SlideShare une entreprise Scribd logo
1  sur  19
Summary
◼ INFORMATION SECURITY
◼ IMPORTANCE OF INFORMATION SECURITY TODAY
◼ HIGH PROFILE SECURITY BREACHES (NOTABLE EVENTS)
◼ COMPLIANCE REQUIREMENTS FOR INFORMATION SECURITY (HIPPA, PCI-DSS, ISO 27001, FISMA, SOX)
◼ TAKING INFORMATION SECURITY BEYOND A COMPLIANCE FIRST
◼ BASICS OF INFORMATION SECURITY
◼ IMPORTANCE OF DATA GOVERNANCE IN INFORMATION SECURITY
◼ PRIVACY
◼ IMPORTANCE OF PRIVACY TODAY
◼ CHANGING AND EVOLVING PRIVACY REQUIREMENTS
◼ IMPORTANCE OF DATA GOVERNANCE IN PRIVACY
◼ DATA GOVERNANCE AND DATA PRIVACY
◼ WHY DATA?
◼ DATA PRIVACY - DATA PROCESSING PRINCIPLES
◼ DATA GOVERNANCE (ROPA ) AS A TOOL
◼ RECENT HIGH IMPACT DATA BREACHES
◼ RECENT HIGH PROFILE DATA BREACHES
◼ IMPACT ON CUSTOMER TRUST
◼ IMPACT OF DATA BREACH
◼ FURTHER NOTES
IMPORTANCE OF INFORMATION SECURITY TODAY
Hacking as Service
Hire hackers to get
access to company
networks
Ransomware as a
Service
Subscription based
model to use already-
developed ransomware.
Denial of Service as
a Service
A pre-configured
infrastructure for use of
DDoS attacks.
Supply Chain Attacks
Attack of a common vendor or
supplier to infiltrate numerous
company networks and systems.
Companies have a large number of
third-party vendors and SaaS
solutions that integrate with their
systems and networks.
Internet of Things
According to Gartner, IoT devices in
2020 which will grow to 75 million by
2025. IoT Malware attacks rose 700%
during the pandemic. Attacks towards
televisions, security cameras,
autonomous vehicles, to medical
devices/pacemakers.
Artificial Intelligence & Automation
Cyber criminals use AI for targeted spear-phishing
attacks using deepfakes and voice-cloning.
Weaponized AI self-seeks vulnerabilities, uses
concealed intelligent’ malware to laterally move,
executes at specific times, and acquires system
knowledge to vary attacks. PassGan uses neural
network to lean the statistical distribution of
passwords from leaks and generates high-quality
guesses.
COMPLIANCE REQUIREMENTS FOR INFORMATION
SECURITY
HIGH PROFILE SECURITY BREACHES (NOTABLE
EVENTS)
Ransomware attack in July that paralyzed as
many as 1,500 organizations by compromising
tech-management software from a company
called Kaseya
SolarWinds, a major US information
technology firm, was the subject of a
cyberattack that spread to its clients and
went undetected for months.
The hack that took down the largest fuel
pipeline in the U.S. and led to shortages
across the East Coast. Hackers entered
the network through a VPN account,
which did not use MFA.
TAKING INFORMATION SECURITY BEYOND COMPLIANCE
◼ Compliance Frameworks help drive business to
practice due diligence and make decisions not just
based on cost.
◼ Compliance frameworks are the basic building
blocks.
◼ Organizations looking to meet compliance
requirements may avoid penalties but may not
always be secure.
◼ Compliance is important, clearly, but it should be a
subset of the overall security strategy.
◼ One must always stay ahead of compliance. E.g., IoT.
START WITH THE BASICS – BASIC CYBER HYGENIE
A prioritized and prescriptive set of safeguards mitigate
approximately 83% of all attack techniques found in the MITRE
ATT&CK Framework.
Implementation Group 1 (IG1) of the Controls provide mitigation
against the attack techniques found in the top four attack patterns
listed in the 2019 Verizon Data Breach Investigations Report (DBIR),
including ransomware.
Key Next Steps:
 Identify business goals and objectives.
 Start with a gap assessment.
 Get senior leadership buy-in.
 Focus on the basics of cyber-hygiene and do it well.
 Strengthen your incident response.
 Roadmap to compliance & maturity.
“NOT IF BUT WHEN” AN INCIDENT WILL OCCUR
◼ USE the “CYBER KILL CHAIN” to understand how cyber
criminals attack and gain access to systems.
◼ Build “DETECTION & PREVENTION” based on the kill chain
to reduce the mean time to detect.
◼ Develop an “INCIDENT RESPONSE PLAN” to be prepared
and reduce the mean time to respond.
Source: 2021 IBM Cost of Data Breach Report found that the average time to detect and contain a data breach is 280 days
https://www.ibm.com/security/data-breach
Source: Lockheed Martin Cyber Kill Chain
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
DATA DRIVEN ERA - IMPORTANCE OF DATA GOVERNANCE
◼ Data today is one of the most important assets of the organization.
◼ Data governance saves money reducing duplication, errors and increasing integrity.
◼ Data governance increases access to data sharing across the organization
