SlideShare a Scribd company logo

IDLPP Data Leakage Prevention Strategy

Ben Omoakin Oguntala, developingafrica(dot)net
Ben Omoakin Oguntala, developingafrica(dot)net

This paper describes how we implement our inherent Data leakage prevention program that enables your organisation prospective compliance from implementation day.

TechnologyBusiness
1 of 15
Download to read offline
Inherent Data Leakage Prevention Program (IDLPP) By Ben Oguntala Solutions Director www.dataprotectionofficer.com Ben.oguntala@dataprotectionofficer.com 07812039867 1
Introduction We take standard data leakage prevention and convert them into automated processes that are linked up as part of your organisation’s Data Leakage Prevention strategy. Management Business processes End devices Network systems Comms Suppliers IDLPP in IDLPP activated IDLPP activated & IDLPP baseline IDLPP provisions IDLPP automated management & automated in automated within on all comms on all suppliers business processes decisions end devices the network systems contracts Re-uses incumbent Activated and Compatible with Embedded within technology automated the DLP strategy the organisation 2
What is the Data Leakage Strategy? The Data Leakage strategy DLP policy & DLP baseline & DLP Risk procedures enforcement monitoring management • All assets that • All assets will • Integration of • To ensure that are considered in have DLP IDLPP to your once the scope will have a baseline or current standard is set DLP policy. adopt a hybrid monitoring there is feature. solution. continuous risk assessment in place. 3
IDLPP overview DMZ tier Middle tier Database tier Data Intranet Extranet Business processes Data IDLPP in ingress and egress traffic IDLPP is embedded with each aspect of your network to ensure holistic approach 4
IDLPP features IDLPP product features Data loss prevention Firewall DMZ tier Middle tier Database tier Intranet Anti-spam Data Host IPS Anti-malware Encryption Device control Extranet Network access control Web filtering Servers Desktop Compliance Data Application control Laptops 5
Integration of IDLPP into management decisions. Management Business process will include DLP into their considerations. IDLPP features (2) Business processes Servers, workstations, Laptops and Mobiles will all have IDLPP embedded End devices Network systems like Switches, Routers, firewalls, IPS, IDS will have an element of IDLPP Network systems IDLPP policies and procedures will be applied to comms devices e.g. Email, printers and mobiles Comms IDLPP will be included in contracts with suppliers and self audit capability to report on compliance 6 Suppliers
3rd parties and extranets 3rd party hosting facility Customer intranet Supplier Extranet Extranet Internet - IDLPP will allow you to audit 3rd party suppliers on an ongoing basis. - Via contract, IDLPP will be able to extend from customer intranet to their suppliers and 3rd party hosting facilities. 7
Applicable standards Several Data FSA Data Data seal Regulatory PCI DSS SOX 404 ISO27001 Protection Act security (DMA) requirements Policies, procedures & baselines Network Change Security Data Data Compliance security mgmt mgmt security security Business Project Compliance 3rd party Change process Data security cycle security mgmt security Access Data Privacy End point End point Data control impact security security security security assessment 3rd party 3rdparty security Access Access 3rd party security 3rd party control control security security End Data End security Access Security point End point control mgmt point security security security Change mgmt Monitor Monitor Change mgmt Monitor 8
IDLPP change management Data FSA Data Data seal PCI DSS SOX 404 ISO27001 Protection security (DMA) Act Project/Change Each requires operational risk Currently manual and assessment assessments on an ongoing basis. not cohesive Each requires supplier audits & pre- Costly to carry out 3rd party audits engagement and in flight visits, uncoordinated Compliance Each requires a compliance Disparate views and reporting operation and reporting framework tools Management Notification Each requires a supplier to requirements to be requirements reporting incidents notified 9
IDLPP for Laptops • OS Security build specification • Hardware security baseline • Remote wipe enabled Build • Registration on Asset register Access Hard control disk • Fettered ingress and egress traffic • Auto lock down of all unauthorised connectivity • Authorised USB access only connectivity • secure connectivity USB devices • Encryption policy enforcement • Data encryption in transit and stationary • Access control ( 2 factor authentication) connectivity • Remote wipe functionality Data • Hard disk encryption 10
Benefit to Sophos Customer Compliance automation Automatic enforcement Automatic reporting Automatic auditing Automated consolidation Automatic breach reporting Policies Procedures ISO SOX PCI DPA 3rd parties DS FSA 11
Is the network segregated card holder data adequately secured? PCI DSS Are there risk management processes, change control and Governance in the organisation? SOX 404 Are there policies and procedures that ensures adequate engagement exists between management & business units as well as ISO27001 procedures to support the policies. How much information Assets do I have and with whom am I sharing them. Data What sort of privacy impact assessments are carried out for projects & changes? Protection Act Are there adequate Governance, risk management and adequate security for FSA related confidential & financial information security FSA Data about clients? Does the company have adequate data security controls in place to cater for customer data Key questions from regulations (DMA) they are handling? Data seal 12
IDLPP Gap analysis Countermeasures & Key areas Risks Recommendations Network infrastructure Business processes Software Asset Register Gap Hardware Asset analysis Register Project 3rd party implementation suppliers Data flow definition Policies & procedures Risk Management 13
Engagement timeline Project scope definition (2 man days) • Questionnaire • 2 face to face meeting • Objective definition Gap analysis and fact finding (20 man days) • Mapping out your current network infrastructure • Business processes • Software Asset Register • Hardware Asset Register • 3rd part supplier Assessment • Data flow definition • Risk management process assessment • Policies and processing assessment Audit report (5 man days) • Gap analysis report • Risks and countermeasures • Recommendations and work streams Project implementation • Dependent on work streams 14
THE END http://www.dataprotectionofficer.com/Data-Leakage.aspx 15

