SlideShare une entreprise Scribd logo

Data Security Metricsa Value Based Approach

Flaskdata.io
Flaskdata.io

This document discusses data security metrics and a value-based approach. It introduces common objections to data security investments and argues that anything can be measured. It then outlines why metrics are important for data security and why quantifying risk is beneficial. The document describes typical data security metrics and provides an example of a quantitative risk model. Finally, it discusses measurement methods and how continuous improvement is important.

1  sur  16
Télécharger pour lire hors ligne
Data security metrics and a value based approach Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com www.controlpolicy.com
Why? “I don't need data security, we outsource our IT to one of the big banks” “It's never happened to us before” “You can't estimate asset value” “We encourage risk taking” “I don't take risks” True quotes from real people
Agenda • Introduction and welcome • What is data security? • Anything can be measured • Why metrics? • Why quantify risk? • Measurement methods • Continuous improvement • Questions and answers
Introduction • Our mission today – Tools to help make your work easier – Share ideas
What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms
Anything can be measured All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. Bertrand Russell
Data security metrics • Dimensions – organization, channel and content • Typical metrics – % of employees that signed the AUP – % Webmail traffic/all mail traffic – % Office files by Webmail/Employees – No. of revenue transactions – Cost of security for operational/revenue systems – Cost of security for customer service systems – Cost of security for FnA systems – Value of assets in Euro – Total value at risk of assets
Why do we need metrics? • Recognize this? The easy part of information security (running the appliance, discovering vulnerabilities, fixing things and producing reports) Ignores the hard stuff; quantification and Ignorance is never better than prioritization of your actions based on financial value of assets and knowledge measurement of threat impact Enrico Fermi
Why bother quantifying risk? • Why not qualitative metrics? When was the last time a customer paid a “qualitative price” ?
Quantitative risk model(*) Value at Risk Metrics =Threat Damage to Asset value, Asset x Asset Value x Threat damage to Threat Probability asset, Threat probability (*) PTA -Practical threat analysis risk model
Quantitative risk model benefits • Run security like you run your business – Quantify and prioritize actions in Euro/USD – Justify data security investments • Measure improvement – Reduced risk – Lower costs
Measurement methods • Hand sampling – Small samples of employees, routers... • The “Rule of 5” • Expert estimates – The CFO • Pros at asset valuation • Test equipment
Test equipment Management Provisioning Events Reporting Policies Data Document Forensics Warehouse Server Detection point Interception Received: from [172.16.1.35] Session Decoders (-80-230-224- Message Policies ID:<437C5FDE.9080> Countermeasures “Send me more files today.
Continuous improvement
Coming attractions • Sep 10: Selecting data security technology • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops
Learn more • Presentation materials and resources http://www.controlpolicy.com/data-security-workshops

Recommandé

M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
EQS Group
 
Fns Incident Management Powered By En Case
Fns Incident Management Powered By En CaseFns Incident Management Powered By En Case
Fns Incident Management Powered By En Case
tbeckwith
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Crew
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
TA security
TA securityTA security
TA security
kesavars
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
Martin Hingley
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 

Recommandé

M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
EQS Group
 
Fns Incident Management Powered By En Case
Fns Incident Management Powered By En CaseFns Incident Management Powered By En Case
Fns Incident Management Powered By En Case
tbeckwith
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
Matthew Rosenquist
 
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response ProgrammeRisk Factory: How to Implement an Effective Incident Response Programme
Risk Factory: How to Implement an Effective Incident Response Programme
Risk Crew
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
TA security
TA securityTA security
TA security
kesavars
 
The Datacenter Security Continuum
The Datacenter Security ContinuumThe Datacenter Security Continuum
The Datacenter Security Continuum
Martin Hingley
 
Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
Chinatu Uzuegbu
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
Chinatu Uzuegbu
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concerns
healthcareisi
 
The TTPs of hard hat incident response
The TTPs of hard hat incident responseThe TTPs of hard hat incident response
The TTPs of hard hat incident response
Hinne Hettema
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
Hinne Hettema
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
avioren1979
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
newbie2019
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
Digital Transformation EXPO Event Series
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
Security Innovation
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
Sarah Clarke
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Management
tschraider
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Sreejesh Madonandy
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC Complaince
JTLeekley
 
