting BCM Metrics Resiliency Through Measurement Presented by: Michael Herrera, CBCP March, 2013 2009 2013 MHA MHA Consulting All All Rights Rights Reserved. Reserved. Agenda 1 Overview A Menu

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

Best Practices & Lesson Learned from 100+ ITGRC Implementations

Best Practices & Lesson Learned from 100+ ITGRC Implementations Best Practices & Lesson Learned from 100+ ITGRC Implementations Presenter: Vivek Shivananda CEO of Rsam Dec 3, 2010 ISACA -NY Chapter Copyright 2002 2010 Relational Security Corp. (dba Rsam) Agenda Overview

More information

Security Correlation Server System Deployment and Planning Guide

Security Correlation Server System Deployment and Planning Guide CorreLog Security Correlation Server System Deployment and Planning Guide The CorreLog Server provides a method of collecting security information contained in log messages generated by network devices

More information

The Benefits of EPCS Beyond Compliance August 15, 2016

The Benefits of EPCS Beyond Compliance August 15, 2016 The Trusted Source for Secure Identity Solutions The Benefits of EPCS Beyond Compliance August 15, 2016 Presenters Sheila Loy Director Healthcare Solutions HID Global Joe Summanen Technical Architect Nemours

More information

CA Security Management

CA Security Management CA Security CA Security CA Security In today s business environment, security remains one of the most pressing IT concerns. Most organizations are struggling to protect an increasing amount of disparate

More information

Privacy By Design: Privacy smart from the start. Agenda. 1. About Deloitte. 2. Privacy Incidents Around the World. 3. Privacy Smart from the Start

Privacy By Design: Privacy smart from the start. Agenda. 1. About Deloitte. 2. Privacy Incidents Around the World. 3. Privacy Smart from the Start Privacy By Design: Privacy smart from the start. 13 June 2012 Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Agenda 1. About Deloitte 2. Privacy Incidents Around the World 3. Privacy

More information

THE ART OF SECURING 100 PRODUCTS. Nir

THE ART OF SECURING 100 PRODUCTS. Nir THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!

More information

SIEM Solutions from McAfee

SIEM Solutions from McAfee SIEM Solutions from McAfee Monitor. Prioritize. Investigate. Respond. Today s security information and event management (SIEM) solutions need to be able to identify and defend against attacks within an

More information

Issues that Matter Notification and Escalation

Issues that Matter Notification and Escalation Issues that Matter and and Clinical Development Enterprise Occurrences/Situations that require a simple correction, with no effect on clinical development activities, are managed through normal business

More information

The Customer Relationship:

The Customer Relationship: View the Replay on YouTube The Customer Relationship: Behind the Scenes with Managed Privacy Services September 10 th 2015 Executive Series Webinar Today s Speakers Ann Marie Harvey Privacy Manager Baptist

More information

Securing Your Most Sensitive Data

Securing Your Most Sensitive Data Software-Defined Access Securing Your Most Sensitive Data Company Overview Digital Growth Means Digital Threats Digital technologies offer organizations unprecedented opportunities to innovate their way

More information

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved.

NetWitness Overview. Copyright 2011 EMC Corporation. All rights reserved. NetWitness Overview 1 The Current Scenario APT Network Security Today Network-layer / perimeter-based Dependent on signatures, statistical methods, foreknowledge of adversary attacks High failure rate

More information

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Suite and the OCEG Capability Model Mapping the OCEG Capability Model to the BPS Suite s product capability. BPS Contents Introduction... 2 GRC activities... 2 BPS and the Capability Model for GRC...

