GDPR Update and ENISA guidelines

Similar documents
EU General Data Protection Regulation (GDPR) Achieving compliance

Google Cloud & the General Data Protection Regulation (GDPR)

Protecting your data. EY s approach to data privacy and information security

Real-time Communications Security and SDN

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

SRM Service Guide. Smart Security. Smart Compliance. Service Guide

Security by Default: Enabling Transformation Through Cyber Resilience

locuz.com SOC Services

The NIS Directive and Cybersecurity in

External Supplier Control Obligations. Cyber Security

Version 1/2018. GDPR Processor Security Controls

ENISA EU Threat Landscape

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Manchester Metropolitan University Information Security Strategy

European Union Agency for Network and Information Security

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Device Discovery for Vulnerability Assessment: Automating the Handoff

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Cyber Security Technologies

Security Awareness Training Courses

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

MEETING ISO STANDARDS

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

A company built on security

Cybersecurity Considerations for GDPR

NEXT GENERATION SECURITY OPERATIONS CENTER

Reinvent Your 2013 Security Management Strategy

Verizon Software Defined Perimeter (SDP).

Designing and Building a Cybersecurity Program

NIS Standardisation ENISA view

Your Trusted Partner in Europe European Business Reliance Centre

Fintech District. The First Testing Cyber Security Platform. In collaboration with CISCO. Cloud or On Premise Platform

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

Best Practices in Securing a Multicloud World

to Enhance Your Cyber Security Needs

ENISA s Position on the NIS Directive

Accelerate Your Enterprise Private Cloud Initiative

GDPR: A QUICK OVERVIEW

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

the SWIFT Customer Security

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Closing the Hybrid Cloud Security Gap with Cavirin

ForeScout CounterACT. Continuous Monitoring and Mitigation. Real-time Visibility. Network Access Control. Endpoint Compliance.

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

WORKSHARE SECURITY OVERVIEW

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

Security

Security and Privacy Governance Program Guidelines

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

How to ensure control and security when moving to SaaS/cloud applications

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

MITIGATE CYBER ATTACK RISK

BHConsulting. Your trusted cybersecurity partner

Run the business. Not the risks.

Digital Renewable Ecosystem on Predix Platform from GE Renewable Energy

Putting security first for critical online brand assets. cscdigitalbrand.services

Cloud Customer Architecture for Securing Workloads on Cloud Services

ARE YOU READY FOR GDPR?

SECURITY SERVICES SECURITY

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Smart Software Licensing tools and Smart Account Management Privacy DataSheet

CCISO Blueprint v1. EC-Council

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

SOC for cybersecurity

Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Information Security and Cyber Security

The Emerging Role of a CDN in Facilitating Secure Cloud Deployments

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

TAN Jenny Partner PwC Singapore

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Building a Resilient Security Posture for Effective Breach Prevention

Data Security Standards

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

COPE-ing with Cyber Risk Exposures

TRACKVIA SECURITY OVERVIEW

M a d. Take control of your digital security. Advisory & Audit Security Testing Certification Services Training & Awareness

The Honest Advantage

H2020 WP Cybersecurity PPP topics

Cybersecurity Protecting your crown jewels

Risk Advisory Academy Training Brochure

How DDoS Mitigation is about Corporate Social Responsibility

Twilio cloud communications SECURITY

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Introducing Cyber Observer

The Resilient Incident Response Platform

CYBER RESILIENCE & INCIDENT RESPONSE

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

IoT privacy risk management in ANASTACIA project

Transcription:

GDPR Update and ENISA guidelines 2016 [Type text]

There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure that the organisation's compliance obligations are met. Responsibility for compliance extends beyond the CISO to the entire board. These issues are linked because any UC implementation impacts the deploying organisation's compliance status. This white paper examines the UC compliance issues and shows how with the correct security controls, an organisation may realise the benefits of UC without compromising their compliance status. Introduction INFORMATION UPDATE Universal and Real-Time Communication (UC and IOT) compliance, delivered to certify the risk levels and assure Corporates that they will adhere to EU and US based Cyber-attack directives, as set out in 2015 to extend and protect Personal Data. UM-Labs have worked with various Audit Partner s and more recently Tier One Carriers to add to their Cyber Risk Services. This helps complex organizations more confidently leverage advanced technologies to achieve their strategic growth, innovation and performance objectives through proactive management of the associated cyber risks. Deeply experienced across a broad range of industries, these Audit Partner s Cyber Risk Services practitioners, provide advisory and implementation services, spanning executive and technical functions. This helps to transform legacy IT security programs into proactive, secure, vigilant and resilient cyber risk programs that better align security investments with risk priorities, established to improve threat awareness and visibility, and strengthen the ability of organizations to thrive in the face of cyber incidents. Compliance and assurance means that together with UM-Labs, partners can offer a powerful integrated business and technology solution enabling companies to adequately prepare for and manage the entire life cycle of a cyber-incident. Organizations today need to quickly contain the damage, but they also need a solutions provider that can help them regain full business strength and improve their capacity to withstand future crises. UM Labs makes it possible for your clients to meet tomorrow s cyber challenges head-on while continuing to power performance in their businesses. IT security is the process of applying security measures to ensure confidentiality, integrity, and availability of data. IT security attempts to assure the protection of assets, which includes data, desktops, servers, buildings, and most importantly, humans. The goal of IT security is to protect data both in transit and at rest. Countermeasures can be put in place in order to increase the security of

