dealing with risk and compliance to secure your growth
play

Dealing with Risk and Compliance to secure your growth 16th May - PowerPoint PPT Presentation

Aug 19, 2023 •112 likes •433 views

Dealing with Risk and Compliance to secure your growth 16th May 2018 John Bycroft, SVP Sales Europe Top op d driv ivers f for D Data S Secu ecurit ity I Investment Reputation and Customer or partner Compliance brand protection

  1. Dealing with Risk and Compliance to secure your growth 16th May 2018 John Bycroft, SVP Sales Europe

  2. Top op d driv ivers f for D Data S Secu ecurit ity I Investment Reputation and Customer or partner Compliance brand protection recommendation Regulations http://www.infosecurity-magazine.com/news/research-data-breaches-up-security/ https://www.bloomberg.com/news/articles/2017-03-02/world-s-biggest-banks-fined-321-billion-since-financial-crisis 2

  3. Top op d driv ivers f for D Data S Secu ecurit ity I Investment Compliance Regulations Reputation and brand protection Customer or partner recommendation http://www.infosecurity-magazine.com/news/research-data-breaches-up-security/ https://www.bloomberg.com/news/articles/2017-03-02/world-s-biggest-banks-fined-321-billion-since-financial-crisis 3

  4. Comforte a and S Secu ecurit ity 4

  5. So o what c can y you d do? o? >Ignore the issue or… >Hope that it does not happen to you >Do something 5

  6. PROTE TECT Y YOUR D R DATA W WITH H TOKEN KENISATI TION >“Data protection with tokenisation is proving to be more effective than network perimeter defenses or intrusion detection and is endorsed by the most well-known and respected compliance standards worldwide” PCI DSS 3.2 ASC X9 GDPR Standard 119-2 Render Primary Account Defines the minimum Data security measures Number (PAN) unreadable security requirements for should allow Pseudonymizing anywhere it is stored implementing tokenisation (tokenising or encrypting) of (clause 3.4) personal data According to Gartner Research, tokenisation has emerged as a best practice for protecting sensitive fields or columns in databases during the past few years. 6

  7. Tok okenis isatio ion (data s secu curit ity) >Is the process of substituting a sensitive data element (e.g. PAN) with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value. >The token is a reference (i.e. identifier) that maps back to the sensitive data through a tokenisation system like comForte‘s SecurDPS 7

  8. tokenisation – the c e concep cept PAN: 4026157151401408 (or SSN, Name,etc) tokenisation Token: 67a1cefb12aa897d engine OR : 67z1xExn12VT1408 OR : 4026158BDFAF1408 OR : ... Target format configurable in Various mechanisms possible to perform actual tokenisation tokenisation engine. Important to have a distinguish-method for online migration 9

  9. com omForte Token enisati tion Engine > Stateless/Vaultless tokenisation > Security validated by independent comForte cryptologists Tokenisation engine > High performance > Collision-free > Patented technology based on unbalanced Feistel networks > Linearly scalable Tokenisation Tokenisation Algorithm Table 10

  10. Enterpris ise Tok okenis isatio ion system i is missio ion-cr criti tical Looking for: > Availability > Scalability > Reliability > Security > Easy Integration > Fault-Tolerance > Performance …while keeping effort for tokenisation services management and consumers low 11

  11. SecurDPS framework 12

  12. NonStop op a as the e token enisati tion on ser erver HPE NonStop Tokens SecurDPS with Protection Engine Secure Channel Secure Channel Secure Channel (SSH) (SSH) (SSH) comForte SecurDPS comForte SecurDPS comForte SecurDPS Tokens Tokens Tokens Linux/Unix hosts MS Windows hosts Other Enterprise hosts 13

  13. Today - Satellite Prot To otecti tion Node Appliance ce HPE NonStop Virtualized x86 Server • Appliance based on custom minimal OpenBSD • No root access, just end point userids and keys • No persistent storage, just ram disk • logging via syslog or to Tokens • SDF & Vaults loaded from NonStop for local processing Secure Channel • Unlimited scalability and fail-over of protection nodes (SSH) • High performance – first measurements easily 100k TPS SecurDPS with Protection Engine • (depending on strategy and underlying hardware SecurDPS Protection Node Cluster performance) Secure Channel Secure Channel Secure Channel (SSH) (SSH) (SSH) comForte SecurDPS comForte SecurDPS comForte SecurDPS Tokens Tokens Tokens Linux/Unix hosts MS Windows hosts Other Enterprise hosts 14

