slva - privacy framework and approach

Download SLVA - Privacy Framework and Approach

Post on 16-Jul-2015

96 views

Category:

Technology

3 download

Embed Size (px)

TRANSCRIPT

Top 10 IT Trends and Priorities for 2014

Protecting Personal InformationBuilding your Security for Privacy programKris Budnik2014

Information is a valuable assetIncidence and costs of fraud rose markedly in the past 12 monthsInformation related fraud is common and evolvingEmployee abuse still the major cause (39%) but instances of external hacking almost doubled (35% vs 18%)Worse still, instances of hacking via 3rd party supplier or service provider have trebled (17% vs. 5%) Complexity of IT infrastructures seen as contributing factor

Source: 2013/2014 Kroll Global Fraud Report The fraud case involving a single location is now a rarity: the client is in one country, the fraud in a second, the perpetrator in a third and the money...well, thats often the challenge.which has not gone unnoticed to those who would exploit it for their own gain.2Volume and frequency of personal data theft on the increase

Pesonal data a commodity on a vast underground marketOnline Bank Accounts: Name your Bank and Country preference Fullz available here!US, EU, Australia, UK, Canada, AsiaMalware Infected Computers 1k, 5k, 10k or 20k?Malware and Exploit Kits to lease3mts, 6mths and 1yr termsHacker Services for HireDDoS Attacks Hacking of Websites Doxing

ServicesPriceVISA & Master Card (US)$4VISA & Master Card (EU)$7 - $8Credit Card with track 1 & 2 data (UK)$19 - $20Credit Card with track 1 & 2 data (EU)$28Fullz (UK, EU)$30 - $40Bank Accounts with $70k - $115k $300Doxing$25 - $100Health Data$150 - $200Infected Computers (5k bots)$90Denial of Service$3 -$5 per hour$400 -$600 per week

Source: Dell SecureWorks, 2013Corporate response often inadequate or misplaced...

and carries consequences5

Consequences avoidable

Analysis of over 50 incidents reported in 2009 2013 (source: wiki.openrightsgroup.org/wiki/UK_Privacy_Debacles)

Learning from othersOur FrameworkFor the EnterpriseASSIGN RESPONSIBILITYIn ITDOCUMENT POLICIES & NOTICE STATEMENTSDEFINE INCIDENT RESPONSE PROCESSRAISE AWARENESSPrivacy Officer and Deputy TORsPPI Operating ModelPPI Roles & ResponsibilitiesCore T&Cs (employment contracts, contracts, terms of engagement etc.) Privacy Policy (for the handling of personal information in the enterprise)Fair processing notice (directed at the Data Subject)Alignment with other applicable laws, regulations & practices (Retention, Protection, Privacy)PERFORM ISMS GAP ASSESSMENTSecurity safeguards for Information ProtectionStrategy for privacy incident response Privacy training and Awareness contentUse & Retention criteriaDestruction methodsInformation Security Tools & TechniquesOutsource arrangementsData Subject Access provisionsCompliance Management and ReportingDirect Marketing implicationsQuality & Integrity Disclosure provisionsNotice provisionsIn the Line of BusinessRights of the individualInformation Lifecycle ManagementControl over InformationCollection rulesCross border flow considerationsOur QuickStart ApproachGovernance model1.Standard Contract Clauses2.Retention Schedules3.Technical Security Baselines4.Training & Awareness Strategy5.Incident Management Process6.ToRs for Privacy OfficerInformation Protection CommitteeReporting requirementsEmployment contractsProcurement contractsService level agreementsKey information groupsKey applicable legislative requirementsEncryptionData transportLeak managementInductionCall center agent awarenessIncident reporting procedureIncident handling proceduresReporting practices (to regulator)Incident resolution practicesGap Analysis/ Implementation roadmap/ enabling technology solutionsPreparing a suitable IT responseYour IT team can helpconsider the following as minimum response strategies:eLearning to raise awarenessAccess Governance to ensure authorised access to:networks, systems, applications dataData Leak Management to ensure accountability and enforce policySecurity Event and Information Management for early problem detection and efficient resolution

Thank youFor a further conversation:Kris Budnikkris.budnik@slva.co.za082 600 7311Chart1117458959277631521534688792483110116340100100395121121

# PromptsAssociatesWorkstationsMonthUnauthorized Webmail Attachments Rule Prompt - 2008

BlockGoHomeDeletion# PromptsAssociatesWorkstationsJuly4319089August7347171

BlockGoHomeDeletion

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsBlock GoHome Deletion Rule Prompts - 2008

BlockUnauthApps# PromptsPri_1Pri_2AssociatesWorkstations# PromptsAssociatesWorkstationsJanuary5792050February4201636March4651222April389716May315916June2771514June2771514July10499

