The path to most GRC requirements

The path to most GRC requirements

Rui Melo BiscaiaWatchful Software

Some “house rules” on this Webinar

7/20/2016 © Copyright www.watchfulsoftware.com. 2016 All Rights Reserved. 2

1You are muted centrally. You don’t need to mute/unmute yourself

2This webinar is being recorded.You’ll have access to it on-demand watchfulsoftware.com

3The Q&A session will be at the end.You are welcomed to enter questions anytime, using the Questions feature in the GoToWebinar control panel

Speaker

Rui Melo Biscaia

Director of Product Management & Strategic Accounts

Watchful Software

http://www.watchfulsoftware.com/en/resources

“Rules of Thumb”


Leaks

1 It’s not a matter of ‘if’, but ‘when’

2 It’s not really about databases anymore

3 Hackers aren’t the greatest threat

4 This doesn’t have to keep happening



Data classification is the foundation of any successful information GRC initiative as it:

1 Limits Corporate Liability

2 Slashes risk of adverse reaction to the business from data leakage

3 Increases the competency of users

1 Policy-Driven Data Classification & Labelling

2 Role-Based Access Control Policies

3 Dynamic Watermarking and Tagging

4 Unstructured Data Visibility & Monitoring

5 Complementing the Enterprise Security “Puzzle”

RightsWATCH in a nutshell


RightsWATCH GRC usage scenario

Paul is an Information Security officer (ISO)

that extracts a costumer BD

Data is exported to an Excel Spreadsheet

(PAN & PII incl.)

Paul attaches the Excel Spreadsheet onto the new e-mail message

As soon as the Excel Spreadsheet is attached to the e-mail, RightsWATCH automatically

classifies and protects the file, without asking Paul for any decision or action on his part

Paul mistypes the recipient e-mail address and clicks the “Send” button

The email is prevented from being sent, because RightsWATCH recognizes

that the e-mail address that Paul typed is wrong

RightsWATCH informs Paul of the fact and allows him to

correct the mistype so that the e-mail can be sent to the Risk & Compliance manager

Risk & Compliance manager receives the e-mail

RightsWATCH prevents the Risk & Compliance manager from saving the file onto Dropbox and/or from forwarding it to his personal Gmail account,

by blocking him from doing so. He gets a notification on the reason why he is being

prevented from doing it.



RightsWATCH helps meeting PCI-DSS as it:

• Avoid Liability Risk due to Data Loss or Theft• Protect information exchanged with external

partners • Protect information during transfer, storage and

usage

RightsWATCH helps meeting HIPPA as it:

• Allows PHI to be automatically classified and protected

• Provides a powerful policy engine that identifies PHI and takes actions to classify, apply protective markings and labels and decrease liability

• Applies DRM to control access and usage over files that contain PHI

• Delivers a comprehensive audit trail

RightsWATCH helps meeting ISO 27001 as it:

• Prevents inadvertent data loss, even when completely outside your network

• Educates users on data sensitivity, while ensuring adherence to security policies

• Implements a Multilevel Security Model that extends the Information Security management System

• Ensures compliance with the requirements around the handling of sensitive data

• Allows users to identify key data & make decisions about how it is stored, transmitted and used

• Classifies and protects information which requires special handling



RightsWATCH helps meeting the GSC schema as it:

• Can be supplied with a 'pre-made' security classification schema to ensure compliance that includes the security classifications and descriptors

• Allows for easily adding extra descriptors, customized tool-tip texts for each classification, or custom-configured text labels for each security classification

• Allows the “vanilla” classification schema to easily be modified to meet the specific needs of HMG Departments, Agencies, Local Authorities and Police Forces

RightsWATCH helps meeting GDPR as it:

Delivers a comprehensive audit trail allowing the documentation and trace of any authorized and unauthorized access to confidential data

Labels and marks sensitive data to help identify information requiring special handling, allowing for easily adding extra descriptors, customized tooltip texts for each classification, or custom-configured text labels for each security classification

Alerts users when sensitive data is leaving the organization to warn or prevent them from sending data outside of the organization

Provids a content, context and metadata aware policy engine that identifies PII, takes action to classify the file according to policy, applies protective markings and labels to identify the information and decrease corporate liability

RightsWATCH helps meeting PoPI as it:

• Allows for personal information to be automatically classified and protected, whenever it is received, handled, or shared

• Warns and blocks from sending an email or saving a file, if the action being undertaken goes against corporate policies or PoPI mandates

• Brings a content, context and metadata aware policy engine that identifies personal information, to take action to classify the file according to policy, to apply protective markings and labels to identify the information and to decrease corporate liability

• Provides a comprehensive audit trail

POPI

Complementing the Enterprise Security “Puzzle”


Q&A


1You are welcomed to enter questions, using the questions feature in the GoToWebinar control panel

2

Check out the “Resources” area on www.watchfulsoftware.com and watch, short, product walkthrough demonstrations of how RightsWATCH address a comprehensive set of use cases

3E-mail [email protected] to request a demo of RightsWATCH

4This webinar was recorded. You’ll have access to it on-demand at www.watchfulsoftware.com

http://www.watchfulsoftware.com/

mailto:[email protected]

http://www.watchfulsoftware.com/


Rui Melo BiscaiaWatchful Software