DOCSLIB.ORG

A Practical Approach to GDPR Featuring Duncan Brown, IDC Agenda

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Practical Approach to GDPR Featuring Duncan Brown, IDC Agenda A Practical Approach To GDPR Featuring Duncan Brown, IDC Agenda . Logistics . A Practical Approach to GDPR, Duncan Brown • GDPR Readiness • The Role of DPO • Technology Framework • Recommended Timeline • Action Plan . The Atos Approach to GDPR, Zeina Zakhour . Q&A 2 Duncan Brown . Leads IDC’s security research Duncan Brown program in Europe Associate Vice President IDC . Broad security expertise including: • Incident response • Threat intelligence • Global privacy . Established and leads IDC coverage: • GDPR • RPEC • NIS Directive 3 A Practical Approach to GDPR Duncan Brown Associate Vice President, European Security [email protected] GDPR is a game-changer *Article 58 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 5 GDPR is a game-changer . Fines up to 4% of global revenues • “Effective, proportionate and dissuasive” © IDC Visit us at IDC.com and follow us on Twitter: @IDC 6 GDPR is a game-changer . Fines up to 4% of global revenues • “Effective, proportionate and dissuasive” . Mandatory Breach Notifications • Consequential loss of reputation © IDC Visit us at IDC.com and follow us on Twitter: @IDC 7 GDPR is a game-changer . Fines up to 4% of global revenues • “Effective, proportionate and dissuasive” . Mandatory Breach Notifications • Consequential loss of reputation . Class-action lawsuits • Brought by activists…? © IDC Visit us at IDC.com and follow us on Twitter: @IDC 8 GDPR is a game-changer . Fines up to 4% of global revenues • “Effective, proportionate and dissuasive” . Mandatory Breach Notifications • Consequential loss of reputation . Class-action lawsuits • Brought by activists…? . Ban on personal data processing* • In extreme cases *Article 58 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 9 GDPR Readiness 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% Not relevant, as GDPR We really do not know We are awaiting further We will start addressing There is a solid plan in It is mainly ready now does not affect our where to start guidelines it this year (2017) place to ensure organization readiness by May 2018 Source: IDC EMEA GDPR Survey, March 2017, n=560 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 10 GDPR Readiness 45% 40% 35% 30% 43% 25% 20% 15% 10% 5% 0% Not relevant, as GDPR We really do not know We are awaiting further We will start addressing There is a solid plan in It is mainly ready now does not affect our where to start guidelines it this year (2017) place to ensure organization readiness by May 2018 Source: IDC EMEA GDPR Survey, March 2017, n=560 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 11 GDPR Readiness 45% 40% 35% 57% 30% 43% 25% 20% 15% 10% 5% 0% Not relevant, as GDPR We really do not know We are awaiting further We will start addressing There is a solid plan in It is mainly ready now does not affect our where to start guidelines it this year (2017) place to ensure organization readiness by May 2018 Source: IDC EMEA GDPR Survey, March 2017, n=560 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 12 Who leads GDPR? Source: IDC EMEA GDPR Survey, March 2017, n=560 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 13 Who leads GDPR? Q. In which division or department is the leader based? 2% Corporate management 21% IT 39% Finance and accounting 7% Legal 31% Other Source: IDC EMEA GDPR Survey, March 2017, n=560 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 14 Who leads GDPR? Q. In which division or department is the leader based? Q. We have established a cross-functional compliance taskforce or governance board? 2% Corporate management 21% IT 39% 36% Finance and accounting Yes 7% No Legal 64% 31% Other Source: IDC EMEA GDPR Survey, March 2017, n=560 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 15 The role of the Data Protection Officer IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 16 The role of the Data Protection Officer . Mandatory for public bodies, and • Processing of ‘large scale’ systematic monitoring IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 17 The role of the Data Protection Officer . Mandatory for public bodies, and • Processing of ‘large scale’ systematic monitoring . Voluntary DPOs are encouraged as good practice IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 18 The role of the Data Protection Officer . Mandatory for public bodies, and • Processing of ‘large scale’ systematic monitoring . Voluntary DPOs are encouraged as good practice . Applies to controllers & processors IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 19 The role of the Data Protection Officer . Mandatory for public bodies, and • Processing of ‘large scale’ systematic monitoring . Voluntary DPOs are encouraged as good practice . Applies to controllers & processors . Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’ IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 20 The role of the Data Protection Officer . Mandatory for public bodies, and • Processing of ‘large scale’ systematic monitoring . Voluntary DPOs are encouraged as good practice . Applies to controllers & processors . Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’ . In-house or external, full- or part-time IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 21 The role of the Data Protection Officer . Mandatory for public bodies, and • Processing of ‘large scale’ systematic monitoring . Voluntary DPOs are encouraged as good practice . Applies to controllers & processors . Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’ . In-house or external, full- or part-time . No conflict of interest IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 22 The role of the Data Protection Officer . Mandatory for public bodies, and • Processing of ‘large scale’ systematic monitoring . Voluntary DPOs are encouraged as good practice . Applies to controllers & processors . Requires ‘expert knowledge’ and ‘ability to fulfil the tasks’ . In-house or external, full- or part-time . No conflict of interest . Can’t be fired for ‘performing their duties’ IDC does not provide legal advice © IDC Visit us at IDC.com and follow us on Twitter: @IDC 23 Sourcing a DPO 7% Appoint someone from within the organization 7% We already have a DPO in place 13% Appoint a dedicated person from outside the organization 51% Not appoint a DPO Use a contract resource 22% Source: IDC EMEA GDPR Survey, March 2017, n=560 © IDC Visit us at IDC.com and follow us on Twitter: @IDC 24 GDPR Technology Framework Information Governance Meeting Specific Requirements Review State of the Art © IDC Visit us at IDC.com and follow us on Twitter: @IDC 25 GDPR Technology Framework Information Governance What personal data do I have, where is it, how sensitive is it, why do I have it, do I have consent to use it, can I delete it, etc. © IDC Visit us at IDC.com and follow us on Twitter: @IDC 26 GDPR Technology Framework Information Governance What personal data do I have, where is it, how sensitive is it, why do I have it, do I have consent to use it, can I delete it, etc. Discovery Data visibility assessment © IDC Visit us at IDC.com and follow us on Twitter: @IDC 27 GDPR Technology Framework Information Governance What personal data do I have, where is it, how sensitive is it, why do I have it, do I have consent to use it, can I delete it, etc. Discovery Data visibility assessment . Automation is essential © IDC Visit us at IDC.com and follow us on Twitter: @IDC 28 GDPR Technology Framework Information Governance What personal data do I have, where is it, how sensitive is it, why do I have it, do I have consent to use it, can I delete it, etc. Discovery Data visibility assessment . Automation is essential . Data loss prevention for real-time classification & protection of data-in-transit © IDC Visit us at IDC.com and follow us on Twitter: @IDC 29 GDPR Technology Framework Meeting Specific Requirements RTBF, Consent, Encryption, Data Loss Prevention, Data Portability, Access Control, Record keeping, Incident Response, etc. © IDC Visit us at IDC.com and follow us on Twitter: @IDC 30 GDPR Technology Framework Meeting Specific Requirements RTBF, Consent, Encryption, Data Loss Prevention, Data Portability, Access Control, Record keeping, Incident Response, etc. Data Discovery, Classification and Control . Access Control & Identity Management . Privileged User Management © IDC Visit us at IDC.com and follow us on Twitter: @IDC 31 GDPR Technology Framework Meeting Specific Requirements RTBF, Consent, Encryption, Data Loss Prevention, Data Portability, Access Control, Record keeping, Incident Response, etc. Data Discovery, Classification . Encryption and Pseudonymization and Control . Auditing and Forensics . Access Control & Identity . Breach Detection and Notification Management . Managed Services . Privileged User Management © IDC Visit us at IDC.com and follow us on Twitter: @IDC 32 GDPR Technology Framework Review State of the Art “appropriate technical and organisational measures” Encryption, backup & restore, testing, and everything else… © IDC Visit us at IDC.com and follow us on Twitter: @IDC 33 GDPR Technology Framework Review State of the Art “appropriate technical and organisational measures” Encryption, backup & restore, testing, and everything else… . “Taking into account state of the art…” . Cost . Risk . Context © IDC Visit us at IDC.com and follow us on Twitter: @IDC 34 When to start? © IDC Visit us at IDC.com and follow us on Twitter: @IDC 35 When to start? © IDC Visit us at IDC.com and follow us on Twitter: @IDC 36 When to start? © IDC Visit us at IDC.com and follow us on Twitter: @IDC 37 When to start? © IDC Visit us at IDC.com and follow us on Twitter: @IDC 38 When to start? Manage Discover Assess Review © IDC Visit us at IDC.com and follow us on Twitter: @IDC 42 Manage © IDC Visit us at IDC.com and follow us on Twitter: @IDC 43 Manage .
Load more

Recommended publications
  • The Definitive Guide to Data Loss Prevention
    THE DEFINITIVE GUIDE TO DATA LOSS PREVENTION THE DEFINITIVE GUIDE TO DATA LOSS PREVENTION 1 THE DEFINITIVE GUIDE TO DATA LOSS PREVENTION TABLE OF CONTENTS 03 Introduction 04 Part One: What is Data Loss Prevention 08 Part Two: How DLP Has Evolved 11 Part Three: The Resurgence of DLP 24 Part Four: The Shift to Data-Centric Security 28 Part Five: Determining the Right Approach to DLP 39 Part Six: Business Case for DLP 46 Part Seven: Buying DLP 52 Part Eight: Getting Successful with DLP 61 Part Nine: Digital Guardian—Next Generation Data Protection 65 Conclusion 66 Resources at a Glance 2 INTRODUCTION WHY READ THIS GUIDE? WHAT'S OLD IS NEW AGAIN As security professionals struggle with how to keep up with non-stop threats from every angle, a 10+ year old technology, data loss prevention (DLP) is hot again. A number of macro trends are driving the wider adoption of DLP. But as we looked at the resources out there, we couldn’t find one source that could provide all the essential information in one place. So we created this guide to provide answers to the most common questions about DLP all in an easy to digest format. HOW TO USE THIS GUIDE IF YOU ARE... GO TO... New to DLP Part One: What is Data Loss Prevention Familiar with DLP, but want to learn what’s new Part Two: How DLP has Evolved Not sure where to start? Part Four: A Data Centric Security Framework Trying to determine the best DLP architecture for your organization Part Five: Determining the Right Approach to DLP Looking to buy DLP Part Six: Buying DLP Looking for a quick win deployment
    [Show full text]
  • Verdasys FIPS VSEC Security Policy
    Verdasys, Inc. Verdasys Secure Cryptographic Module Software Version: 1.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 1 Document Version: 0.3 Prepared for: Prepared by: Verdasys, Inc. Corsec Security, Inc. 404 Wyman Street, Suite 320 13135 Lee Jackson Memorial Hwy., Suite 220 Waltham, MA 02451 Fairfax, VA 22033 Phone: +1 781 788 8180 Phone: +1 703 267 6050 Email: [email protected] Email: info@ corsec.com http://www.verdasys.com http://www.corsec.com Security Policy , Version 0.3 August 20, 2012 Table of Contents 1 INTRODUCTION ................................................................................................................... 3 1.1 PURPOSE ................................................................................................................................................................ 3 1.2 REFERENCES .......................................................................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 3 2 VSEC MODULE ....................................................................................................................... 4 2.1 OVERVIEW ............................................................................................................................................................. 4 2.2 MODULE SPECIFICATION ....................................................................................................................................
