SlideShare una empresa de Scribd logo

Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success

Sirius
Sirius

The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same: Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers. With deadlines looming, is your organization ready? The time to act is now. Read more to learn: --Key mandates and minimum requirements for compliance --Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts --How you can gauge your organization’s incident response capabilities --How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.

Tecnología
1 de 26
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
IN TODAY’S DIGITAL WORLD, WE ARE ALL “DATA SUBJECTS” Threats are increasing as technologies distribute sensitive data farther across locations, devices, and repositories Critical aspects of our lives are determined by the data that is held about us
CYBERCRIME IS A GROWTH INDUSTRY According to Gemalto, 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86 percent compared to 2015. That’s nearly 4 million records stolen per day, 157,364 per hour and 2,623 per minute.
EU GDPR AND NY DATA PROTECTION AND PRIVACY REQUIREMENTS ARE USHERING IN A NEW ERA OF ACCOUNTABILITY Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
Ask yourself: a) Beginning stages b) Well underway c) Fully compliant d) Not sure HOW FAR ALONG DO YOU THINK YOUR ORGANIZATION IS IN ITS COMPLIANCE PLAN?
Companies that violate certain provisions—such as the basic processing principles or the rules relating to cross-border data transfers—may face fines amounting to four percent of the company’s annual gross revenue, and up to two percent for violations such as failing to meet the breach notification rule. Fines EU GDPR MANDATES A “right to erasure”, also known as the “right to be forgotten,” gives a data subject the right to order a data controller/organization to erase any of their personal data in certain situations. Data controllers will be required to erase personal data “without undue delay” when the data is no longer necessary in relation to the purposes for which it was gathered or processed. Companies whose “core activities” involve large-scale processing of “special categories” of data—information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, health or sexual orientation—need to designate a data protection officer. Companies who collect some of this information strictly for internal human resources purposes may also be subject to this requirement. A single data breach notification requirement is applicable across the EU. The rule requires data controllers to notify the appropriate supervisory authority of a personal data breach within 72 hours of learning about it. Right to be Forgotten Breach Notification Data Protection Officer (DPO)
Establishment and adoption of a cybersecurity policy and program, including adequate funding and staffing, a CISO, cybersecurity awareness training, limitations on data retention, and periodic reporting to the most senior governing body of the organization. Program and Policy NY CYBERSECURITY MANDATES Risk-based minimum standards for technology systems including access controls such as multi-factor authentication, data protection (including encryption or an alternate CISO-approved compensating control), and vulnerability assessment/penetration testing. Adherence to minimum standards for addressing data breaches, including incident response plans, the preservation of data for investigations, and notice to DFS of material events within 72 hours. Additionally, organizations need to maintain audit trails for reconstruction of financial transactions, and cybersecurity incidents. Identification and documentation of material deficiencies, remediation plans and annual certifications of regulatory compliance. Additionally, organizations need to implement written policies and procedures designed to ensure the privacy and security of information systems, and sensitive data accessible to third-party providers. Security Controls Maintaining Accountability Data Breach Response
3 KEYS TO SUCCESS
The development of a data- centric security program is invaluable to all data protection and data privacy efforts ONE DATA-CENTRIC SECURITY
Determine where and what type of data is stored Continuous process to provide visibility, outline risk, and validate employee role assignment Confirm awareness level and policy compliance as well as enhancement DATA DISCOVERY Many organizations don’t even know where their sensitive information is, which makes it extremely difficult to comply with requirements such as the GDPR “right to be forgotten”.
Policy Data handling procedures Report/detect/protect IR /forensics Risk-based approach Identify business owners CLASSIFICATION Data classification policies and tools facilitate the separation of valuable information that may be targeted from less valuable information.
