SlideShare una empresa de Scribd logo

Umphrey hutcherson-ecu-cause2010-rev5

Descargar como PPTX, PDF
U
umphreym

Data leaks as a result of sensitive data that is e-mailed to users’ home computers, downloaded to flash drives, copied to unencrypted laptops, stored in shadow databases on local computers or improperly destroyed or disposed when no longer needed. To protect the universities’ sensitive data, we must plan a data-centric approach to our security programs to protect against data leaks. We can never prevent all sensitive data leaks, but steps can be taken to minimize such leaks. This presentation discusses some of the steps taken at East Carolina University to minimize sensitive data leakage, our continual efforts in this battle and explores future options to address this issue.

EducaciónTecnología
1 de 19
Battle Against Sensitive Data Leakage Margaret Umphrey Director IT Security – East Carolina University streeterm@ecu.edu (252) 328-9187 Paula Hutcherson User Account Manager – East Carolina University hutchersonp@ecu.edu (252) 328-9186
Sensitive Data Leaks o What are Sensitive Data Leaks? o Why Should Data Leaks Concern Us? o How Can We Slow Data Leaks? o Discussion of Strategies You Use
Sensitive Data Leaks Data leakage: Unauthorized transmission of data (information) to an external source.1 o Electronic o Physical (paper) o Human 1© SANS Institute 2007
Sensitive Data Leaks Sensitive data leaks loom over us like storm clouds; coming from every direction
Why are Universities More Susceptible? Decentralized IT staff with own IT policies and practices Huge amount of data handled Students accessing with limited training and supervision
Why are Universities More Susceptible? Open nature of the university physical and technical environment Early adoption of mobile devices, social networking, cloud computing, etc. Numerous databases maintained outside of the centrally managed databases
Why are Universities More Susceptible? Business partners or research sponsors failure to protect data Non-enforced data-security practices Budget constraints
Why Should we be Concerned? oUniversity of Hawaii at Manoa suffered a major data breach that exposed the confidential records of more than 40,000 former students. A faculty member accidentally uploaded the files that contained personal student records to an unencrypted Web server2 oEight cabinets full of tax records were stolen from a residence. The records belonged to a deceased tax preparer2 2PHIPrivacy.net
Why Should we be Concerned? oA flash drive containing over 280,000 patient names, addresses, and personal health information was lost or stolen by Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan in Philadelphia, Pennsylvania2 oA portable point of care device was stolen from an employee of HomeCall Inc. Rockville, Maryland. Client names, addresses, Social Security Numbers, medical record numbers, diagnoses and treatment information were on the unencrypted device2 2PHIPrivacy.net
Why Should we be Concerned? oThe full names, driver's license numbers and Social Security Numbers of 2,484 full and part-time employees of Arkansas State University were accidentally emailed to university emails2 oRite Aid paid one million dollars to settle HIPAA privacy violations; Rite Aid also agreed to update corporate policies and procedures so that patient medical information would be properly disposed, employees would be properly trained in disposal of patient information, and employees would be held accountable if they did not dispose of patient information properly2 2PHIPrivacy.net
Data Breach Costs
Regulatory FERPA NC Identity Theft GLBA PCI Red Flag HIPAA Compliance Requirements
How Can We Slow the Leaks? oIdentify Location of all Confidential Data Conduct External DLP Assessment Purchase and Implement DLP Solution Conduct Internal Sensitive Data Scans  Integrate Data Security into Data Ownership  Integrate Security Awareness and Training into Culture oEliminate Duplicate Data Don’t Download from Centralized Systems Remove Copies of Confidential Data De-identify Personally Identifiable Data Don’t Create Shadow Systems
How Can We Slow the Leaks? oProtect Confidential Data Implement Appropriate Security Controls Encrypt Data at Rest •Database, Server, Desktop, Laptop, Mobile Device Encrypt Data in Motion •Email, File Transfer, Remote Access, Data Entry Securely Dispose of Data •Paper, Hard Drives, Video, FAX, Printers, Medical Devices, etc. oImplement Polices, Standards and Procedures Data Ownership and Classification Data Security Standards Required Security Awareness and Training Integrate Security into Design Phase Incorporate Security into Governance
Challenges oImplementing Encryption Standard oImplementing DLP Solutions oImplementing Required Training oLimited Resources oIT Security Incorporated into Governance
Challenges oIntegrating Data Security into Data Ownership oCentralizing IT Operations and Standards oIntegrating Security into Research Protocols oIntegrating Security into Purchase of Medical Devices oEnforcing Non-compliance Sanctions
Where Do We Go From Here? oHow Does Your University Manage Sensitive Data Leaks? oShare Your Success oWhat have You Found as the Top Challenges? oWhat Recommendations can You Provide?
Battle Against Sensitive Data Leakage Margaret Umphrey Director IT Security – East Carolina University streeterm@ecu.edu (252) 328-9187 Paula Hutcherson User Account Manager – East Carolina University hutchersonp@ecu.edu (252) 328-9186
References o A Comprehensive Study of Retail Data Security Breaches in the United States - Kevin Prince - Perimeter eSecurity o http://www.privacyrights.org/data-breach/new o http://www.nymity.com/Free_Privacy_Resources o http://www.sans.org/critical-security-controls/ o http://www.darkreading.com/insiderthreat/index.jhtml o http://www.educause.edu/CybersecurityInitiative/Resources/1225