    [Show full text]
  • Cloud Data Loss Prevention
    PRODUCT DATA SHEET ® Cloud Data Loss Prevention AUDIT AND PROTECT SENSITIVE DATA IN POPULAR CLOUD STORAGE APPS Code Green Networks Cloud DLP allows your organization to adopt Cloud Content Control cloud storage while maintaining the visibility and control you need to comply with privacy and data protection regulations. Cloud DLP integrates with leading cloud storage providers such as Accellion, Box, Citrix ShareFile, and Egnyte to scan file servers, Create Copy Move Upload Download enabling encryption, removal or other remediation of sensitive data before the file is shared in the cloud. Data that is already stored in the cloud can be scanned and audited at any time. KEY BENEFITS • Accurately DISCOVER sensitive data in cloud storage • Continuously AUDIT files that have been uploaded • Automatically REMEDIATE according to enterprise policies to meet compliance requirements • Instantly ALERT the appropriate administrator and data owner when protected data has been identified and the actions taken to meet compliance policy KEY FEATURES • Content aware monitoring and inspection policies, with detailed activity logging and reporting Workstation Smart Device • Device level control, with audit, report, alert, move, and remove (iOS/Android) remediation actions • Encrypt sensitive data as it is copied to the cloud Laptop • End user notification and remediation of policy violations Corporate Cloud Storage Users WHY CODE GREEN NETWORKS FOR CLOUD DLP CLOUD PROTECTION THAT’S TRANSPARENT TO END USERS Once your organization’s data sharing policies are entered into our system, users who follow the prescribed security policies won’t even know 1 Cloud DLP is there. But when corporate policies are violated, the user will be notified of the violation and the automatic remediation taken.
    [Show full text]
  • Balancing Privacy, Compliance and Digitization Lessons from Global Financial Firms Enza Iannopollo
    Balancing Privacy, Compliance and Digitization Lessons From Global Financial Firms Enza Iannopollo . Analyst on the Security & Risk team at Forrester and a Certified Information Enza Iannopollo Privacy Professional (CIPP/E) Security & Risk Analyst Forrester Research . Research focuses on the impact of internet regulations and data privacy issues on digital business models, as well as the technologies that underpin them . Prior to joining the Security & Risk team, Enza was a researcher on the CIO team 2 Shiva Kashalkar . Leads Product Marketing for DLP Shiva Kashalkar Managed Services and Advanced Threat Director, Product Marketing Protection Marketing Professional . 13 years of marketing, business development & product management experience . Previously at Managed Service Providers and Big Data Analytics companies • Wipro, Oracle, KPN, Empirix 3 Protecting Customer Data In Digital World Enza Iannopollo, Analyst © 2017 FORRESTER. REPRODUCTION PROHIBITED. Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 5 Agenda › Privacy and innovation in Financial Services › GDPR and PSD2 requirements › Lessons learnt on the way to GDPR compliance › Privacy and GDPR as a business opportunity › Next steps © 2017 FORRESTER. REPRODUCTION PROHIBITED. 6 "Security was traded with the size of the customer base and penalized the bank's ability to gain new customers. They wanted to be super safe, but the business suffered”. UniCredit Group © 2017 FORRESTER. REPRODUCTION PROHIBITED. 7 © 2017 FORRESTER. REPRODUCTION PROHIBITED. 8 Brief: Turn PSD2 From A Burden Into A Catalyst © 2017 FORRESTER. REPRODUCTION PROHIBITED. 9 Customers Leverage Different Channels To Access Their Financial Data Base: 16,175 EU online adults (18+) who are retail banking customers Source: Forrester Data Consumer Technographics® European Financial Services Survey, H2 2016 © 2017 FORRESTER.