  14. COMF CO MFORTE D DATA P PRO ROTECTION C N CLUSTER - ARCHI HITECTUR URE Y E YOU CAN R REL ELY O Y ON EA Failure of single PN will be transparent for enterprise EA EA application (EA) connectors, other PN will take over PN EA EA PN PN Cluster of Management Console (MC) Audit Console creates a solid Protection Nodes configures SDF (configuration audit trail and allows real-time PN file) and generates token tables MC AC insights into key questions monitor/restart around enterprise data MC can be stopped after cluster each other protection startup! PN PN EA EA PN SDF & token tables & In environments with EA EA endpoint authentication NonStop (optional), NS data loaded into PN can run as MC and/or PN EA 15

  15. Secu ecurDPS – Integration C Capabilities Use of API Transparent Integration SecurDPS integration can be done by: Application A Application B  Transparent Integration capabilities SecurDPS API  No code change required SecurDPS  Full support of HP NonStop, and can also cover common use cases for Transparency Layer Windows and Linux/Unix  Allows for protecting files that are accessed by 3 rd party applications that SecurDPS Data Processing Layer cannot be changed, such as file transfers clients, operating systems tools etc. SecurDPS API  Data processing layer provides capabilities to locate and replace sensitive data in the intercepted I/O stream Data Protection Data Protection  Transparency allows for migrating from non-tokenised to tokenised Platform API Platform API without interruption of service (actual tokenisation (actual tokenisation operations) operations) API access for explicit control of protection engine  If tight integration with the application is desired TKNs TKNs Tokens Tokens 16

  16. Secu ecurDPS S SmartAPI – Not j just a t a Simp mple A API SecurDPS makes high availability tokenization easy > Automatic failover > Automatic load balancing > Automatic (re)distribution PN PN PN PN PN PN > Automatic integrity assurance > Automatic scaling SmartAPI SmartAPI EA EA All transparent to the Enterprise App! 17

  17. SecurDPS deployment options 18

  18. Secu ecurDPS E Enterpris ise O On-Prem AC On PN PN Premise MC App Tokens PN 19

  19. Secu ecurDPS E Enterpris ise H Hybrid id w with th o on-prem a and cl clou oud app Public Cloud Cloud PN PN App Tokens PN AC On PN PN Premise MC App Tokens PN 20

  20. SecurDP rDPS Hy S Hybr brid C Cloud De Deploym yment – no o PANs t to cl o clou oud SecurDPS Cloud AC MC Index Table Tweak PN PN App Tokens PN Cloud or On-Premise 21

  21. SecurDP rDPS Hy S Hybr brid C Cloud De Deploym yment Public Cloud AC MC Tokens Index Table Tweak USVs SecurDPS TKN<->USV PN PN App Tokens Log CASB PN Cloud or On-Premise 22

  22. comFor orte e - contact cts John Bycroft SVP Sales EMEA Tel: +44 118 909 9076 Email: j.bycroft@comforte.com 23

  23. Security specials 24

  24. Key p prot otect ection & & HSM i integ egrati tion on  Multiple layers of key encryption  Optional vendor agnostic HSM integration  Optional Key custodians for split knowledge / dual control  Key custodians can authorise key usage for unattended startup 25

  25. Secu ecurDPS Key h hier erarch chy 26

  26. The e typ ypes of of t the e keys an and t the e su supported alg algorit ithms ar are as as follows: Key/Secret Type Supported Purpose and Usage Algorithms Vault KEK Asymmetric RSA OAEP Encrypt a DEK. 2048, 3072 1 , 4096 1 Bits DEK Symmetric cbc-aes-256-sha-128 Encrypt a file. cbc-aes-256-sha-256 cbc-aes-256-sha-512 Index Table Large ANSI X9.119-2-2017 Tokenize a sensitive data string (such as the PAN). Random i.e. comForte Table Tokenization Algorithm 27

  27. Key h hier erarch chy w with a a HSM 28

  28. Combining g the E Encryption K Key P Protection Layer ers ( (example e NonStop) > As a result, the keys in the key store HPE NonStop can be protected by multiple SecurDPS optional key encryption layers: Manager SCD/HSM > Encryption with a secret derived from the (e.g. HPE Atalla IPC obfuscated code secret and the custodian’s TCP/IP Encryption Keyserver NSP) Proxy passphrases (if the key is under custodian CS MFK control) > Encryption with an HSM/SCD working key KeyStore > Encryption with the key store Masterkey. Outline color of box indicates key used Key Name Key Data > Obviously, for the SecurDPS forencryption: - Master File Key (MFK) WK0 Masterkey Masterkey Masterkey itself layer 3 is not - Working Key for Masterkey (WK0) - Masterkey Custodian Passphrases - SecurDPS Code Secret (CS) available. The diagram depicts an Vaultkey WK1 - SecurDPSMasterkey Vaultkey - Working Key for Vault (WK1) overview of this multi-layer - Vault Key Custodian Passphrases approach. 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ecommerce: Risk &amp; Compliance of Doing Risk &amp; Compliance of Doing Business Online Tg

