SlideShare une entreprise Scribd logo

GDPR | Cyber security process resilience

Télécharger en tant que PPTX, PDF
Rishi Kant
Rishi Kant

This deck is from NW-Conference 2018, Its about the cyber security resilience program align with GDPR or data protection.

Technologie
1  sur  11
CyberSecurity Process Resilience Rishi Kant *
Agenda……..! 2 • Introduction • Cybersecurity’s domains & their challenges • Timeline of data breach incidents • GDPR & it’s readiness assessment • Seven Steps of Heaven! • CS resilience maturity framework
Hola! I am Rishi Kant I am a Security professional with 11+ years of corporate experience in the field of Cyber Security, Information Security, Digital Forensics, GRC, IT Administration, Secure Software Development, Training, and company operations. I worked in various industry verticals such as Utilities, IT/ITES, E-Commerce, Government, BFSI and law-enforcement agencies. 3 https://www.linkedin.com/in/hrishikant
• Cybersecurity’s domains & their challenges 4 • Lack of support from Senior Management • Unalignment of tactical/operational/strategic plans with business requirements • Imperfectly design/implemented or ancient policies/procedure/process • Decentralized Risk management plan • Lack of frequency of audit cycle • Skills & Communication Gaps • Improper or misconfiguration of Deployment • Improper IS Controls on different data owner/custodian/administration/users • Imperfect data classification labelling and risk alignment
• Timeline of data breach incidents 5 1.1 B | 3 Jan 340M | 26 Jun 150M | 25 May 93M | 4 Jun 87M | 17 Mar 37M | 2 Apr 27M | 7 Jun 19.5M | 7 Jun 6M | 31 May 5M | 3 Apr Aadhaar Exactis Under Armour My Heritage Facebook Panera Sacramento Bee TicketFly Saks, Lord & Taylor PumpUp
Why? We have Data breaches 1
“ We have all the fancy tools/stuffs but we still hit by data breaches because of lack of proper evalution of fancy stuffs, lack of change/updating of frequency of cyber security ecosystem, lack of frequency of audit trials. 7 -Rishi Kant
• GDPR & it’s readiness assessment 8  Some General Question for better CS Resilience • Personal data? • What are “logical” personal data registers? • Who should own the data? • What policies are needed? • What are the responsibilities? • Is training needed? • What contracts should be amended? • What is your policy on data retention? • What logging and audit trail are needed? • How do you meet the right of access/right to be forgotten/data portability? • What are your detection and forensic capabilities? • User management? * Applicable to all organizations that process personal data of EU nationals, Including organizations outside EU like US, India, We need to follow Data Privacy Shield
• Seven Steps to Heaven! 9 System Hygiene •Establish proactive & systematic process for accessing system hygiene. Develop A Plan •Create a multi-cross domain based hypothetical attack plan Mapping Risk Profile •Audit all aspects to develop a tailored approach to protecting company assets Assess & Measure •Follow the combination of Qualitative or Quantitively risk assess approach to calculate the better loss estimation Mitigate Risk •Follow the best Risk Treatment to protect company assets at greatest risk Cyber Insuranc e •Best approach to have this as it will acted as compensatory control for risk transfer. Get Started •Continual improvement is needed and frequency of assessment show be high Step1 •Know your regulation & make GDPR a priority, Ensure procedures are UpToDate & comm’ed clearly Step2 •Separate the data from term cond’s and place a process where customers can manage their consent. Step3 •Collect the necessary data only and try to separate the data retention policy for that data Step4 •Individuals data rights are enhanced by GDPR, they have rights to request information free of charge Step5 •Requested information have to provide in 30 days otherwise they could be sued & finned Step6 •Assign data protection officer, they must be indep. for any confliction Step7 •Any data breach show be informed within 72 hours GDPR Assurance Cyber Security Resilience
• CS resilience maturity framework 10 Maturity Description Employment of Security Controls Security Tailored as Business Mission Security Event Monitoring & Response Risk Management Resilience Resilience to Attacks Level: 5 Resilient Designed CSC based on Business objective/mission Mission Assurance Focused Realtime event monitoring & Respond Business focused Risk Management Operate though Unsophisticated Attacks Level:4 Dynamic Designed CSC based on Business objective/mission Mission Focused Realtime event monitoring & Respond Business focused Risk Management Able to respond to Unsophisticated Attacks Level: 3 Managed CSC integrated & continuously Monitored Partially Mission Focused Respond to events & monitoring Partially Risk prevention, detection and treatment Protection against Unsophisticated Attacks Level: 2 Performed Critical security controls (CSC) implemented Mission Agnostic Inconsistent Response to event Respond after the breach Some protection against Unsophisticated Attacks Level: 1 Resilience Inconsistent Deployment of IS Controls None None Risk Treatment not implemented Susceptible to Unsophisticated Attacks Implement CSC Baseline More Business focused with better dealing with Risk
11 Thanks! Any questions? You can also find me at rishi-kant@live.in for any further questions

Recommandé

Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
Priyank Hada
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to Know
kCura_Relativity
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
Elliott Franklin
 
CNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk ManagementCNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk Management
Sam Bowne
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 

Recommandé

Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
Priyank Hada
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Cyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to KnowCyber Risk in e-Discovery: What You Need to Know
Cyber Risk in e-Discovery: What You Need to Know
kCura_Relativity
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
Elliott Franklin
 
CNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk ManagementCNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk Management
Sam Bowne
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
Lancope, Inc.
 
