Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Confidential Data

No description
by

Faham Usman

on 22 May 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Confidential Data

Information Security
Confidential Data
Awareness Campaign
Agenda
Salim is your Cyber Security Advisor.
Aims at promoting, building and ensuring a safer & secure cyber environment and culture in the UAE.
About aeCERT
One of the initiatives of the UAE Telecommunications Regulatory Authority.
aeCERT is the United Arab Emirates Computer Emergency Response Team.
About aeCERT
Confidential Data
DLP
Levels of DLP Solution
DLP Solution
Confidentiality
Stats
Protecting Data
Data Classification
Disposing Data
Tools
aeCERT
Salim (aeCERT)
@salim_aecert
For more information
www.aecert.ae
info@aecert.ae
Questions
TrueCrypt (File Encryption)
DLP consists of products that are based on policies meant to identify, monitor and protect data.

DISPOSE OFF DISKS AND DEVICES
YOUR PLACE IS NOT A GOOD PLACE TO KEEP YOUR PERSONAL INFORMATION
The purpose of this policy is to protect sensitive information that lies on the desktop of employees.

According to the policy:
Confidentiality can intentionally or unintentionally be breached in many ways such as:
The DLP solution provides endpoint security and control over what confidential data is and how it should be stored.
Data Endpoint
Data Protection
DLP protects data with policy-based controls that match business processes
The data protection is automated with policy-based enforcement options that include blocking, making quarantine, removing file, encryption, auditing, log and notifying users in real time.
2013 - Root Causes of Data Breach
How data can be identified?
Unstructured data can be handy in identifying confidential data elsewhere.

DLP analyzes content of the file and not just the file type.
DLP performs structured data matching (SID, SSN, credit card numbers, etc.)
DLP performs unstructured data matching (diagrams, source codes, media files, etc.)
Data Discovery
Employee leaves office and janitor accesses her sensitive files
03
02
In the past decade specially, companies have lost millions of dollars due to breach of confidential data.
In case of confidential data leakage, not only an organization’s reputation is damaged but it can also have a huge financial impact.
Do not share your confidential data with strangers over email, instant messaging or social networking websites.
Do not store confidential data
on storage and mobile devices.
Confidential data must not
be emailed over the internet in clear text.
All confidential data must be encrypted.
02
03
04
01
Data at End Points
Data at Rest
Data in Motion
Refers to data that resides on end user hosts or removable devices e.g. laptops, notebooks, USB, portable hard disk etc.
Refers to data that resides on file servers, databases, etc.

Data in motion is the data that is being transmitted over a network e.g. data that uses HTTP, FTP, IM, P2P or SMTP protocols. Such data is mirrored in the DLP server for analysis where visibility is further enhanced.
What?
Press release
Marketing materials
Job announcements

Who?
Everyone


Public
Confidential
Restricted
What?
Employment data
Business partner information
Contracts

Who?
Personnel with legitimate access e.g. manager.
What?
Medical records
Emirates ID
Credentials

Who?
Specific person or organization


01
Information is our most valuable asset and we must protect it.
The information we are working with, has tremendous value to cyber criminals and other countries
All types of data must be protected (personal or organizational)
Data can be in softcopy form stored on computers, mobiles, and storage devices.
Data can also be in form of hardcopy documents.
Medical records
PIN code
Driving license number
Credit/debit card numbers
Emirates ID Number
Bank account number
Birth date
Confidential data leakage can have adverse effects on an organization such as:
There are multiple techniques to classify and identify information
Data Monitor
The DLP solution identifies and monitors data that is at risk in real time; e.g. who is accessing that data; and where that data is going
2013 – Average number of breached Records
Confidential Data
Confidential Data is..
Confidential Data is..
Where Is Confidential Data Stored?
Who Has Access to Confidential Data?
Confidentiality
Confidential Data Leakage
Confidentiality Data Leakage Fallouts
Confidential Data Leakage Stats
Source: https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf
Confidential Data Leakage Stats
Confidential Data Leakage Stats
Data is Money
Source: https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf

02
03
04
05
How Confidentiality is Breached?
Stolen Laptops/USB/Hard Disk
Unencrypted files
Emailing unintended user
Sharing information with a user who should not have legitimate access to it
Accessing a file/database/system using someone else’s credentials.
Protecting Data
Data Classification
Data Classification
Data Classification Policy
Clean Desktop Policy
The sensitive documents should be locked when an employee leaves the desk for longer duration i.e. lunch break.

At the end of the day, all documents should be cleared off the desk and put up in the cupboards and drawers.
Clean Desktop Policy
Scenario: Unclean Desktop
Disposing Data
Disposing Data Policy
SECURELY BY SHREDDING FLOPPY DISKS OR OVERWRITING DISKS WITH ALL 1’S, ALL 0’S, THEN ALL RANDOM CHARACTERS
Data Loss Prevention (DLP)
The data can be at rest (file servers, databases, etc.) or in motion (HTTP, FTP, etc.).
DLP - Background
DLP - Background
DLP - Types of Data it Protects
DLP – Requirements it Should Fulfill
DLP Elements– Data Discovery
DLP Elements– Data Protection
DLP Elements – Data Monitor
DLP Solution
Identifies who is accessing that confidential data and how it is being used in conjunction with other applications.
Where that confidential data is being transferred e.g. USB storage, hard disk, printer, etc.

Confidential Data Tools
OpenPuff (Hiding information in plain sight)
Confidential Data Tools
01
Leakage of confidential data can damage an organization in an inconceivable way.
Full transcript