◼ Strong data governance ensures an organization is complying with all regulatory requirements and compliance frameworks.
Data-driven organizations are 23
times more likely to acquire
customers.
Sources:
https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights
https://bi-survey.com/big-data-benefits
https://www.forrester.com/report/InsightsDriven+Businesses+Set+The+Pace+For+Global+Growth/-/E-RES130848
Businesses that use big
data increase their profit
by 8 percent.
62% of retailers report that the
use of information and analytics
is creating a competitive
advantage for their
organization.
Insight-driven businesses are
growing at an average of 30% each
year; by 2021, they are predicted
to take $1.8 trillion annually from
their less-informed industry
competitors.
WHY DATA?
The world’s most valuable resource is no longer oil, but data | The Economist
The world’s most valuable resource is no longer oil but DATA.
What are you doing to PROTECT your most precious resource? Who has ACCESS to it? Do you know
WHERE it is? Do you know its VALUE?
What do you know about your most precious resource?
DATA PRIVACY - DATA PROCESSING PRINCIPLES
UK GDPR outlines 7 principles for processing data to create a solid framework for minimizing risk exposure:
1. Lawfulness, Fairness and Transparency
2. Purpose Limitation
3. Data Minimization
4. Accuracy
5. Storage Limitation
6. Integrity and Confidentiality
7. Accountability
Failure to comply leads to fines, breach of trust, operational disruption …..
Art. 5 GDPR – Principles relating to processing of personal data | General Data Protection Regulation (GDPR) (gdpr-info.eu)
DATA GOVERNANCE & (RECORD of PROCESSING ACTIVITIES) AS TOOLS
The GDPR obligates documentation of the processing activities relating to your data.
Good data governance and RoPA allow you to understand:
1. What data you have
2. Where your data is located
3. How the data is used
4. Who the data is shared with
This ensures data security, availability, integrity and consistency
Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org)
Records of Processing Activities | General Data Protection Regulation (GDPR) (gdpr-info.eu)
HIGH IMPACT DATA BREACHES
These data breaches show case the importance of data governance, information security and data privacy in
protecting data
June 2021
Impact: 700 Million records
Hackers scraped data by exploiting
LinkedIn’s API
Exposed data includes: Email
addresses, phone numbers,
geolocation records, LinkedIn
usernames and profile URLs, other
social media accounts & details
among others
April 2019
Impact: 533 Million records
2 Third party Facebook app datasets
exposed to public internet
Exposed data includes: Account
names, Facebook ID’s, likes, reactions,
comments and others
July 2021
Impact: Up to 1500 Organizations
records
Supply Chain Ransom ware
Exposed data includes: Organizational
database, user names and passwords
and sensitive information
The 57 Biggest Data Breaches (Updated for 2021) | UpGuard
RECENT DATA BREACH FINES
1.
2.
3.
4.
$886 MILLION
€50 MILLION
€35.3 MILLION
£20 MILLION
Three years of GDPR: the biggest fines so far - BBC News
IMPACT ON CONSUMER TRUST
The average customer is becoming privacy aware,
security aware and over all, DATA AWARE
Building consumer trust: Protecting personal data in the consumer product industry | Deloitte Insights
IMPACT OF DATA BREACH
1. FINANCIAL LOSS
2. REPUTATIONAL DAMAGE
3. OPERATIONAL DOWNTIME
4. LEGAL ACTION
5. LOSS OF SENSITIVE DATA
Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org)
What’s New in the 2021 Cost of a Data Breach Report - Security Intelligence
FURTHER NOTES
Data & Information Governance at UNSW | Data Governance
According to a Cisco analysis (2020), companies who have invested in privacy measures
experience positive returns on investments.
Based on responses from 2,500 professionals across 13 countries, companies on average
received $2.70 for every $1 spend on their privacy program.
Implementing a mature privacy program, developing a robust data governance in alignment with
company goals and implementing an efficient information security system proactive in threat
detection and incident response are key to reducing data breaches.
Study: Mature privacy programs experience higher ROI (iapp.org)
SUMMARY
1. KNOW YOUR DATA
2. PROTECT YOUR DATA
3. APPLY THE DATA PROCESSING PRINCPLES
4. INVEST IN A MATURE PRIVACY PROGRAM
5. BUILD AND IMPLEMENT A ROBUST INFORMATION SECURITY PROGRAM
THANK YOU
?
hardeep.mehrotara@gmail.com Hardeep Mehrotara
olasow@yahoo.com Mojisola Abi Sowemimo

