GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing...

Helping you grow your business with

scalable IT services & solutionsfor today’s challenges & tomorrow’s vision.

GDPR Reasonable Plans and Readiness

Bruce Ward, VP of Business StrategyPeters & Associates

Kevin Barnicle, Founder and CEO, Controle

IT SecuritySolutionsPartnership

• Mission: Help “Controle” data for Compliance (GDPR)

• Microsoft - Security and Compliance

• 450+ highly regulated/ litigious industries

• Fast growing company

IT SecuritySolutionsSecurity

“Data Focused”

“Control Focused”

GDPR Basics

Business Intelligence

What is it?

IT SecuritySolutionsGDPR Explained

Simon Natalia

The GDPR bill of rights for individuals:1. The right to be informed2. The right of access3. The right to rectification4. The right to erasure5. The right to restrict processing6. The right to data portability7. The right to object8. Rights in relation to automated decision

making and profiling.

Privacy PolicyIdentify Data/PII

Technical Data Assessment

Data Protection Officer (DPO)Classification / LabelsData Subject Requests (DSR)

Technical Controls AssessmentPrivacy TrainingEncryption

Detect / Respond72 Hour Notification / IRP

Activity Recording / Reporting

Uncover, Search and Make Personal Data Visible

Articles: 15,16,17,18,20,30

Place Controls Around Personal Data

Articles: 5,17,32

Protect Personal Data from Loss, Damage or Breach Articles: 5,25,32,33,34,35

Ensure Continual

Adherence to GDPR

Standards Articles:

5,15,16,17,18,20,24, 35, 42, 44, 45

GDPR: DISCOVER AND MANAGE

10Sensitivity: Internal

Journey to GDPR with Controle

Month 1:Analysis and Preparation

GDPR101

DetailedAssessment

DataDiscovery

Month 2:Planning

Month 6:End User Training &

Adoption

Contracting &Procurement

Project Planning

Internal Audit

End User Training & Adoption

Month 3:Privacy & Compliance

Month 4 & 5:Implementation & Migration

Data Classification Strategy& AIP Implementation

Data Governance& Classification

Email & Data MigrationGDPR Related

Polices & Procedures

Office 365 for GDPR by Controle

Configuration

Response Protocolfor Data Subject Access

Planning and Testing

GDPR Technology Workshops

GDPR team finalization

Transition Planning

GDPR Best Practices

1. Get Legal/Compliance and IT on the same page.

2. Late to planning = focus on highest risk areas:

1. Privacy Policies

2. Data Subject Requests

3. Breach prevention, detection and notification

3. Data classification, less is more initially

– Label PII as Confidential, Sensitive, etc

– Automate. Minimize end user involvement.

4. Practice and mock up Data Subject Requests

5. Journey. Get started. Avoid analysis paralysis.

GDPR Technical Risk Areas

1. Data Subject Requests (DSR, DSAR)• Have obligation to find, produce, and delete/change

PII– Extremely difficult (data all over the place, O365, file

shares, etc)– Need to comb through a lot of data in a short period of

time (30 days) – Need full audit trail/technology enablement– Need a repeatable and defensible process

2. Breach prevention/notification – Protect data at perimeter, source, and in-transit– Detect and notify of breaches

Walk-Thru

To ask questions, either:

1) Take phone off mute, ask.

2) Type question in IM Window

GDPR: PROTECT

Technical Controls AssessmentPrivacy TrainingSecurity Program

Protect Personal Data from Loss, Damage or Breach Articles: 5,25,32,33,34,35

IT SecuritySolutionsCompliance Walk-Thru

https://ServiceTrust.Microsoft.com

IT SecuritySolutionsTechnical Controls Assessment

PULSE Aware – Security Awareness Training

1) Security Awareness Training Library

2) Monthly Social Engineering Evaluation• Baseline and monthly reporting • Customized phishing email and landing pages

3) Reinforce good employee habits consistently• Scenario-based training exercises • Security tips and tricks email (at your pace)• Training assessments & reporting on results

