1 / 45

Data Security: In a Post Snowdon World

Data Security: In a Post Snowdon World. Dvana Limited Dr Katherine Bean. Introduction. d v A na Dr Katherine Bean. Three Key Parts. Introduction Current situation Practical solution Summary. Considerations. Transmission method Ease of access Storage type

indra
Télécharger la présentation

Data Security: In a Post Snowdon World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Security: In a Post Snowdon World Dvana Limited Dr Katherine Bean

  2. Introduction dvAna Dr Katherine Bean

  3. Three Key Parts Introduction Current situation Practical solution Summary www.dvana.com

  4. Considerations Transmission method Ease of access Storage type Scope of availability www.dvana.com

  5. Opening Our Eyes The one thing that the Edward Snowdon revelations did, was to show us that our worst fears, were a reality! www.dvana.com

  6. Current Situation Where We Are Now dvAna

  7. Safe & Sound www.dvana.com

  8. Hope www.dvana.com

  9. Fear www.dvana.com

  10. Reality www.dvana.com

  11. Reality www.dvana.com

  12. Reality www.dvana.com

  13. Passwords Easy to crack Required for everything Difficult to make strong Hard to remember Assume a trusted environment Last millennium’s technology www.dvana.com

  14. Email Widely deployed Essential for business Direct access to employees Vector for malware User acceptance of everything Hard to control www.dvana.com

  15. Physical Access Who should be allowed access Where should the access be from How should the access be permitted When are they permitted access Why do they need access www.dvana.com

  16. Remote Access Location access is permitted from Who has access Why do they need this access www.dvana.com

  17. Bring Your Own Device • Weather app in German spy case • Data use on premises • Ownership • Device • Data • Control of device on & off premises • Responsibility • Device • Data www.dvana.com

  18. Administrative Access Widely available All encompassing Why is this true! www.dvana.com

  19. Fun & Games

  20. Users Greatest vulnerability Not security motivated Indifferent to security needs www.dvana.com

  21. Hackers Looking to make money Actively looking for weaknesses Targeting at random Everyone looks interesting www.dvana.com

  22. Government / Spy Agencies Motivation variable Actively looking for weaknesses Targeting everyone Everyone looks interesting www.dvana.com

  23. Solution How to Move Forward dvAna

  24. Overview • Applicable to • Digital data • Physical data • Large businesses • Small businesses • Provides a complete framework • Scalable in scope www.dvana.com

  25. Fun & Games

  26. Breached Your security will be breached Accept it and move on www.dvana.com

  27. DUMP Delete Uninstall Map activities Permanently archive www.dvana.com

  28. Delete Duplicates Copies of copies Files you just might need Files you never needed Temporary files All the digital dross you can find www.dvana.com

  29. Uninstall Toolbars without exception Web browsers Auto install junk wear Legacy versions of frameworks Google desktop iTunes and all phone programs Everything that is not part of the job www.dvana.com

  30. Map Activities Find minimum data set Determine user activities Required resources Identify personnel Document everything in detail www.dvana.com

  31. Permanently Archive • Devise archiving strategy • Find archive candidates • Archive the data for: • Online access • Permanent offline storage • Archives are read-only to everyone www.dvana.com

  32. STOP Secure Transfer Organize Processes & procedures www.dvana.com

  33. Secure • Restrict data access: • With account restrictions • Compartmentalization • Minimum touch updating • Restrict system access: • Physical security • Smart card style tokens • Access supervision www.dvana.com

  34. Transfer • Activities: • To appropriate locations • Eliminate duplication • Simplify • Control to appropriate personnel • Physical media to secure locations www.dvana.com

  35. Organize Allocate roles Determine responsibilities Adhere to processes & procedures Deploy resources Solicit feedback Be rigorous www.dvana.com

  36. Processed & Procedures Rigorous Robust Universally adopted Comprehensive Fit for purpose Not unnecessarily burdensome www.dvana.com

  37. BAR Backup Action book Recovery plan www.dvana.com

  38. Backup Online and offline Disaster recovery Business continuity Frequent and up to date Comprehensive On and off site www.dvana.com

  39. Action Book • Choose scenarios • Determine action • Choose the trigger • Who can make the call • How long do you have • Consequences: • To make the action • To fail to make the action www.dvana.com

  40. Recovery Plan Kept up-to-date Always available Tested regularly Everyone knows their role Comprehensive Business lifeline www.dvana.com

  41. Summary Call to Action dvAna

  42. Present • Cybercrime is big business • Date is accessed all over the place • Current methods are: • Antiquated • Ineffective • Providing a false sense of security www.dvana.com

  43. Future Prepare for inevitable data breach Always have a Plan-B Compartmentalise Restrict access www.dvana.com

  44. Next Week Discuss Security In Detail With Your Senior Management www.dvana.com

  45. Questions dvAna www.dvana.com Dr Katherine Bean

More Related