Recommended

Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC PresentationCloudComputing
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Charisma CLOUD
Charisma CLOUDCharisma CLOUD
Charisma CLOUDTotalSoft
 
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...elisasson
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Centerdavidzucker
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 

Recommended

Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011Check Point75 Makes3 D Security A Reality Q22011
Check Point75 Makes3 D Security A Reality Q22011chaucheckpoint
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC PresentationCloudComputing
 
VSD Infotech
VSD InfotechVSD Infotech
VSD InfotechVSD infotech
 
Charisma CLOUD
Charisma CLOUDCharisma CLOUD
Charisma CLOUDTotalSoft
 
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...
Minicom White Paper Using Ram To Increase Security And Improve Efficiency In ...elisasson
 
Minicom in the Data Center
Minicom in the Data CenterMinicom in the Data Center
Minicom in the Data Centerdavidzucker
 
Getting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspGetting started on fed ramp sec auth for csp
Getting started on fed ramp sec auth for cspTuan Phan
 
HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010HTLV - DSS @Vilnius 2010
HTLV - DSS @Vilnius 2010Andris Soroka
 
Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseAcmePacket
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Cloudera, Inc.
 
Corporate overview 1.2
Corporate overview 1.2Corporate overview 1.2
Corporate overview 1.2Laxman Marpalle
 
HTS Solutions
HTS SolutionsHTS Solutions
HTS Solutionsdsphilli
 
Managing API Security in SaaS and Cloud
Managing API Security in SaaS and CloudManaging API Security in SaaS and Cloud
Managing API Security in SaaS and CloudCA API Management
 
Managing API Security in SaaS and Cloud
Managing API Security in SaaS and CloudManaging API Security in SaaS and Cloud
Managing API Security in SaaS and CloudCA API Management
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
上海It外包
上海It外包上海It外包
上海It外包commitshanghai
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center SecuritySzymon Dowgwillowicz-Nowicki
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
Stone gate ips
Stone gate ipsStone gate ips
Stone gate ipsMultibyte Consultoria
 
