Click here to load reader
Upload
watchful-software
View
109
Download
2
Embed Size (px)
Citation preview
The path to most GRC requirements
Rui Melo BiscaiaWatchful Software
Some “house rules” on this Webinar
7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2
1You are muted centrally. You don’t need to mute/unmute yourself
2This webinar is being recorded.You’ll have access to it on-demand watchfulsoftware.com
3The Q&A session will be at the end.You are welcomed to enter questions anytime, using the Questions feature in the GoToWebinar control panel
Speaker
Rui Melo Biscaia
Director of Product Management & Strategic Accounts
Watchful Software
“Rules of Thumb”
7/20/2016 © Copyright www.watchfulsoftware.com. 2015 All Rights Reserved. 3
Leaks
1 It’s not a matter of ‘if’, but ‘when’
2 It’s not really about databases anymore
3 Hackers aren’t the greatest threat
4 This doesn’t have to keep happening
The path to most GRC requirements
7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 4
Data classification is the foundation of any successful information GRC initiative as it:
1 Limits Corporate Liability
2 Slashes risk of adverse reaction to the business from data leakage
3 Increases the competency of users
1 Policy-Driven Data Classification & Labelling
2 Role-Based Access Control Policies
3 Dynamic Watermarking and Tagging
4 Unstructured Data Visibility & Monitoring
5 Complementing the Enterprise Security “Puzzle”
RightsWATCH in a nutshell
7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 5
RightsWATCH GRC usage scenario
Paul is an Information Security officer (ISO)
that extracts a costumer BD
Data is exported to an Excel Spreadsheet
(PAN & PII incl.)
Paul attaches the Excel Spreadsheet onto the new e-mail message
As soon as the Excel Spreadsheet is attached to the e-mail, RightsWATCH automatically
classifies and protects the file, without asking Paul for any decision or action on his part
Paul mistypes the recipient e-mail address and clicks the “Send” button
The email is prevented from being sent, because RightsWATCH recognizes
that the e-mail address that Paul typed is wrong
RightsWATCH informs Paul of the fact and allows him to
correct the mistype so that the e-mail can be sent to the Risk & Compliance manager
Risk & Compliance manager receives the e-mail
RightsWATCH prevents the Risk & Compliance manager from saving the file onto Dropbox and/or from forwarding it to his personal Gmail account,
by blocking him from doing so. He gets a notification on the reason why he is being
prevented from doing it.
The path to most GRC requirements
7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 7
RightsWATCH helps meeting PCI-DSS as it:
• Avoid Liability Risk due to Data Loss or Theft• Protect information exchanged with external
partners • Protect information during transfer, storage and
usage
RightsWATCH helps meeting HIPPA as it:
• Allows PHI to be automatically classified and protected
• Provides a powerful policy engine that identifies PHI and takes actions to classify, apply protective markings and labels and decrease liability
• Applies DRM to control access and usage over files that contain PHI
• Delivers a comprehensive audit trail
RightsWATCH helps meeting ISO 27001 as it:
• Prevents inadvertent data loss, even when completely outside your network
• Educates users on data sensitivity, while ensuring adherence to security policies
• Implements a Multilevel Security Model that extends the Information Security management System
• Ensures compliance with the requirements around the handling of sensitive data
• Allows users to identify key data & make decisions about how it is stored, transmitted and used
• Classifies and protects information which requires special handling
The path to most GRC requirements
7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 8
RightsWATCH helps meeting the GSC schema as it:
• Can be supplied with a 'pre-made' security classification schema to ensure compliance that includes the security classifications and descriptors
• Allows for easily adding extra descriptors, customized tool-tip texts for each classification, or custom-configured text labels for each security classification
• Allows the “vanilla” classification schema to easily be modified to meet the specific needs of HMG Departments, Agencies, Local Authorities and Police Forces
RightsWATCH helps meeting GDPR as it:
Delivers a comprehensive audit trail allowing the documentation and trace of any authorized and unauthorized access to confidential data
Labels and marks sensitive data to help identify information requiring special handling, allowing for easily adding extra descriptors, customized tooltip texts for each classification, or custom-configured text labels for each security classification
Alerts users when sensitive data is leaving the organization to warn or prevent them from sending data outside of the organization
Provids a content, context and metadata aware policy engine that identifies PII, takes action to classify the file according to policy, applies protective markings and labels to identify the information and decrease corporate liability
RightsWATCH helps meeting PoPI as it:
• Allows for personal information to be automatically classified and protected, whenever it is received, handled, or shared
• Warns and blocks from sending an email or saving a file, if the action being undertaken goes against corporate policies or PoPI mandates
• Brings a content, context and metadata aware policy engine that identifies personal information, to take action to classify the file according to policy, to apply protective markings and labels to identify the information and to decrease corporate liability
• Provides a comprehensive audit trail
POPI
Complementing the Enterprise Security “Puzzle”
7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 9
Q&A
7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 10
1You are welcomed to enter questions, using the questions feature in the GoToWebinar control panel
2
Check out the “Resources” area on www.watchfulsoftware.com and watch, short, product walkthrough demonstrations of how RightsWATCH address a comprehensive set of use cases
3E-mail [email protected] to request a demo of RightsWATCH
4This webinar was recorded. You’ll have access to it on-demand at www.watchfulsoftware.com
The path to most GRC requirements
Rui Melo BiscaiaWatchful Software