the rising tide of data: managing the dams of privacy & security · 2017-07-25 · the rising...
Post on 16-Jun-2018
218 Views
Preview:
TRANSCRIPT
#RSAC
SESSION ID:SESSION ID:
The Rising Tide of Data: Managing the Dams of Privacy & Security
PGR-R08
Ben GerberChief Information Security Officer (CISO) and
Chief Privacy Officer (CPO), Coupang
JoAnn StonierEVP/Chief Information Governance and
Privacy Officer, Mastercard
Dana Simberkoff Chief Risk, Privacy and Information Security Officer, AvePoint
#RSAC
Your Speakers
Dana Louise SimberkoffChief Risk, Privacy and Information Security Officer, AvePoint Inc.@danalouise
JoAnn StonierEVP/Chief Information Governance and Privacy Officer, Mastercard@PrivacyDesign
Ben GerberChief Information Security Officer (CISO) and Chief Privacy Officer (CPO), Coupang@gerber
#RSAC
Agenda
3
About us….Setting the Stage Pressures on the eco-system Better TogetherCorporate Strategies building a culture of trust (privacy and security-can we make them two sides of a coin)-Here is how we do it….Audience Questions and AnswersBest Practices Approach-Key Takeaways for attendees
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
Collaboration Tools
#RSAC
Risks
Social engineering & network attacks
Distribution of confidential/sensitive/proprietary information too easily
Limited security capabilities/enforcement
Limited regulations or industry standards
Rapidly evolving technology capabilities
Workforce surveillance and behavioral tracking
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
How Do You Know Where to Park?
#RSAC
Private Data? What Data?
Organizational : market information, financial information, business decisions, personnel/workforce decisions, content and material
Personal : Access frequency, access point, location, money spent, services used, content shared, opinions and perspectives, etc..
Collection & Use Limitation
Notice / Consent
Data Quality
Retention / Destruction
Operational Processes
Contractual Compliance
Confidentiality
Access
Incident Management
Privacy
Secu
rity
Non Personal InformationPersonal Information
©AvePoint, Inc. All rights reserved. Confidential and proprietary information of AvePoint, Inc. No part of this may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written consent of AvePoint, Inc.
#RSACLessons Learned-What you can do in your organization
19
Know thy business
Identify your priorities
Trust and Verify
IT Transformation as a compliance Enabler
#RSAC
Know thy business
Develop a service level agreement among your compliance officers, your IT team, and the business before you implement a compliance plan.
#RSAC
You need the right people at your table
Cross functional team
Establish accountability and ownership
Ensures adoption of Acceptable Use across the enterprise
Defines, executes and monitors governance processes and metrics
Should be “right-sized” for your organization
HR
Legal
Risk Compliance
Data Owners
Information Securi
#RSAC
You cannot protect your data if you don’t know what or where it is…..
Metadata is a love note to the future…
#RSAC
Trust and verify
Trust your end users to appropriately identify and classify sensitive data they are handling and/or creating, but verify that they are doing so properly.
#RSAC
Privacy and Security as Business Transformation
Mixed Junk IN
Filter for CompliancePrioritize for Business Need
Structure for Governance
Organized Gold OUT
#RSAC
Compliance as a culture
Make it easier for your employees to do the right thing than the wrong thing
Create a transparent security organization to discourage employees from working around security
“Privacy and Security is Everyone’s Job…”
#RSAC
Next Steps….
28
Next week you should:Identify key stakeholders/champions within your organization
In the first three months following this presentation you should:Understand how data is being accessed and protected inside your organization todayREALLY Understand how data is being accessed and protected inside your organization today
Within six months you should:Select a targeted IT transformation Project inside of your company that you can leverage for your privacy and security programDrive an implementation project to discover and tag existing data repositories
top related