Contenu connexe

Tendances

Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
ReZa AdineH
 

Tendances (20)

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101  NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
ISO 27005 Risk Assessment
ISO 27005 Risk AssessmentISO 27005 Risk Assessment
ISO 27005 Risk Assessment
 
IBM Security QRadar
 IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
WHY SOC Services needed?
WHY SOC Services needed?WHY SOC Services needed?
WHY SOC Services needed?
 
SOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations CenterSOC presentation- Building a Security Operations Center
SOC presentation- Building a Security Operations Center
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Information Serurity Risk Assessment Basics
Information Serurity Risk Assessment BasicsInformation Serurity Risk Assessment Basics
Information Serurity Risk Assessment Basics
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
 

Similaire à Information Security vs. Data Governance vs. Data Protection: What Is the Real Difference

Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_Pitfalls
Laris Orman
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
Erik Ginalick
 

Similaire à Information Security vs. Data Governance vs. Data Protection: What Is the Real Difference (20)

Five_Big_Data_Security_Pitfalls
Five_Big_Data_Security_PitfallsFive_Big_Data_Security_Pitfalls
Five_Big_Data_Security_Pitfalls
 
Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...Data centric security key to digital business success - ulf mattsson - bright...
Data centric security key to digital business success - ulf mattsson - bright...
 
3 guiding priciples to improve data security
3 guiding priciples to improve data security3 guiding priciples to improve data security
3 guiding priciples to improve data security
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Where data security and value of data meet in the cloud brighttalk webinar ...
Where data security and value of data meet in the cloud   brighttalk webinar ...Where data security and value of data meet in the cloud   brighttalk webinar ...
Where data security and value of data meet in the cloud brighttalk webinar ...
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
The Three Pitfalls of Data Security
The Three Pitfalls of Data SecurityThe Three Pitfalls of Data Security
The Three Pitfalls of Data Security
 
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data AssetsFS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
FS-ISAC APAC Summit 2017 Singapore - Of Crown Jewels and Data Assets
 
Cybersecurity solution-guide
Cybersecurity solution-guideCybersecurity solution-guide
Cybersecurity solution-guide
 
Protect your confidential information while improving services
Protect your confidential information while improving servicesProtect your confidential information while improving services
Protect your confidential information while improving services
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Who is the next target proactive approaches to data security
Who is the next target   proactive approaches to data securityWho is the next target   proactive approaches to data security
Who is the next target proactive approaches to data security
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
Cyber Security Demistyified
Cyber Security DemistyifiedCyber Security Demistyified
Cyber Security Demistyified
 
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
Strategic Direction Session: Enhancing Data Privacy with Data-Centric Securit...
 
New regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscapeNew regulations and the evolving cybersecurity technology landscape
New regulations and the evolving cybersecurity technology landscape
 

Plus de PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

Plus de PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Dernier

The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi  6.pdf1029-Danh muc Sach Giao Khoa khoi  6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Dernier (20)

Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Understanding Accommodations and Modifications
Understanding  Accommodations and ModificationsUnderstanding  Accommodations and Modifications
Understanding Accommodations and Modifications
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi  6.pdf1029-Danh muc Sach Giao Khoa khoi  6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 

Information Security vs. Data Governance vs. Data Protection: What Is the Real Difference

