national cyber security zone - corporate presentation - en.pdf · we provide an end-to-end service...
TRANSCRIPT
NATIONAL CYBER SECURITY ZONE
GENERAL DATA PROTECTION SERVICES FOR THE ENTERPRIZE
2
SECURITY TRENDSTHE IMPORTANCE OF DATA
Data is one of the most important assets a company can have. Cybercrime damage costs to hit $6 trillion annually by 2021.
CYBERSECURITY SPENDING
Cybersecurity spending to exceed $1 trillion from 2017 to 2021.
THE TALENT GAP
Unfilled cybersecurity jobs will reach 1.5 million by 2019.
A WIDER NET
Targets of private data breaches to reach 4 billion people by 2020.
INTERNET OF (UN)SECURED THINGS
Up to 200 billion IoT devices will need securing by 2020.
SURVIVAL RATES: GRIMGartner: only 6 percent of companies survive longer than two years after losing data.
US NATIONAL CYBER SECURITY ALLIANCE
60% of small companies are unable to sustain their businesses over six months after a cyber attack.
PONEMON INSTITUTEThe average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.
3
GDPRThe General Data Protection Regulation comes into effect in all
28 EU Member States on the 18th of May 2018 following a two
year preparation period. .
THE IMMINENT THREATThough cybersecurity in general has been on the radar for a
long time, GDPR brings a specific deadline into the picture.
Spending on IT security systems has increased, while
specialized human resources are in shortage.
PENALTIES AND FINESLosses caused from a breakthrough in information security
may be with fatal business subsequences. Fines could reach
20 million EUR or 4% of global company turnover.
4
THE PROBLEMGDPR entails numerous regulations to increase the responsibility and accountability of personal data administrators.
In practice, it is more complicated.
MOBILITYRequirement for data to be mobile
and subject to transfer.
BY DESIGN, BY DEFAULTSystems must be built to enable
privacy “by design” and privacy “by
default”.
RISK ASSESSMENTMandatory periodical risk
assessment.
THE RIGHT TO BENew procedures to enable deletion
and transfer of data and the right to
be forgotten.
CONSENTNew rules for acquiring customer
consent to process and store data.
BREACH REPORTINGMandatory reporting of data
breaches and security incidents
within 72 hours.
DATA PROTECTION OFFICERA new position in corporate hierarchy.
MORE DATAPersonal data must now include IP
address, cookies, etc.
5
A LOT NEEDS TO CHANGEWith regards to personal data, an
organization now has to take
responsibility, provide reports, and
announce results in a transparent
way.
Creating an organizer cyber
security hierarchy.
Creating and implementing
data protection policies.
Personal data handling courses
and seminars.
Rules about analyzing,
defining, and transferring data.
Information security risk management
from 3rd parties.
Creating and implementing
breach reporting procedures.
6
S STANDS FOR SOLUTIONWe condensed the problem to: “We need a big enough budget and the right talent
to be able to offset the GDPR risks in time.” So, what is the solution?
Cost-effective As A Service model (SECaaS) which fits
into existing budgets
COST
No vendor lockins and the faster startup time
decrease risks.
RISK
End-to-end expertise: gap analysis, implementation and certification.
TALENT
Reduced startup time, an experienced team and pre-configured solutions.
TIME
GDPSGENERALDATAPROTECTIONSERVICE
7
ENFORCES DATA PROTECTION
is a cyber security zone. We offer a real end-to-end solution for securing your company not just for GDPR, but for the future.
INITIAL GAP ANALYSIS CONSULTING
GDPR COMPLIANCE CONSULTING
TECHNOLOGY SOLUTIONS
TECHNOLOGY IMPLEMENTATION
OPERATIONS
CERTIFICATIONS
SOLUTIONS
8
A STEP BY STEP SOLUTIONWe provide an end-to-end service for GDPR compliance including an initial GAP
analysis, solution design and implementation, certification, and operations.
ASSESSWe determine where the
gaps in GDPR compliance
are through dataflow and
internal process analysis.
IMPLEMENTWe determine the
necessary organizational
changes and
technological solutions.
DESIGNWe analyze the cost vs benefits
alongside an assessment of
risks and solutions
OPERATEAfter certification, we
provide comprehensive
maintenance and
operations for the data.
9
ASSESSInitial assessment (GDPR GAP Analysis) of current level of GDPR compliance.
INITIAL (GAP) RISK & COST
BUSINESS SPECIFICS EVALUATION
COMPLIANCE LEVEL EVALUATION
EVALUATION & RECOMMENDATIONS
RISK EVALUATION
AVAILABLE MEASURES
COST VS BENEFIT EVALUATION
10
DESIGNWe prepare a comprehensive plan with the required changes to comply with the GDPR regulation.
BUSINESS TECHNOLOGY
UPDATE INTERNAL REGULATIONS
BUSINESS PROCESS RESTRUCTURING
DPO ROLE AND FUNCTION DEFINITIONS
PERSONAL DATA IDENTIFICATION &
DISCOVERY
SOLUTIONS FOR INFORMATION
PROTECTION & ENHANCED SECURITY
TOOLS REQUIRED TO DETECT & REPORT
CYBER ATTACKS & DATA BREACHES
11
IMPLEMENTWe develop procedures to control and maintain the implementation of the GDPR compliance process for both
internal business processes and the integration of the technological solutions.
BUSINESS TECHNOLOGY
SELF ASSESSMENT PROCEDURES
UPDATING DATA HANDLING RULES
CHANGE MANAGEMENT PROCEDURES
SOLUTIONS TO AUTOMATE PERSONAL
DATA MANAGEMENT
SOLUTIONS TO PROVIDE ENHANCED
PERSONAL DATA SECURITY
SOLUTIONS TO REFLECT GDPR
REQUIREMENTS
12
OPERATEWe prepare a comprehensive plan with the required changes to comply with the GDPR regulation.
BUSINESS TECHNOLOGY
MAINTAIN OVERALL GDPR COMPLIANCE
REGULAR TESTS & CHANGE MANAGEMENT
REGULAR EDUCATION & LEGAL
REQUIREMENTS UPDATES
PERSONAL DATA PROTECTION
SOLUTIONs
DETECT & REPORT CYBER ATTACKS &
DATA BREACHES
ENSURE BUSINESS CONTINUITY &
CONFIDENTIALITY
13
OUR TEAM
PETER KIRKOV
NIKOLAI GENCHEV
STEFANA TSEKOVA
RAMONA CHERVENKOVA
PARTNERS, ADVISORS AND VISIONARIES
CONSTANTINOS LIMENIDESMBA, Management and Technology,
MSc, Manufacturing Systems Engineering
Rensselaer Polytechnic Institute, USA
ALEXANDER AVRAMOVMSc Computer Science
X-CEO: Stone Computers
MAYA TUNCHEVAMCs Finance,
X-CFO Memonica, easy3D, Crystal Water, Naftex Engineering
VASIL SULTANOV
CEH, CCNACybersecurity Consultant
Specialist in PenTests, network security, ISO 27001, PCI DSS
certification.
THANK YOU