SlideShare una empresa de Scribd logo

Michael Jay Freer - Information Obfuscation

I
iasaglobal

In this session, Michael Jay Freer will explore defining a common data-masking language, defining standard masking business-rules, defining best practices for manipulating the data, and how to get started without attempting to "Boil-the-ocean."

Tecnología
1 de 83
Descargar para leer sin conexión
Information Obfuscation (Data Masking) Protecting Corporate Data-Assets Presented by Michael Jay Freer
Michael Jay Freer, SSGB, ITIL(v3), - Information Management professional providing thought leadership to fortune 500 companies including MetLife Bank, Tyco Safety Products, Capital One, Brinks Home Security, and Zales. Over his 25+ years experience he has worked with business executives providing solutions in Michael Jay Freer - Presenter Bio business executives providing solutions in financial management, manufacturing, supply chain management, retail, marketing, and hospitality industries. As an Enterprise Architect at MetLife Bank, Michael Jay specialized in Information Obfuscation facilitating project solutions for protecting business Confidential and Restricted data. Slide# 2 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Information Obfuscation (Data Masking) Protecting Corporate Data-assets
Agenda Outlining the Problem Data Masking Golden Rule Defining Information Obfuscation Information Classification Slide# 5 All rights reserved Information Classification Who is Responsible Defining a Common Language Data-Centric Development Governance MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Outlining the Problem Problem Statement Corporate Data breaches are occurring at an alarming rate. 1) It is incumbent on organizations to protect the customer, partner, and employee data with which they are entrusted 2) Ease of access to sensitive information in business systems 3) Using unmasked Confidential and Restricted data in non- production environments exposes risks to company reputationproduction environments exposes risks to company reputation Business Rationale for Obfuscating Data • Reduce Data Breach Risks • Heightened Legal and Regulatory scrutiny of data-protection services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS) • Company Policies and Standards • Fundamental assumption on the part of customers that their data is already de-identified in non-production systems Slide# 6 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Outlining the Problem Problem Statement Corporate Data breaches are occurring at an alarming rate. 1) It is incumbent on organizations to protect the customer, partner, and employee data with which they are entrusted 2) Ease of access to sensitive information in business systems 3) Using unmasked Confidential and Restricted data in non- production environments exposes risks to company reputationproduction environments exposes risks to company reputation Business Rationale for Obfuscating Data • Reduce Data Breach Risks • Heightened Legal and Regulatory scrutiny of data-protection services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS) • Company Policies and Standards • Fundamental assumption on the part of customers that their data is already de-identified in non-production systems Slide# 8 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data Masking Golden Rule To put Information Obfuscation (Data Masking) into perspective simply think about yourself: How many vendors or service-providers have your personal information (banks, mortgage holders physicians, pharmacies, retailers, schools you applied to, utilities, cellular carriers, internet providers, etc.)?to, utilities, cellular carriers, internet providers, etc.)? Michael Jay’s Data Masking Golden Rule “Do unto your company’s corporate data-assets as you would have your banker, healthcare provider, or favorite retailer do unto your personal information.” (Use this as your compass to navigate) Slide# 10 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Defining Information Obfuscation Definition Information Obfuscation is the effort in both Business Operations and non-production systems to protect business Confidential and Restricted data from easy access or visibility by unauthorized parties. Framework For our purposes, Information Obfuscation includes access management, data masking, encryption of data-at-rest (DAR) and encryption of data-in-transit including principles for protecting business communications. Slide# 11 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Information Classification Sensitive Data “Sensitive” is a broad term for information considered to be a business trade-secret; or considered private by regulatory rule, legal act, or trade association (i.e.: GLBA, HIPAA, FFIEC, PCI, PHI, PII). Slide# 12 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Information Classification Information Classification Levels Public – non-sensitive data, disclosure will not violate privacy rights Internal Use Only – generally available to employees and approved non-employees. May require a non-disclosure agreement.agreement. Confidential – intended for use only by specified employee groups. Disclosure may compromise an organization, customer, or employee. Restricted – very sensitive, intended for use only by named individuals. Sealed – extremely sensitive, irreparable destruction of confidence in and reputation of the organization Slide# 18 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Information Classification Information Classification Levels Public – non-sensitive data, disclosure will not violate privacy rights Internal Use Only – generally available to employees and approved non-employees. May require a non-disclosure agreement.agreement. Confidential – intended for use only by specified employee groups. Disclosure may compromise an organization, customer, or employee. Restricted – very sensitive, intended for use only by named individuals. Sealed – extremely sensitive, irreparable destruction of confidence in and reputation of the organization Slide# 19 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Who is Responsible You are! No matter your role in the organization, you are responsible for protecting the “corporate data-assets.” Everyone else is also responsible All of your peers are also responsible for protecting theAll of your peers are also responsible for protecting the Corporate Data-Assets. However, you don’t have control over your peers, only over your own vigilance and how you make your management aware of any concerns, risk, or issues with the security of the Corporate Data-Assets. Slide# 22 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Defining a Common Language Communication The Business-Information Owner, Project Stakeholders, Development Teams, and Support Teams need to use a common language when discussing the various obfuscation methods and where in the environment lifecycle an action will occur.will occur. Slide# 23 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Defining a Common Language Communication The Business-Information Owner, Project Stakeholders, Development Teams, and Support Teams need to use a common language when discussing the various obfuscation methods and where in the environment lifecycle an action will occur.will occur. Slide# 24 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Defining a Common Language What are we talking about? Information obfuscation includes any practice of concealing, restricting, fabricating, encrypting, or otherwise obscuring sensitive data. This is usually thought of in the context of non-productionThis is usually thought of in the context of non-production systems but it really encompasses the full information management lifecycle from onboarding of data to developing new functionality to archiving and purging historical data. Slide# 25 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle Common Environments 1. Development – Code is created, modified and unit tested 2. Testing / QA – System, integration, & regression testing 3. User Acceptance (UAT) – Business-user validation Test new business requirements and regression testTest new business requirements and regression test existing functionality 4. Business Operations – Day-to-day business environment 5. Business Support – Replicate and troubleshoot business issues Slide# 26 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle Common Environments 1. Development – Code is created, modified and unit tested 2. Testing / QA – System, integration, & regression testing 3. User Acceptance (UAT) – Business-user validation Test new business requirements and regression testTest new business requirements and regression test existing functionality 4. Business Operations – Day-to-day business environment 5. Business Support – Replicate and troubleshoot business issues Slide# 27 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted data should not be transferred to non-production environments. A separate secure environment allows for standardized data masking in-place Slide# 29 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted data should not be transferred to non-production environments. A separate secure environment allows for standardized data masking in-place Slide# 31 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted data should not be transferred to non-production environments. A separate secure environment allows for standardized data masking in-place Slide# 32 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted Data should not be transferred to non- production environments. A separate secure environment allows for standardized data masking in-place Slide# 33 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted Data should not be transferred to non- production environments. A separate secure environment allows for standardized data masking in-place Slide# 34 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Masking Taxonomy Methods of Obfuscating Information Pruning Data Concealing Data Fabricating Data Trimming DataTrimming Data Encrypting Data Separating Data Slide# 36 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 37 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 38 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 39 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 40 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 41 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Masking Taxonomy Methods of Obfuscating Information Pruning Data Concealing Data Fabricating Data Trimming DataTrimming Data Encrypting Data Separating Data Slide# 42 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Pruning Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Pruning Data: Removes sensitive data from attributes in non-production environments. The attributes will still appear on data entry screens and reporting but be left blank. Develo DataSto Encrypte En Slide# 43 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Pruning Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Example Pruning Data: Removes sensitive data from attributes in non-production environments. The attributes will still appear on data entry screens and reporting but be left blank. Develo DataSto Encrypte En Slide# 44 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Executive Salaries: Employee personnel records can de-identify by changing Emp#, SS#, & names but executive management records are easily tied back to the organizational hierarchy (e.g., top 10 salaries). Example