Chapter 1 Personal security
Chapter 1 Personal securityChapter 1 Personal security
Chapter 1 Personal security
Karthikeyan Dhayalan
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security Assessment
Karthikeyan Dhayalan
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan Huwyler
Hernan Huwyler, MBA CPA
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature Enough
Hernan Huwyler, MBA CPA
 
IT WORK SAMPLES
IT WORK SAMPLESIT WORK SAMPLES
IT WORK SAMPLES
Michael F. Kehl
 
Don't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedDon't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint hearted
IRIS
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBAMinimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Hernan Huwyler, MBA CPA
 
Prism presentation
Prism presentationPrism presentation
Prism presentation
Lakshmi .
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
Austin Songer
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of Mind
The Lorenzi Group
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR Compliance
Hernan Huwyler, MBA CPA
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
Adetula Bunmi
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)
Sam Bowne
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
Elliott Franklin
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 

Contenu connexe

Tendances

AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature Enough
Hernan Huwyler, MBA CPA
 
Don't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedDon't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint hearted
IRIS
 

Tendances (20)

Chapter 1 Personal security
Chapter 1 Personal securityChapter 1 Personal security
Chapter 1 Personal security
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
CISSP - Security Assessment
CISSP - Security AssessmentCISSP - Security Assessment
CISSP - Security Assessment
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan Huwyler
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
AReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature EnoughAReNA - Debate Is Machine Learning Mature Enough
AReNA - Debate Is Machine Learning Mature Enough
 
IT WORK SAMPLES
IT WORK SAMPLESIT WORK SAMPLES
IT WORK SAMPLES
 
Don't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint heartedDon't panic - cyber security for the faint hearted
Don't panic - cyber security for the faint hearted
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBAMinimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
Minimizing Privacy Risk - Prof. Hernan Huwyler, CPA MBA
 
Prism presentation
Prism presentationPrism presentation
Prism presentation
 
Developing an Information Security Roadmap
Developing an Information Security RoadmapDeveloping an Information Security Roadmap
Developing an Information Security Roadmap
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of Mind
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR Compliance
 
The Importance of Security within the Computer Environment
The Importance of Security within the Computer EnvironmentThe Importance of Security within the Computer Environment
The Importance of Security within the Computer Environment
 
CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)CNIT 160 Ch 4c: Security Program Development (Part 3)
CNIT 160 Ch 4c: Security Program Development (Part 3)
 

Similaire à GDPR | Cyber security process resilience

How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
SaskSummit
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
OnRamp
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
Security Innovation
 

Similaire à GDPR | Cyber security process resilience (20)

Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
How to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber ResilientHow to Make Your Enterprise Cyber Resilient
How to Make Your Enterprise Cyber Resilient
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Security metrics
Security metrics Security metrics
Security metrics
 
The myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MISThe myth of secure computing; management information system; MIS
The myth of secure computing; management information system; MIS
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Sask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir FancySask 3.0 Summit Pci dss presentation Bashir Fancy
Sask 3.0 Summit Pci dss presentation Bashir Fancy
 
Internal Controls Over Information Systems
Internal Controls Over Information Systems Internal Controls Over Information Systems
Internal Controls Over Information Systems
 
Security Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of SecuritySecurity Program Guidance and Establishing a Culture of Security
Security Program Guidance and Establishing a Culture of Security
 
Maclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and TrendsMaclear’s IT GRC Tools – Key Issues and Trends
Maclear’s IT GRC Tools – Key Issues and Trends
 
CISM_WK_1.pptx
CISM_WK_1.pptxCISM_WK_1.pptx
CISM_WK_1.pptx
 
What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?What is the UK Cyber Essentials scheme?
What is the UK Cyber Essentials scheme?
 
Itrisksisaudit1
Itrisksisaudit1Itrisksisaudit1
Itrisksisaudit1
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
Overcoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security ModelOvercoming Hidden Risks in a Shared Security Model
Overcoming Hidden Risks in a Shared Security Model
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 
The value of big data analytics
The value of big data analyticsThe value of big data analytics
The value of big data analytics
 

Plus de Rishi Kant

Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
Rishi Kant
 

Plus de Rishi Kant (6)

Introduction of Secure Software Development Lifecycle
Introduction of Secure Software Development LifecycleIntroduction of Secure Software Development Lifecycle
Introduction of Secure Software Development Lifecycle
 
Cognitive automation with machine learning in cyber security
Cognitive automation with machine learning in cyber securityCognitive automation with machine learning in cyber security
Cognitive automation with machine learning in cyber security
 
Cyber Threat Management
Cyber Threat Management Cyber Threat Management
Cyber Threat Management
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
 