V i d e o M a n a g e d S e r V i c e S
V i d e o M a n a g e d S e r V i c e SV i d e o M a n a g e d S e r V i c e S
V i d e o M a n a g e d S e r V i c e SVideoguy
 
About graycon
About grayconAbout graycon
About grayconmartyrj
 
Miratech Infrastructure Support Services
Miratech Infrastructure Support ServicesMiratech Infrastructure Support Services
Miratech Infrastructure Support ServicesMiratech
 
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...IBM India Private Limited
 
Tc Brochure
Tc BrochureTc Brochure
Tc Brochureshylton
 
SmartCloud Monitoring, Peter Vernegreen, IBM
SmartCloud Monitoring, Peter Vernegreen, IBMSmartCloud Monitoring, Peter Vernegreen, IBM
SmartCloud Monitoring, Peter Vernegreen, IBMIBM Danmark
 
Innovis Company Overview (January 2012)
Innovis Company Overview (January 2012)Innovis Company Overview (January 2012)
Innovis Company Overview (January 2012)Innovis_careers
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
 
C2MS
C2MSC2MS
C2MShemanth102030
 

More Related Content

What's hot

Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseAcmePacket
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Cloudera, Inc.
 
HTS Solutions
HTS SolutionsHTS Solutions
HTS Solutionsdsphilli
 
Managing API Security in SaaS and Cloud
Managing API Security in SaaS and CloudManaging API Security in SaaS and Cloud
Managing API Security in SaaS and CloudCA API Management
 
Managing API Security in SaaS and Cloud
Managing API Security in SaaS and CloudManaging API Security in SaaS and Cloud
Managing API Security in SaaS and CloudCA API Management
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloudtcarrucan
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Anindya Ghosh,
 
V i d e o M a n a g e d S e r V i c e S
V i d e o M a n a g e d S e r V i c e SV i d e o M a n a g e d S e r V i c e S
V i d e o M a n a g e d S e r V i c e SVideoguy
 
About graycon
About grayconAbout graycon
About grayconmartyrj
 
Miratech Infrastructure Support Services
Miratech Infrastructure Support ServicesMiratech Infrastructure Support Services
Miratech Infrastructure Support ServicesMiratech
 
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...IBM India Private Limited
 
Tc Brochure
Tc BrochureTc Brochure
Tc Brochureshylton
 
SmartCloud Monitoring, Peter Vernegreen, IBM
SmartCloud Monitoring, Peter Vernegreen, IBMSmartCloud Monitoring, Peter Vernegreen, IBM
SmartCloud Monitoring, Peter Vernegreen, IBMIBM Danmark
 
Innovis Company Overview (January 2012)
Innovis Company Overview (January 2012)Innovis Company Overview (January 2012)
Innovis Company Overview (January 2012)Innovis_careers
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesHyTrust
 

What's hot (20)

Session Delivery Networks for the Enterprise
Session Delivery Networks for the EnterpriseSession Delivery Networks for the Enterprise
Session Delivery Networks for the Enterprise
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
 
Corporate overview 1.2
Corporate overview 1.2Corporate overview 1.2
Corporate overview 1.2
 
HTS Solutions
HTS SolutionsHTS Solutions
HTS Solutions
 
Managing API Security in SaaS and Cloud
Managing API Security in SaaS and CloudManaging API Security in SaaS and Cloud
Managing API Security in SaaS and Cloud
 
Managing API Security in SaaS and Cloud
Managing API Security in SaaS and CloudManaging API Security in SaaS and Cloud
Managing API Security in SaaS and Cloud
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
Auditing in the Cloud
Auditing in the CloudAuditing in the Cloud
Auditing in the Cloud
 
上海It外包
上海It外包上海It外包
上海It外包
 
2012 Data Center Security
2012 Data Center Security2012 Data Center Security
2012 Data Center Security
 
Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1Cio ciso security_strategyv1.1
Cio ciso security_strategyv1.1
 
Stone gate ips
Stone gate ipsStone gate ips
Stone gate ips
 
V i d e o M a n a g e d S e r V i c e S
V i d e o M a n a g e d S e r V i c e SV i d e o M a n a g e d S e r V i c e S
V i d e o M a n a g e d S e r V i c e S
 
About graycon
About grayconAbout graycon
About graycon
 
Miratech Infrastructure Support Services
Miratech Infrastructure Support ServicesMiratech Infrastructure Support Services
Miratech Infrastructure Support Services
 
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...
Strengthen Operational Efficiencies with IT Infrastructure Managed Services b...
 