Consider SSL decryption at gateway points of access Data-in-motion Data-at-rest Data-in-use ENCRYPTION STRATEGIES End-to-end encryption maximizes data protection regardless of whether the data is in a public or private cloud, on a device, or in transit. It can be invaluable in the effort to combat advanced threats, protect against IoT-enabled breaches, and maintain regulatory compliance.
Directory unification Access management Federation privileged access Access governance and authentication IDENTITY MANAGEMENT The NY requirements specify the use of multi-factor, risk-based authentication “for any individual accessing the Covered Entity's internal networks from an external network (500.12)” and as a means for protecting sensitive data. Multi-factor solutions and services can help.
The GDPR and NY requirements contain 72-hour data-breach notification mandates TWO INCIDENT RESPONSE
Ask yourself: a) Yes b) No c) Not sure IS YOUR ORGANIZATION READY TO RESPOND TO INCIDENTS WITHIN STRICT TIMELINES?
Are employees aware of what constitutes an incident to begin with, and how to report and manage an incident? QUESTIONS TO CONSIDER Have you optimized the tools you’re using today to protect against and detect incidents? Has your program been updated and tested to support today’s cyber threats and compliance with breach notification requirements? Do you have the tools and relationships in place to accelerate your response to a serious security incident for containment and public management? Does your plan include considerations for retaining forensic and PR firms that directly align to your cybersecurity insurance policy? 1 2 3 4 5
Third parties can present your greatest area of risk exposure THREE THIRD PARTY-RISK
Map your data. Understand which third parties have access to data, what categories of data they have, and what they are doing with it. Make sure you collect only the minimum amount of personal data required for the product or service, and review legal grounds for collection and processing. THIRD PARTY RISK PROGRAM ELEMENTS Ensure you have appropriate budget and resources allocated for completing assessments of third parties, and for remediation projects. Review your contracts to ensure they are compliant with both regulatory mandates (GDPR contains requirements for contracts with data processors, as well as between data controllers), and with your own security policies. Complete assessments of all third parties that have access to, handle or touch your client/personal data to ascertain their awareness of specific requirements, and to ensure that they have appropriate technical and organizational measures in place to comply. Ensure third parties are scored based on risk-assessment results and other due diligence. For high- risk third parties, identify audit partners for the assessment of processes, and set the scope of remediation programs and ongoing monitoring requirements.
PEOPLE Adhere to regulation-specific staffing requirements, such as GDPR’s DPO, and NY’s CISO (drives accountability) Education & awareness Changing behaviors around the collection and use of data Establishing appropriate consent controls Ensure suitable technical (security analysts, IR team) & non-technical (business leadership, legal, PR) staff is in place and is trained appropriately PROCESS Perform risk assessment (utilizing framework like NIST, ISO, etc.) Identify and manage collection of sensitive data Set processing/dissemination rules Ensure means to address inquiries and adhere to 72-hour notification req’s Establish data lifecycle management (inventory, classify, track the movement of, and disposal of, data) Set IR processes (preparation, detection/ reporting, triage/analysis, containment/ neutralization and post-incident activity) Develop third-party risk program TECHNOLOGY Visibility (identify data and its location: endpoint, DB/shares, cloud, structured/unstructured) Analytics (when, where, and how data is moving) Data protection tools (discovery, classification, DLP, encryption, IAM, CASB, and gateway controls) Detection tools (IDS/IPS, NGFW, UEBA) Containment tools: Endpoint Detection and Response, and Forensics tools Third-party risk and security scoring tools
WE’RE ALL GOING TO HAVE TO CHANGE THE WAY WE THINK ABOUT DATA PROTECTION. — Elizabeth Denham, UK Information Commissioner
http://focus.forsythe.com/articles/562/Addressing- the-EU-GDPR-and-New-York-Cybersecurity- Requirements-3-Keys-to-Success CHECK OUT THE ORIGINAL ARTICLE:
http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
Authors: David O’Leary Director, Forsythe Security Solutions Thomas Eck Director, Forsythe Security Solutions Alex Hanway Product Marketing Manager, Gemalo www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses.
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success

Recomendados

Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 

Recomendados

Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...
Security Incident and Event Management (SIEM) - Managed and Hosted Solutions ...Sirius
 
6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber Attackers6 Ways to Deceive Cyber Attackers
6 Ways to Deceive Cyber AttackersSirius
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Cyber Security Landscape: Changes, Threats and Challenges
Cyber Security Landscape: Changes, Threats and Challenges Bloxx
 
Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Securing the Cloud by Matthew Rosenquist 2016
Securing the Cloud by Matthew Rosenquist 2016Matthew Rosenquist
 
Orchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceOrchestrate Your Security Defenses to Optimize the Impact of Threat Intelligence
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data BreachesMatthew Rosenquist
 
CCA study group
CCA study groupCCA study group
CCA study groupIIBA UK Chapter
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR prioritiesAlberto Canadè
 

Más contenido relacionado

La actualidad más candente

Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewFemi Ashaye
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations♟Sergej Epp
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...Nicolas Beyer
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...PECB
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security RisksHeimdal Security
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!IBM Security
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsIBM Security
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...IBM Security
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Michael Noel
 

La actualidad más candente (20)

Big Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick OverviewBig Data Analytics for Cyber Security: A Quick Overview
Big Data Analytics for Cyber Security: A Quick Overview
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
True Cost of Data Breaches
True Cost of Data BreachesTrue Cost of Data Breaches
True Cost of Data Breaches
 
CCA study group
CCA study groupCCA study group
CCA study group
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Journey to the Center of Security Operations
Journey to the Center of Security OperationsJourney to the Center of Security Operations
Journey to the Center of Security Operations
 
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
PAC Webinar - "Show me the money!" - evaluating market opportunities in cyber...
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks10 Critical Corporate Cyber Security Risks
10 Critical Corporate Cyber Security Risks
 
Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!Compete To Win: Don’t Just Be Compliant – Be Secure!
Compete To Win: Don’t Just Be Compliant – Be Secure!
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
 
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data AnalyticsSecurity Intelligence: Finding and Stopping Attackers with Big Data Analytics
Security Intelligence: Finding and Stopping Attackers with Big Data Analytics
 
Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...Avoiding data breach using security intelligence and big data to stay out of ...
Avoiding data breach using security intelligence and big data to stay out of ...
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
Securing IT Against Modern Threats with Microsoft Cloud Security Tools - M365...
 

Similar a Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success

Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR prioritiesAlberto Canadè
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxAdarsh748147
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data securityKeith Braswell
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxsoulscout02
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxSteveNgigi2
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Ensuring Data Protection Compliance.docx.pdf
Ensuring Data Protection Compliance.docx.pdfEnsuring Data Protection Compliance.docx.pdf
Ensuring Data Protection Compliance.docx.pdfvincular1
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 

Similar a Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success (20)

Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Microsoft 365 Compliance
Microsoft 365 ComplianceMicrosoft 365 Compliance
Microsoft 365 Compliance
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptx
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Ensuring Data Protection Compliance.docx.pdf
Ensuring Data Protection Compliance.docx.pdfEnsuring Data Protection Compliance.docx.pdf
Ensuring Data Protection Compliance.docx.pdf
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 

Más de Sirius

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusSirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business TransformationSirius
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetSirius
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application SecuritySirius
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Sirius
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITSirius
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data managementSirius
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindSirius
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionSirius
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsSirius
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationSirius
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should HaveSirius
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric SecuritySirius
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider ThreatsSirius
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills GapSirius
 
What's Wrong with IT
What's Wrong with ITWhat's Wrong with IT
What's Wrong with ITSirius
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentSirius
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecuritySirius
 

Más de Sirius (20)

Healthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - SiriusHealthcare Cybersecurity Survey 2018 - Sirius
Healthcare Cybersecurity Survey 2018 - Sirius
 
6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation6 Guidelines on Crafting a Charter for your Business Transformation
6 Guidelines on Crafting a Charter for your Business Transformation
 
Exhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business AssetExhaust into Fuel: Turning Data into a Strategic Business Asset
Exhaust into Fuel: Turning Data into a Strategic Business Asset
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application Security
 
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
Best Practices for Multi-Factor Authentication: Delivering Stronger Security ...
 
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid ITOptimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
Optimizing Your IT Strategy: 5 Steps to Successfull Hybrid IT
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
Beyond backup to intelligent data management
Beyond backup to intelligent data managementBeyond backup to intelligent data management
Beyond backup to intelligent data management
 
Making the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left BehindMaking the Jump to Hyperconvergence: Don't Get Left Behind
Making the Jump to Hyperconvergence: Don't Get Left Behind
 
Your Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or RevolutionYour Cloud Strategy: Evolution or Revolution
Your Cloud Strategy: Evolution or Revolution
 
Maturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key ConsiderationsMaturing Endpoint Security: 5 Key Considerations
Maturing Endpoint Security: 5 Key Considerations
 
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud TransformationOpen Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
Open Source, Open Mindset: 4 Keys to Continuous Cloud Transformation
 
7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have7 Essential Services Every Data Center Solutions Provider Should Have
7 Essential Services Every Data Center Solutions Provider Should Have
 
10 Keys to Data-Centric Security
10 Keys to Data-Centric Security10 Keys to Data-Centric Security
10 Keys to Data-Centric Security
 
5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats5 Keys to Addressing Insider Threats
5 Keys to Addressing Insider Threats
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap5 Ways to Close Your Information Technology Skills Gap
5 Ways to Close Your Information Technology Skills Gap
 
What's Wrong with IT
What's Wrong with ITWhat's Wrong with IT
What's Wrong with IT
 
Eight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability AssessmentEight Steps to an Effective Vulnerability Assessment
Eight Steps to an Effective Vulnerability Assessment
 
The Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and SecurityThe Software-Defined Network Story: Automation, Agility and Security
The Software-Defined Network Story: Automation, Agility and Security
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success

  • 1. EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
  • 2. www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses. Sponsored by
  • 3.
  • 4. IN TODAY’S DIGITAL WORLD, WE ARE ALL “DATA SUBJECTS” Threats are increasing as technologies distribute sensitive data farther across locations, devices, and repositories Critical aspects of our lives are determined by the data that is held about us
  • 5. CYBERCRIME IS A GROWTH INDUSTRY According to Gemalto, 1,792 data breaches led to almost 1.4 billion data records being compromised worldwide during 2016, an increase of 86 percent compared to 2015. That’s nearly 4 million records stolen per day, 157,364 per hour and 2,623 per minute.
  • 6. EU GDPR AND NY DATA PROTECTION AND PRIVACY REQUIREMENTS ARE USHERING IN A NEW ERA OF ACCOUNTABILITY Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
  • 7. Ask yourself: a) Beginning stages b) Well underway c) Fully compliant d) Not sure HOW FAR ALONG DO YOU THINK YOUR ORGANIZATION IS IN ITS COMPLIANCE PLAN?
  • 8. Companies that violate certain provisions—such as the basic processing principles or the rules relating to cross-border data transfers—may face fines amounting to four percent of the company’s annual gross revenue, and up to two percent for violations such as failing to meet the breach notification rule. Fines EU GDPR MANDATES A “right to erasure”, also known as the “right to be forgotten,” gives a data subject the right to order a data controller/organization to erase any of their personal data in certain situations. Data controllers will be required to erase personal data “without undue delay” when the data is no longer necessary in relation to the purposes for which it was gathered or processed. Companies whose “core activities” involve large-scale processing of “special categories” of data—information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, health or sexual orientation—need to designate a data protection officer. Companies who collect some of this information strictly for internal human resources purposes may also be subject to this requirement. A single data breach notification requirement is applicable across the EU. The rule requires data controllers to notify the appropriate supervisory authority of a personal data breach within 72 hours of learning about it. Right to be Forgotten Breach Notification Data Protection Officer (DPO)
  • 9. Establishment and adoption of a cybersecurity policy and program, including adequate funding and staffing, a CISO, cybersecurity awareness training, limitations on data retention, and periodic reporting to the most senior governing body of the organization. Program and Policy NY CYBERSECURITY MANDATES Risk-based minimum standards for technology systems including access controls such as multi-factor authentication, data protection (including encryption or an alternate CISO-approved compensating control), and vulnerability assessment/penetration testing. Adherence to minimum standards for addressing data breaches, including incident response plans, the preservation of data for investigations, and notice to DFS of material events within 72 hours. Additionally, organizations need to maintain audit trails for reconstruction of financial transactions, and cybersecurity incidents. Identification and documentation of material deficiencies, remediation plans and annual certifications of regulatory compliance. Additionally, organizations need to implement written policies and procedures designed to ensure the privacy and security of information systems, and sensitive data accessible to third-party providers. Security Controls Maintaining Accountability Data Breach Response
  • 10. 3 KEYS TO SUCCESS
  • 11. The development of a data- centric security program is invaluable to all data protection and data privacy efforts ONE DATA-CENTRIC SECURITY
  • 12. Determine where and what type of data is stored Continuous process to provide visibility, outline risk, and validate employee role assignment Confirm awareness level and policy compliance as well as enhancement DATA DISCOVERY Many organizations don’t even know where their sensitive information is, which makes it extremely difficult to comply with requirements such as the GDPR “right to be forgotten”.