Clickjacking
ClickjackingClickjacking
Clickjacking
 
Machine Learning in Cyber Security
Machine Learning in Cyber SecurityMachine Learning in Cyber Security
Machine Learning in Cyber Security
 

Dernier

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

GDPR | Cyber security process resilience

  • 2. Agenda……..! 2 • Introduction • Cybersecurity’s domains & their challenges • Timeline of data breach incidents • GDPR & it’s readiness assessment • Seven Steps of Heaven! • CS resilience maturity framework
  • 3. Hola! I am Rishi Kant I am a Security professional with 11+ years of corporate experience in the field of Cyber Security, Information Security, Digital Forensics, GRC, IT Administration, Secure Software Development, Training, and company operations. I worked in various industry verticals such as Utilities, IT/ITES, E-Commerce, Government, BFSI and law-enforcement agencies. 3 https://www.linkedin.com/in/hrishikant
  • 4. • Cybersecurity’s domains & their challenges 4 • Lack of support from Senior Management • Unalignment of tactical/operational/strategic plans with business requirements • Imperfectly design/implemented or ancient policies/procedure/process • Decentralized Risk management plan • Lack of frequency of audit cycle • Skills & Communication Gaps • Improper or misconfiguration of Deployment • Improper IS Controls on different data owner/custodian/administration/users • Imperfect data classification labelling and risk alignment
  • 5. • Timeline of data breach incidents 5 1.1 B | 3 Jan 340M | 26 Jun 150M | 25 May 93M | 4 Jun 87M | 17 Mar 37M | 2 Apr 27M | 7 Jun 19.5M | 7 Jun 6M | 31 May 5M | 3 Apr Aadhaar Exactis Under Armour My Heritage Facebook Panera Sacramento Bee TicketFly Saks, Lord & Taylor PumpUp
  • 6. Why? We have Data breaches 1
  • 7. “ We have all the fancy tools/stuffs but we still hit by data breaches because of lack of proper evalution of fancy stuffs, lack of change/updating of frequency of cyber security ecosystem, lack of frequency of audit trials. 7 -Rishi Kant
  • 8. • GDPR & it’s readiness assessment 8  Some General Question for better CS Resilience • Personal data? • What are “logical” personal data registers? • Who should own the data? • What policies are needed? • What are the responsibilities? • Is training needed? • What contracts should be amended? • What is your policy on data retention? • What logging and audit trail are needed? • How do you meet the right of access/right to be forgotten/data portability? • What are your detection and forensic capabilities? • User management? * Applicable to all organizations that process personal data of EU nationals, Including organizations outside EU like US, India, We need to follow Data Privacy Shield
  • 9. • Seven Steps to Heaven! 9 System Hygiene •Establish proactive & systematic process for accessing system hygiene. Develop A Plan •Create a multi-cross domain based hypothetical attack plan Mapping Risk Profile •Audit all aspects to develop a tailored approach to protecting company assets Assess & Measure •Follow the combination of Qualitative or Quantitively risk assess approach to calculate the better loss estimation Mitigate Risk •Follow the best Risk Treatment to protect company assets at greatest risk Cyber Insuranc e •Best approach to have this as it will acted as compensatory control for risk transfer. Get Started •Continual improvement is needed and frequency of assessment show be high Step1 •Know your regulation & make GDPR a priority, Ensure procedures are UpToDate & comm’ed clearly Step2 •Separate the data from term cond’s and place a process where customers can manage their consent. Step3 •Collect the necessary data only and try to separate the data retention policy for that data Step4 •Individuals data rights are enhanced by GDPR, they have rights to request information free of charge Step5 •Requested information have to provide in 30 days otherwise they could be sued & finned Step6 •Assign data protection officer, they must be indep. for any confliction Step7 •Any data breach show be informed within 72 hours GDPR Assurance Cyber Security Resilience
  • 10. • CS resilience maturity framework 10 Maturity Description Employment of Security Controls Security Tailored as Business Mission Security Event Monitoring & Response Risk Management Resilience Resilience to Attacks Level: 5 Resilient Designed CSC based on Business objective/mission Mission Assurance Focused Realtime event monitoring & Respond Business focused Risk Management Operate though Unsophisticated Attacks Level:4 Dynamic Designed CSC based on Business objective/mission Mission Focused Realtime event monitoring & Respond Business focused Risk Management Able to respond to Unsophisticated Attacks Level: 3 Managed CSC integrated & continuously Monitored Partially Mission Focused Respond to events & monitoring Partially Risk prevention, detection and treatment Protection against Unsophisticated Attacks Level: 2 Performed Critical security controls (CSC) implemented Mission Agnostic Inconsistent Response to event Respond after the breach Some protection against Unsophisticated Attacks Level: 1 Resilience Inconsistent Deployment of IS Controls None None Risk Treatment not implemented Susceptible to Unsophisticated Attacks Implement CSC Baseline More Business focused with better dealing with Risk
  • 11. 11 Thanks! Any questions? You can also find me at rishi-kant@live.in for any further questions