End User Brochure
End User BrochureEnd User Brochure
End User Brochure
proitsolutions
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
Barry Caplin
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
Alfred Ouyang
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
Clear Technologies
 
The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
Flaskdata.io
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
Flaskdata.io
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security Technology
Flaskdata.io
 

Contenu connexe

Tendances

Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concerns
healthcareisi
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
Security Innovation
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Management
tschraider
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
Clear Technologies
 

Tendances (19)

Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2Cyber Security Awareness Month 2017- Nugget2
Cyber Security Awareness Month 2017- Nugget2
 
Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3Cyber Security Awareness Month 2017-Nugget 3
Cyber Security Awareness Month 2017-Nugget 3
 
Data Protection Top Ten Concerns
Data Protection Top Ten ConcernsData Protection Top Ten Concerns
Data Protection Top Ten Concerns
 
The TTPs of hard hat incident response
The TTPs of hard hat incident responseThe TTPs of hard hat incident response
The TTPs of hard hat incident response
 
NZISF Talk: Six essential security services
NZISF Talk: Six essential security servicesNZISF Talk: Six essential security services
NZISF Talk: Six essential security services
 
Red team vs Penetration Testing
Red team vs Penetration TestingRed team vs Penetration Testing
Red team vs Penetration Testing
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
A case for Managed Detection and Response
A case for Managed Detection and ResponseA case for Managed Detection and Response
A case for Managed Detection and Response
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Information Secuirty Vulnerability Management
Information Secuirty Vulnerability ManagementInformation Secuirty Vulnerability Management
Information Secuirty Vulnerability Management
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
 
Remote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC ComplainceRemote Deposit Capture Risk Management & FFIEC Complaince
Remote Deposit Capture Risk Management & FFIEC Complaince
 
End User Brochure
End User BrochureEnd User Brochure
End User Brochure
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk Management
 
4 Operations Security
4 Operations Security4 Operations Security
4 Operations Security
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Dynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value SheetDynamic Log Analysis™ Business Value Sheet
Dynamic Log Analysis™ Business Value Sheet
 

En vedette

The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
Flaskdata.io
 

En vedette (7)

The Tao of GRC
The Tao of GRCThe Tao of GRC
The Tao of GRC
 
Data Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budgetData Security For SMB - Fly first class on a budget
Data Security For SMB - Fly first class on a budget
 
Selling Data Security Technology
Selling Data Security TechnologySelling Data Security Technology
Selling Data Security Technology
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
 
Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?Will Web 2.0 applications break the cloud?
Will Web 2.0 applications break the cloud?
 
Pathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcarePathcare: Patient-issue oriented healthcare
Pathcare: Patient-issue oriented healthcare
 
Quick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC systemQuick user guide to the Clear Clinica Cloud EDC system
Quick user guide to the Clear Clinica Cloud EDC system
 

Similaire à Data Security Metricsa Value Based Approach

MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
Jonathan Coleman
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
Jorge Sebastiao
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMES
Fernando M. Imperiale
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMES
Fernando M. Imperiale
 
Ta Security
Ta SecurityTa Security
Ta Security
jothsna
 

Similaire à Data Security Metricsa Value Based Approach (20)

MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
Fernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMESFernando Imperiale - Security Intelligence para PYMES
Fernando Imperiale - Security Intelligence para PYMES
 
IBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMESIBM - Security Intelligence para PYMES
IBM - Security Intelligence para PYMES
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
Today's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your BusinessToday's Cyber Challenges: Methodology to Secure Your Business
Today's Cyber Challenges: Methodology to Secure Your Business
 
Security Awareness Training
Security Awareness TrainingSecurity Awareness Training
Security Awareness Training
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!Helicopter Assessments - Improve your Customer Data Security!
Helicopter Assessments - Improve your Customer Data Security!
 
Ta Security
Ta SecurityTa Security
Ta Security
 
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
IT Compliance and Governance with DLP Controls and Vulnerability Scanning Sof...
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense Operation
 
Isys20261 lecture 01
Isys20261 lecture 01Isys20261 lecture 01
Isys20261 lecture 01
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 

Plus de Flaskdata.io

Plus de Flaskdata.io (12)

Flaskdata - Observability for clinical data
Flaskdata - Observability for clinical dataFlaskdata - Observability for clinical data
Flaskdata - Observability for clinical data
 
The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?The travel industry does real-time. Why doesn't clinical research?
The travel industry does real-time. Why doesn't clinical research?
 
Flaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trialsFlaskdata.io automated monitoring for clinical trials
Flaskdata.io automated monitoring for clinical trials
 
How to write secure code
How to write secure codeHow to write secure code
How to write secure code
 
The insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeedThe insights that will help your medtech clinical trial succeed
The insights that will help your medtech clinical trial succeed
 
2017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v22017 02-05 en-eu-data-security_v2
2017 02-05 en-eu-data-security_v2
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code 2015
Killed by code 2015Killed by code 2015
Killed by code 2015
 
Killed by code - mobile medical devices
Killed by code - mobile medical devicesKilled by code - mobile medical devices
Killed by code - mobile medical devices
 
Data Security For Compliance 2
Data Security For Compliance 2Data Security For Compliance 2
Data Security For Compliance 2
 
Homeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest linkHomeland Security - strengthening the weakest link
Homeland Security - strengthening the weakest link
 
Writing An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stickWriting An Effective Security Procedure in 2 pages or less and make it stick
Writing An Effective Security Procedure in 2 pages or less and make it stick
 

Data Security Metricsa Value Based Approach

  • 1. Data security metrics and a value based approach Licensed under the Creative Commons Attribution License Danny Lieberman dannyl@controlpolicy.com www.controlpolicy.com
  • 2. Why? “I don't need data security, we outsource our IT to one of the big banks” “It's never happened to us before” “You can't estimate asset value” “We encourage risk taking” “I don't take risks” True quotes from real people
  • 3. Agenda • Introduction and welcome • What is data security? • Anything can be measured • Why metrics? • Why quantify risk? • Measurement methods • Continuous improvement • Questions and answers
  • 4. Introduction • Our mission today – Tools to help make your work easier – Share ideas
  • 5. What the heck is data security? • Security – Ensure we can survive & add value • Physical, information, systems, people • Data security – Protect data directly in all realms
  • 6. Anything can be measured All exact science is based on approximation. If a man tells you he knows a thing exactly, then you can be safe in inferring that you are speaking to an inexact man. Bertrand Russell
  • 7. Data security metrics • Dimensions – organization, channel and content • Typical metrics – % of employees that signed the AUP – % Webmail traffic/all mail traffic – % Office files by Webmail/Employees – No. of revenue transactions – Cost of security for operational/revenue systems – Cost of security for customer service systems – Cost of security for FnA systems – Value of assets in Euro – Total value at risk of assets
  • 8. Why do we need metrics? • Recognize this? The easy part of information security (running the appliance, discovering vulnerabilities, fixing things and producing reports) Ignores the hard stuff; quantification and Ignorance is never better than prioritization of your actions based on financial value of assets and knowledge measurement of threat impact Enrico Fermi
  • 9. Why bother quantifying risk? • Why not qualitative metrics? When was the last time a customer paid a “qualitative price” ?
  • 10. Quantitative risk model(*) Value at Risk Metrics =Threat Damage to Asset value, Asset x Asset Value x Threat damage to Threat Probability asset, Threat probability (*) PTA -Practical threat analysis risk model
  • 11. Quantitative risk model benefits • Run security like you run your business – Quantify and prioritize actions in Euro/USD – Justify data security investments • Measure improvement – Reduced risk – Lower costs
  • 12. Measurement methods • Hand sampling – Small samples of employees, routers... • The “Rule of 5” • Expert estimates – The CFO • Pros at asset valuation • Test equipment
  • 13. Test equipment Management Provisioning Events Reporting Policies Data Document Forensics Warehouse Server Detection point Interception Received: from [172.16.1.35] Session Decoders (-80-230-224- Message Policies ID:<437C5FDE.9080> Countermeasures “Send me more files today.
  • 15. Coming attractions • Sep 10: Selecting data security technology • Sep 17: Selling data security technology • Sep 24: Write a 2 page procedure • Oct 1: Home(land) security • Oct 8: SME data security http://www.controlpolicy.com/workshops
  • 16. Learn more • Presentation materials and resources http://www.controlpolicy.com/data-security-workshops