Recomendados

Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)OnRamp
 
How to be hipaa compliant
How to be hipaa compliantHow to be hipaa compliant
How to be hipaa compliantJohn_mith
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingThinAir
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016FitCEO, Inc. (FCI)
 
Critical Water and Wastewater Data Security
Critical Water and Wastewater Data SecurityCritical Water and Wastewater Data Security
Critical Water and Wastewater Data SecurityWaterTrax and Linko Technology
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 

Recomendados

Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)
Himss 2016 Lunch & Learn: Data Security in IoT (and ePHI Risks)OnRamp
 
How to be hipaa compliant
How to be hipaa compliantHow to be hipaa compliant
How to be hipaa compliantJohn_mith
 
Healthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthcare Cyber Security Webinar
Healthcare Cyber Security WebinarHealthCareManagement
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingThinAir
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016FitCEO, Inc. (FCI)
 
Critical Water and Wastewater Data Security
Critical Water and Wastewater Data SecurityCritical Water and Wastewater Data Security
Critical Water and Wastewater Data SecurityWaterTrax and Linko Technology
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
Don't manage strategic data in email
Don't manage strategic data in emailDon't manage strategic data in email
Don't manage strategic data in emailFelix Puetsch
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindThe Lorenzi Group
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekDavid Knox
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak PreventionTanvir Hashmi
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Encryption Solutions for Healthcare
Encryption Solutions for HealthcareEncryption Solutions for Healthcare
Encryption Solutions for HealthcareSteve Dunn
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudErik Von Schlehenried
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
Ht t17
Ht t17Ht t17
Ht t17SelectedPresentations
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsBMDS3416
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"efrid630
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google AppsElastica Inc.
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?dianadvo
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
Kasablanca Corporation
Kasablanca Corporation Kasablanca Corporation
Kasablanca Corporation Aceppt
 
Autonome voertuigen
Autonome voertuigenAutonome voertuigen
Autonome voertuigenwilliamleuven
 

Más contenido relacionado

La actualidad más candente

Don't manage strategic data in email
Don't manage strategic data in emailDon't manage strategic data in email
Don't manage strategic data in emailFelix Puetsch
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindThe Lorenzi Group
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekDavid Knox
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak PreventionTanvir Hashmi
 
Encryption Solutions for Healthcare
Encryption Solutions for HealthcareEncryption Solutions for Healthcare
Encryption Solutions for HealthcareSteve Dunn
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudErik Von Schlehenried
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for BusinessElastica Inc.
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsBMDS3416
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziKashif Semple
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Innovators
 
RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"efrid630
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google AppsElastica Inc.
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?dianadvo
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureCalgary Scientific Inc.
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 

La actualidad más candente (20)

Don't manage strategic data in email
Don't manage strategic data in emailDon't manage strategic data in email
Don't manage strategic data in email
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
Active Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of MindActive Network Monitoring brings Peace of Mind
Active Network Monitoring brings Peace of Mind
 
International Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go SeekInternational Conference on Cyber Security, Hide and Go Seek
International Conference on Cyber Security, Hide and Go Seek
 