More information

DigitalPersona for Healthcare Organizations

DigitalPersona for Healthcare Organizations DigitalPersona for Healthcare Organizations RAPID, SECURE AUTHENTICATION FOR MEDICAL PROVIDERS AND STAFF Secure Access to Electronic Health Records Streamline Clinical Workflow Reduce Cybersecurity Costs

More information

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements

UK Permanent Salary Index November 2013 Based on registered vacancies and actual placements UK Permanent Salary Index ember 1 SYSTEM INTEGRATORS & CONSULTANCIES Job Title Guidelines 8 9 2010 2011 2012 Information & Risk IT Officer Project & Risk Consultant Analyst Part of a team in a large organisation

More information

Unlocking the Power of the Cloud

Unlocking the Power of the Cloud TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The

More information

Compliance with NIST

Compliance with NIST Compliance with NIST 800-171 1 What is NIST? 2 Do I Need to Comply? Agenda 3 What Are the Requirements? 4 How Can I Determine If I Am Compliant? 5 Corserva s NIST Assessments What is NIST? NIST (National

More information

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY DevOps Anti-Patterns Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! 31 Anti-Pattern: Throw it Over the Wall Development Operations 32 Anti-Pattern: DevOps Team Silo

More information

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security

More information

Leveraging the LincPass in USDA

Leveraging the LincPass in USDA Leveraging the LincPass in USDA Two Factor Authentication, Digital Signature, Enterprise VPN, eauth Single Sign On February 2010 USDA Takes Advantage of the LincPass USDA is taking advantage of the LincPass

More information

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain Merritt and Martijn will share insights on Digital Transformation & Drivers

More information

McAfee Skyhigh Security Cloud for Amazon Web Services

McAfee Skyhigh Security Cloud for Amazon Web Services McAfee Skyhigh Security Cloud for Amazon Web Services McAfee Skyhigh Security Cloud for Amazon Web Services (AWS) is a comprehensive monitoring, auditing, and remediation solution for your AWS environment

More information

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2, IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against

More information

Top Privacy Issues for Infosec Professionals

Top Privacy Issues for Infosec Professionals Top Privacy Issues for Infosec Professionals Gregory Reid, CEO, InFuture LLC Sam Pfeifle, Content Director, International Association of Privacy Professionals (IAPP) Where Security Meets Privacy Why privacy

More information

Watson Developer Cloud Security Overview

Watson Developer Cloud Security Overview Watson Developer Cloud Security Overview Introduction This document provides a high-level overview of the measures and safeguards that IBM implements to protect and separate data between customers for

More information

Mastering The Endpoint

Mastering The Endpoint Organizations Find Value In Integrated Suites GET STARTED Overview In the face of constantly evolving threat vectors, IT security decision makers struggle to manage endpoint security effectively. More

More information

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches

More information

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW: SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,

More information

Securing SharePoint TASSCC TEC 2009 Web 2.0 Conference

Securing SharePoint TASSCC TEC 2009 Web 2.0 Conference Securing SharePoint TASSCC TEC 2009 Web 2.0 Conference Dan Cornell Email: dan@denimgroup.comd Twitter: @danielcornell March 26 th, 2009 Agenda Background SharePoint Basics Securing SharePoint Common Approaches

More information

Symantec DLP: Detection Innovation and Expanded Coverage

Symantec DLP: Detection Innovation and Expanded Coverage Symantec DLP: Detection Innovation and Expanded Coverage Ernie Simmons, Tory Gilbert IIP Technical Field Enablement DLP: Detection Innovation and Expanded Coverage 1 Topics DLP and Detection Overview Vector

More information

Not your Father s SIEM

Not your Father s SIEM Not your Father s SIEM Getting Better Insights & Results Bill Thorn Director, Security Operations Apollo Education Group Agenda Why use a SIEM? What is a SIEM? Benefits of Using a SIEM Considerations Before

More information

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling

More information

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved Trust in the Cloud Mike Foley RSA Virtualization Evangelist 2009/2010/2011 1 2010 VMware Inc. All rights reserved Agenda How do you solve for Trust = Visibility + Control? What s needed to build a Trusted

More information

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework

Aligning Agency Cybersecurity Practices with the Cybersecurity Framework POINT OF VIEW Aligning Agency Cybersecurity Practices with the Cybersecurity Framework Leveraging Gigamon to Align Cybersecurity Budgets with Desired Business Outcomes 2013-2017 Gigamon. All rights reserved.