data. Some of these measures include, but are not limited to, access control, awareness training, audit and accountability, risk assessment, penetration testing, vulnerability management, and security assessment and authorization. Most organizations have implemented reasonable to adequate technologies to mitigate the IT security risk of traditional network infrastructures. Measures range from classical on-premises endpoint solutions like firewalls and proxy servers to managed security services from the cloud. With the advent of Universal Communications (UC), a separate Network Data Application, accompanying risks are mistakenly classified following traditional threat tables. It is an unfortunate fact, however, that existing mitigation measures like Session Border Controllers (SBC s), gateways and internet proxies are not able to effectively protect specific UC functionality. SBC s are not designed to protect against modern cyber-attacks. The European Network and Information Security Agency (ENISA) Technical Guideline, which is mandatory for Network Service Providers (NSP) and the services they deliver, shows clearly the mismatches between the legacy gateways such as SBC etc. and their capabilities and the security obligations. Impact Law and Legislation In December 2014 and again in 2015, ENISA published a set of technical guidelines, with which an organization can implement processes and security measures that comply with the legislative requirements for the security of electronic communications of the European Union. HR 1770, the Data Security and Breach Notification Act of 2015 in the USA along with the EU Directive EU Directive 95/46/EC in Europe present major milestones for Cyber Security compliance. The technical guidelines are developed with the aim to provide for a standardized framework for mobile networks, VoIP and UC solutions. They take technical and organizational measures into account. These guidelines indicate, amongst others, that the deployment of SBC s for UC solutions do not comply with the EU legislation. The technology for UC solutions applied by UM Labs, however, provides 100% compliancy with these regulations. Security & Assurance from UM Labs UM-Labs R&D have provided a platform designed for the 21 st century and in this our partners can provide the UC IaaS services to deliver an ISO27001 certificate. The 27001 certificate proves for their customers that the Security Management process is under control. The Statement of Applicability is based on a service specific risk analysis. Besides ISO27001 and to be introduced ISO28000 for inter-op between platforms, the service will also be subject to an assurance statement based on the ISAE 3000 range (ISAE3000 or ISAE3402).

The statement is a type II statement which describes the design, existence and effectiveness of the controls. An independent (third party) auditor will create the statement. The NSP partner Compliance Framework will be the basis for the provided ISAE statement. The partner is free to combine the ISO certificate with the ISAE statement. Optionally, the ISAE statement can be shared and discussed with customers.

Delivered as a software layer OS to protect on three layers, network, application and content, fully integrated to protect from multiple attacks. Call to action As the new global regulation and legacy architecture for network and cyber security are proven to be incompatible with 21 st century Cyber-attacks, the move towards filing any gaps in the obvious legacy, becomes urgent. Many suppliers, if not all of, see re-design as a daunting task, it is now being taken on board by them and the result is to merely move old designed hardware products, such as firewalls, SBC s and application gateways into a software defined solution. This has not created new design for new threats, to achieve compliant and resilient Cyber Security, especially in the real-time communication space, it is imperative there is an integrated multi-layer attack protection that responds at the network, application and content levels, (by way of example, a DOS attack at the network is often used to create disruption so that the next more sophisticated DDOS attack at the application level prevents service use and opens up the single point firewall or proxy and allows hacker access on content.) UM-Labs R&D have tested against rigorous POC and regulator input to show how the platform running in any cloud provides multi-layer protection by full integration and management of real-time communications, the layered security OS from UM-Labs sits at the point of the Network entry, allowing any access from mobile or desktop into any UC system s, while fully encrypted and delivered on scale, with all known attacks managed, logged and prevented. As an SDN

implementation, designed as a layer, it is easy to update for new attacks and provide, if needed, patches in real-time. As the solution can run on any cloud (private, public or Hybrid, bare metal if needed), providing security for 100,000 of users within minutes not days or months, it is anticipated this will be acceptable to hosting, NSP and private organisations, making their real-time communications compliant. Just in time!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback