Unified Communications Phase 2 Presentation to IT Services Users Group

Similar documents
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

GDPR: A technical perspective from Arkivum

Data Protection and GDPR

EU General Data Protection Regulation (GDPR) Achieving compliance

Data Breach Notification Policy

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Information Security Controls Policy

Element Finance Solutions Ltd Data Protection Policy

Cybersecurity The Evolving Landscape

General Data Protection Regulation (GDPR)

Cyber Insurance: What is your bank doing to manage risk? presented by

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Creative Funding Solutions Limited Data Protection Policy

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Business continuity management and cyber resiliency

A Homeopath Registered Homeopath

How the GDPR will impact your software delivery processes

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

GDPR- the new General Data Protection Regulations. Staff PDM- 2 nd May 2018

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Guide to Cyber Security Compliance with GDPR

Data Protection Policy

The GDPR Are you ready?

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Embedding GDPR into the SDLC

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

The GDPR toolkit. How to guide for Executive Committees. Version March 2018

A practical guide to IT security

HIPAA & Privacy Compliance Update

Clyst Vale Community College Data Breach Policy

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

GDPR compliance: some basics & practical to do list

EXAM PREPARATION GUIDE

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Requirements for a Managed System

Cyber Security Issues

ISE North America Leadership Summit and Awards

Electronic Communication of Personal Health Information

Data Warehouse Risk Assessment (GDPR)

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

PS Mailing Services Ltd Data Protection Policy May 2018

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

Cybersecurity and Nonprofit

Update on HIPAA Administration and Enforcement. Marissa Gordon-Nguyen, JD, MPH October 7, 2016

The Role of the Data Protection Officer

SCHOOL SUPPLIERS. What schools should be asking!

National College for High Speed Rail DATA BREACH NOTIFICATION PROCEDURE

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Red Flags/Identity Theft Prevention Policy: Purpose

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

GDPR Compliance. Clauses

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

Knowing and Implementing the GDPR Part 3

Florida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government

Breach Notification Form

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

Islam21c.com Data Protection and Privacy Policy

GDPR: A QUICK OVERVIEW

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

INFORMATION ASSET MANAGEMENT POLICY

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Cyber Protections: First Step, Risk Assessment

Cyber-Threats and Countermeasures in Financial Sector

Privacy Implications Guide. for. the CIS Critical Security Controls (Version 6)

Information Governance Incident Reporting Policy

IT Risk: Are You Prepared?

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

PCI Compliance. What is it? Who uses it? Why is it important?

The Data Breach: How to Stay Defensible Before, During & After the Incident

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Putting It All Together:

GDPR - Are you ready?

Data Protection Policy

Stopsley Community Primary School. Data Breach Policy

Building Trust in the Cloud Era - Protect, Respect Personal Data

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM

HIPAA Audit Don t just bet the odds Good luck is a residue of preparation. Jack Youngblood

INFORMATION SECURITY POLICY

ADMA Briefing Summary March

Cyber fraud and its impact on the NHS: How organisations can manage the risk

Cyber Risks in the Boardroom Conference

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

GDPR COMPLIANCE REPORT

June 2 nd, 2016 Security Awareness

LCU Privacy Breach Response Plan

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Checklist: Credit Union Information Security and Privacy Policies

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

Data Breaches and the EU GDPR

Securing Your Most Sensitive Data

NEN The Education Network

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Cybersecurity Considerations for GDPR

FileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved

Cybersecurity in Higher Ed

PTLGateway Data Breach Policy

Transcription:

Unified Communications Phase 2 Presentation to IT Services Users Group Wednesday 2 nd May 2018 Dr. Geoff Bradley, Head of Academic Services & IT Operations / UC2 Project Sponsor Sara McAneney, Information Security Manager / UC2 Project Manager Introduction What is the Unified Communications Phase 2 project? Why are we implementing this project? Cyber security / risk GDPR compliance requirements Review of existing communication & collaboration services Open Scholarship (Science) Research Data Management What impact will it have on staff? New services, training, work practices Implementation Timelines Unified Communications Phase 3 Trinity College Dublin, The University of Dublin 2 1

What is Unified Communications Phase 2 Project? Providing Secure Storage & Collaboration Services for Trinity Data Trinity College Dublin, The University of Dublin 3 Why are we doing this? External Cyber Security Audit BDO 2016 Significant Security Breach April 2017 Evolving Cyber Threats Ransomware WannaCry May 2017 GDPR Compliance May 2018 Service Gap Data Storage and Collaboration Trinity College Dublin, The University of Dublin 4 2