Common Language – Concealing Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Concealing Data: Removes sensitive data from user access and visibility. For data entry screens and reports, the attribute does not appear at all versus being Pruned (blank). Concealing data depends on clear rules for Access, Authentication, and Accountability. Develo DataSto Encrypte En Slide# 45 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Concealing Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Concealing Data: Removes sensitive data from user access and visibility. For data entry screens and reports, the attribute does not appear at all versus being Pruned (blank). Concealing data depends on clear rules for Access, Authentication, and Accountability. Develo DataSto Encrypte En Slide# 46 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Bank / Loan Account#: Bank web sites generally do not display account numbers even to the account holder. Example
Common Language – Fabricating Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Fabricating Data (synthetic data): 1) Creating data to replace sensitive data 2) Creating data to facilitate full functional testing 3) Creating date for negative testing (error handling) Develo DataSto Encrypte En Slide# 47 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Fabricating Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Example Fabricating Data: 1) Creating data to replace sensitive data 2) Creating data to facilitate full functional testing 3) Creating date for negative testing (error handling) Develo DataSto Encrypte En Slide# 48 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Contact ame or ID#: Replacing contact name and ID# is the standard method for de-identifying customer and employee records. Example
Common Language – Trimming Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Trimming Data: Removes part of an attribute’s value versus Pruning which removes the entire attribute value. Develo DataSto Encrypte En Slide# 49 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Trimming Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Example Trimming Data: Removes part of an attribute’s value versus Pruning which removes the entire attribute value. Develo DataSto Encrypte En Slide# 50 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Social Security# and Credit Card#: Changing SSN# from 123-45-6789 to XXX-XX-6789 (or a new attribute = 6789) so that only part of the information is available, usually for identification. Example
Common Language – Encrypting Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Encrypting Data: Encryption can be done at the attribute, table, or database levels (Encrypted data can be decrypted back to the original value) Develo DataSto Encrypte En Slide# 51 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Encrypting Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Encrypting Data: Encryption can be done at the attribute, table, or database levels (Encrypted data can be decrypted back to the original value) Develo DataSto Encrypte En Slide# 52 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Encrypting Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Credit Card#: Credit card numbers are often encrypted for data transmission for FFIEC and PCI DSS compliance. Example Encrypting Data: Encryption can be done at the attribute, table, or database levels (Encrypted data can be decrypted back to the original value) Develo DataSto Encrypte En Slide# 53 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer for data transmission for FFIEC and PCI DSS compliance. Encrypting credit card numbers at rest (DAR) provides additional security. Credit Card# is an example of an attribute that often falls into multiple Obfuscation Methods.
oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 54 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 55 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 56 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 57 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 58 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 59 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 60 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 61 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 62 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 63 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 64 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Common Language – Masking Taxonomy Prune – Removes values from non-production systems. Attribute appears on data entry screens and reporting but are blank. Conceal – Removes sensitive data from user access or visibility. For data entry screens and reports, the attribute may not appear at all or be obscured versus being Pruned (blank). Fabricate – Creating data to replace sensitive data and facilitate proper application testing.proper application testing. Trim – Removes part of a data attribute’s value (Pruning removes the entire attribute value) Encrypt – Unlike Fabricated Data, encrypted data can be decrypted back to the original value. Data Separation – Moves specific segments of data or individual datum into separate tables / databases to limit user access or visibility Slide# 65 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, AccessIssueSuppQualityAssuranceDevelopmentStaff Slide# 67 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Environments Users groups IssueSuppQualityAssuranceDevelopmentStaff Slide# 68 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Environments Obfuscation Method
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access BusinessEnd-users IssueSuppQualityAssuranceDevelopmentStaff Slide# 69 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer BusinessEnd
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access BusinessSupport IssueSuppQualityAssuranceDevelopmentStaff Slide# 70 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer BusinessSupport
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access UserAcceptance (UAT) IssueSuppQualityAssuranceDevelopmentStaff Slide# 71 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer UserAcceptance (UAT)
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access QA/Testing IssueSuppQualityAssuranceDevelopmentStaff Slide# 72 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer QA/Testing
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Development IssueSuppQualityAssuranceDevelopmentStaff Slide# 73 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Development
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Business End-users IssueSuppQualityAssuranceDevelopmentStaff Slide# 74 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Support Staff IssueSuppQualityAssuranceDevelopmentStaff Slide# 75 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Support Staff
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, AccessIssueSuppQualityAssuranceDevelopmentStaff Slide# 76 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer QA Testing Team
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, AccessIssueSuppQualityAssuranceDevelopmentStaff Slide# 77 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Development Team
BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Developers in developersin DevelopmentEnv IssueSuppQualityAssuranceDevelopmentStaff Slide# 78 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Developers in Non-development Environments Non-developersin DevelopmentEnv
BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access No Access to IssueSuppoQualityAssuranceDevelopmentStaff Slide# 79 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer No Access to environment or data
BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access Last Four Digits IssueSuppoQualityAssuranceDevelopmentStaff Slide# 80 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access Fabricate Data IssueSuppoQualityAssuranceDevelopmentStaff Slide# 81 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access Not Acknowledged IssueSuppoQualityAssuranceDevelopmentStaff Slide# 82 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 84 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 86 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 87 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 88 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 89 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 90 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set, including the items above, and is likely to be a combination of fabricated and masked data (de-identified records) Slide# 91 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set, including the items above, and is likely to be a combination of fabricated and masked data (de-identified records) Slide# 92 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Governance Data stewardship is a key success factor for good data governance and in this case for good Information Obfuscation. No one person will be aware of every government regulation, trade association guideline, business functional requirement, or company policy.requirement, or company policy. Include representatives from data stewardship, security, internal audit, and quality assurance teams in your solution planning and project development teams. Slide# 93 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Information Obfuscation Summary 1. Obfuscation occurs throughout the information lifecycle not just in non-production environments 2. Everyone is responsible for protecting the corporate data assets and the best data security tool is vigilance 3. Use a defined language to communicate who, what, where, when, why, and how obfuscation will occurwhere, when, why, and how obfuscation will occur 4. Make Information Obfuscation part of your organization’s business-as-usual (BAU) processes 5. Follow Michael Jay’s Data Masking Golden Rule “Do unto your company’s corporate data-assets as you would have your banker, healthcare provider, or retailer do unto your personal information.” Slide# 99 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Questions? Slide# 100 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Thank You! Slide# 101 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Appendix Reference Material Slide# 102 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Legal & Regulatory Alphabet Soup (Sampling) GLBA – The Gramm–Leach–Bliley Act allowed consolidation of commercial & investment banks, securities, & insurance co. PPI – Nonpublic Personal Information - Financial consumer’s personally identifiable information (see GLBA) OCC – Office of the Controller of Currency regulates banks. PCI – Payment Card Industry; defines Data Security StandardPCI – Payment Card Industry; defines Data Security Standard (PCI DSS) processing, storage, or transmitting credit card info. PHI – Patient Health Information - Dept of Health & Human Services (“HHS”) Privacy Rule (see HIPAA). PII – Personally Identifiable Information; used to uniquely identify an individual. (Legal definitions vary by jurisdiction.) Slide# 103 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
Sample Cross Reference Chart Data Point PII PCI PPI PHI Customer - The Fact That an Individual is a Customer ** X First, or Last Name *; Mother's Maiden Name X X Country, State, Or City Of Residence * X X Telephone# (Home, Cell, Fax) X X Birthday, Birthplace, Age, Gender, or Race * Social Security#, Account#, Driver's License#, National ID ++ X X Passport#, Issuing Country Credit Card Numbers, Expiration Date, Credit Card Security Code X XCredit Card Numbers, Expiration Date, Credit Card Security Code X X Credit Card Purchase X Grades, Salary, or Job Position * Vehicle Identifiers, Serial Numbers, License Plate Numbers X Email - Electronic Mail Addresses; IP Address, Web URLs X Biometric Identifiers, Face, Fingerprints, or Handwriting Dates - All Elements of Dates (Except Year +) X Medical Record#, Genetic Information, Health Plan Beneficiary# X * More likely used in combination with other personal data ** GLBA regulation to fall into the “Restricted” classification + All elements of dates (including year) if age 90 or older ++ Varies by Jurisdiction Slide# 104 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer

Recomendados

Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control DBmaestro - Database DevOps
 
Data masking insights and actions
Data masking insights and actionsData masking insights and actions
Data masking insights and actionsRed Gate Software
 
Dynamic Data Masking - Breakthrough Innovation in Application Security
Dynamic Data Masking - Breakthrough Innovation in Application SecurityDynamic Data Masking - Breakthrough Innovation in Application Security
Dynamic Data Masking - Breakthrough Innovation in Application SecurityDobler Consulting
 
Big security for big data
Big security for big dataBig security for big data
Big security for big dataAri Elias-Bachrach
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Ariel Martin Beliera
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...Andris Soroka
 
Data masking - addressing PII exposure risks in the cloud
Data masking - addressing PII exposure risks in the cloud Data masking - addressing PII exposure risks in the cloud
Data masking - addressing PII exposure risks in the cloud Virginia Mushkatblat
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 

Recomendados

Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control DBmaestro - Database DevOps
 
Data masking insights and actions
Data masking insights and actionsData masking insights and actions
Data masking insights and actionsRed Gate Software
 
Dynamic Data Masking - Breakthrough Innovation in Application Security
Dynamic Data Masking - Breakthrough Innovation in Application SecurityDynamic Data Masking - Breakthrough Innovation in Application Security
Dynamic Data Masking - Breakthrough Innovation in Application SecurityDobler Consulting
 
Big security for big data
Big security for big dataBig security for big data
Big security for big dataAri Elias-Bachrach
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Ariel Martin Beliera
 
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...
DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec PGP Re-L...Andris Soroka
 
Data masking - addressing PII exposure risks in the cloud
Data masking - addressing PII exposure risks in the cloud Data masking - addressing PII exposure risks in the cloud
Data masking - addressing PII exposure risks in the cloud Virginia Mushkatblat
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceAdrian Dumitrescu
 
DLP
DLPDLP
DLPsaurabh.sood
 
Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSASMike Duffy
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage PreventionMicrosoft TechNet - Belgium and Luxembourg
 
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedHow Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedJerry Paul Acosta
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)Peter Tutty
 
Security bigdata
Security bigdataSecurity bigdata
Security bigdataJitendra Chauhan
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!cisoplatform
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingDr. Lydia Kostopoulos
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)Trustmarque
 
Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention Dhananjay Aloorkar
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for TabletSymantec
 
Information Obfuscation: Protecting Corporate Data
Information Obfuscation: Protecting Corporate DataInformation Obfuscation: Protecting Corporate Data
Information Obfuscation: Protecting Corporate DataTechWell
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 