Ecommerce: Risk &amp; Compliance of Doing Risk &amp; Compliance of Doing Business Online Tg

16/11/2012 Ecommerce: Risk &amp; Compliance of Doing Risk &amp; Compliance of Doing Business Online Tg Farith Rithauddeen Skali Group About SKALI E-commerce Growth Risks of Doing Business Online Risks of Doing Business

459 views • 17 slides
Role of Board, CEO &amp; Senior Management CAFRAL Conference of Heads of Compliance April 15,

Role of Board, CEO &amp; Senior Management CAFRAL Conference of Heads of Compliance April 15,

Managing Compliance Risk Role of Board, CEO &amp; Senior Management CAFRAL Conference of Heads of Compliance April 15, 2013 1 Compliance Risk Basel Committee defines Compliance Risk as the risk of legal or regulatory sanctions,

632 views • 13 slides
Compliance &amp; Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) &amp; Chief Risk

Compliance &amp; Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) &amp; Chief Risk

Compliance &amp; Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) &amp; Chief Risk Officer, Bharti AXA Life Insurance Company Limited Stakeholder Protection IRDA-ICSI Seminar on Convergence of Company Law and Insurance Law 26

437 views • 16 slides
Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult

Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult

3/23/2016 Dealing With The Irate Customer Dealing With The Irate Customer Dealing with difficult conversations Dealing with angry customers Dealing with dissatisfied customers Problem solving model Three breakthrough techniques

637 views • 17 slides
Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk Officer, EVP 1 Todays Agenda Risk Management Risk governance Enterprise Risk Management Community Reinvestment Act Operational Risk

366 views • 23 slides
Introduction to Risk Management (Theory &amp; Practice) DCU Risk &amp; Compliance Officer

Introduction to Risk Management (Theory &amp; Practice) DCU Risk &amp; Compliance Officer

Risk Management Introduction to Risk Management (Theory &amp; Practice) DCU Risk &amp; Compliance Officer November 2015 Risk Management Sections 1) Aims of presentation 7) Tips for success 2) What is Risk Management (RM)? 8) Why RM may

533 views • 32 slides
Secure Agile Development With FISMA Compliance https://www.fyrmassociates.com/ FYRM Overview

Secure Agile Development With FISMA Compliance https://www.fyrmassociates.com/ FYRM Overview

Secure Agile Development With FISMA Compliance https://www.fyrmassociates.com/ FYRM Overview Qualifications Performance Strategy Experience CPAR 4/4 Secure Agile Respected Partner CMS, DOE Knowledge Sharing FedRAMP

197 views • 16 slides
Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan Evaluation Section, Pharmacovigilance and Special Access Branch Why does RMP compliance matter? RMPs aim to ensure that the benefits of a

732 views • 22 slides
Risk and Compliance Risk and Compliance Mark Hofman SANS Institute/Shearwater Solutions 06

Risk and Compliance Risk and Compliance Mark Hofman SANS Institute/Shearwater Solutions 06

Ministry of Science, People First, Performance Now Technology and Innovation Risk and Compliance Risk and Compliance Mark Hofman SANS Institute/Shearwater Solutions 06 November 2012 Ministry of Science, People First, Performance Now

245 views • 21 slides
Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and

Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and

Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and compliance programs Common compliance issues know your risk areas! Guidance for drafting or updating your compliance plan Elements of

1.16k views • 50 slides
COMPLIANCE Jon Bonham CISA, QSA Director, Enterprise Risk and Compliance AGENDA About The

COMPLIANCE Jon Bonham CISA, QSA Director, Enterprise Risk and Compliance AGENDA About The

E-COMMERCE AND PCI COMPLIANCE Jon Bonham CISA, QSA Director, Enterprise Risk and Compliance AGENDA About The Speaker About Coalfire E-Commerce The Good - the benefits The Bad - what could go wrong The Ugly- how to truly

484 views • 25 slides
NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri

NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri

NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri rhussar@barclaydamon.com mzambri@barclaydamon.com Agenda Introductions Compliance Risk Assessment Process OMIG Effectiveness Review

398 views • 35 slides
Dealing With Climate Risk By Robert Guttmann Hofstra University (New York) CEPN (UP13,

Dealing With Climate Risk By Robert Guttmann Hofstra University (New York) CEPN (UP13,

Seminaire Chaire Energie et Prosperit 24 Janvier 2017 Dealing With Climate Risk By Robert Guttmann Hofstra University (New York) CEPN (UP13, Villetaneuse) The F e FSBs T TCFD Rep eport 1) The FSB, upgraded in the wake of the

576 views • 8 slides
TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH

TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH

TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH VOLATILITY? Felice ADINOLFI OUTLINE Volatility drivers Factors affecting farmers income risk How we are currently dealing with volatility?