    [Show full text]
  • The Definitive Guide to U.S. State Data Breach Laws the Definitive Guide to U.S
    The Definitive Guide to U.S. State Data Breach Laws The Definitive Guide to U.S. State Data Breach Laws According to the National Conference of State Legislatures (NCSL), legislation has been enacted by all 50 states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands that requires private entities or government agencies to notify individuals who have been impacted by security breaches that may compromise their personally identifiable information. These laws typically define what is classified as personally identifiable information in each state, entities required to comply, what specifically constitutes a breach, the timing and method of notice required to individuals and regulatory agencies, and consumer credit reporting agencies, and any exemptions that apply, such as exemptions for encrypted data. Entities that conduct business in any state must be familiar with not only federal regulations, but also individual state laws that apply to any agency or entity that collects, stores, or processes data pertaining to residents in that state. While the laws in many states share some core similarities, state legislators have worked to pass laws that best protect the interests of consumers in their respective states. As a result, some states have much more stringent laws or more severe penalties for violations. Below, you’ll find a state-by-state guide providing a detailed synopsis of the state’s existing data breach laws, notification requirements, penalties for violations, and pending legislation. • Alabama • Nevada • Alaska
    [Show full text]
  • A New Dawn for Data Loss Prevention
    COMPANY OVERVIEW A New Dawn for Data Loss Prevention Data Loss Prevention is More Important Than Ever. HERE’S WHY WE’RE REINVENTING IT. “Security buyers are very confused by all the products in In the past few years Data Loss Prevention (DLP) has seen a the market and they’re investing in more solutions than major resurgence, and that’s expected to continue. According they really need as a result. Even worse, this large number to Gartner, by 2020 85% of organizations will have implemented of tools drives up price and complexity and ultimately DLP, up from 50% today. But Digital Guardian is challenging becomes a barrier to managing risk effectively.” the security industry to expand their thinking about data loss Art Coviello prevention. Former CEO of RSA & Partner, Rally Ventures Source: Keynote Address, May 2017, iSMG Breach Prevention Summit, Washington, DC A DLP solution that is limited to protecting data from well- meaning or malicious insiders is no longer sufficient. The demand “The average number of software agents installed on each for data protection within your enterprise continues to grow, as endpoint has ranged from five in 2010 to more than seven does the variety of threats challenging your security team. Given in 2015.” today’s evolving threat landscape and shortage of security talent, Ponemon Institute, security professionals should demand vendors do more. 2016 State of the Endpoint Report, April 2016 First and Only Solution to Unify Data Endpoint Loss Detection & Prevention & Response DLP + Endpoint Detection & Response = One Less Agent and This purpose-built, cloud-native architecture utilizes streaming One Less Console data from DG endpoint agents and network sensors to provide Digital Guardian is responding to the need to do more by deep visibility into system, data and user events.