Más contenido relacionado

La actualidad más candente

Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSASMike Duffy
 
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedHow Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedJerry Paul Acosta
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage PresentationMike Spaulding
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Preventiondj1arry
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionDigital Guardian
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)Peter Tutty
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gapxband
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!cisoplatform
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataUlf Mattsson
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Iftikhar Ali Iqbal
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)Trustmarque
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for TabletSymantec
 

La actualidad más candente (20)

DLP
DLPDLP
DLP
 
Data Driven Security in SSAS
Data Driven Security in SSASData Driven Security in SSAS
Data Driven Security in SSAS
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
How Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is ImplementedHow Network Data Loss Prevention is Implemented
How Network Data Loss Prevention is Implemented
 
Data Leakage Presentation
Data Leakage PresentationData Leakage Presentation
Data Leakage Presentation
 
Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11Symantec Data Loss Prevention 11
Symantec Data Loss Prevention 11
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss PreventionThe Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention
 
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
IBM Security Guardium Data Activity Monitor (Data Sheet-USEN)
 
Security bigdata
Security bigdataSecurity bigdata
Security bigdata
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Big data security challenges and recommendations!
Big data security challenges and recommendations!Big data security challenges and recommendations!
Big data security challenges and recommendations!
 
Data Loss Prevention: Brainstorming
Data Loss Prevention: BrainstormingData Loss Prevention: Brainstorming
Data Loss Prevention: Brainstorming
 
Cross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive dataCross border - off-shoring and outsourcing privacy sensitive data
Cross border - off-shoring and outsourcing privacy sensitive data
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)Technology Overview - Symantec Data Loss Prevention (DLP)
Technology Overview - Symantec Data Loss Prevention (DLP)
 
McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)McAfee Total Protection for Data Loss Prevention (DLP)
McAfee Total Protection for Data Loss Prevention (DLP)
 
Data Leakage Prevention
Data Leakage Prevention Data Leakage Prevention
Data Leakage Prevention
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
Symantec DLP for Tablet
Symantec DLP for TabletSymantec DLP for Tablet
Symantec DLP for Tablet
 

Similar a Michael Jay Freer - Information Obfuscation

Information Obfuscation: Protecting Corporate Data
Information Obfuscation: Protecting Corporate DataInformation Obfuscation: Protecting Corporate Data
Information Obfuscation: Protecting Corporate DataTechWell
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsIBM Security
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsOmar Khawaja
 
Ethernautics, Inc - Database Cyber Security Threats
Ethernautics, Inc - Database Cyber Security ThreatsEthernautics, Inc - Database Cyber Security Threats
Ethernautics, Inc - Database Cyber Security ThreatsMichael W. Meissner, RCDD
 
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptxPresentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptxGundegmaaOtgon
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
 
pci compliance for dummies
pci compliance for dummiespci compliance for dummies
pci compliance for dummiesAmithap Krishnan
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?PECB
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13subramanian K
 
An insight into information security.pdf
An insight into information security.pdfAn insight into information security.pdf
An insight into information security.pdfSecurityium
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"IBM Security
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...AIIM International
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceDavid J Rosenthal
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachQuest
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security DemistyifiedMicrosoft UK
 

Similar a Michael Jay Freer - Information Obfuscation (20)

Information Obfuscation: Protecting Corporate Data
Information Obfuscation: Protecting Corporate DataInformation Obfuscation: Protecting Corporate Data
Information Obfuscation: Protecting Corporate Data
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 
Breaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gapsBreaking down the cyber security framework closing critical it security gaps
Breaking down the cyber security framework closing critical it security gaps
 
Cloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 StepsCloud Security: A Business-Centric Approach in 12 Steps
Cloud Security: A Business-Centric Approach in 12 Steps
 
Ethernautics, Inc - Database Cyber Security Threats
Ethernautics, Inc - Database Cyber Security ThreatsEthernautics, Inc - Database Cyber Security Threats
Ethernautics, Inc - Database Cyber Security Threats
 
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptxPresentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
Presentation-PracticalGuideToHavingACustomerConversationOnSecurity (1).pptx
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
 
5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams 5 Questions Executives Should Be Asking Their Security Teams
5 Questions Executives Should Be Asking Their Security Teams
 
pci compliance for dummies
pci compliance for dummiespci compliance for dummies
pci compliance for dummies
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Asset Security
Asset Security Asset Security
Asset Security
 
Assocham conf grc sept 13
Assocham conf grc sept 13Assocham conf grc sept 13
Assocham conf grc sept 13
 
An insight into information security.pdf
An insight into information security.pdfAn insight into information security.pdf
An insight into information security.pdf
 
Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"Avoiding the Data Compliance "Hot Seat"
Avoiding the Data Compliance "Hot Seat"
 
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
[Webinar Slides] Data Privacy Solving Negligence, Bad Practices, Access Contr...
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Investigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security BreachInvestigating and Recovering from a Potential Hybrid AD Security Breach
Investigating and Recovering from a Potential Hybrid AD Security Breach
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 

Más de iasaglobal

Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0iasaglobal
 
Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0iasaglobal
 
Adam boczek 2013 bitkom software summit agile architecture v1.3
Adam boczek 2013 bitkom software summit agile architecture v1.3Adam boczek 2013 bitkom software summit agile architecture v1.3
Adam boczek 2013 bitkom software summit agile architecture v1.3iasaglobal
 
Essentials of enterprise architecture tools
Essentials of enterprise architecture toolsEssentials of enterprise architecture tools
Essentials of enterprise architecture toolsiasaglobal
 
Understanding business strategy cutting edge paradigm
Understanding business strategy cutting edge paradigmUnderstanding business strategy cutting edge paradigm
Understanding business strategy cutting edge paradigmiasaglobal
 
Information and data relevance to business
Information and data relevance to businessInformation and data relevance to business
Information and data relevance to businessiasaglobal
 
Case study value of it strategy in hi tech industry
Case study value of it strategy in hi tech industryCase study value of it strategy in hi tech industry
Case study value of it strategy in hi tech industryiasaglobal
 
Max Poliashenko - Enterprise Product Architecture
Max Poliashenko - Enterprise Product ArchitectureMax Poliashenko - Enterprise Product Architecture
Max Poliashenko - Enterprise Product Architectureiasaglobal
 