Known Cyber Security Risks impacting the University Malware, viruses and Ransomware Phishing and email fraud Weak Access control methods Low levels of Cyber Security Awareness/skills among users Unencrypted Computers tablets, phones Compromise (Hacking) of IT Services managed Business systems Compromise (Hacking) of other Internet available business systems Ad-hoc use of cloud computing environments Non-compliance with cyber security requirements of GDPR Use of insecure personal devices tablets phones etc Trinity College Dublin, The University of Dublin 5 Phishing Threat Trinity College Dublin, The University of Dublin 6 3

Phishing Threat Financial fraud Identify Fraud Theft of Research Data, Intellectual Property Malicious Damage Loss of Data Unauthorised Disclosure of Personal Data Trinity College Dublin, The University of Dublin 7 Phishing Simulations Number of phishing emails sent: 6026 Recipients who opened the email: 902 Recipients who opened the attachment & enabled macros: 52 Trinity College Dublin, The University of Dublin 8 4

Phishing Training An Ongoing Challenge Trinity College Dublin, The University of Dublin 9 A Snapshot of GDPR Principles Lawful Processing Purpose Limitation Transparency Consent Retention Minimisation Sensitive personal data Children s data New & Enhanced Rights Transparency & Notification Access Erasure Rectification Portability Profiling Automated decisions Responsibilities Data Processors Data Transfers Data Breach Reports Data Protection by Design DPIAs DPO Penalties Trinity College Dublin, The University of Dublin 10 5

GDPR Risks to the University Risk Litigation by one or more individuals against the University resulting in professional fees, legal costs, compensation Enforcement action by the Data Protection Commissioner (DPC) resulting in staff costs, consultancy costs, professional fees, remediation costs, reputational damage Audit and investigation by DPC resulting in staff costs, consultancy costs, professional fees, remediation costs, reputational damage Likely Litigation due to breach of contract with a data controller resulting in professional fees, legal costs, compensation, reputational damage Administrative fines (capped @ 1m* per incident, 20m for subsidiaries) Likelihood Impact 5 4 20 4 4 16 4 3 12 3 4 12 3 4 12 Weight Trinity College Dublin, The University of Dublin 11 GDPR Keep Personal Data Safe and Secure Impact on staff s day-to-day IT computing practices Secure Computing Devices Workstations, Laptops, Tablets, Phones Emphasis on encryption Drive, USB, File Secure Storage Local/Cloud Data Security by Design and Default Data Privacy Impact Assessments Due Diligence for Third Party Data Processors Secure Business Information Systems DPIA, due diligence, compliant contracts Improved Education and Awareness Trinity College Dublin, The University of Dublin 12 6

Review of Data Management Services IT Services 2017 review of data storage services Academic and Administrative areas involved Identified lack of available supported Storage Services Reviewed available Microsoft Product Suite Concluded Microsoft SharePoint and Teams would be a good solution for storage of range of Academic, administrative and research data Observed widescale usage of free Dropbox (not GDPR complaint) Trinity College Dublin, The University of Dublin 13 Open Scholarship (Science) / H2020 / FP9 / HRB Inform / Impact: Dissemination of research data H2020 Programme: Guidelines on Open Access to Scientific Publications and Research Data in Horizon 2020; http://ec.europa.eu/research/participants/data/ref/h2020/grants_manual/hi/oa_pilot/h2020-hi-oa-pilot-guide_en.pdf Trinity College Dublin, The University of Dublin 14 7

UC2 - Providing Secure Storage & Collaboration Services for Trinity Data UC Phase 2 - Project Deliverables Providing Secure Storage & Collaboration Services for Trinity Data Trinity College Dublin, The University of Dublin 16 8

Two Step Verification for Email Trinity College Dublin, The University of Dublin 17 Secure Document Storage & Collaboration Services Trinity College Dublin, The University of Dublin 18 9

Supported Device & File Encryption Products Full Disk encryption A must for data collectors in the field File/folder encryption A must for data transfers e.g. from the field back to HQ - by email, or portable media such as USB drives Trinity College Dublin, The University of Dublin 19 Firewall and Load balancer Enhancements Configuration of new technology to detect and mitigate threats to the University network. Provision of new Security reporting for business applications to detect and mitigate threats Trinity College Dublin, The University of Dublin 20 10

Training & Compliance Trinity College Dublin, The University of Dublin 21 Timelines Trinity College Dublin, The University of Dublin 22 11

Unified Communications Phase 3 Unified Communications rolling programme of work Next Phase UC Phase 3, potential deliverables Services for students (PhD, MSc by research, ) Potential migration of students to Office 365 Identity & Two Step Verification for Students Advanced Threat Prevention Data Loss Prevention services Device Management Services Additional Research Data Management services Additional Training & Support Trinity College Dublin, The University of Dublin 23 Questions? 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback