SlideShare une entreprise Scribd logo

Data Security Regulatory Lansdcape

Brian Bauer
Brian Bauer

An overview of security and privacy landscape

TechnologieBusiness
1  sur  82
Télécharger pour lire hors ligne
brian bauer
Before we begin If you learn what's in this presentation You will .........
... spend LESS time preparing for test (IAPP, CISA, CGEIT, etc.)
... have interesting material to impress your friends
Learn the difference between real risk and just plain fun
Get a keener perspective of Operational Risk , which is Risk without Reward
Let's get started !
Sources Achieving Data Privacy in the Enterprise, Safenet Derek Tumulak, April 8, 2010 Regulatory Information Architecture, Steven Alder, IBM, 2010 The source of much of my research, Sue Hammer, IBM, 2010 California Data Privacy Laws: Is Compliance Good Enough?, Lumension, Chris Merritt, May 2010 Privacy Law & Financial Advisors, Proskauer, Brendon M. Tavelli, Nov 20, 2009 Medical Records on the Run: Protecting Patient Data with Device Control and Encryption, Sept 2009 2010 Data Breach Report, Verizon Five Countries: Cost of Data Breach Sponsored by PGP Corporation, Dr. Larry Ponemon, April 19, 2010 How secure is your confidential data?, By Alastair MacWillson, ACCENTURE The Leaking Vault, Five Years of Data Breaches, Suzanne Widup, Digital Forensics, July 2010 Top 10 Big Brother Companies: Ranking the Worst Consumer Privacy Infringers, Focus Editors First Annual Cost of Cyber Crime Study, Ponemon, July 2010 States failing to secure personal data, By Kavan Peterson, Stateline.org National Archives & Records Administration in Washington 2010 Annual Identity Protection Services Scorecard, Javelin Strategy & Research A New Era of Compliance - Raising the Bar for Organizations Worldwide, RSA, Oct12, 2010 Evolve or Die, Bunger & Robertson, 2010 Compliance With Clouds: Caveat Emptor, by Chenxi Wang, Ph.D. , August 26, 2010 Obscured by Clouds, Ross Cooney, 2010 Digital Trust in the Cloud, Liquid Security in Cloudy Places, CSC, 2010 Making Data Governance as simple as possible, but not simpler, Dalton Servo
Let me be crystal clear, Brian is NOT a lawyer DISCLAIMER
All Business is Regulated DECLARATION
My FOCUS On the globe but US Centric You are here DISCLAIMER
What's Inside ? Erosion in Trust Industry Customer Regulator Futures
Business is concerned with RISK Risk from Regulation, Organized Crime, Reduced Staffing, Sloppy Performance, Lack of Training, New Technologies, and even ... Clients/Customers ... is creating an EROSION in TRUST!
Top Business Concern Financial Times
New Motivations E&Y 2010
Geography Implications The Economist Intelligence Unit
Loss of data is one of the biggest regulator concerns Loss, theft, mistakes, under protected, ... ... a Breach of Trust – Over 500,000,000 U.S. records since 2005
90% from external sources 48% insider help 85% from organized criminals 94% targeted financial data or sector 98% of records stolen produced by hack 96% of Trojans found were: "Crimeware-as-a-Service."
We can do better 96% avoidable by simple controls 86% had evidence in log files 66% on devices NOT aware contain SPI 5% loss to shareholders after breach 43% higher breach cost in U.S.
Financial Service providers have a 39% confidence factor for their ability to protect your data from Insider Threats vs. 71% for External Threats Deloitte – 2010 Financial Services Global Security Study – the faceless threat
A reputation is easy to lose, not so easy to recover - 60% of companies that lose their data will shut down within 6 months of the disaster. - 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster. - 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately.
What can business do? Restrict and monitor privileged users Watch for 'Minor' Policy Violations Implement Measures to Thwart Stolen Credentials Monitor and Filter Outbound Traffic Change Your Approach to Event Monitoring and Log Analysis Share Incident Information
What is the Customer's view? ...what is causing this Erosion of Trust
Identity Theft #1 Consumer Complaint - FTC 10M Victims in the U.S. $5K loss per business, $50B total $500 loss per victim, $5B total 30 hours to recovery, 297M hours all numbers are approximate or rounded up
What's on your mind?
Riskiest places for SSN# Universities and colleges Banking and financial institutions Hospitals State governments Local government Federal government Medical (supply) businesses Non-profit organizations Technology companies Health insurers and medical offices Symantec – Nov, 2010
45% of businesses disagree to customer data control 47% of businesses disagree the customer has a right to control 50% of businesses did not see need to limit distribution of PII >50% of customers believe they have a right to control their data Trust Me – I'm lying? 1 There is a notable difference between organizations’ intentions regarding data privacy and how they actually protect it. North Carolina attempting to get 50M records from Amazon on citizens
<-Diverse Deliberate-> Accountability – who's is looking out for me? 2 A majority (58%) of companies have lost sensitive personal information... Insider involved in over 48% of data breaches
3 Regulatory compliance – No confidence they can keep pace Many organizations believe complying with existing regulations is sufficient to protect their data.
What do these companies have in common?
1 Top 10 Big Brother Companies Ranking the Worst Consumer Privacy Infringers, Focus Editors
48% of breaches caused by insiders 48% involved privileged misuse 61% were discovered by a 3rd party Third parties – you sent my data to who? 4 Companies should be careful about the company they keep. It is crucial they understand the perspective on and approach to data protection and privacy taken by their third-party partners.
5 Culture Companies that exhibit a “culture of caring” with respect to data protection and privacy are far less likely to experience security breaches.
How to reverse the spin? Build a Data Protection and Privacy Strategy Assign ownership Develop comprehensive governance program Evaluate data protection and privacy technologies Build a culture Reexamine investments Choose business partners with care
You own some of this – Giving away your PRIVACY Google Social networking RFID tags/loyalty cards The Patriot Act GPS The Kindle
Regulator View
Privacy Which comes 1st? Breach Data Notification Protection
Protect the consumer Punish the breach If the Carrot isn't working Promote compliance it's time to ....
U.S. Breach Notification Laws 46 States, the District of Columbia, Puerto Rico and the Virgin Islands States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota .http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBreachNotificationLaws/tabid/13489/Default.aspx
Data Breach Laws go Global
The carrot is now ...avoid the paddle! NERC - North American Electric Reliability Corporation
Current Regulator Take Focus Reasonable Measures Risk Breach Based Prevention Approach Data Centric
Do the Regulators have to follow Regulations ?
The “Rules” of Rulemaking – Kings have rules Regulatory agencies create regulations according to rules and processes defined by another law known as the Administration Procedure Act (APA). The APA defines a "rule" or "regulation" as... ”[T]he whole or a part of an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or describing the organization, procedure, or practice requirements of an agency. The APA defines “rulemaking” as… “[A]gency action which regulates the future conduct of either groups of persons or a single person; it is essentially legislative in nature, not only because it operates in the future but because it is primarily concerned with policy considerations.” Under the APA, the agencies must publish all proposed new regulations in the Federal Register at least 30 days before they take effect, and they must provide a way for interested parties to comment, offer amendments, or to object to the regulation. Once a regulation takes effect, it becomes a "final rule" and is printed in the Federal Register, the Code of Federal Regulations (CFR) and usually posted on the Web site of the regulatory agency. (c)Tomo.Yun (www.yunphoto.net/en/)"
What should be our Focus?
Embrace risk-based compliance
Establish an enterprise controls framework
Set/adjust threshold for controls for "reasonable and appropriate" security
Streamline and automate compliance processes (GRC)
Fortify third-party risk management
Unify the compliance and business agendas
Educate and influence regulators and standards bodies
So ... Regulators Where are they headed? What's their next target?
Current... and foreseeable future Regulator Take Focus Reasonable Measures Risk Breach Based Prevention Approach Data Centric Redux
Cloud Computing
Privacy or data protection concerns make Clouds risky for Regulated data
Lack of Visibility
Who do you trust?
Security & Compliance Risk
Requires Risk Based Analysis FedRamp - Proposed Security Assessment and Authorization for U.S. Government Cloud Computing, Nov 2, 2010
Social Media
81% of Senior Executives rate their knowledge of laws regulating online activity as non-existent
Business Investigations of data loss via social media: 18% by video/audio 17% by social networking 13% by blog posting
Quick tip Offline laws apply online
copyright trademark fraud contract trade secrets theft/conversion identity theft privacy laws torts crimes statutory laws sexual harassment discrimination negligence defamation ...
More Regulator Activity & more to Come 45 states have enacted anti-bullying laws - http://www.bullypolice.org/ Without: Hawaii, South Dakota, Michigan, New York, Montana, North Dakota and Missouri (SEC), and (FINRA), issued guidance on use of social media sites Securities and Exchange Commission, Financial Industry Regulatory Authority UK (ASA), issued guidance on social media marketing Advertising Standard Authority FTC, Final Guides governing social media endorsements Federal Trade Commission Maryland leads the way in social media campaign regulations CA – (FPPC), “regulate the same as traditional media” Fair Political Practices Commission
Future Regulatory Focus Amateur Data Controllers Right to not be over-regulated Right to demand co-operation Privacy Policies Right to be better informed Right to be forgotten Right to have policies monitored Right to Data Portability End of online anonymity Processing of data by 3rd parties Duties for data controllers Behavioral advertising Right to opt-in vs. have to opt-out The rights of minors
Where is this all headed? For us? For our clients?
Manage (Govern) the Data
What is Data Governance? An operating discipline for managing data and information as a key enterprise assets Organization, processes and tools for establishing and exercising decision rights regarding valuation and management of data Elements of data governance Decision making authority Compliance Policies and standards Data inventories Full life-cycle management Content management Records management, Preservation and disposal Data quality Data classification Data security and access Data risk management Data valuation
Where does (Data Governance) fit?
Data Governance is the weakest link
Bitmap83 Why is Data Governance important? Regulator shift OLD NEW Principles Rule Based Based UK FSA, has proposed a “Data Accuracy Scorecard” Financial Services Authority Regulators will punish inadequate Data Governance Breach Notification laws create demand to govern data
Ensure that the Right People have the Right Access to the Right Data Restore doing the Right Things Trust Efficiently and Productively
Future Bottom Line Regulations will be MORE : Prescriptive Prohibitive & Penalizing
Questions
BACKUP – this is backup
Laws & Regulations • Data Protection Act • Gambling Act 2005 • Protection from Harassment Act 1997 • Racial, sexual and age discrimination legislation • Obscenity Publications Act 1959 • “…obscene if it is intended to corrupt or deprave persons exposed to it” Laws & Regulations • The Terrorism Acts 2000 & 2006 • Money Laundering Regulations • CAP Codes & the ASA • Transparency and Honesty • Careful with trans-national campaigns • Consumer Protection from Unfair Commercial Practices Regulations 2008 (CPR’s) • Contempt of Court
High-level International Overview • New Basel Capital Accord (Basel-II) • Payment Card Industry Data Security Standard (PCI-DSS) • Society for Worldwide Interback Funds Transfer (SWIFT) • Personal Information Protection Act (PIPA) – Canada • Personal Information and Electronic Documents Act (PIPEDA) – Canada • Personal Information Privacy Act (JPIPA) – Japan • SafeSecure ISP – Japan • Federal Consumer Protection Code, E-Commerce Act – Mexico • Privacy and Electronic Communications (EC Directive) Regulations 2003 • Directive 95/46/EC Directive on Privacy and Electronic Communications – European Union • Central Information System Security Division (DCSSI) Encryption – France • Federal Data Protection Act (FDPA - Bundesdatenschutzgesetz - BDSG) of 2001 – Germany • Privacy Protection Act (PPA) of Schleswig-Holstein of 2000 – Germany • US Department of Commerce “Safe Harbor”
Relevant Laws and Regulations • Sarbanes-Oxley Act • Federal Trade Commission (FTC) • PCAOB Rel. 2004-001 Audit Section • CC1798 (SB1386) • SAS94 • Federal Information Security Management Act • Fair Credit Reporting Act (FCRA) (FISMA) • AICPA Suitability Trust Services Criteria • USA PATRIOT • SEC CFR 17: 240.15d-15 Controls and • Community Choice Aggregation (CCA) Procedures • Federal Information System Controls Audit • NASD/NYSE 240.17Ad-7 Transfer Agent Manual (FISCAM) Record Retention • General Accounting Office (GAO) • GLBA (15 USC Sec 6801-6809) 16 CFR 314 • FDA 510(k) • Appendix: 12 CFR 30, 208, 225, 364 & 570 • Federal Energy Regulatory Commission (FERC) • Federal Financial Institutions Examination • Nuclear Regulatory Commission (NRC) 10CFR Council (FFIEC) Information Security Part 95 • FFIEC Business Continuity Planning • Critical Energy Infrastructure Information (CEII) • FFIEC Audit • Communications Assistance for Law • FFIEC Operations Enforcement Act (CALEA) • Health Insurance Portability and Accountability • Digital Millennium Copyright Act (DMCA) Act (HIPAA) § 164 • Business Software Alliance (BSA) • 21 CFR Part 11 – FDA Regulation of Electronic • New Basel Capital Accord (Basel-II) Records and Electronic Signatures • Customs-Trade Partnership Against Terrorism • Payment Card Industry Data Security Standard (C-TPAT) (PCI-DSS) • Video Privacy Protection Act of 1988 (codified at 18 U.S.C. § 2710 (2002))
US Federal Privacy Laws and US Federal Breach Laws (USA is a member, OECD and a member, CPEA. The US has also ratified CE ETS 185) 1. Children’s Online Privacy Protection Act (COPPA) 1. Federal Trade Commission's Final COPPA Rule (PDF) 2. Communications Assistance for Law Enforcement Act (CALEA) 3. Depart of Defense Directive 5400.11.R - Privacy Program (May 14, 2007 edition) (PDF) 1. Defense Privacy Office 4. Electronic Communications Privacy Act (ECPA) 5. Fair Credit Reporting Act (FCRA, PDF) 1. As Amended by the Fair and Accurate Credit Transactions Act of 2003 (FACT) 2. Federal Trade Commission's Red Flag Rule (PDF) (DELAYED UNTIL NOVEMBER 1st 2009) 6. Family Educational Rights and Privacy Act (FERPA, The Buckley Amendment) 1. US Department of Education Final Rule (PDF) 2. Protection of Pupil Rights Amendment (PPRA) 3. No Child Left Behind Act (PDF) 7. Genetic Information Nondiscrimination Act 2008 (GINA, PDF) 1. Proposed rule making genetic information covered under PII, HIPAA, and HITECH (PDF) 8. Gramm-Leach-Bliley Act (GLBA) 1. Federal Trade Commission's Final Financial Privacy Rule (PDF) 2. Federal Trade Commission's Final Safeguards Rule (PDF) 9. Health Insurance Portability and Accountability Act (HIPAA, PDF) 10. HITECH Act (Notice: I could not find it consolidated and called out anywhere, so had to create it myself, PDF) 1. HITECH Breach Notification Guidance and Request for Public Comment (From the US Department of Health and Human Services, PDF) 11. Federal Trade Commission's Health Breach Notification FINAL Rule (PDF) 12. Safe Harbor Guidelines from the US Department of Commerce

Recommandé

Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
BEA Presentation
BEA PresentationBEA Presentation
BEA PresentationGlenn E. Davis
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 

Recommandé

Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory ComplianceLifeline Data Centers
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
BEA Presentation
BEA PresentationBEA Presentation
BEA PresentationGlenn E. Davis
 
Data Breaches
Data BreachesData Breaches
Data Breachessstose
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudPaige Rasid
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyDonny Shimamoto
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Viajes diferentes
Viajes diferentesViajes diferentes
Viajes diferentesBookaris
 
Hotel Villaitana Wellnes Golf & Business Sun****
Hotel Villaitana Wellnes Golf & Business Sun****Hotel Villaitana Wellnes Golf & Business Sun****
Hotel Villaitana Wellnes Golf & Business Sun****Bookaris
 

Contenu connexe

Tendances

Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance TempRohan Sehgal
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudPaige Rasid
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyDonny Shimamoto
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)KP Naidu
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 

Tendances (20)

Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)Managing Personally Identifiable Information (PII)
Managing Personally Identifiable Information (PII)
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jackson
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 

En vedette

Viajes diferentes
Viajes diferentesViajes diferentes
Viajes diferentesBookaris
 
Hotel Villaitana Wellnes Golf & Business Sun****
Hotel Villaitana Wellnes Golf & Business Sun****Hotel Villaitana Wellnes Golf & Business Sun****
Hotel Villaitana Wellnes Golf & Business Sun****Bookaris
 
The Short Sale Process For Homeowner
The Short Sale Process For Homeowner The Short Sale Process For Homeowner
The Short Sale Process For Homeowner Deirdre Vanko
 
Colores Del Mundo
Colores Del MundoColores Del Mundo
Colores Del MundoBookaris
 
Shortsales Power Point 1
Shortsales Power Point 1Shortsales Power Point 1
Shortsales Power Point 1BrokerDave
 

En vedette (7)

Viajes diferentes
Viajes diferentesViajes diferentes
Viajes diferentes
 
Hotel Villaitana Wellnes Golf & Business Sun****
Hotel Villaitana Wellnes Golf & Business Sun****Hotel Villaitana Wellnes Golf & Business Sun****
Hotel Villaitana Wellnes Golf & Business Sun****
 
The Short Sale Process For Homeowner
The Short Sale Process For Homeowner The Short Sale Process For Homeowner
The Short Sale Process For Homeowner
 
Colores Del Mundo
Colores Del MundoColores Del Mundo
Colores Del Mundo
 
Amsterdam
AmsterdamAmsterdam
Amsterdam
 
Shortsales Power Point 1
Shortsales Power Point 1Shortsales Power Point 1
Shortsales Power Point 1
 
Japon
JaponJapon
Japon
 

Similaire à Data Security Regulatory Lansdcape

wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industryNumaan Huq
 
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to WasteIAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to WasteDave Steer
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls PresentationBill Lisse
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
Prepare For Breaches Like a Pro
Prepare For Breaches Like a ProPrepare For Breaches Like a Pro
Prepare For Breaches Like a ProResilient Systems
 
A Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessA Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessParsons Behle & Latimer
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Druva
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskJohn Loveland
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowThe Capital Network
 

Similaire à Data Security Regulatory Lansdcape (20)

wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
Breached! The First 48
Breached! The First 48Breached! The First 48
Breached! The First 48
 
Accounting
AccountingAccounting
Accounting
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
IAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to WasteIAPP - Trust is Terrible Thing to Waste
IAPP - Trust is Terrible Thing to Waste
 
Data breaches at home and abroad
Data breaches at home and abroad Data breaches at home and abroad
Data breaches at home and abroad
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
IT Controls Presentation
IT Controls PresentationIT Controls Presentation
IT Controls Presentation
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
Prepare For Breaches Like a Pro
Prepare For Breaches Like a ProPrepare For Breaches Like a Pro
Prepare For Breaches Like a Pro
 
A Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for BusinessA Primer on U.S. Privacy and Security Law for Business
A Primer on U.S. Privacy and Security Law for Business
 
Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?Where In The World Is Your Sensitive Data?
Where In The World Is Your Sensitive Data?
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info Risk
 
Privacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to KnowPrivacy and Information Security: What Every New Business Needs to Know
Privacy and Information Security: What Every New Business Needs to Know
 

Dernier

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Dernier (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Data Security Regulatory Lansdcape

