How Mature is Your Data Protection? 3 Steps to Effective Data Security.
-
Upload
lumension -
Category
Technology
-
view
299 -
download
0
Transcript of How Mature is Your Data Protection? 3 Steps to Effective Data Security.
![Page 1: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/1.jpg)
How Mature is Your Data Protection?
![Page 2: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/2.jpg)
Today’s Agenda
Introduction
Aspects of Data Protection : The Survey Says …
A Model of Data Protection Maturity
Q & A
![Page 3: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/3.jpg)
Today’s Panelists
3
Roger A. GrimesSecurity Consultant, Author
and Columnist
Ken OlsenPrincipal Security Engineer
ISO/IEC 27001:2005 Information Security Management System Lead Auditor
![Page 4: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/4.jpg)
4
Discovering the State of Data Protection
Data Protection Maturity Assessment Survey• Anonymous Results • Over 170 Initial Respondents • Respondent Screening
Three areas of focus• Administrative Controls• Technical Controls • “Organizational Motivation”
Results of parallel, UK-targeted survey available at: http://www.lumension.com/Resources/WhitePapers/How-Mature-is-Your-Data-Protection.aspx
8%
10%
6%
12%
11%
9%
11%
33%
Survey Results:How many people work at your organization?
1 to 9
10 to 49
50 to 99
100 to 499
500 to 999
1,000 to1,999
2,000 to 4,999
5000+
![Page 5: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/5.jpg)
Aspects of Data Protection: The Survey Says …
![Page 6: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/6.jpg)
6
20%
45%
29%
6%
What type of IT data protection policies exist?
Exhaustive
Multiple
Minimal
None
Other (please specify)
Administrative Controls
![Page 7: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/7.jpg)
7
Corpo
rate
Con
fiden
tiality
Custo
mer
Con
fiden
tiality
Mob
ile D
evice
Poli
cies
Data
Rights
Poli
cies
Corpo
rate
Righ
ts
Data
Remov
al
Third
Party
Righ
ts
None
Don't k
now
0%
20%
40%
60%
80%
100%86%
74%
47% 44% 45%
30% 32%
4% 1%
Which of the following organizational guide-lines are included in your employee agree-
ments?
Employee Agreement Clause Correlated Technical Controls
Corporate Confidentiality Whole DiskFile/Media EncryptionDevice /Port Control MDM
Customer Confidentiality Whole DiskFile/Media Encryption
Mobile Device Policies MDMWhole Disk
Based on Linear Correlation Analysis of Survey Data (>= +.6)
Administrative Controls: Driving Technology?
![Page 8: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/8.jpg)
Technical Controls
8
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Which of the following technologies does your organization currently use, or plan to deploy within the next 24 months?
No plans
Plan to deploy
Currently deployed
![Page 9: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/9.jpg)
Technical Controls
9
Delib
erat
e dat
a th
eft b
y em
ploye
es
Accid
enta
l dat
a lo
ss b
y em
ploye
es
Loss o
f sen
sitiv
e dat
a by
3rd p
arty
Gener
al d
ata
thef
t by
crim
inal
s
Indust
ry- /
Com
pany-
spec
ific
data
espio
nage
Theft o
f IT a
sset
s (la
ptops,
etc
.)
Cyber
atta
ck o
n mobile
pla
tform
s
Regula
tory
fines
and la
wsuits
Target
ed c
yber
atta
cks
Virus
or mal
ware
network
intru
sion
Softwar
e O/S
vuln
erab
ility
atta
cked
USB-born
e at
tack
Denia
l of S
ervi
ce (D
oS) atta
cks
None0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
16%
40%
10%17%
3%
42%
7%4%
17%
60%
27%
15%22%
15%
Have you experienced any of the following incidents in the past year?
![Page 10: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/10.jpg)
Technical Controls – Survey Results
10
8%
17%
19%
22%
17%
12%
4%
Which of the following best describes your firm's policy for network access for personal devices such as smartphones
and tablets?
Open access
Access, with education
Access limited to higher level employees
Controlled access
No current access allowed, but may in future
No current access allowed, with not plans in the future
Don't know
![Page 11: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/11.jpg)
Technical Controls – Correlations
11
Technology Correlated Technologies MDM DLP
DLP-Lite
Device / Port Control
Whole Disk
File / Media Encryption
Email Encryption
Application Data Encryption
Based on Linear Correlation Analysis (>= +.6 ) Strongest Correlations in Bold (>= +.7)
Several Correlations Existed between Technologies
One of the most prominent surrounded MDM
![Page 12: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/12.jpg)
Organizational Motivation
12
16%
44%
16%
19%
4%
My organization has sufficient resources to achieve compliance with data security policies and best practices?
Strongly agree
Agree
Unsure
Disagree
Strongly disagree
![Page 13: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/13.jpg)
Organizational Motivation
13
PCI DSS SOX / GLBA / Red Flag
HIPAA / HITECH Data Privacy Laws Other 0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Is your organization compliant with the following regulations, or do you plan to be compliant within the next 24 months?
Not applicable
Compliance planned
Currently compliant
![Page 14: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/14.jpg)
A Data Protection Maturity Model
![Page 15: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/15.jpg)
A Model for Data Protection Maturity
15
![Page 16: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/16.jpg)
Rising to the Challenge
16
Creating Policies• Ad Hoc: Minimal or No Security Policies• Optimal: Comprehensive & Exhaustive
Educating Staff• Ad Hoc: One-Time or No Training• Optimal: On-Going, Formal Training
Enforcing Policies• Ad Hoc: Limited Technical Controls• Optimal: Robust Technical Controls
![Page 17: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/17.jpg)
Q & A
![Page 18: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/18.jpg)
More Information
• Free Security Scanner Tools» Application Scanner – discover all the apps
being used in your network» Vulnerability Scanner – discover all OS and
application vulnerabilities on your network » Device Scanner – discover all the devices
being used in your network
http://www.lumension.com/Resources/Security-Tools.aspx
• Lumension® Endpoint Management and Security Suite» Demo:
http://www.lumension.com/endpoint-management-security-suite/demo.aspx
» Evaluation: http://www.lumension.com/endpoint-management-security-suite/free-trial.aspx
• Get a Quote (and more)http://www.lumension.com/endpoint-management-security-suite/buy-now.aspx#2
18
![Page 19: How Mature is Your Data Protection? 3 Steps to Effective Data Security.](https://reader036.fdocuments.in/reader036/viewer/2022081404/557a234dd8b42a48458b476c/html5/thumbnails/19.jpg)
Global Headquarters8660 East Hartford Drive
Suite 300
Scottsdale, AZ 85255
1.888.725.7828
http://blog.lumension.com