  • 13. Policy Data handling procedures Report/detect/protect IR /forensics Risk-based approach Identify business owners CLASSIFICATION Data classification policies and tools facilitate the separation of valuable information that may be targeted from less valuable information.
  • 14. Consider SSL decryption at gateway points of access Data-in-motion Data-at-rest Data-in-use ENCRYPTION STRATEGIES End-to-end encryption maximizes data protection regardless of whether the data is in a public or private cloud, on a device, or in transit. It can be invaluable in the effort to combat advanced threats, protect against IoT-enabled breaches, and maintain regulatory compliance.
  • 15. Directory unification Access management Federation privileged access Access governance and authentication IDENTITY MANAGEMENT The NY requirements specify the use of multi-factor, risk-based authentication “for any individual accessing the Covered Entity's internal networks from an external network (500.12)” and as a means for protecting sensitive data. Multi-factor solutions and services can help.
  • 16. The GDPR and NY requirements contain 72-hour data-breach notification mandates TWO INCIDENT RESPONSE
  • 17. Ask yourself: a) Yes b) No c) Not sure IS YOUR ORGANIZATION READY TO RESPOND TO INCIDENTS WITHIN STRICT TIMELINES?
  • 18. Are employees aware of what constitutes an incident to begin with, and how to report and manage an incident? QUESTIONS TO CONSIDER Have you optimized the tools you’re using today to protect against and detect incidents? Has your program been updated and tested to support today’s cyber threats and compliance with breach notification requirements? Do you have the tools and relationships in place to accelerate your response to a serious security incident for containment and public management? Does your plan include considerations for retaining forensic and PR firms that directly align to your cybersecurity insurance policy? 1 2 3 4 5
  • 19. Third parties can present your greatest area of risk exposure THREE THIRD PARTY-RISK
  • 20. Map your data. Understand which third parties have access to data, what categories of data they have, and what they are doing with it. Make sure you collect only the minimum amount of personal data required for the product or service, and review legal grounds for collection and processing. THIRD PARTY RISK PROGRAM ELEMENTS Ensure you have appropriate budget and resources allocated for completing assessments of third parties, and for remediation projects. Review your contracts to ensure they are compliant with both regulatory mandates (GDPR contains requirements for contracts with data processors, as well as between data controllers), and with your own security policies. Complete assessments of all third parties that have access to, handle or touch your client/personal data to ascertain their awareness of specific requirements, and to ensure that they have appropriate technical and organizational measures in place to comply. Ensure third parties are scored based on risk-assessment results and other due diligence. For high- risk third parties, identify audit partners for the assessment of processes, and set the scope of remediation programs and ongoing monitoring requirements.
  • 21. PEOPLE Adhere to regulation-specific staffing requirements, such as GDPR’s DPO, and NY’s CISO (drives accountability) Education & awareness Changing behaviors around the collection and use of data Establishing appropriate consent controls Ensure suitable technical (security analysts, IR team) & non-technical (business leadership, legal, PR) staff is in place and is trained appropriately PROCESS Perform risk assessment (utilizing framework like NIST, ISO, etc.) Identify and manage collection of sensitive data Set processing/dissemination rules Ensure means to address inquiries and adhere to 72-hour notification req’s Establish data lifecycle management (inventory, classify, track the movement of, and disposal of, data) Set IR processes (preparation, detection/ reporting, triage/analysis, containment/ neutralization and post-incident activity) Develop third-party risk program TECHNOLOGY Visibility (identify data and its location: endpoint, DB/shares, cloud, structured/unstructured) Analytics (when, where, and how data is moving) Data protection tools (discovery, classification, DLP, encryption, IAM, CASB, and gateway controls) Detection tools (IDS/IPS, NGFW, UEBA) Containment tools: Endpoint Detection and Response, and Forensics tools Third-party risk and security scoring tools
  • 22. WE’RE ALL GOING TO HAVE TO CHANGE THE WAY WE THINK ABOUT DATA PROTECTION. — Elizabeth Denham, UK Information Commissioner
  • 24. http://focus.forsythe.com OR FIND MORE ARTICLES ABOUT BUSINESS AND TECHNOLOGY SOLUTIONS AT FOCUS ONLINE:
  • 25. Authors: David O’Leary Director, Forsythe Security Solutions Thomas Eck Director, Forsythe Security Solutions Alex Hanway Product Marketing Manager, Gemalo www.forsythe.com Forsythe is a leading enterprise IT company, providing advisory services, security, hosting and technology solutions for Fortune 1000 organizations. Forsythe helps clients optimize, modernize and innovate their IT to become agile, secure, digital businesses.