  • 1.
  • 2. Summary ◼ INFORMATION SECURITY ◼ IMPORTANCE OF INFORMATION SECURITY TODAY ◼ HIGH PROFILE SECURITY BREACHES (NOTABLE EVENTS) ◼ COMPLIANCE REQUIREMENTS FOR INFORMATION SECURITY (HIPPA, PCI-DSS, ISO 27001, FISMA, SOX) ◼ TAKING INFORMATION SECURITY BEYOND A COMPLIANCE FIRST ◼ BASICS OF INFORMATION SECURITY ◼ IMPORTANCE OF DATA GOVERNANCE IN INFORMATION SECURITY ◼ PRIVACY ◼ IMPORTANCE OF PRIVACY TODAY ◼ CHANGING AND EVOLVING PRIVACY REQUIREMENTS ◼ IMPORTANCE OF DATA GOVERNANCE IN PRIVACY ◼ DATA GOVERNANCE AND DATA PRIVACY ◼ WHY DATA? ◼ DATA PRIVACY - DATA PROCESSING PRINCIPLES ◼ DATA GOVERNANCE (ROPA ) AS A TOOL ◼ RECENT HIGH IMPACT DATA BREACHES ◼ RECENT HIGH PROFILE DATA BREACHES ◼ IMPACT ON CUSTOMER TRUST ◼ IMPACT OF DATA BREACH ◼ FURTHER NOTES
  • 3. IMPORTANCE OF INFORMATION SECURITY TODAY Hacking as Service Hire hackers to get access to company networks Ransomware as a Service Subscription based model to use already- developed ransomware. Denial of Service as a Service A pre-configured infrastructure for use of DDoS attacks. Supply Chain Attacks Attack of a common vendor or supplier to infiltrate numerous company networks and systems. Companies have a large number of third-party vendors and SaaS solutions that integrate with their systems and networks. Internet of Things According to Gartner, IoT devices in 2020 which will grow to 75 million by 2025. IoT Malware attacks rose 700% during the pandemic. Attacks towards televisions, security cameras, autonomous vehicles, to medical devices/pacemakers. Artificial Intelligence & Automation Cyber criminals use AI for targeted spear-phishing attacks using deepfakes and voice-cloning. Weaponized AI self-seeks vulnerabilities, uses concealed intelligent’ malware to laterally move, executes at specific times, and acquires system knowledge to vary attacks. PassGan uses neural network to lean the statistical distribution of passwords from leaks and generates high-quality guesses.
  • 4. COMPLIANCE REQUIREMENTS FOR INFORMATION SECURITY
  • 5. HIGH PROFILE SECURITY BREACHES (NOTABLE EVENTS) Ransomware attack in July that paralyzed as many as 1,500 organizations by compromising tech-management software from a company called Kaseya SolarWinds, a major US information technology firm, was the subject of a cyberattack that spread to its clients and went undetected for months. The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast. Hackers entered the network through a VPN account, which did not use MFA.
  • 6. TAKING INFORMATION SECURITY BEYOND COMPLIANCE ◼ Compliance Frameworks help drive business to practice due diligence and make decisions not just based on cost. ◼ Compliance frameworks are the basic building blocks. ◼ Organizations looking to meet compliance requirements may avoid penalties but may not always be secure. ◼ Compliance is important, clearly, but it should be a subset of the overall security strategy. ◼ One must always stay ahead of compliance. E.g., IoT.
  • 7. START WITH THE BASICS – BASIC CYBER HYGENIE A prioritized and prescriptive set of safeguards mitigate approximately 83% of all attack techniques found in the MITRE ATT&CK Framework. Implementation Group 1 (IG1) of the Controls provide mitigation against the attack techniques found in the top four attack patterns listed in the 2019 Verizon Data Breach Investigations Report (DBIR), including ransomware. Key Next Steps:  Identify business goals and objectives.  Start with a gap assessment.  Get senior leadership buy-in.  Focus on the basics of cyber-hygiene and do it well.  Strengthen your incident response.  Roadmap to compliance & maturity.
  • 8. “NOT IF BUT WHEN” AN INCIDENT WILL OCCUR ◼ USE the “CYBER KILL CHAIN” to understand how cyber criminals attack and gain access to systems. ◼ Build “DETECTION & PREVENTION” based on the kill chain to reduce the mean time to detect. ◼ Develop an “INCIDENT RESPONSE PLAN” to be prepared and reduce the mean time to respond. Source: 2021 IBM Cost of Data Breach Report found that the average time to detect and contain a data breach is 280 days https://www.ibm.com/security/data-breach Source: Lockheed Martin Cyber Kill Chain https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html