Comprehensive Data Leak Prevention
Comprehensive Data Leak PreventionComprehensive Data Leak Prevention
Comprehensive Data Leak Prevention
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Encryption Solutions for Healthcare
Encryption Solutions for HealthcareEncryption Solutions for Healthcare
Encryption Solutions for Healthcare
 
Make the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloudMake the Upgrade: Data protection in the cloud
Make the Upgrade: Data protection in the cloud
 
Enabling Dropbox for Business
Enabling Dropbox for BusinessEnabling Dropbox for Business
Enabling Dropbox for Business
 
Ht t17
Ht t17Ht t17
Ht t17
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic Documents
 
Insider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint PreziInsider Threat Final Powerpoint Prezi
Insider Threat Final Powerpoint Prezi
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
Community IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for NonprofitsCommunity IT Webinar - IT Security for Nonprofits
Community IT Webinar - IT Security for Nonprofits
 
RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"RamData Protect - "When Can't Afford to Lose Your Data"
RamData Protect - "When Can't Afford to Lose Your Data"
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Protecting your Data in Google Apps
Protecting your Data in Google AppsProtecting your Data in Google Apps
Protecting your Data in Google Apps
 
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
Insider Threat - How Do You Find a Wolf in Sheep's Clothing?
 
Guide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secureGuide Preview: Ensuring your enterprise image-viewer if fully secure
Guide Preview: Ensuring your enterprise image-viewer if fully secure
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise Security
 

Destacado

Kasablanca Corporation
Kasablanca Corporation Kasablanca Corporation
Kasablanca Corporation Aceppt
 
HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologieshoctudau
 
Vampire movies
Vampire moviesVampire movies
Vampire moviesAda15
 
Rotaryclub
RotaryclubRotaryclub
RotaryclubAceppt
 
Nickkeough software.com.pptx...jj.pptxjjo
Nickkeough software.com.pptx...jj.pptxjjoNickkeough software.com.pptx...jj.pptxjjo
Nickkeough software.com.pptx...jj.pptxjjoNicholas Keough
 
Controversial films
Controversial filmsControversial films
Controversial filmsAda15
 
Play at Work: Applying Agile Methods to Museum Website Development
Play at Work: Applying Agile Methods to Museum Website DevelopmentPlay at Work: Applying Agile Methods to Museum Website Development
Play at Work: Applying Agile Methods to Museum Website Developmentasalant
 
Oppi presentation
Oppi presentationOppi presentation
Oppi presentationAceppt
 
Instruccions PROVA SELECTIVITAT - Universitat de València
Instruccions PROVA SELECTIVITAT - Universitat de ValènciaInstruccions PROVA SELECTIVITAT - Universitat de València
Instruccions PROVA SELECTIVITAT - Universitat de Valènciajescriva
 
Imperialisme.v03
Imperialisme.v03Imperialisme.v03
Imperialisme.v03jescriva
 
Sexenni democràtic.v02
Sexenni democràtic.v02Sexenni democràtic.v02
Sexenni democràtic.v02jescriva
 
PROVA PAU HISTÒRIA ESPANYA
PROVA PAU HISTÒRIA ESPANYAPROVA PAU HISTÒRIA ESPANYA
PROVA PAU HISTÒRIA ESPANYAjescriva
 
Segona revolució industrial
Segona revolució industrialSegona revolució industrial
Segona revolució industrialjescriva
 
HTML CSS Best Practices
HTML CSS Best PracticesHTML CSS Best Practices
HTML CSS Best Practiceshoctudau
 

Destacado (19)

Kasablanca Corporation
Kasablanca Corporation Kasablanca Corporation
Kasablanca Corporation
 
Autonome voertuigen
Autonome voertuigenAutonome voertuigen
Autonome voertuigen
 
HTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web TechnologiesHTML5 CSS3 The Future of Web Technologies
HTML5 CSS3 The Future of Web Technologies
 
Vampire movies
Vampire moviesVampire movies
Vampire movies
 
Computers
ComputersComputers
Computers
 
Practico2,taller cat
Practico2,taller catPractico2,taller cat
Practico2,taller cat
 