  • 2. Before we begin If you learn what's in this presentation You will .........
  • 3. ... spend LESS time preparing for test (IAPP, CISA, CGEIT, etc.)
  • 4. ... have interesting material to impress your friends
  • 5. Learn the difference between real risk and just plain fun
  • 6. Get a keener perspective of Operational Risk , which is Risk without Reward
  • 8. Sources Achieving Data Privacy in the Enterprise, Safenet Derek Tumulak, April 8, 2010 Regulatory Information Architecture, Steven Alder, IBM, 2010 The source of much of my research, Sue Hammer, IBM, 2010 California Data Privacy Laws: Is Compliance Good Enough?, Lumension, Chris Merritt, May 2010 Privacy Law & Financial Advisors, Proskauer, Brendon M. Tavelli, Nov 20, 2009 Medical Records on the Run: Protecting Patient Data with Device Control and Encryption, Sept 2009 2010 Data Breach Report, Verizon Five Countries: Cost of Data Breach Sponsored by PGP Corporation, Dr. Larry Ponemon, April 19, 2010 How secure is your confidential data?, By Alastair MacWillson, ACCENTURE The Leaking Vault, Five Years of Data Breaches, Suzanne Widup, Digital Forensics, July 2010 Top 10 Big Brother Companies: Ranking the Worst Consumer Privacy Infringers, Focus Editors First Annual Cost of Cyber Crime Study, Ponemon, July 2010 States failing to secure personal data, By Kavan Peterson, Stateline.org National Archives & Records Administration in Washington 2010 Annual Identity Protection Services Scorecard, Javelin Strategy & Research A New Era of Compliance - Raising the Bar for Organizations Worldwide, RSA, Oct12, 2010 Evolve or Die, Bunger & Robertson, 2010 Compliance With Clouds: Caveat Emptor, by Chenxi Wang, Ph.D. , August 26, 2010 Obscured by Clouds, Ross Cooney, 2010 Digital Trust in the Cloud, Liquid Security in Cloudy Places, CSC, 2010 Making Data Governance as simple as possible, but not simpler, Dalton Servo
  • 9. Let me be crystal clear, Brian is NOT a lawyer DISCLAIMER
  • 11. My FOCUS On the globe but US Centric You are here DISCLAIMER
  • 12. What's Inside ? Erosion in Trust Industry Customer Regulator Futures
  • 13. Business is concerned with RISK Risk from Regulation, Organized Crime, Reduced Staffing, Sloppy Performance, Lack of Training, New Technologies, and even ... Clients/Customers ... is creating an EROSION in TRUST!
  • 14. Top Business Concern Financial Times
  • 15. New Motivations E&Y 2010
  • 17. Loss of data is one of the biggest regulator concerns Loss, theft, mistakes, under protected, ... ... a Breach of Trust – Over 500,000,000 U.S. records since 2005
  • 18. 90% from external sources 48% insider help 85% from organized criminals 94% targeted financial data or sector 98% of records stolen produced by hack 96% of Trojans found were: "Crimeware-as-a-Service."
  • 19. We can do better 96% avoidable by simple controls 86% had evidence in log files 66% on devices NOT aware contain SPI 5% loss to shareholders after breach 43% higher breach cost in U.S.
  • 20. Financial Service providers have a 39% confidence factor for their ability to protect your data from Insider Threats vs. 71% for External Threats Deloitte – 2010 Financial Services Global Security Study – the faceless threat
  • 21. A reputation is easy to lose, not so easy to recover - 60% of companies that lose their data will shut down within 6 months of the disaster. - 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year of the disaster. - 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately.
  • 22. What can business do? Restrict and monitor privileged users Watch for 'Minor' Policy Violations Implement Measures to Thwart Stolen Credentials Monitor and Filter Outbound Traffic Change Your Approach to Event Monitoring and Log Analysis Share Incident Information
  • 23. What is the Customer's view? ...what is causing this Erosion of Trust
  • 24. Identity Theft #1 Consumer Complaint - FTC 10M Victims in the U.S. $5K loss per business, $50B total $500 loss per victim, $5B total 30 hours to recovery, 297M hours all numbers are approximate or rounded up
  • 25. What's on your mind?
  • 26. Riskiest places for SSN# Universities and colleges Banking and financial institutions Hospitals State governments Local government Federal government Medical (supply) businesses Non-profit organizations Technology companies Health insurers and medical offices Symantec – Nov, 2010
  • 27. 45% of businesses disagree to customer data control 47% of businesses disagree the customer has a right to control 50% of businesses did not see need to limit distribution of PII >50% of customers believe they have a right to control their data Trust Me – I'm lying? 1 There is a notable difference between organizations’ intentions regarding data privacy and how they actually protect it. North Carolina attempting to get 50M records from Amazon on citizens
  • 28. <-Diverse Deliberate-> Accountability – who's is looking out for me? 2 A majority (58%) of companies have lost sensitive personal information... Insider involved in over 48% of data breaches
  • 29. 3 Regulatory compliance – No confidence they can keep pace Many organizations believe complying with existing regulations is sufficient to protect their data.
  • 30. What do these companies have in common?
  • 31. 1 Top 10 Big Brother Companies Ranking the Worst Consumer Privacy Infringers, Focus Editors
  • 32. 48% of breaches caused by insiders 48% involved privileged misuse 61% were discovered by a 3rd party Third parties – you sent my data to who? 4 Companies should be careful about the company they keep. It is crucial they understand the perspective on and approach to data protection and privacy taken by their third-party partners.
  • 33. 5 Culture Companies that exhibit a “culture of caring” with respect to data protection and privacy are far less likely to experience security breaches.
  • 34. How to reverse the spin? Build a Data Protection and Privacy Strategy Assign ownership Develop comprehensive governance program Evaluate data protection and privacy technologies Build a culture Reexamine investments Choose business partners with care
  • 35. You own some of this – Giving away your PRIVACY Google Social networking RFID tags/loyalty cards The Patriot Act GPS The Kindle
  • 37. Privacy Which comes 1st? Breach Data Notification Protection
  • 38. Protect the consumer Punish the breach If the Carrot isn't working Promote compliance it's time to ....
  • 39. U.S. Breach Notification Laws 46 States, the District of Columbia, Puerto Rico and the Virgin Islands States with no security breach law: Alabama, Kentucky, New Mexico, and South Dakota .http://www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnology/SecurityBreachNotificationLaws/tabid/13489/Default.aspx
  • 41. The carrot is now ...avoid the paddle! NERC - North American Electric Reliability Corporation
  • 42. Current Regulator Take Focus Reasonable Measures Risk Breach Based Prevention Approach Data Centric
  • 43. Do the Regulators have to follow Regulations ?
  • 44. The “Rules” of Rulemaking – Kings have rules Regulatory agencies create regulations according to rules and processes defined by another law known as the Administration Procedure Act (APA). The APA defines a "rule" or "regulation" as... ”[T]he whole or a part of an agency statement of general or particular applicability and future effect designed to implement, interpret, or prescribe law or policy or describing the organization, procedure, or practice requirements of an agency. The APA defines “rulemaking” as… “[A]gency action which regulates the future conduct of either groups of persons or a single person; it is essentially legislative in nature, not only because it operates in the future but because it is primarily concerned with policy considerations.” Under the APA, the agencies must publish all proposed new regulations in the Federal Register at least 30 days before they take effect, and they must provide a way for interested parties to comment, offer amendments, or to object to the regulation. Once a regulation takes effect, it becomes a "final rule" and is printed in the Federal Register, the Code of Federal Regulations (CFR) and usually posted on the Web site of the regulatory agency. (c)Tomo.Yun (www.yunphoto.net/en/)"
  • 45. What should be our Focus?
  • 48. Set/adjust threshold for controls for "reasonable and appropriate" security
  • 51. Unify the compliance and business agendas
  • 52. Educate and influence regulators and standards bodies
  • 53. So ... Regulators Where are they headed? What's their next target?
  • 54. Current... and foreseeable future Regulator Take Focus Reasonable Measures Risk Breach Based Prevention Approach Data Centric Redux
  • 56. Privacy or data protection concerns make Clouds risky for Regulated data
  • 58. Who do you trust?
  • 60. Requires Risk Based Analysis FedRamp - Proposed Security Assessment and Authorization for U.S. Government Cloud Computing, Nov 2, 2010
  • 62.
  • 63. 81% of Senior Executives rate their knowledge of laws regulating online activity as non-existent
  • 64. Business Investigations of data loss via social media: 18% by video/audio 17% by social networking 13% by blog posting
  • 65. Quick tip Offline laws apply online
  • 66. copyright trademark fraud contract trade secrets theft/conversion identity theft privacy laws torts crimes statutory laws sexual harassment discrimination negligence defamation ...
  • 67. More Regulator Activity & more to Come 45 states have enacted anti-bullying laws - http://www.bullypolice.org/ Without: Hawaii, South Dakota, Michigan, New York, Montana, North Dakota and Missouri (SEC), and (FINRA), issued guidance on use of social media sites Securities and Exchange Commission, Financial Industry Regulatory Authority UK (ASA), issued guidance on social media marketing Advertising Standard Authority FTC, Final Guides governing social media endorsements Federal Trade Commission Maryland leads the way in social media campaign regulations CA – (FPPC), “regulate the same as traditional media” Fair Political Practices Commission
  • 68. Future Regulatory Focus Amateur Data Controllers Right to not be over-regulated Right to demand co-operation Privacy Policies Right to be better informed Right to be forgotten Right to have policies monitored Right to Data Portability End of online anonymity Processing of data by 3rd parties Duties for data controllers Behavioral advertising Right to opt-in vs. have to opt-out The rights of minors
  • 69. Where is this all headed? For us? For our clients?