BlockUnauthApps

# PromptsPri_1Pri_2AssociatesWorkstationsMonth# PromptsBlock Unauthorized Applications Rule Prompts - 2008

WebmailEIS

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsBlock Unauthorized Application Rule Prompts - 2008

CDDVDBurn# PromptsAssociatesWorkstations# PromptsPri_1Pri_2AssociatesWorkstationsJanuaryFebruaryMarchAprilMayJune47913535June47913535July32193534

CDDVDBurn

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsBlock Webmail Access EIS Rule Prompts - 2008

CDDVDBurnUK

# PromptsPri_1Pri_2AssociatesWorkstationsMonth# Prompts# Associates/WorkstationsBlock Webmail Access EIS Rule Prompts - 2008

IEStartDualHomed# PromptsAssociatesWorkstationsJanuary64298105February4197380March5117581April8527277May5076567June6167168July4805856August4016057

IEStartDualHomed

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsCD/DVD Burn Rule Prompts - 2008

IEStartDualHomedUK# PromptsAssociatesWorkstationsJanuary843February944March322April1134May333June922July111August923

IEStartDualHomedUK

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsCD/DVD Burn UK Rule Prompt - 2008

LaptopNotOnArrayBlock# PromptsAssociatesWorkstationsSec_1Pri_1Pri_2January88089781754February80199411501March1017710491619April918011091575May2474387513June1800469457July2474541527August1898463452

LaptopNotOnArrayBlock

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsIE Start Dual Homed Rule Prompt - 2008

NonHumanaNetworkFileTransfer# PromptsAssociatesWorkstationsJanuary2252020February2862223March3372828April3173535May3623232June3993838July5153634August4133130

NonHumanaNetworkFileTransfer

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsIE Start Dual Homed UK Rule Prompt - 2008

NonHumanaNetworkFileTransferUK# PromptsAssociatesWorkstationsJune211July211

NonHumanaNetworkFileTransferUK

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsLaptop Not On Array Block Rule Prompts - 2008

PreventXDrive# PromptsAssociatesWorkstationsJanuary3775688February862225March671315April411014May1061112June14855July1933August5477

PreventXDrive

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsNon-Humana Network File Transfer Rule Prompts - 2008

PromptUnauthorizedApps# PromptsAssociatesWorkstationsJanuary333February511March2411April000May111June311July111August000

PromptUnauthorizedApps

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsNon-Humana Network File Transfer UK Rule Prompt - 2008

RemovableMediaEncrypt# PromptsAssociatesWorkstationsJanuary1989125127February1828100102March13049293April1438106110May1951142140June1653130131July2659134136

RemovableMediaEncrypt

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsPrevent X Drive Rename Rule Prompts - 2008

RemovableMedia# PromptsAssociatesWorkstationsApril1173132May1204241June793230July472120August1199

RemovableMedia

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsPrompt on Unauthorized Applications Rule Prompt - 2008

UnauthorizedFTPTransfers# PromptsAssociatesWorkstationsJanuary666February3388March1401313April871414May13842626June369118118July1720462461August1647456461

UnauthorizedFTPTransfers

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsRemovable Media Encrypt Rule Prompt - 2008

UnauthWembmailAttachment# PromptsAssociatesWorkstationsJanuary95649421147February100459641114March7393858965April72609271048May2660587590June1936496503July722

UnauthWembmailAttachment

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsRemovable Media Write Rule Prompts - 2008

UnauthWembmailAttachmentUK# PromptsAssociatesWorkstationsJanuary2977980February6226063March5367273April5706667May9517579June6348184July9109495August10319597

UnauthWembmailAttachmentUK

# PromptsAssociatesWorkstationsMonth# Prompts/Assoc/WorkstationsUnauthorized FTP Transfers Rule Prompt - 2008

VPN# PromptsAssociatesWorkstationsJanuary1745895927February763152153March4688792April483110116May340100100June395121121July790152154August1259131131

VPN

# PromptsAssociatesWorkstationsMonth# Prompts/Associates/WorkstationsUnauthorized Webmail Attachments Rule Prompt - 2008

VPNUK# PromptsAssociatesWorkstationsMarch911April1722May511June211July111

VPNUK

# PromptsAssociatesWorkstationsMonth# Prompts/Associates/WorkstationsUnauthorized Wembail Attachments UK Rule Prompt - 2008

# PromptsPri_1Pri_2AssociatesWorkstations# PromptsAssociatesWorkstationsJanuary20814342156187January20814342156187February16232241495870February16232241495870March14755641635706March14755641635706April14374542585727April14374542585727May14753546616020May14753546616020June14960665416007June14960665416007July17126968516248July17126968516248

# PromptsPri_1Pri_2AssociatesWorkstationsMonth# PromptsVPN Rule Prompts - 2008

# PromptsAssociatesWorkstationsMonth# Prompts/

Recommended

View more >