119 views • 9 slides
DEALING WITH RISK AND UNCERTAINTIES Session 2 : Structure, methods and decision criteria for

DEALING WITH RISK AND UNCERTAINTIES Session 2 : Structure, methods and decision criteria for

DEALING WITH RISK AND UNCERTAINTIES Session 2 : Structure, methods and decision criteria for extrapolation Extrapolation workshop; 30/9-2015 Anna Nordmark and Norbert Benda Uncertainty in M&amp;S used for extrapolation At which levels in

408 views • 11 slides
The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help

The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help

The Joy of Open, Agile Government Security Compliance Using F/LOSS, Agile and DevSecOps to help make compliance secure Fen Labalme TOC How did I get here What is CivicActions What is compliance Making compliance fun Culture

1.24k views • 89 slides
Dashboard Block Block details by height Block details by ID Transaction details by receipient

Dashboard Block Block details by height Block details by ID Transaction details by receipient

Dashboard Block Block details by height Block details by ID Transaction details by receipient ID Transaction details by sender ID Transaction details by transaction ID Transactions User details with comments User details with transactions

827 views • 57 slides
MMFCU Bill Pay Business Accounts Bill Pay for Businesses Businesses can sign up for Online Bill

MMFCU Bill Pay Business Accounts Bill Pay for Businesses Businesses can sign up for Online Bill

MMFCU Bill Pay Business Accounts Bill Pay for Businesses Businesses can sign up for Online Bill Pay and streamline the back office functions of their business. Features include: -Pay bills and view payment activity online anytime. - Delegate

414 views • 6 slides
Lance Spitzner www.securingthehuman.org facebook.com/securethehuman @securethehuman 1 in

Lance Spitzner www.securingthehuman.org facebook.com/securethehuman @securethehuman 1 in

Lance Spitzner www.securingthehuman.org facebook.com/securethehuman @securethehuman 1 in 251,800,000 Source: http://www.bookofodds.com/content/view/full/252163 1 in 112,000,000 Source: http://www.bookofodds.com/content/view/full/248157 The Human

768 views • 23 slides
Investor Relations Update As of January 30, 2019 Safe Harbor Statement Except for historical

Investor Relations Update As of January 30, 2019 Safe Harbor Statement Except for historical

Investor Relations Update As of January 30, 2019 Safe Harbor Statement Except for historical information contained herein, the matters set forth in this presentation contain forward- looking statements, including industry market projections; our

418 views • 28 slides
HuManS Voice recognitjon THE OPERATING CONTEXT Automatic work-space Collaborative work-space

HuManS Voice recognitjon THE OPERATING CONTEXT Automatic work-space Collaborative work-space

Piatuaforma Fabbrica Intelligente - Regione Piemonte Progetuo HuManS Human centered Manufacturing Systems HuManS Voice recognitjon THE OPERATING CONTEXT Automatic work-space Collaborative work-space Macro-level interaction Draw Help!

430 views • 9 slides
Engineering BENJAMIN M. STATLER COLLEGE OF ENGINEERING AND MINERAL RESOURCES What is the

Engineering BENJAMIN M. STATLER COLLEGE OF ENGINEERING AND MINERAL RESOURCES What is the

Welcome to the Fundamentals of Engineering BENJAMIN M. STATLER COLLEGE OF ENGINEERING AND MINERAL RESOURCES What is the Fundamentals of Engineering? All First-Time, Full-Time Freshman begin in the Fundamentals of Engineering To move

773 views • 35 slides
TREZOR Wallet Setup and BTC Transfer What is QR.CR? T he Worlds Best QR Code Mobile Marketing

TREZOR Wallet Setup and BTC Transfer What is QR.CR? T he Worlds Best QR Code Mobile Marketing

The Dynamic QR Code System TREZOR Wallet Setup and BTC Transfer What is QR.CR? T he Worlds Best QR Code Mobile Marketing System Secure Easy to use Accessible Interactive Versatile Why TREZOR Wallet? Keep Bitcoins Safe

423 views • 25 slides
Welcome to East Carolina University Cashiers Office Billing of Tuition Tuition is billed by

Welcome to East Carolina University Cashiers Office Billing of Tuition Tuition is billed by

Welcome to East Carolina University Cashiers Office Billing of Tuition Tuition is billed by term and will include tuition for main campus and/or distance education courses. Main campus tuition is billed by blocks of credit hours, not by the

405 views • 19 slides

More recommend