Michael Gonzalez - Do The Sum of The Parts Equal the Whole
Michael Gonzalez - Do The Sum of The Parts Equal the WholeMichael Gonzalez - Do The Sum of The Parts Equal the Whole
Michael Gonzalez - Do The Sum of The Parts Equal the Wholeiasaglobal
 
Creating Enterprise Value from Business Architecture
Creating Enterprise Value from Business ArchitectureCreating Enterprise Value from Business Architecture
Creating Enterprise Value from Business Architectureiasaglobal
 
Scott Whitmire - Just What is Architecture Anyway
Scott Whitmire - Just What is Architecture AnywayScott Whitmire - Just What is Architecture Anyway
Scott Whitmire - Just What is Architecture Anywayiasaglobal
 
Board of Education Vision 2013-2014
Board of Education Vision 2013-2014Board of Education Vision 2013-2014
Board of Education Vision 2013-2014iasaglobal
 
Sean Kenney - Solving Parallel Software Challenges with Patterns
Sean Kenney - Solving Parallel Software Challenges with PatternsSean Kenney - Solving Parallel Software Challenges with Patterns
Sean Kenney - Solving Parallel Software Challenges with Patternsiasaglobal
 
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of PrinciplesSheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principlesiasaglobal
 
Stephen Cohen - The Impact of Ethics on the Architect
Stephen Cohen - The Impact of Ethics on the ArchitectStephen Cohen - The Impact of Ethics on the Architect
Stephen Cohen - The Impact of Ethics on the Architectiasaglobal
 
William Martinez - Evolution Game
William Martinez - Evolution GameWilliam Martinez - Evolution Game
William Martinez - Evolution Gameiasaglobal
 
Paul Preiss - Enterprise Architecture in Transformation
Paul Preiss - Enterprise Architecture in TransformationPaul Preiss - Enterprise Architecture in Transformation
Paul Preiss - Enterprise Architecture in Transformationiasaglobal
 
Nina Grantcharova - Approach to Separation of Concerns via Design Patterns
Nina Grantcharova - Approach to Separation of Concerns via Design PatternsNina Grantcharova - Approach to Separation of Concerns via Design Patterns
Nina Grantcharova - Approach to Separation of Concerns via Design Patternsiasaglobal
 
Roger Sessions - The Snowman Architecture
Roger Sessions - The Snowman ArchitectureRoger Sessions - The Snowman Architecture
Roger Sessions - The Snowman Architectureiasaglobal
 
Strategic Portfolio Management for IT
Strategic Portfolio Management for ITStrategic Portfolio Management for IT
Strategic Portfolio Management for ITiasaglobal
 

Más de iasaglobal (20)

Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0
 
Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0Adam boczek 2015 agile architecture in 10 steps v1.0
Adam boczek 2015 agile architecture in 10 steps v1.0
 
Adam boczek 2013 bitkom software summit agile architecture v1.3
Adam boczek 2013 bitkom software summit agile architecture v1.3Adam boczek 2013 bitkom software summit agile architecture v1.3
Adam boczek 2013 bitkom software summit agile architecture v1.3
 
Essentials of enterprise architecture tools
Essentials of enterprise architecture toolsEssentials of enterprise architecture tools
Essentials of enterprise architecture tools
 
Understanding business strategy cutting edge paradigm
Understanding business strategy cutting edge paradigmUnderstanding business strategy cutting edge paradigm
Understanding business strategy cutting edge paradigm
 
Information and data relevance to business
Information and data relevance to businessInformation and data relevance to business
Information and data relevance to business
 
Case study value of it strategy in hi tech industry
Case study value of it strategy in hi tech industryCase study value of it strategy in hi tech industry
Case study value of it strategy in hi tech industry
 
Max Poliashenko - Enterprise Product Architecture
Max Poliashenko - Enterprise Product ArchitectureMax Poliashenko - Enterprise Product Architecture
Max Poliashenko - Enterprise Product Architecture
 
Michael Gonzalez - Do The Sum of The Parts Equal the Whole
Michael Gonzalez - Do The Sum of The Parts Equal the WholeMichael Gonzalez - Do The Sum of The Parts Equal the Whole
Michael Gonzalez - Do The Sum of The Parts Equal the Whole
 
Creating Enterprise Value from Business Architecture
Creating Enterprise Value from Business ArchitectureCreating Enterprise Value from Business Architecture
Creating Enterprise Value from Business Architecture
 
Scott Whitmire - Just What is Architecture Anyway
Scott Whitmire - Just What is Architecture AnywayScott Whitmire - Just What is Architecture Anyway
Scott Whitmire - Just What is Architecture Anyway
 
Board of Education Vision 2013-2014
Board of Education Vision 2013-2014Board of Education Vision 2013-2014
Board of Education Vision 2013-2014
 
Sean Kenney - Solving Parallel Software Challenges with Patterns
Sean Kenney - Solving Parallel Software Challenges with PatternsSean Kenney - Solving Parallel Software Challenges with Patterns
Sean Kenney - Solving Parallel Software Challenges with Patterns
 
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of PrinciplesSheila Jeffrey - Well Behaved Data - It's a Matter of Principles
Sheila Jeffrey - Well Behaved Data - It's a Matter of Principles
 
Stephen Cohen - The Impact of Ethics on the Architect
Stephen Cohen - The Impact of Ethics on the ArchitectStephen Cohen - The Impact of Ethics on the Architect
Stephen Cohen - The Impact of Ethics on the Architect
 
William Martinez - Evolution Game
William Martinez - Evolution GameWilliam Martinez - Evolution Game
William Martinez - Evolution Game
 
Paul Preiss - Enterprise Architecture in Transformation
Paul Preiss - Enterprise Architecture in TransformationPaul Preiss - Enterprise Architecture in Transformation
Paul Preiss - Enterprise Architecture in Transformation
 
Nina Grantcharova - Approach to Separation of Concerns via Design Patterns
Nina Grantcharova - Approach to Separation of Concerns via Design PatternsNina Grantcharova - Approach to Separation of Concerns via Design Patterns
Nina Grantcharova - Approach to Separation of Concerns via Design Patterns
 
Roger Sessions - The Snowman Architecture
Roger Sessions - The Snowman ArchitectureRoger Sessions - The Snowman Architecture
Roger Sessions - The Snowman Architecture
 
