DLP-2232M MODULE / EVALUATION KIT...DLP-2232M MODULE / EVALUATION KIT >>>> PRELIMINARY
Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
Transcript of Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 1/26
Managing Risk and Complianceby Implementing DLP toEnsure Data Security
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 2/26
Corporate Sponsor/Presenter
Dave Hendel
Manager – ITProject Office
314.977.4917
Becky Maycock
Director – ProductManagement & Marketing
314.743.1414
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 3/26
Agenda
• Overview
• Collect data about our data
• Document our appetite for risk
• Implement DLP mitigation strategy
• Next steps
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 4/26
Overview
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 5/26
What is SLU’s Strategic Goal?
“to build [SLU into] a world-classCatholic, J esuit university,
which is ranked among the top50 U.S. Universities”
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 6/26
ITS Budget to Mitigate Data Loss
FY05 to FY12
SLU Budget
+
42.12%
-
7.38%
ITS Budget
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 7/26
Data Loss Prevention – Our History
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 8/26
Threats That Affect Our Data
• BYOD
• Mobile computing
• Social networking
• Cloud computing
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 9/26
Collect Data About Our Data
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 10/26
Data Classification
System
Name
Security
Classification
Compliance
Requirements
Secondary
Compliance
Requirements
Owners…
SystemA Confidential Data PCI PII
SystemA
System B
Where &
Who
Maintains
Type of
Data
Server Center /Manager
Credit Card
Restricted Data
Confidential Data
Internal Use Only Data
Public Data
FISMA
HIPAA
PCI
PII
FERPA
Public Data
GLBAAll
Other
Unknown
Intellectual Property
FISMA
HIPAA
PCI
PII
FERPA
Public Data
GLBAAll
Other
Unknown
Intellectual Property
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 11/26
Where
Maintained
Type of
Data
Data Center Credit Card
FISMA Categorization
Product
Name
Data
ClassificationConfidentiality Integrity Availability
Product A Confidential Data Moderate High Moderate
Product B
Product C
Restricted Data
Confidential Data
High
Moderate
Low
High
Moderate
Low
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 12/26
Document Our Appetite For Risk
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 13/26
Data Loss Risk Ownership• Medium & Low Data Loss Risks
Application owner has responsibility to mitigate risks andto “own” if there is data loss
• High & Urgent Data Loss Risks IT Governance Committee has responsibility to mitigate
risks
IT Governance Committee will “own” if there is data loss
• Monthly meetings
• Members are from 10 different business areas within theUniversity
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 14/26
Risk Register Spreadsheet
Risk
Descriptor or
Definition
Risk Impact
Category
Risk Category Scope of Risk
Business
Unit/
Owners…
RiskABrandor
ReputationCompliance Division
VP of Advancement
Risk B
Risk C
Likelihood of
Risk
Exposure
Impact
High$50,000 -$100,000
Brand or Reputation
Compliance
Financial
Business Operations
Integrity
Availability
Security
Privacy
Compliance
Project
Financial
People
Technology Failure
Natural Disaster
University Wide
Division
Department
Individuals
Negligible
Low
Medium
High
Very High
Risk Overview Entity Description Initial Risk Assessment
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 15/26
Risk Register Spreadsheet (cont)
Risk
Description
Treatment
Status for the
Risk
Risk Response
Prioritization
Due Date Risk Response Treatment Cost
Opened Business Case 5/15/2013 Mitigate $50,000 - $100,000
Opened
Assessed
Allocated
Closed
Quick Win
Defer
Business Case & Project
Recommended Treatment Plan
Accept
Transfer
Mitigate
Avoid
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 16/26
Implement DLP Mitigation Strategy
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 17/26
Our Approach to Data Protection• Multi-layered network
• Multi-firewalled network
• Intrusion prevention
• Creation of FISMA / NCS /ITAR secure environment
• Anti-virus and anti-spam
• Data Loss Prevention Appliances
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 18/26
DLP Deployment Considerations
• Where can we lose data?
• Should we be concerned about socialmedia and data loss?
• Filtering out specific documents that “looklike” they contain PCI or PII, or should we?
• Filtering out ancillary businesses that
utilize SLU internet, but are not part of SLU, or should we?
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 19/26
SLU Initial DLP Deployment
GV-2010
GV-2010
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 20/26
Real Threats Remediated
May
2012
Jun
2012
Jul
2012
Aug
2012
Sept
2012
Oct
2012
Nov
2012
Dec
2012
Jan
2013
Feb
2013
SSN
CCN
PHI
2
0
1
1
1
1
1 11
1
2
2222
0
00000
0 0 0 00 5
000
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 21/26
Next Steps
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 22/26
The Balancing Act
• Reputation• Compliance
• Financial• Strategic• Operations
• Time• Budget• Personnel
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 23/26
Next Steps• rapidDLP deployed this year
Inspect encrypted Google Apps email flows
“Discover” data at rest
Monitor for research data
• Build security around Trust Relationships
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 24/26
Summary• Classify and categorize your data
• Document your appetite for risk for dataloss
• Implement DLP to ensure critical and highrisk data stays secure
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 25/26
Now it’s your turn…
… and still our turn too!
7/29/2019 Managing Risk and Compliance by Implementing DLP to Ensure Data Security (166295258)
http://slidepdf.com/reader/full/managing-risk-and-compliance-by-implementing-dlp-to-ensure-data-security-166295258 26/26
Thank You
Dave Hendel
Manager – ITProject Office
314.977.4917
Becky Maycock
Director – Product Management& Marketing
314.743.1414