Tc Brochure
Tc BrochureTc Brochure
Tc Brochure
 
SmartCloud Monitoring, Peter Vernegreen, IBM
SmartCloud Monitoring, Peter Vernegreen, IBMSmartCloud Monitoring, Peter Vernegreen, IBM
SmartCloud Monitoring, Peter Vernegreen, IBM
 
Innovis Company Overview (January 2012)
Innovis Company Overview (January 2012)Innovis Company Overview (January 2012)
Innovis Company Overview (January 2012)
 
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance MandatesSecure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
Secure and Scale Your Virtual Infrastructure While Meeting Compliance Mandates
 

Similar to IDLPP Data Leakage Prevention Strategy

CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYjmical
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalArrow ECS UK
 
Managed vs customer presentation
Managed vs customer presentationManaged vs customer presentation
Managed vs customer presentationhemanth102030
 
IBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Sverige
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesCloudPassage
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid ThemSasha Nunke
 
DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptxTranVu383073
 
Regulatory Considerations for use of Cloud Computing and SaaS Environments
Regulatory Considerations for use of Cloud Computing and SaaS EnvironmentsRegulatory Considerations for use of Cloud Computing and SaaS Environments
Regulatory Considerations for use of Cloud Computing and SaaS EnvironmentsInstitute of Validation Technology
 
Complexity and Risk: Effective Business Community Management through Integration
Complexity and Risk: Effective Business Community Management through IntegrationComplexity and Risk: Effective Business Community Management through Integration
Complexity and Risk: Effective Business Community Management through Integrationjgatrell
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
How a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of VisibilityHow a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of Visibilityeladgotfrid
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureFidelis Cybersecurity
 
Application-Aware Network Performance Management
Application-Aware Network Performance ManagementApplication-Aware Network Performance Management
Application-Aware Network Performance ManagementRiverbed Technology
 
Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringQ1 Labs
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Datafbeckett1
 

Similar to IDLPP Data Leakage Prevention Strategy (20)

CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGYCYBER INTELLIGENCE & RESPONSE TECHNOLOGY
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
 
C2MS
C2MSC2MS
C2MS
 
Qradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_finalQradar ibm partner_enablement_220212_final
Qradar ibm partner_enablement_220212_final
 
Managed vs customer presentation
Managed vs customer presentationManaged vs customer presentation
Managed vs customer presentation
 
IBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureDataIBM Smarter Business 2012 - PureSystems - PureData
IBM Smarter Business 2012 - PureSystems - PureData
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them7 Mistakes of IT Security Compliance - and Steps to Avoid Them
7 Mistakes of IT Security Compliance - and Steps to Avoid Them
 
Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008Guard Era Corp Brochure 2008
Guard Era Corp Brochure 2008
 
DG_Architecture_Training.pptx
DG_Architecture_Training.pptxDG_Architecture_Training.pptx
DG_Architecture_Training.pptx
 
Regulatory Considerations for use of Cloud Computing and SaaS Environments
Regulatory Considerations for use of Cloud Computing and SaaS EnvironmentsRegulatory Considerations for use of Cloud Computing and SaaS Environments
Regulatory Considerations for use of Cloud Computing and SaaS Environments
 
Complexity and Risk: Effective Business Community Management through Integration
Complexity and Risk: Effective Business Community Management through IntegrationComplexity and Risk: Effective Business Community Management through Integration
Complexity and Risk: Effective Business Community Management through Integration
 