Strategic Portfolio Management for IT
Strategic Portfolio Management for ITStrategic Portfolio Management for IT
Strategic Portfolio Management for IT
 

Último

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Último (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Michael Jay Freer - Information Obfuscation

  • 1. Information Obfuscation (Data Masking) Protecting Corporate Data-Assets Presented by Michael Jay Freer
  • 2. Michael Jay Freer, SSGB, ITIL(v3), - Information Management professional providing thought leadership to fortune 500 companies including MetLife Bank, Tyco Safety Products, Capital One, Brinks Home Security, and Zales. Over his 25+ years experience he has worked with business executives providing solutions in Michael Jay Freer - Presenter Bio business executives providing solutions in financial management, manufacturing, supply chain management, retail, marketing, and hospitality industries. As an Enterprise Architect at MetLife Bank, Michael Jay specialized in Information Obfuscation facilitating project solutions for protecting business Confidential and Restricted data. Slide# 2 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 4. Agenda Outlining the Problem Data Masking Golden Rule Defining Information Obfuscation Information Classification Slide# 5 All rights reserved Information Classification Who is Responsible Defining a Common Language Data-Centric Development Governance MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 5. Outlining the Problem Problem Statement Corporate Data breaches are occurring at an alarming rate. 1) It is incumbent on organizations to protect the customer, partner, and employee data with which they are entrusted 2) Ease of access to sensitive information in business systems 3) Using unmasked Confidential and Restricted data in non- production environments exposes risks to company reputationproduction environments exposes risks to company reputation Business Rationale for Obfuscating Data • Reduce Data Breach Risks • Heightened Legal and Regulatory scrutiny of data-protection services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS) • Company Policies and Standards • Fundamental assumption on the part of customers that their data is already de-identified in non-production systems Slide# 6 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 6. Outlining the Problem Problem Statement Corporate Data breaches are occurring at an alarming rate. 1) It is incumbent on organizations to protect the customer, partner, and employee data with which they are entrusted 2) Ease of access to sensitive information in business systems 3) Using unmasked Confidential and Restricted data in non- production environments exposes risks to company reputationproduction environments exposes risks to company reputation Business Rationale for Obfuscating Data • Reduce Data Breach Risks • Heightened Legal and Regulatory scrutiny of data-protection services (i.e.: SOX, HIPAA, GLBA, NPPI, FFIEC, PCI-DSS) • Company Policies and Standards • Fundamental assumption on the part of customers that their data is already de-identified in non-production systems Slide# 8 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 7. Data Masking Golden Rule To put Information Obfuscation (Data Masking) into perspective simply think about yourself: How many vendors or service-providers have your personal information (banks, mortgage holders physicians, pharmacies, retailers, schools you applied to, utilities, cellular carriers, internet providers, etc.)?to, utilities, cellular carriers, internet providers, etc.)? Michael Jay’s Data Masking Golden Rule “Do unto your company’s corporate data-assets as you would have your banker, healthcare provider, or favorite retailer do unto your personal information.” (Use this as your compass to navigate) Slide# 10 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 8. Defining Information Obfuscation Definition Information Obfuscation is the effort in both Business Operations and non-production systems to protect business Confidential and Restricted data from easy access or visibility by unauthorized parties. Framework For our purposes, Information Obfuscation includes access management, data masking, encryption of data-at-rest (DAR) and encryption of data-in-transit including principles for protecting business communications. Slide# 11 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 9. Information Classification Sensitive Data “Sensitive” is a broad term for information considered to be a business trade-secret; or considered private by regulatory rule, legal act, or trade association (i.e.: GLBA, HIPAA, FFIEC, PCI, PHI, PII). Slide# 12 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 10. Information Classification Information Classification Levels Public – non-sensitive data, disclosure will not violate privacy rights Internal Use Only – generally available to employees and approved non-employees. May require a non-disclosure agreement.agreement. Confidential – intended for use only by specified employee groups. Disclosure may compromise an organization, customer, or employee. Restricted – very sensitive, intended for use only by named individuals. Sealed – extremely sensitive, irreparable destruction of confidence in and reputation of the organization Slide# 18 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 11. Information Classification Information Classification Levels Public – non-sensitive data, disclosure will not violate privacy rights Internal Use Only – generally available to employees and approved non-employees. May require a non-disclosure agreement.agreement. Confidential – intended for use only by specified employee groups. Disclosure may compromise an organization, customer, or employee. Restricted – very sensitive, intended for use only by named individuals. Sealed – extremely sensitive, irreparable destruction of confidence in and reputation of the organization Slide# 19 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 12. Who is Responsible You are! No matter your role in the organization, you are responsible for protecting the “corporate data-assets.” Everyone else is also responsible All of your peers are also responsible for protecting theAll of your peers are also responsible for protecting the Corporate Data-Assets. However, you don’t have control over your peers, only over your own vigilance and how you make your management aware of any concerns, risk, or issues with the security of the Corporate Data-Assets. Slide# 22 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 13. Defining a Common Language Communication The Business-Information Owner, Project Stakeholders, Development Teams, and Support Teams need to use a common language when discussing the various obfuscation methods and where in the environment lifecycle an action will occur.will occur. Slide# 23 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 14. Defining a Common Language Communication The Business-Information Owner, Project Stakeholders, Development Teams, and Support Teams need to use a common language when discussing the various obfuscation methods and where in the environment lifecycle an action will occur.will occur. Slide# 24 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 15. Defining a Common Language What are we talking about? Information obfuscation includes any practice of concealing, restricting, fabricating, encrypting, or otherwise obscuring sensitive data. This is usually thought of in the context of non-productionThis is usually thought of in the context of non-production systems but it really encompasses the full information management lifecycle from onboarding of data to developing new functionality to archiving and purging historical data. Slide# 25 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 16. Common Language – Environment Lifecycle Common Environments 1. Development – Code is created, modified and unit tested 2. Testing / QA – System, integration, & regression testing 3. User Acceptance (UAT) – Business-user validation Test new business requirements and regression testTest new business requirements and regression test existing functionality 4. Business Operations – Day-to-day business environment 5. Business Support – Replicate and troubleshoot business issues Slide# 26 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 17. Common Language – Environment Lifecycle Common Environments 1. Development – Code is created, modified and unit tested 2. Testing / QA – System, integration, & regression testing 3. User Acceptance (UAT) – Business-user validation Test new business requirements and regression testTest new business requirements and regression test existing functionality 4. Business Operations – Day-to-day business environment 5. Business Support – Replicate and troubleshoot business issues Slide# 27 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 18. Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted data should not be transferred to non-production environments. A separate secure environment allows for standardized data masking in-place Slide# 29 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 19. Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted data should not be transferred to non-production environments. A separate secure environment allows for standardized data masking in-place Slide# 31 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 20. Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted data should not be transferred to non-production environments. A separate secure environment allows for standardized data masking in-place Slide# 32 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 21. Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted Data should not be transferred to non- production environments. A separate secure environment allows for standardized data masking in-place Slide# 33 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 22. Common Language – Environment Lifecycle Other Possible Environments Isolated Onboarding – When data from 3rd party partners are transitioned in, there may requirements for a secured environment to cleanse and prepare data for integration into the business operations environments Isolated Data-Masking – Unmasked Confidential and Restricted Data should not be transferred to non- production environments. A separate secure environment allows for standardized data masking in-place Slide# 34 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 23. Common Language – Masking Taxonomy Methods of Obfuscating Information Pruning Data Concealing Data Fabricating Data Trimming DataTrimming Data Encrypting Data Separating Data Slide# 36 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 24. Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 37 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 25. Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 38 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 26. Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 39 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 27. Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 40 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 28. Common Language – Where to Obfuscate opmentEnvironment orage ed ncrypted DataMovement Encrypted Data Movement – Data can be removed, shorten, or encrypted Data Stores – Data can be encrypted, data-at-rest (DAR) Interactive User Interfaces – Only show required data or portions of attributes for identification (i.e. account#, license#, SS#) Static Reporting – More restrictive than Interactive User Interfaces Develo DataSto Encrypte En Slide# 41 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 29. Common Language – Masking Taxonomy Methods of Obfuscating Information Pruning Data Concealing Data Fabricating Data Trimming DataTrimming Data Encrypting Data Separating Data Slide# 42 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 30. Common Language – Pruning Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Pruning Data: Removes sensitive data from attributes in non-production environments. The attributes will still appear on data entry screens and reporting but be left blank. Develo DataSto Encrypte En Slide# 43 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 31. Common Language – Pruning Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Example Pruning Data: Removes sensitive data from attributes in non-production environments. The attributes will still appear on data entry screens and reporting but be left blank. Develo DataSto Encrypte En Slide# 44 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Executive Salaries: Employee personnel records can de-identify by changing Emp#, SS#, & names but executive management records are easily tied back to the organizational hierarchy (e.g., top 10 salaries). Example
  • 32. Common Language – Concealing Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Concealing Data: Removes sensitive data from user access and visibility. For data entry screens and reports, the attribute does not appear at all versus being Pruned (blank). Concealing data depends on clear rules for Access, Authentication, and Accountability. Develo DataSto Encrypte En Slide# 45 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 33. Common Language – Concealing Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Concealing Data: Removes sensitive data from user access and visibility. For data entry screens and reports, the attribute does not appear at all versus being Pruned (blank). Concealing data depends on clear rules for Access, Authentication, and Accountability. Develo DataSto Encrypte En Slide# 46 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Bank / Loan Account#: Bank web sites generally do not display account numbers even to the account holder. Example
  • 34. Common Language – Fabricating Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Fabricating Data (synthetic data): 1) Creating data to replace sensitive data 2) Creating data to facilitate full functional testing 3) Creating date for negative testing (error handling) Develo DataSto Encrypte En Slide# 47 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 35. Common Language – Fabricating Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Example Fabricating Data: 1) Creating data to replace sensitive data 2) Creating data to facilitate full functional testing 3) Creating date for negative testing (error handling) Develo DataSto Encrypte En Slide# 48 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Contact ame or ID#: Replacing contact name and ID# is the standard method for de-identifying customer and employee records. Example
  • 36. Common Language – Trimming Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Trimming Data: Removes part of an attribute’s value versus Pruning which removes the entire attribute value. Develo DataSto Encrypte En Slide# 49 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 37. Common Language – Trimming Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Example Trimming Data: Removes part of an attribute’s value versus Pruning which removes the entire attribute value. Develo DataSto Encrypte En Slide# 50 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Social Security# and Credit Card#: Changing SSN# from 123-45-6789 to XXX-XX-6789 (or a new attribute = 6789) so that only part of the information is available, usually for identification. Example
  • 38. Common Language – Encrypting Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Encrypting Data: Encryption can be done at the attribute, table, or database levels (Encrypted data can be decrypted back to the original value) Develo DataSto Encrypte En Slide# 51 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 39. Common Language – Encrypting Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Encrypting Data: Encryption can be done at the attribute, table, or database levels (Encrypted data can be decrypted back to the original value) Develo DataSto Encrypte En Slide# 52 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 40. Common Language – Encrypting Data opmentEnvironment orage ed ncrypted DataMovement Encrypted Credit Card#: Credit card numbers are often encrypted for data transmission for FFIEC and PCI DSS compliance. Example Encrypting Data: Encryption can be done at the attribute, table, or database levels (Encrypted data can be decrypted back to the original value) Develo DataSto Encrypte En Slide# 53 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer for data transmission for FFIEC and PCI DSS compliance. Encrypting credit card numbers at rest (DAR) provides additional security. Credit Card# is an example of an attribute that often falls into multiple Obfuscation Methods.
  • 41. oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 54 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 42. oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 55 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 43. oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 56 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 44. oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 57 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 45. oveSensitiveData oaSecuredTable Common Language – Separating Data Mo to Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Slide# 58 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 46. oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 59 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 47. oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 60 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 48. oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 61 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 49. oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 62 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 50. oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 63 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 51. oveSensitiveData oaSecuredTable Common Language – Separating Data Data Separation: Moves sensitive data into multiple tables. Data can still be joined but Sensitive and Non- sensitive attributes do not reside in a single record. Mo to Slide# 64 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 52. Common Language – Masking Taxonomy Prune – Removes values from non-production systems. Attribute appears on data entry screens and reporting but are blank. Conceal – Removes sensitive data from user access or visibility. For data entry screens and reports, the attribute may not appear at all or be obscured versus being Pruned (blank). Fabricate – Creating data to replace sensitive data and facilitate proper application testing.proper application testing. Trim – Removes part of a data attribute’s value (Pruning removes the entire attribute value) Encrypt – Unlike Fabricated Data, encrypted data can be decrypted back to the original value. Data Separation – Moves specific segments of data or individual datum into separate tables / databases to limit user access or visibility Slide# 65 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 53. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, AccessIssueSuppQualityAssuranceDevelopmentStaff Slide# 67 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 54. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Environments Users groups IssueSuppQualityAssuranceDevelopmentStaff Slide# 68 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Environments Obfuscation Method