Rotaryclub
RotaryclubRotaryclub
Rotaryclub
 
Nickkeough software.com.pptx...jj.pptxjjo
Nickkeough software.com.pptx...jj.pptxjjoNickkeough software.com.pptx...jj.pptxjjo
Nickkeough software.com.pptx...jj.pptxjjo
 
Minu
MinuMinu
Minu
 
Controversial films
Controversial filmsControversial films
Controversial films
 
Play at Work: Applying Agile Methods to Museum Website Development
Play at Work: Applying Agile Methods to Museum Website DevelopmentPlay at Work: Applying Agile Methods to Museum Website Development
Play at Work: Applying Agile Methods to Museum Website Development
 
Comic
ComicComic
Comic
 
Oppi presentation
Oppi presentationOppi presentation
Oppi presentation
 
Instruccions PROVA SELECTIVITAT - Universitat de València
Instruccions PROVA SELECTIVITAT - Universitat de ValènciaInstruccions PROVA SELECTIVITAT - Universitat de València
Instruccions PROVA SELECTIVITAT - Universitat de València
 
Imperialisme.v03
Imperialisme.v03Imperialisme.v03
Imperialisme.v03
 
Sexenni democràtic.v02
Sexenni democràtic.v02Sexenni democràtic.v02
Sexenni democràtic.v02
 
PROVA PAU HISTÒRIA ESPANYA
PROVA PAU HISTÒRIA ESPANYAPROVA PAU HISTÒRIA ESPANYA
PROVA PAU HISTÒRIA ESPANYA
 
Segona revolució industrial
Segona revolució industrialSegona revolució industrial
Segona revolució industrial
 
HTML CSS Best Practices
HTML CSS Best PracticesHTML CSS Best Practices
HTML CSS Best Practices
 

Similar a Umphrey hutcherson-ecu-cause2010-rev5

626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention ToolsSplitty
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Innovators
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Togethermyeaton
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfJenna Murray
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptxVITNetflix
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyStorage Switzerland
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Cyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptxCyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptxmusicalworld14
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteGlobus
 

Similar a Umphrey hutcherson-ecu-cause2010-rev5 (20)

626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools626 Information leakage and Data Loss Prevention Tools
626 Information leakage and Data Loss Prevention Tools
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015Community IT Webinar - Crafting IT Security Policy Apr 2015
Community IT Webinar - Crafting IT Security Policy Apr 2015
 
Data Protection: We\'re In This Together
Data Protection: We\'re In This TogetherData Protection: We\'re In This Together
Data Protection: We\'re In This Together
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
 
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdfCYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
CYBER SECURITY WHAT IS IT AND WHAT YOU NEED TO KNOW.pdf
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data StrategyWebinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
Webinar: Endpoint Backup is not Enough - You Need an End-user Data Strategy
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During Downsizing
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
week 7.pptx
week 7.pptxweek 7.pptx
week 7.pptx
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
Cyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptxCyber Security_Training Presentation.pptx
Cyber Security_Training Presentation.pptx
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 

Último

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfMr Bounab Samir
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptxmary850239
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Jisc
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 

Último (20)

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdfLike-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
Like-prefer-love -hate+verb+ing & silent letters & citizenship text.pdf
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx4.18.24 Movement Legacies, Reflection, and Review.pptx
4.18.24 Movement Legacies, Reflection, and Review.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...Procuring digital preservation CAN be quick and painless with our new dynamic...
Procuring digital preservation CAN be quick and painless with our new dynamic...
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 