More information

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,

More information

Data Loss Prevention:

Data Loss Prevention: Data Loss Prevention: Considerations from an IT Audit Perspective ISACA November Luncheon 11 November 2010 Agenda What is data loss prevention (DLP)? Ernst & Young point of view on DLP Data loss risk assessment

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE John McDonald 1 What is Trust? Can I trust that my assets will be available when I need them? Availability Critical Assets Security Can I trust

More information

Decoding security frameworks for effective cyber defense. David Allott McAfee

Decoding security frameworks for effective cyber defense. David Allott McAfee Decoding security frameworks for effective cyber defense David Allott McAfee $171B Cost of cybercrime Frameworks useful or just another distracting trend? What are the analysts saying? What is the industry

More information

Outbound and Data Loss Prevention in Today s Enterprise

Outbound  and Data Loss Prevention in Today s Enterprise Outbound Email and Data Loss Prevention in Today s Enterprise Results from Proofpoint s seventh annual survey on outbound messaging and content security issues, fielded by Osterman Research during June

More information

OWA Security & Enhancements

OWA Security & Enhancements END-POINT SECURITY Messageware is a world leader in Microsoft Exchange and Outlook Web App security and productivity solutions. Our software is used by over 5 million users worldwide and has been recognized

More information

Reinvent Your 2013 Security Management Strategy

Reinvent Your 2013 Security Management Strategy Reinvent Your 2013 Security Management Strategy Laurent Boutet 18 septembre 2013 Phone:+33 6 25 34 12 01 Email:laurent.boutet@skyboxsecurity.com www.skyboxsecurity.com What are Your Key Objectives for

More information

Industrial Defender ASM. for Automation Systems Management

Industrial Defender ASM. for Automation Systems Management Industrial Defender ASM for Automation Systems Management INDUSTRIAL DEFENDER ASM FOR AUTOMATION SYSTEMS MANAGEMENT Industrial Defender ASM is a management platform designed to address the overlapping

More information

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager

7 Steps to Complete Privileged Account Management. September 5, 2017 Fabricio Simao Country Manager 7 Steps to Complete Privileged Account Management September 5, 2017 Fabricio Simao Country Manager AGENDA Implications of less mature privileged account management What does a more mature approach look

More information

NERC Staff Organization Chart Budget 2017

NERC Staff Organization Chart Budget 2017 NERC Staff Organization Chart Budget 2017 President and CEO Administrative Associate Director to the Office of the CEO Senior Vice President and Chief Reliability Senior Vice President, General Counsel

More information

Mapping BeyondTrust Solutions to

Mapping BeyondTrust Solutions to TECH BRIEF Taking a Preventive Care Approach to Healthcare IT Security Table of Contents Table of Contents... 2 Taking a Preventive Care Approach to Healthcare IT Security... 3 Improvements to be Made

More information

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San

More information

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Cybersecurity and HIPAA update Agenda Introductions Cybersecurity Overview

More information

Healthcare in the Public Cloud DIY vs. Managed Services

Healthcare in the Public Cloud DIY vs. Managed Services Business White Paper Healthcare in the Public Cloud DIY vs. Managed Services Page 2 of 9 Healthcare in the Public Cloud DIY vs. Managed Services Table of Contents Page 2 Healthcare Cloud Migration Page

More information

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions

IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

Changing face of endpoint security

Changing face of endpoint security Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L

More information

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I

CYBER SECURITY. formerly Wick Hill DOCUMENT* PRESENTED BY I nuvias.com/cybersecurity I DOCUMENT* PRESENTED BY CYBER SECURITY formerly Wick Hill * Nuvias and the Nuvias logo are trademarks of Nuvias Group. Registered in the UK and other countries. Other logo, brand and product names are trademarks

More information

McAfee Network Data Loss Prevention Administration

McAfee Network Data Loss Prevention Administration McAfee Network Data Loss Prevention Administration Education Services administration course The McAfee Data Loss Prevention Administration course enables attendees to receive in-depth training on the benefits

More information