Upload
eustacia-cameron
View
225
Download
3
Tags:
Embed Size (px)
Citation preview
Information Security and Compliance
“Managing an assurance program for your business“
Data Compliance Ltd - About us
Data Compliance Ltd provide Information security & Compliance Assurance services to organisations who value their data, customers and business
By delivering
Security Audits Compliance reviews Employee awareness training Benchmarking ISO 27001 Incident management
2
Why is security & compliance important?
3
Information Suppliers Technology
Customers Regulations Risk
1. Directors have a ‘duty of care’ 2. Directors can be held personally liable for negligence
The ‘Lifeblood’ of business
Information is extremely valuable to –
You & your staff Your customers Suppliers & vendors Auditors & Regulators Your competitors Criminals
Information overview
5
Take a good look at your information
What information do you process?
Where is our information stored? Who has access to our
information? What controls are in place? Are there gaps in controls? How do you benchmark
controls? Who is responsible for security?
What are the risks?
Internal threats External threats
Disgruntled employee with access to data Vulnerable employee susceptible to a virus/phishing attack Mobile device (Contractor who copies data) Cloud / Data storage and archive Hacking groups (anonymous) Identity thieves Competitors Fraudsters Denial of service attacks
Hackers Mobile device
Outsiders(suppliers)
Insiders Cloud Remote tools
6
Compliance – Laws, Regulations, Policy
7
• Data Protection Act 1988, 2003• Electronic Communications Act,
2003• Prohibition of Incitement to Hatred
Act 1991• Criminal Damage Act, 1991• Child Trafficking and Pornography
Act• Intellectual Property Act, 1998• Copyright and Related Acts, 2000• Employment Equality Act, 2000
Information Security Program
8
People•Board of Management - Staff•Customers•Suppliers – Regulators - Auditors etc
Processes•Obtaining•Storing•Deleting
Technology•Systems•Communications and operations• Access
Questions for the Board/Executive management Is your organisation complying
with current data protection legislation?
What projects were undertaken in past 12-month period?
What percentage of staff had security training last year?
How does management decide who has access to the organisation’s information and systems?
How does the organisation detect security incidents?
Is management prepared to recover from a major security incident? 9
Security & Compliance check list
What evidence of compliance exists?
1. Assign responsibility – data protection compliance officer2. Maintain public register3. Develop data security policies4. Document security procedures5. Provide awareness training6. Review 3rd party contracts7. Perform annual compliance audit
10
Thank you
11
www.DATACOMPLIANCE.ie
T: 01-297 5775
A: Unit 62d Heather RoadSandyford Industrial Estate,Dublin 18