Network Monitoring Tools
Network Monitoring ToolsNetwork Monitoring Tools
Network Monitoring Tools
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
How a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of VisibilityHow a Cloud Computing Provider Reached the Holy Grail of Visibility
How a Cloud Computing Provider Reached the Holy Grail of Visibility
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Extend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in AzureExtend Network Visibility and Secure Applications and Data in Azure
Extend Network Visibility and Secure Applications and Data in Azure
 
Application-Aware Network Performance Management
Application-Aware Network Performance ManagementApplication-Aware Network Performance Management
Application-Aware Network Performance Management
 
Continuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk ScoringContinuous Monitoring and Real Time Risk Scoring
Continuous Monitoring and Real Time Risk Scoring
 
Solving Compliance for Big Data
Solving Compliance for Big DataSolving Compliance for Big Data
Solving Compliance for Big Data
 

More from Ben Omoakin Oguntala, developingafrica(dot)net

More from Ben Omoakin Oguntala, developingafrica(dot)net (16)

Developing Africa Ode Remo brochure
Developing Africa Ode Remo brochureDeveloping Africa Ode Remo brochure
Developing Africa Ode Remo brochure
 
Developing Africa - Ode Remo
Developing Africa - Ode RemoDeveloping Africa - Ode Remo
Developing Africa - Ode Remo
 
Thisday story with Oguntala
Thisday story with OguntalaThisday story with Oguntala
Thisday story with Oguntala
 
Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials
 
Risk Assessment And Risk Treatment
Risk Assessment And Risk TreatmentRisk Assessment And Risk Treatment
Risk Assessment And Risk Treatment
 
Data Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing TimesData Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing Times
 
Privacy Impact Assessment Final
Privacy Impact Assessment FinalPrivacy Impact Assessment Final
Privacy Impact Assessment Final
 
Managing Information Asset Register
Managing Information Asset RegisterManaging Information Asset Register
Managing Information Asset Register
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring Solution
 
Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2
 
Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3
 
Iso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence AcquisitionIso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence Acquisition
 
Gprs/3G Troubleshooter
Gprs/3G TroubleshooterGprs/3G Troubleshooter
Gprs/3G Troubleshooter
 