  • 55. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access BusinessEnd-users IssueSuppQualityAssuranceDevelopmentStaff Slide# 69 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer BusinessEnd
  • 56. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access BusinessSupport IssueSuppQualityAssuranceDevelopmentStaff Slide# 70 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer BusinessSupport
  • 57. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access UserAcceptance (UAT) IssueSuppQualityAssuranceDevelopmentStaff Slide# 71 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer UserAcceptance (UAT)
  • 58. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access QA/Testing IssueSuppQualityAssuranceDevelopmentStaff Slide# 72 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer QA/Testing
  • 59. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Development IssueSuppQualityAssuranceDevelopmentStaff Slide# 73 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Development
  • 60. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Business End-users IssueSuppQualityAssuranceDevelopmentStaff Slide# 74 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 61. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Support Staff IssueSuppQualityAssuranceDevelopmentStaff Slide# 75 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Support Staff
  • 62. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, AccessIssueSuppQualityAssuranceDevelopmentStaff Slide# 76 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer QA Testing Team
  • 63. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, AccessIssueSuppQualityAssuranceDevelopmentStaff Slide# 77 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Development Team
  • 64. BusinessEnd-UserAccessportStaff Matrix – Method, Environment, Access Developers in developersin DevelopmentEnv IssueSuppQualityAssuranceDevelopmentStaff Slide# 78 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer Developers in Non-development Environments Non-developersin DevelopmentEnv
  • 65. BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access No Access to IssueSuppoQualityAssuranceDevelopmentStaff Slide# 79 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer No Access to environment or data
  • 66. BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access Last Four Digits IssueSuppoQualityAssuranceDevelopmentStaff Slide# 80 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 67. BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access Fabricate Data IssueSuppoQualityAssuranceDevelopmentStaff Slide# 81 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 68. BusinessEnd-UserAccessortStaff Matrix – Method, Environment, Access Not Acknowledged IssueSuppoQualityAssuranceDevelopmentStaff Slide# 82 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 69. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 84 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 70. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 86 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 71. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 87 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 72. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 88 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 73. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 89 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 74. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set including the items above and is likely to be a combination of fabricated and masked data Slide# 90 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 75. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set, including the items above, and is likely to be a combination of fabricated and masked data (de-identified records) Slide# 91 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 76. Data-Centric Development Projects that center around data analysis (i.e.: dashboards, BI, data-marts / warehouses, etc.) often claim that they must have “production data” to develop the solution. It is true that the business will need production data for user acceptance testing (UAT) but let’s consider a few other facts: 1) Negative testing will require fabricated data 2) New functionality will also likely require fabricated data 3) Existing production data may not contain all possible values or permutations of data so full positive testing will also require some level of fabricated data 4) Full regression testing will require a standardized test set, including the items above, and is likely to be a combination of fabricated and masked data (de-identified records) Slide# 92 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 77. Governance Data stewardship is a key success factor for good data governance and in this case for good Information Obfuscation. No one person will be aware of every government regulation, trade association guideline, business functional requirement, or company policy.requirement, or company policy. Include representatives from data stewardship, security, internal audit, and quality assurance teams in your solution planning and project development teams. Slide# 93 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 78. Information Obfuscation Summary 1. Obfuscation occurs throughout the information lifecycle not just in non-production environments 2. Everyone is responsible for protecting the corporate data assets and the best data security tool is vigilance 3. Use a defined language to communicate who, what, where, when, why, and how obfuscation will occurwhere, when, why, and how obfuscation will occur 4. Make Information Obfuscation part of your organization’s business-as-usual (BAU) processes 5. Follow Michael Jay’s Data Masking Golden Rule “Do unto your company’s corporate data-assets as you would have your banker, healthcare provider, or retailer do unto your personal information.” Slide# 99 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 79. Questions? Slide# 100 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 80. Thank You! Slide# 101 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 81. Appendix Reference Material Slide# 102 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 82. Legal & Regulatory Alphabet Soup (Sampling) GLBA – The Gramm–Leach–Bliley Act allowed consolidation of commercial & investment banks, securities, & insurance co. PPI – Nonpublic Personal Information - Financial consumer’s personally identifiable information (see GLBA) OCC – Office of the Controller of Currency regulates banks. PCI – Payment Card Industry; defines Data Security StandardPCI – Payment Card Industry; defines Data Security Standard (PCI DSS) processing, storage, or transmitting credit card info. PHI – Patient Health Information - Dept of Health & Human Services (“HHS”) Privacy Rule (see HIPAA). PII – Personally Identifiable Information; used to uniquely identify an individual. (Legal definitions vary by jurisdiction.) Slide# 103 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer
  • 83. Sample Cross Reference Chart Data Point PII PCI PPI PHI Customer - The Fact That an Individual is a Customer ** X First, or Last Name *; Mother's Maiden Name X X Country, State, Or City Of Residence * X X Telephone# (Home, Cell, Fax) X X Birthday, Birthplace, Age, Gender, or Race * Social Security#, Account#, Driver's License#, National ID ++ X X Passport#, Issuing Country Credit Card Numbers, Expiration Date, Credit Card Security Code X XCredit Card Numbers, Expiration Date, Credit Card Security Code X X Credit Card Purchase X Grades, Salary, or Job Position * Vehicle Identifiers, Serial Numbers, License Plate Numbers X Email - Electronic Mail Addresses; IP Address, Web URLs X Biometric Identifiers, Face, Fingerprints, or Handwriting Dates - All Elements of Dates (Except Year +) X Medical Record#, Genetic Information, Health Plan Beneficiary# X * More likely used in combination with other personal data ** GLBA regulation to fall into the “Restricted” classification + All elements of dates (including year) if age 90 or older ++ Varies by Jurisdiction Slide# 104 All rights reserved MJFreer@QualityBI.com (954) 249-1530 Michael Jay Freer