Umphrey hutcherson-ecu-cause2010-rev5

  • 1. Battle Against Sensitive Data Leakage Margaret Umphrey Director IT Security – East Carolina University streeterm@ecu.edu (252) 328-9187 Paula Hutcherson User Account Manager – East Carolina University hutchersonp@ecu.edu (252) 328-9186
  • 2. Sensitive Data Leaks o What are Sensitive Data Leaks? o Why Should Data Leaks Concern Us? o How Can We Slow Data Leaks? o Discussion of Strategies You Use
  • 3. Sensitive Data Leaks Data leakage: Unauthorized transmission of data (information) to an external source.1 o Electronic o Physical (paper) o Human 1© SANS Institute 2007
  • 4. Sensitive Data Leaks Sensitive data leaks loom over us like storm clouds; coming from every direction
  • 5. Why are Universities More Susceptible? Decentralized IT staff with own IT policies and practices Huge amount of data handled Students accessing with limited training and supervision
  • 6. Why are Universities More Susceptible? Open nature of the university physical and technical environment Early adoption of mobile devices, social networking, cloud computing, etc. Numerous databases maintained outside of the centrally managed databases
  • 7. Why are Universities More Susceptible? Business partners or research sponsors failure to protect data Non-enforced data-security practices Budget constraints
  • 8. Why Should we be Concerned? oUniversity of Hawaii at Manoa suffered a major data breach that exposed the confidential records of more than 40,000 former students. A faculty member accidentally uploaded the files that contained personal student records to an unencrypted Web server2 oEight cabinets full of tax records were stolen from a residence. The records belonged to a deceased tax preparer2 2PHIPrivacy.net
  • 9. Why Should we be Concerned? oA flash drive containing over 280,000 patient names, addresses, and personal health information was lost or stolen by Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan in Philadelphia, Pennsylvania2 oA portable point of care device was stolen from an employee of HomeCall Inc. Rockville, Maryland. Client names, addresses, Social Security Numbers, medical record numbers, diagnoses and treatment information were on the unencrypted device2 2PHIPrivacy.net
  • 10. Why Should we be Concerned? oThe full names, driver's license numbers and Social Security Numbers of 2,484 full and part-time employees of Arkansas State University were accidentally emailed to university emails2 oRite Aid paid one million dollars to settle HIPAA privacy violations; Rite Aid also agreed to update corporate policies and procedures so that patient medical information would be properly disposed, employees would be properly trained in disposal of patient information, and employees would be held accountable if they did not dispose of patient information properly2 2PHIPrivacy.net
  • 13. How Can We Slow the Leaks? oIdentify Location of all Confidential Data Conduct External DLP Assessment Purchase and Implement DLP Solution Conduct Internal Sensitive Data Scans  Integrate Data Security into Data Ownership  Integrate Security Awareness and Training into Culture oEliminate Duplicate Data Don’t Download from Centralized Systems Remove Copies of Confidential Data De-identify Personally Identifiable Data Don’t Create Shadow Systems
  • 14. How Can We Slow the Leaks? oProtect Confidential Data Implement Appropriate Security Controls Encrypt Data at Rest •Database, Server, Desktop, Laptop, Mobile Device Encrypt Data in Motion •Email, File Transfer, Remote Access, Data Entry Securely Dispose of Data •Paper, Hard Drives, Video, FAX, Printers, Medical Devices, etc. oImplement Polices, Standards and Procedures Data Ownership and Classification Data Security Standards Required Security Awareness and Training Integrate Security into Design Phase Incorporate Security into Governance
  • 15. Challenges oImplementing Encryption Standard oImplementing DLP Solutions oImplementing Required Training oLimited Resources oIT Security Incorporated into Governance
  • 16. Challenges oIntegrating Data Security into Data Ownership oCentralizing IT Operations and Standards oIntegrating Security into Research Protocols oIntegrating Security into Purchase of Medical Devices oEnforcing Non-compliance Sanctions
  • 17. Where Do We Go From Here? oHow Does Your University Manage Sensitive Data Leaks? oShare Your Success oWhat have You Found as the Top Challenges? oWhat Recommendations can You Provide?
  • 18. Battle Against Sensitive Data Leakage Margaret Umphrey Director IT Security – East Carolina University streeterm@ecu.edu (252) 328-9187 Paula Hutcherson User Account Manager – East Carolina University hutchersonp@ecu.edu (252) 328-9186
  • 19. References o A Comprehensive Study of Retail Data Security Breaches in the United States - Kevin Prince - Perimeter eSecurity o http://www.privacyrights.org/data-breach/new o http://www.nymity.com/Free_Privacy_Resources o http://www.sans.org/critical-security-controls/ o http://www.darkreading.com/insiderthreat/index.jhtml o http://www.educause.edu/CybersecurityInitiative/Resources/1225

Notas del editor

  1. industry comparisons: 01/13/09 breach incidents by industry: business - 311 incidents: includes retail and financial institutions. education - 281 incidents; government - 245 incidents; and healthcare - 108 incidents. records compromised by industry: business - 77% of compromised records; government - 19%; education - 2%; healthcare - 2%.