Pci V2
Pci V2Pci V2
Pci V2
 
FoI
FoIFoI
FoI
 
Dpa V3
Dpa V3Dpa V3
Dpa V3
 

Recently uploaded

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 

Recently uploaded (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 

IDLPP Data Leakage Prevention Strategy

  • 1. Inherent Data Leakage Prevention Program (IDLPP) By Ben Oguntala Solutions Director www.dataprotectionofficer.com Ben.oguntala@dataprotectionofficer.com 07812039867 1
  • 2. Introduction We take standard data leakage prevention and convert them into automated processes that are linked up as part of your organisation’s Data Leakage Prevention strategy. Management Business processes End devices Network systems Comms Suppliers IDLPP in IDLPP activated IDLPP activated & IDLPP baseline IDLPP provisions IDLPP automated management & automated in automated within on all comms on all suppliers business processes decisions end devices the network systems contracts Re-uses incumbent Activated and Compatible with Embedded within technology automated the DLP strategy the organisation 2
  • 3. What is the Data Leakage Strategy? The Data Leakage strategy DLP policy & DLP baseline & DLP Risk procedures enforcement monitoring management • All assets that • All assets will • Integration of • To ensure that are considered in have DLP IDLPP to your once the scope will have a baseline or current standard is set DLP policy. adopt a hybrid monitoring there is feature. solution. continuous risk assessment in place. 3
  • 4. IDLPP overview DMZ tier Middle tier Database tier Data Intranet Extranet Business processes Data IDLPP in ingress and egress traffic IDLPP is embedded with each aspect of your network to ensure holistic approach 4
  • 5. IDLPP features IDLPP product features Data loss prevention Firewall DMZ tier Middle tier Database tier Intranet Anti-spam Data Host IPS Anti-malware Encryption Device control Extranet Network access control Web filtering Servers Desktop Compliance Data Application control Laptops 5
  • 6. Integration of IDLPP into management decisions. Management Business process will include DLP into their considerations. IDLPP features (2) Business processes Servers, workstations, Laptops and Mobiles will all have IDLPP embedded End devices Network systems like Switches, Routers, firewalls, IPS, IDS will have an element of IDLPP Network systems IDLPP policies and procedures will be applied to comms devices e.g. Email, printers and mobiles Comms IDLPP will be included in contracts with suppliers and self audit capability to report on compliance 6 Suppliers
  • 7. 3rd parties and extranets 3rd party hosting facility Customer intranet Supplier Extranet Extranet Internet - IDLPP will allow you to audit 3rd party suppliers on an ongoing basis. - Via contract, IDLPP will be able to extend from customer intranet to their suppliers and 3rd party hosting facilities. 7
  • 8. Applicable standards Several Data FSA Data Data seal Regulatory PCI DSS SOX 404 ISO27001 Protection Act security (DMA) requirements Policies, procedures & baselines Network Change Security Data Data Compliance security mgmt mgmt security security Business Project Compliance 3rd party Change process Data security cycle security mgmt security Access Data Privacy End point End point Data control impact security security security security assessment 3rd party 3rdparty security Access Access 3rd party security 3rd party control control security security End Data End security Access Security point End point control mgmt point security security security Change mgmt Monitor Monitor Change mgmt Monitor 8
  • 9. IDLPP change management Data FSA Data Data seal PCI DSS SOX 404 ISO27001 Protection security (DMA) Act Project/Change Each requires operational risk Currently manual and assessment assessments on an ongoing basis. not cohesive Each requires supplier audits & pre- Costly to carry out 3rd party audits engagement and in flight visits, uncoordinated Compliance Each requires a compliance Disparate views and reporting operation and reporting framework tools Management Notification Each requires a supplier to requirements to be requirements reporting incidents notified 9
  • 10. IDLPP for Laptops • OS Security build specification • Hardware security baseline • Remote wipe enabled Build • Registration on Asset register Access Hard control disk • Fettered ingress and egress traffic • Auto lock down of all unauthorised connectivity • Authorised USB access only connectivity • secure connectivity USB devices • Encryption policy enforcement • Data encryption in transit and stationary • Access control ( 2 factor authentication) connectivity • Remote wipe functionality Data • Hard disk encryption 10
  • 11. Benefit to Sophos Customer Compliance automation Automatic enforcement Automatic reporting Automatic auditing Automated consolidation Automatic breach reporting Policies Procedures ISO SOX PCI DPA 3rd parties DS FSA 11
  • 12. Is the network segregated card holder data adequately secured? PCI DSS Are there risk management processes, change control and Governance in the organisation? SOX 404 Are there policies and procedures that ensures adequate engagement exists between management & business units as well as ISO27001 procedures to support the policies. How much information Assets do I have and with whom am I sharing them. Data What sort of privacy impact assessments are carried out for projects & changes? Protection Act Are there adequate Governance, risk management and adequate security for FSA related confidential & financial information security FSA Data about clients? Does the company have adequate data security controls in place to cater for customer data Key questions from regulations (DMA) they are handling? Data seal 12
  • 13. IDLPP Gap analysis Countermeasures & Key areas Risks Recommendations Network infrastructure Business processes Software Asset Register Gap Hardware Asset analysis Register Project 3rd party implementation suppliers Data flow definition Policies & procedures Risk Management 13
  • 14. Engagement timeline Project scope definition (2 man days) • Questionnaire • 2 face to face meeting • Objective definition Gap analysis and fact finding (20 man days) • Mapping out your current network infrastructure • Business processes • Software Asset Register • Hardware Asset Register • 3rd part supplier Assessment • Data flow definition • Risk management process assessment • Policies and processing assessment Audit report (5 man days) • Gap analysis report • Risks and countermeasures • Recommendations and work streams Project implementation • Dependent on work streams 14