    [Show full text]
  • Product Requirements for DG Core, ATP, and DLP Licensing
    VERDASYS SECURE CRYPTOGRAPHIC MODULE SOFTWARE VERSION 1.0 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level 1 Document Version 0.4 Author: Digital Guardian, Inc. CONTENTS 1. INTRODUCTION ................................................................................................................................................. 3 1.1 PURPOSE ................................................................................................................................................................... 3 1.2 REFERENCES ............................................................................................................................................................... 3 1.3 DOCUMENT ORGANIZATION ......................................................................................................................................... 3 2. VSEC MODULE ................................................................................................................................................... 4 2.1 OVERVIEW ................................................................................................................................................................. 4 2.2 MODULE SPECIFICATION .............................................................................................................................................. 6 2.2.1. PHYSICAL CRYPTOGRAPHIC BOUNDARY ....................................................................................................... 6 2.2.2. LOGICAL CRYPTOGRAPHIC BOUNDARY
    [Show full text]
  • Data Visibility and Control
    PRODUCT DATA SHEET ® Data Visibility and Control GAIN VISIBILITY OF YOUR ORGANIZATION’S SENSITIVE DATA ON DAY ONE If you don’t have visibility into your organization’s sensitive data, you PII, PCI, PHI data is and how it’s being used – without requiring pre- can’t protect it. Digital Guardian for Data Visibility and Control defined policies. It also delivers device control and encryption – all at enables you to understand exactly where your organization’s affordable price. Digital Guardian sees the file and sees that it came from a file share containing sensitive data Out–of–the–box data visibility User attempts and device control at the to download a file to PCI endpoint USB device PCI Digital Guardian sees Digital Guardian the tag, understands the Digital Guardian automatically applies a context, and protects by encrypts the file classification requiring a decryption key PCI PCI tag to the file to open the file prior to copying it to the USB IDENTIFY AND MONITOR PII, PHI ENFORCE DEVICE ENCRYPTION POLICIES AND PCI DATA - IMMEDIATELY • Require users to encrypt data written to removable devices or • Install the DG agents and they will instantly start classifying and media using FIPS 140-2 level 2 validated encryption. Encryption tagging your PII, PHI and PCI data through automatic content is self-contained on the device, allowing only those with an inspection. The tags remain no matter how the files are modified or encryption key to access that information. where the data goes, giving the agent persistent visibility. • Control who can access devices or media and control whether or not those devices/media can be accessed outside GET REAL-TIME VISIBILITY OF ALL DATA MOVEMENT AND your organization.
    [Show full text]
  • CODE GREEN NETWORKS TECHNICAL OVERVIEW Organizations in Every Industry Have Sensitive Data That Intentional Exposure of Confidential Data
    WHITE PAPER CODE GREEN NETWORKS TECHNICAL OVERVIEW Organizations in every industry have sensitive data that intentional exposure of confidential data. must be kept secure (e.g. customer records, financial data, personal health information, and intellectual Today’s organizations have many potential channels for property). Beyond simply securing data, many companies data loss to occur including: webmail, email, FTP transfers, must demonstrate compliance with government and removable USB devices, and cloud storage. Many of these industry regulations regarding information privacy. channels are not currently monitored or controlled, leaving Most organizations don’t know where their sensitive the organization with no visibility into the extent of their data resides—laptops, unmanaged SharePoint servers exposure or any means of proactively preventing data loss. or network file shares—which can lead to inadvertent or CODE GREEN NETWORKS SOLUTIONS SET Code Green Networks (CGN) is a complete Data Loss data loss Prevention (DLP) solution that allows companies to − Webmail and FTP visibility and control, including effectively discover, monitor, control, and secure sensitive SSL-enabled sessions data, whether on the network, in use on desktops or − Policy based monitoring and blocking of Web laptops, at rest on end user devices and network servers, or 2.0 applications, including wikis, blogs, and other stored in the cloud. applications − Email encryption for secure communication and • Comprehensive DLP Solution — Unified solution for regulatory compliance
    [Show full text]
  • Magic Quadrant for Enterprise Data Loss Prevention Published: 28 January 2016
    G00277564 Magic Quadrant for Enterprise Data Loss Prevention Published: 28 January 2016 Analyst(s): Brian Reed, Neil Wynne Enterprise DLP continues evolving to support both content-aware and context-aware capabilities, as well as support for IT security leaders to cover broader deployment use cases beyond regulatory compliance and intellectual property protection. Strategic Planning Assumptions By 2018, 90% of organizations will implement at least one form of integrated DLP, up from 50% today. By 2018, less than 10% of organizations with integrated DLP will have a well-defined data security governance program in place, up from near zero today. Market Definition/Description Gartner defines the data loss prevention (DLP) market as those technologies that, as a core function, perform both content inspection and contextual analysis of data at rest on-premises or in cloud applications and cloud storage, in motion over the network, or in use on a managed endpoint device. DLP solutions can execute responses — ranging from simple notification to active blocking — based on policy and rules defined to address the risk of inadvertent or accidental leaks, or exposure of sensitive data outside authorized channels. Data loss prevention technologies can be divided into two categories: ■ Enterprise DLP solutions incorporate sophisticated detection techniques to help organizations address their most critical data protection requirements. Solutions are packaged in agent software for desktops and servers, physical and virtual appliances for monitoring networks and agents, or soft appliances for data discovery. Leading characteristics of enterprise DLP solutions include a centralized management console, support for advanced policy definition and event management workflow. Enterprise DLP functions as a comprehensive solution to discover sensitive data within an organization and mitigate the risk of its loss at the endpoints, in storage and over the network.
