Information Security and Compliance

“Managing an assurance program for your business“

Data Compliance Ltd - About us

Data Compliance Ltd provide Information security & Compliance Assurance services to organisations who value their data, customers and business

By delivering

Security Audits Compliance reviews Employee awareness training Benchmarking ISO 27001 Incident management

2

Why is security & compliance important?

3

Information Suppliers Technology

Customers Regulations Risk

1. Directors have a ‘duty of care’ 2. Directors can be held personally liable for negligence

The ‘Lifeblood’ of business

Information is extremely valuable to –

You & your staff Your customers Suppliers & vendors Auditors & Regulators Your competitors Criminals

Information overview

5

Take a good look at your information

What information do you process?

Where is our information stored? Who has access to our

information? What controls are in place? Are there gaps in controls? How do you benchmark

controls? Who is responsible for security?

What are the risks?

Internal threats External threats

Disgruntled employee with access to data Vulnerable employee susceptible to a virus/phishing attack Mobile device (Contractor who copies data) Cloud / Data storage and archive Hacking groups (anonymous) Identity thieves Competitors Fraudsters Denial of service attacks

Hackers Mobile device

Outsiders(suppliers)

Insiders Cloud Remote tools

6

Compliance – Laws, Regulations, Policy

7

• Data Protection Act 1988, 2003• Electronic Communications Act,

2003• Prohibition of Incitement to Hatred

Act 1991• Criminal Damage Act, 1991• Child Trafficking and Pornography

Act• Intellectual Property Act, 1998• Copyright and Related Acts, 2000• Employment Equality Act, 2000

Information Security Program

8

People•Board of Management - Staff•Customers•Suppliers – Regulators - Auditors etc

Processes•Obtaining•Storing•Deleting

Technology•Systems•Communications and operations• Access

Questions for the Board/Executive management Is your organisation complying

with current data protection legislation?

What projects were undertaken in past 12-month period?

What percentage of staff had security training last year?

How does management decide who has access to the organisation’s information and systems?

How does the organisation detect security incidents?

Is management prepared to recover from a major security incident? 9

Security & Compliance check list

What evidence of compliance exists?

1. Assign responsibility – data protection compliance officer2. Maintain public register3. Develop data security policies4. Document security procedures5. Provide awareness training6. Review 3rd party contracts7. Perform annual compliance audit

10

Thank you

11

www.DATACOMPLIANCE.ie

T: 01-297 5775

E: ddwyer@datacompliance.ie

A: Unit 62d Heather RoadSandyford Industrial Estate,Dublin 18