E N D
1. Biggest Loser: Data Loss Examples and Prevention
2. Data Loss Defined Defined as An unforeseen loss of data or information
Unforeseen
Loss
Information
How does this happen?
3. Data Loss Examples Laptop stolen from city office
Key logging software installed on bank computer
Disgruntled employee installs malware
Company loses backup tape
Hardware/systems malfunction
External attacker breaches system
Documents lost on way to be destroyed
4. Data Loss in the News 1) Madison officials and employees are complaining that Social Security numbers were stored on a laptop computer stolen from a city office Friday.
5. Data Loss is Expensive Data breaches cost businesses an average of $197 per customer record in 2007, up from $182 in 2006
6. Data Loss Calculator
7. Proposed Lawsuits as a Result of Data Loss
8. Bringing the Math Together Hypothetical Data Loss Scenario
Acme Company loses data impacting 1000 people (1 person/record)
1) Data Loss calculator states the average cost of recovery is $166,272 for 1000 records.
2) Clients open Class Action Lawsuit with a size of 1000. Costing an average of $8000 per person impacted. Total cost of Class Action Suit is $8M
9. Bringing the Math Together Hypothetical Data Loss Scenario
Acme Company loses data impacting 1000 people (1 person/record)
1) Data Loss calculator states the average cost of recovery is $166,272 for 1000 records.
2) Clients open Class Action Lawsuit with a size of 1000. Costing an average of $8000 per person impacted. Total cost of Class Action Suit is $8M
Total Potential Cost of Data Loss:
10. Proactive Prevention
most folders on file shares are oversubscribed in terms of access by well over 70% *(Varonis Systems )
most folders on file shares are oversubscribed in terms of access by well over 70% *(Varonis Systems )
11. Data Loss Prevention (DLP) According to Gartner, 15-20% of sensitive data can be effectively blocked or redirected, {using DLP technology}. The remaining 80 percent should be monitored. Record and notify."
DLP is analogous to intrusion prevention systems--detection vs. prevention. Reliably detecting some activity, such as someone sending an email attachment with 10,000 credit card numbers, is relatively easy. Determining if an email is really talking about a pending merger is tougher. Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1256804,00.html
Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1256804,00.html
12. Get Started Preventing Data Loss Analyze Policies, Establish Standards
Create a Data Classification Policy
Identify location of Confidential Data
Establish a process with Human Resources (New Hires, Employee Separation)
Create a User Access Audit Process
Establish proper roles for user access
Manage user change requests by properly managing access to employee role changes
Establish encryption key management processes
13. Summary
most folders on file shares are oversubscribed in terms of access by well over 70% *(Varonis Systems )
most folders on file shares are oversubscribed in terms of access by well over 70% *(Varonis Systems )
14. About SDS
most folders on file shares are oversubscribed in terms of access by well over 70% *(Varonis Systems )
most folders on file shares are oversubscribed in terms of access by well over 70% *(Varonis Systems )
15. THANK YOU! Questions or Comments?
Chad Boeckmann, CISA, CISSPChadB@SecureDigitalSolutions.com763-234-9422http://www.SecureDigitalSolutions.com
Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1256804,00.html
Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1256804,00.html