    [Show full text]
  • The Incident Responders Field Guide—Digital Guardian
    INCIDENT RESPONDER'S FIELD GUIDE INCIDENT INCIDENT RESPONSE RESPONDER'S PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER 1 INCIDENT RESPONDER'S FIELD GUIDE TABLE OF CONTENTS 03 Introduction & How to Use This Guide 04 Introducing Tim Bandos 05 Part One: Incident Response Do’s and Don’ts 08 Part Two: Get Ready 18 Part Three: The Five Stages of Incident Response 31 Part Four: Advanced Threat Protection as a Service 35 Appendix: Digital Guardian — Next Generation Data Protection 2 INTRODUCTION WHY READ THIS GUIDE? Careful cyber security incident response planning provides a formal, coordinated approach for responding to security incidents affecting information assets. This e-book provides easy-to-follow steps for crafting an incident response plan in the event of cyber security attacks. HOW TO USE THIS GUIDE IF YOU ARE... GO TO... New to Incident Response Plan Part One: Incident Response Do's and Don'ts Not sure where to start? Part Two: Get Ready Familiar with Incident Response Plans, but how do I implement Part Three: The Five Stages of Incident Response in my organization Worried about managing Incident Response with limited Part Four: Advanced Threat Protection as a Service resources Appendix: Digital Guardian — Next Generation Data Looking to understand what makes Digital Guardian different Protection 3 INTRODUCTION INCIDENT RESPONSE EXPERT Tim Bandos is the Director of Cybersecurity at Digital Guardian. He has over 15 years of experience in the cybersecurity realm at a Fortune 100 company with a heavy SEE focus on Internal Controls, Incident Response & Threat Intelligence. At this global OUR BLOG manufacturer, he built and managed the company’s incident response team.
    [Show full text]
  • Data Loss Prevention -- Market Quadrant 2019 *
    . The Radicati Group, Inc. www.radicati.com . THE . R ADICATI GROUP, INC. Data Loss Prevention -- Market Quadrant 2019 * ........ An Analysis of the Market for Data Loss Prevention Revealing Top Players, Trail Blazers, Specialists and Mature Players. November 2019 * Radicati Market QuadrantSM is copyrighted November 2019 by The Radicati Group, Inc. Reproduction in whole or in part is prohibited without expressed written permission of the Radicati Group. Vendors and products depicted in Radicati Market QuadrantsSM should not be considered an endorsement, but rather a measure of The Radicati Group’s opinion, based on product reviews, primary research studies, vendor interviews, historical data, and other metrics. The Radicati Group intends its Market Quadrants to be one of many information sources that readers use to form opinions and make decisions. Radicati Market QuadrantsSM are time sensitive, designed to depict the landscape of a particular market at a given point in time. The Radicati Group disclaims all warranties as to the accuracy or completeness of such information. The Radicati Group shall have no liability for errors, omissions, or inadequacies in the information contained herein or for interpretations thereof. Data Loss Prevention - Market Quadrant 2019 TABLE OF CONTENTS RADICATI MARKET QUADRANTS EXPLAINED ........................................................................................... 3 MARKET SEGMENTATION – DATA LOSS PREVENTION ............................................................................. 5 EVALUATION
    [Show full text]