Training course examples:• Intro security awareness

training • Handling sensitive information

securely • Basics of credit card security • Ransomware • Mobile data security • PCI & GLBA compliance • Strong passwords • Safe web browsing • Financial institution physical

security

Weekly O365 Security Check

Mailbox Auditing Inbox Forwarding Mailbox Retention

Office 365 Domains Office 365 Settings MFA Phone Numbers

Foreign Mailbox Logons Old / Unused Mailboxes Roles assigned

Discuss then Demo1. Secure Score2. Azure Active Directory (Conditional Access,

MFA)3. Azure Identity Protection4. Advanced Threat Analytics5. Intune (MDM and MAM)6. Azure Information Protection (AIP): Data

Classification – Manual or Automatic7. O365 Data Loss Prevention

8. Cloud App Security9. eDiscovery, Advanced eDiscovery10. Audit and Activity Reporting11. O365 ATP12. O365 Advanced Security13. O365 Threat Intelligence14. Advanced Governance15. Windows 10 - Defender ATP, Bitlocker, Hello, Direct Access

GDPR: REPORT

Technical Controls AssessmentPrivacy TrainingSecurity Program

Ensure Continual

Adherence to GDPR

Standards Articles:

5,15,16,17,18,20,24, 35, 42, 44, 45

IT SecuritySolutionsAudit Walk-Thru

Discussion

http://www.peters.com/events http://www.peters.com/blog/

Events, Webinars & Blogs

To ask questions, either:

1) Take phone off mute, ask.

2) Type question in IM Window

1801 S. Meyers Road, Suite 120Oakbrook Terrace, IL 60181

(630) 832-0075

Thank you!

Bruce Ward

Bruce.Ward@Peters.com

Kevin Barnicle

Kevin.Barnicle@TakeControle.com

GDPR Reasonable Plans and Readiness · 2018. 6. 6. · • Customized phishing email and landing...

Documents

Phishing the Web · Phishing the web / Peter Panter / 20041227 Introduction to the „Phishing“ phenomenon Word Origin • Roots of the word „phishing“ derive from „fishing“,

GDPR priručnik Kako se pripremiti za primjenu GDPR-a...GDPR priručnik Procjena – planiranje – implementacija - revizija EVENT HORIZON PRODUKTI – GDPR USKLAĐENOST Event Horizon

GDPR in plain English | Business Data Prospects · 2020. 7. 22. · GDPR in plain English Keywords: GDPR, Business Data Prospects, BDP Agency, GDPR Advice, Advice, GDPR Plain English,

Какво е Phishing? Защита от Phishing

KIT GDPR – IMPLEMENTARE GDPR - cursdpo.ro · PLATA IN RATE PRIN eMAG servicii GDPR documente GDPR formare GDPR VERIFICA ACUM REDUCERILE DE PRET DIN SAPTAMANA ACEASTA DIRECT PE SITE

Reinforce 3

GDPR & GDPR - Confindustria Ravenna - Avv. Alessandro Cecchetti

GDPR 규정준수 준비하기 · 2018. 1. 4. · GDPR 규정준수 GDPR 이란? 준비하기 page 2 GDPR 준비 page 3 목차 주요조항및 비즈니스에미치는영향 page

Cheat Reinforce

gdpr Compliance Checklist - Global Privacy & Security ... · GDPR Compliance Checklist . GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that

Why phishing still works: user strategies for combating phishing … · 2020. 9. 23. · Why phishing still works: user strategies for combating phishing attacks Mohamed Alsharnouby,

GDPR, GDPR, vaan mikä se on se GDPR

[GDPR Webinar Slides] Path to GDPR Compliance

Phishing and Anti-phishing techniques

GDPR digest - tmaclub.com · ARE YOU GDPR READY? {More than a MORTGAGE CLUB} GDPR digest

60 - Ricoh España · 2020-01-30 · (phishing), el DDoS o el ransomware, con un coste económico muy elevado. Las normativas gubernamentales, tales como el GDPR (Reglamento General

Reinforce Memory

How to Spot Phishing Attacks - MicroAge · How to Spot Phishing Attacks What is Spear Phishing? Like phishing ploys, spear phishing scams are designed to obtain sensitive information

GDPR: What’s going on? - necsia.esa-Necsia-GDPR-360... · (ISO27001, GDPR, PCI-DSS) GESTIÓN DE RIESGOS Y DE TERCEROS ... Curso básico GDPR ... concienciación en GDPR

Payslip Compliance with GDPR · 2020-01-13 · Payslip Compliance with GDPR Payslip Compliance with GDPR Ensuring your Payslips are compliant with GDPR GDPR changes coming in May