  • 9. DATA DRIVEN ERA - IMPORTANCE OF DATA GOVERNANCE ◼ Data today is one of the most important assets of the organization. ◼ Data governance saves money reducing duplication, errors and increasing integrity. ◼ Data governance increases access to data sharing across the organization ◼ Strong data governance ensures an organization is complying with all regulatory requirements and compliance frameworks. Data-driven organizations are 23 times more likely to acquire customers. Sources: https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights https://bi-survey.com/big-data-benefits https://www.forrester.com/report/InsightsDriven+Businesses+Set+The+Pace+For+Global+Growth/-/E-RES130848 Businesses that use big data increase their profit by 8 percent. 62% of retailers report that the use of information and analytics is creating a competitive advantage for their organization. Insight-driven businesses are growing at an average of 30% each year; by 2021, they are predicted to take $1.8 trillion annually from their less-informed industry competitors.
  • 10. WHY DATA? The world’s most valuable resource is no longer oil, but data | The Economist The world’s most valuable resource is no longer oil but DATA. What are you doing to PROTECT your most precious resource? Who has ACCESS to it? Do you know WHERE it is? Do you know its VALUE? What do you know about your most precious resource?
  • 11. DATA PRIVACY - DATA PROCESSING PRINCIPLES UK GDPR outlines 7 principles for processing data to create a solid framework for minimizing risk exposure: 1. Lawfulness, Fairness and Transparency 2. Purpose Limitation 3. Data Minimization 4. Accuracy 5. Storage Limitation 6. Integrity and Confidentiality 7. Accountability Failure to comply leads to fines, breach of trust, operational disruption ….. Art. 5 GDPR – Principles relating to processing of personal data | General Data Protection Regulation (GDPR) (gdpr-info.eu)
  • 12. DATA GOVERNANCE & (RECORD of PROCESSING ACTIVITIES) AS TOOLS The GDPR obligates documentation of the processing activities relating to your data. Good data governance and RoPA allow you to understand: 1. What data you have 2. Where your data is located 3. How the data is used 4. Who the data is shared with This ensures data security, availability, integrity and consistency Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org) Records of Processing Activities | General Data Protection Regulation (GDPR) (gdpr-info.eu)
  • 13. HIGH IMPACT DATA BREACHES These data breaches show case the importance of data governance, information security and data privacy in protecting data June 2021 Impact: 700 Million records Hackers scraped data by exploiting LinkedIn’s API Exposed data includes: Email addresses, phone numbers, geolocation records, LinkedIn usernames and profile URLs, other social media accounts & details among others April 2019 Impact: 533 Million records 2 Third party Facebook app datasets exposed to public internet Exposed data includes: Account names, Facebook ID’s, likes, reactions, comments and others July 2021 Impact: Up to 1500 Organizations records Supply Chain Ransom ware Exposed data includes: Organizational database, user names and passwords and sensitive information The 57 Biggest Data Breaches (Updated for 2021) | UpGuard
  • 14. RECENT DATA BREACH FINES 1. 2. 3. 4. $886 MILLION €50 MILLION €35.3 MILLION £20 MILLION Three years of GDPR: the biggest fines so far - BBC News
  • 15. IMPACT ON CONSUMER TRUST The average customer is becoming privacy aware, security aware and over all, DATA AWARE Building consumer trust: Protecting personal data in the consumer product industry | Deloitte Insights
  • 16. IMPACT OF DATA BREACH 1. FINANCIAL LOSS 2. REPUTATIONAL DAMAGE 3. OPERATIONAL DOWNTIME 4. LEGAL ACTION 5. LOSS OF SENSITIVE DATA Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org) What’s New in the 2021 Cost of a Data Breach Report - Security Intelligence
  • 17. FURTHER NOTES Data & Information Governance at UNSW | Data Governance According to a Cisco analysis (2020), companies who have invested in privacy measures experience positive returns on investments. Based on responses from 2,500 professionals across 13 countries, companies on average received $2.70 for every $1 spend on their privacy program. Implementing a mature privacy program, developing a robust data governance in alignment with company goals and implementing an efficient information security system proactive in threat detection and incident response are key to reducing data breaches. Study: Mature privacy programs experience higher ROI (iapp.org)
  • 18. SUMMARY 1. KNOW YOUR DATA 2. PROTECT YOUR DATA 3. APPLY THE DATA PROCESSING PRINCPLES 4. INVEST IN A MATURE PRIVACY PROGRAM 5. BUILD AND IMPLEMENT A ROBUST INFORMATION SECURITY PROGRAM
  • 19. THANK YOU ? hardeep.mehrotara@gmail.com Hardeep Mehrotara olasow@yahoo.com Mojisola Abi Sowemimo