Data Security: In a Post Snowdon World
description
Transcript of Data Security: In a Post Snowdon World
![Page 1: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/1.jpg)
Data Security: In a Post Snowdon World
Dvana LimitedDr Katherine Bean
![Page 2: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/2.jpg)
Introduction
dvAna
Dr Katherine Bean
![Page 3: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/3.jpg)
www.dvana.com dvAnaSQL Bits 12
Three Key Parts
• Introduction• Current situation• Practical solution• Summary
![Page 4: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/4.jpg)
www.dvana.com dvAnaSQL Bits 12
Considerations
1. Transmission method2. Ease of access3. Storage type4. Scope of availability
![Page 5: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/5.jpg)
www.dvana.com dvAnaSQL Bits 12
Opening Our Eyes
The one thing that the Edward Snowdon revelations did, was to show us that our
worst fears, were a reality!
![Page 6: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/6.jpg)
Current Situation
Where We Are Now
dvAna
![Page 7: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/7.jpg)
www.dvana.com
Safe & Sound
![Page 8: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/8.jpg)
www.dvana.com
Hope
![Page 9: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/9.jpg)
www.dvana.com
Fear
![Page 10: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/10.jpg)
www.dvana.com
Reality
![Page 11: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/11.jpg)
www.dvana.com
Reality
![Page 12: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/12.jpg)
www.dvana.com
Reality
![Page 13: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/13.jpg)
www.dvana.com dvAnaSQL Bits 12
Passwords
• Easy to crack• Required for everything• Difficult to make strong• Hard to remember• Assume a trusted environment• Last millennium’s technology
![Page 14: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/14.jpg)
www.dvana.com dvAnaSQL Bits 12
• Widely deployed• Essential for business• Direct access to employees• Vector for malware• User acceptance of everything• Hard to control
![Page 15: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/15.jpg)
www.dvana.com dvAnaSQL Bits 12
Physical Access
• Who should be allowed access• Where should the access be from• How should the access be permitted• When are they permitted access• Why do they need access
![Page 16: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/16.jpg)
www.dvana.com dvAnaSQL Bits 12
Remote Access
• Location access is permitted from• Who has access• Why do they need this access
![Page 17: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/17.jpg)
www.dvana.com dvAnaSQL Bits 12
Bring Your Own Device
• Weather app in German spy case• Data use on premises• Ownership• Device• Data
• Control of device on & off premises• Responsibility• Device• Data
![Page 18: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/18.jpg)
www.dvana.com dvAnaSQL Bits 12
Administrative Access
• Widely available• All encompassing• Why is this true!
![Page 19: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/19.jpg)
Fun
& G
am
es
![Page 20: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/20.jpg)
www.dvana.com dvAnaSQL Bits 12
Users
• Greatest vulnerability• Not security motivated• Indifferent to security needs
![Page 21: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/21.jpg)
www.dvana.com dvAnaSQL Bits 12
Hackers
• Looking to make money• Actively looking for weaknesses• Targeting at random• Everyone looks interesting
![Page 22: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/22.jpg)
www.dvana.com dvAnaSQL Bits 12
Government / Spy Agencies
• Motivation variable• Actively looking for weaknesses• Targeting everyone• Everyone looks interesting
![Page 23: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/23.jpg)
Solution
How to Move Forward
dvAna
![Page 24: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/24.jpg)
www.dvana.com dvAnaSQL Bits 12
Overview
• Applicable to• Digital data• Physical data• Large businesses• Small businesses
• Provides a complete framework• Scalable in scope
![Page 25: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/25.jpg)
Fun & Games
![Page 26: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/26.jpg)
www.dvana.com dvAnaSQL Bits 12
Breached
Your security will be breached
Accept it and move on
![Page 27: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/27.jpg)
www.dvana.com dvAnaSQL Bits 12
DUMP
• Delete• Uninstall• Map activities• Permanently archive
![Page 28: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/28.jpg)
www.dvana.com dvAnaSQL Bits 12
Delete
• Duplicates• Copies of copies• Files you just might need• Files you never needed• Temporary files• All the digital dross you can find
![Page 29: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/29.jpg)
www.dvana.com dvAnaSQL Bits 12
Uninstall
• Toolbars without exception• Web browsers• Auto install junk wear• Legacy versions of frameworks• Google desktop• iTunes and all phone programs• Everything that is not part of the job
![Page 30: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/30.jpg)
www.dvana.com dvAnaSQL Bits 12
Map Activities
• Find minimum data set• Determine user activities• Required resources• Identify personnel• Document everything in detail
![Page 31: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/31.jpg)
www.dvana.com dvAnaSQL Bits 12
Permanently Archive
• Devise archiving strategy• Find archive candidates• Archive the data for:• Online access• Permanent offline storage
• Archives are read-only to everyone
![Page 32: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/32.jpg)
www.dvana.com dvAnaSQL Bits 12
STOP
• Secure • Transfer • Organize• Processes & procedures
![Page 33: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/33.jpg)
www.dvana.com dvAnaSQL Bits 12
Secure
• Restrict data access:• With account restrictions• Compartmentalization• Minimum touch updating
• Restrict system access:• Physical security• Smart card style tokens• Access supervision
![Page 34: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/34.jpg)
www.dvana.com dvAnaSQL Bits 12
Transfer
• Activities:• To appropriate locations• Eliminate duplication• Simplify
• Control to appropriate personnel• Physical media to secure locations
![Page 35: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/35.jpg)
www.dvana.com dvAnaSQL Bits 12
Organize
• Allocate roles• Determine responsibilities• Adhere to processes & procedures• Deploy resources• Solicit feedback• Be rigorous
![Page 36: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/36.jpg)
www.dvana.com dvAnaSQL Bits 12
Processed & Procedures
• Rigorous• Robust• Universally adopted• Comprehensive• Fit for purpose• Not unnecessarily burdensome
![Page 37: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/37.jpg)
www.dvana.com dvAnaSQL Bits 12
BAR
• Backup• Action book• Recovery plan
![Page 38: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/38.jpg)
www.dvana.com dvAnaSQL Bits 12
Backup
• Online and offline• Disaster recovery• Business continuity• Frequent and up to date• Comprehensive• On and off site
![Page 39: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/39.jpg)
www.dvana.com dvAnaSQL Bits 12
Action Book
• Choose scenarios• Determine action• Choose the trigger• Who can make the call• How long do you have• Consequences:• To make the action• To fail to make the action
![Page 40: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/40.jpg)
www.dvana.com dvAnaSQL Bits 12
Recovery Plan
• Kept up-to-date• Always available• Tested regularly• Everyone knows their role• Comprehensive• Business lifeline
![Page 41: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/41.jpg)
Summary
Call to Action
dvAna
![Page 42: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/42.jpg)
www.dvana.com dvAnaSQL Bits 12
Present
• Cybercrime is big business• Date is accessed all over the place• Current methods are:• Antiquated• Ineffective• Providing a false sense of security
![Page 43: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/43.jpg)
www.dvana.com dvAnaSQL Bits 12
Future
• Prepare for inevitable data breach• Always have a Plan-B• Compartmentalise• Restrict access
![Page 44: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/44.jpg)
www.dvana.com dvAnaSQL Bits 12
Next Week
Discuss Security In Detail With Your Senior Management
![Page 45: Data Security: In a Post Snowdon World](https://reader036.fdocuments.net/reader036/viewer/2022062501/56815c3a550346895dca30db/html5/thumbnails/45.jpg)
Questions
dvAna
www.dvana.comDr Katherine Bean