  • 71. What is Data Governance? An operating discipline for managing data and information as a key enterprise assets Organization, processes and tools for establishing and exercising decision rights regarding valuation and management of data Elements of data governance Decision making authority Compliance Policies and standards Data inventories Full life-cycle management Content management Records management, Preservation and disposal Data quality Data classification Data security and access Data risk management Data valuation
  • 72. Where does (Data Governance) fit?
  • 73. Data Governance is the weakest link
  • 74. Bitmap83 Why is Data Governance important? Regulator shift OLD NEW Principles Rule Based Based UK FSA, has proposed a “Data Accuracy Scorecard” Financial Services Authority Regulators will punish inadequate Data Governance Breach Notification laws create demand to govern data
  • 75. Ensure that the Right People have the Right Access to the Right Data Restore doing the Right Things Trust Efficiently and Productively
  • 76. Future Bottom Line Regulations will be MORE : Prescriptive Prohibitive & Penalizing
  • 78. BACKUP – this is backup
  • 79. Laws & Regulations • Data Protection Act • Gambling Act 2005 • Protection from Harassment Act 1997 • Racial, sexual and age discrimination legislation • Obscenity Publications Act 1959 • “…obscene if it is intended to corrupt or deprave persons exposed to it” Laws & Regulations • The Terrorism Acts 2000 & 2006 • Money Laundering Regulations • CAP Codes & the ASA • Transparency and Honesty • Careful with trans-national campaigns • Consumer Protection from Unfair Commercial Practices Regulations 2008 (CPR’s) • Contempt of Court
  • 80. High-level International Overview • New Basel Capital Accord (Basel-II) • Payment Card Industry Data Security Standard (PCI-DSS) • Society for Worldwide Interback Funds Transfer (SWIFT) • Personal Information Protection Act (PIPA) – Canada • Personal Information and Electronic Documents Act (PIPEDA) – Canada • Personal Information Privacy Act (JPIPA) – Japan • SafeSecure ISP – Japan • Federal Consumer Protection Code, E-Commerce Act – Mexico • Privacy and Electronic Communications (EC Directive) Regulations 2003 • Directive 95/46/EC Directive on Privacy and Electronic Communications – European Union • Central Information System Security Division (DCSSI) Encryption – France • Federal Data Protection Act (FDPA - Bundesdatenschutzgesetz - BDSG) of 2001 – Germany • Privacy Protection Act (PPA) of Schleswig-Holstein of 2000 – Germany • US Department of Commerce “Safe Harbor”
  • 81. Relevant Laws and Regulations • Sarbanes-Oxley Act • Federal Trade Commission (FTC) • PCAOB Rel. 2004-001 Audit Section • CC1798 (SB1386) • SAS94 • Federal Information Security Management Act • Fair Credit Reporting Act (FCRA) (FISMA) • AICPA Suitability Trust Services Criteria • USA PATRIOT • SEC CFR 17: 240.15d-15 Controls and • Community Choice Aggregation (CCA) Procedures • Federal Information System Controls Audit • NASD/NYSE 240.17Ad-7 Transfer Agent Manual (FISCAM) Record Retention • General Accounting Office (GAO) • GLBA (15 USC Sec 6801-6809) 16 CFR 314 • FDA 510(k) • Appendix: 12 CFR 30, 208, 225, 364 & 570 • Federal Energy Regulatory Commission (FERC) • Federal Financial Institutions Examination • Nuclear Regulatory Commission (NRC) 10CFR Council (FFIEC) Information Security Part 95 • FFIEC Business Continuity Planning • Critical Energy Infrastructure Information (CEII) • FFIEC Audit • Communications Assistance for Law • FFIEC Operations Enforcement Act (CALEA) • Health Insurance Portability and Accountability • Digital Millennium Copyright Act (DMCA) Act (HIPAA) § 164 • Business Software Alliance (BSA) • 21 CFR Part 11 – FDA Regulation of Electronic • New Basel Capital Accord (Basel-II) Records and Electronic Signatures • Customs-Trade Partnership Against Terrorism • Payment Card Industry Data Security Standard (C-TPAT) (PCI-DSS) • Video Privacy Protection Act of 1988 (codified at 18 U.S.C. § 2710 (2002))
  • 82. US Federal Privacy Laws and US Federal Breach Laws (USA is a member, OECD and a member, CPEA. The US has also ratified CE ETS 185) 1. Children’s Online Privacy Protection Act (COPPA) 1. Federal Trade Commission's Final COPPA Rule (PDF) 2. Communications Assistance for Law Enforcement Act (CALEA) 3. Depart of Defense Directive 5400.11.R - Privacy Program (May 14, 2007 edition) (PDF) 1. Defense Privacy Office 4. Electronic Communications Privacy Act (ECPA) 5. Fair Credit Reporting Act (FCRA, PDF) 1. As Amended by the Fair and Accurate Credit Transactions Act of 2003 (FACT) 2. Federal Trade Commission's Red Flag Rule (PDF) (DELAYED UNTIL NOVEMBER 1st 2009) 6. Family Educational Rights and Privacy Act (FERPA, The Buckley Amendment) 1. US Department of Education Final Rule (PDF) 2. Protection of Pupil Rights Amendment (PPRA) 3. No Child Left Behind Act (PDF) 7. Genetic Information Nondiscrimination Act 2008 (GINA, PDF) 1. Proposed rule making genetic information covered under PII, HIPAA, and HITECH (PDF) 8. Gramm-Leach-Bliley Act (GLBA) 1. Federal Trade Commission's Final Financial Privacy Rule (PDF) 2. Federal Trade Commission's Final Safeguards Rule (PDF) 9. Health Insurance Portability and Accountability Act (HIPAA, PDF) 10. HITECH Act (Notice: I could not find it consolidated and called out anywhere, so had to create it myself, PDF) 1. HITECH Breach Notification Guidance and Request for Public Comment (From the US Department of Health and Human Services, PDF) 11. Federal Trade Commission's Health Breach Notification FINAL Rule (PDF) 12. Safe Harbor Guidelines from the US Department of Commerce