Data Loss Prevention

Data Loss Prevention Copyright Doug Knehr

Click on the above link for a condensed view of my deep research and expertise in DLP Data Loss Prevention covering the following areas:

Note also view information governance blogs posted here.

Objective
identify and monitor many categories of sensitive information
• Monitor and control the movement of sensitive information across enterprise networks
• Monitor and control the movement of sensitive information on end-user systems

Document fingerprinting
Exchange Server 2013
Government forms
Health Insurance Portability and Accountability Act (HIPAA) compliance forms
Employee information forms for Human Resources departments
Custom forms created specifically for your organization

DLP Concerns

Copyright

Douglas S. Knehr Esq.,MBA, CIPM, CIPP, CISSP (Training)

Doug@DougKnehr.com

609-635-2226

Advertisements

Information Governance – Creating A Program

Information Governance – Creating A Program – Copyright Douglas S. Knehr

Click on the above link for a condensed view of my deep research and expertise in information governance program covering the following areas:

Creating a data map to comply fully with future e-discovery obligations, the company must know what ESI it has and how to access it. This can be achieved by creating a “data map”
Assemble a Record RetentionTeam
Establish an E-Discovery Plan
Train Employees on Records Preservation
social networking sites,
Written Information Security Programs – Compliance with the Massachusetts Data Security Regulation

Restrictions

Definitions

Program Oversight

Copyright

Douglas Knehr

Doug at DougKnehr dot  com

Cyber Insurance Purchase Considerations

Cyber Insurance Purchase Considerations Copyright Doug Knehr 6096352226

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in cyber insurance purchase considerations covering the following areas:

Coverage
Computer forensics.
Privacy or security breach notification and response.
Crisis management.
Data loss or destruction.
Typical Exclusions
additional coverage specifically geared toward the critical infrastructure market
Recent Caselaw

Hacking is publication

Risks
External threats
Internal threats
insurable expenses associated with data breach incidents:
Response and investigation costs, including data restoration.
Litigation defense and damages.
Regulatory defense and penalties.
Litigation Defense and Damages
General commercial liability policies typically include three types of coverages:
sources
Insured Services Office
ISO Endorsement Exclusions

Cyber Attack Compliance

CyberAttack Compliance Copyright Douglas Knehr 6096352226

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in cyber attack compliance.

Topics covered:

Determine and evaluate the company’s entire security chain.

If even a single link is weak, the company could be vulnerable to attack.
create a written compliance plan to monitor the highest risks for a potential cyber attack., This should include:
Prepare Legally Required Disclosures
CCO must coordinate with the CIO and CPO on cyber attack issues
Implement an Enterprise-wide Data Management Program
Review Employee Policies
Invest in Computer Security and Protection Measures
Adopt a Cyber Incident Response Plan and Employee Reporting Mechanisms
Adopt Procedures to Preserve Evidence
Obtain Support of Senior Management
Maintain Relationships with Law Enforcement Agencies
Develop Cyber Incident Response Plans
Laws to enforce Civil and Criminal Remedies for Cyber Attacks
Other Actions to Deter or Mitigate Cyber Attacks
Cyber Liability Insurance Coverage

Security in the Software Development Life Cycle

8 Security in Development Life Cycle – Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in the Software Development Life Cycle covering the following areas:

software development security outline
environment and security controls
security of the software environment
libraries and toolsets
integrated development environments (IDE) and runtime
security issues and source code
software protection mechanisms
security of application & programming interfaces (API
assess the effectiveness of software security
risk analysis and mitigation
assess software acquisition security

Copyright

Douglas Knehr

Doug at DougKnehr dot  com

Security Assessment and Testing

6 Security Assssment & Testing Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in security assessment and testing covering the following areas:

part of the development, operations, and disposition phases of the systems life
Goal is to provide knowledge to assist in managing risks in developing, producing, operating sustaining systems capabilities
assessment and test strategies
Software development as part of system design
Policies and procedures for log management
log management, operational processes typically include
operating systems for servers, workstations and networking devices usually log a variety of security-related information
audit records
Security control testing
collects security process data
internal and third-party audits

Copyright

Douglas Knehr

Doug at DougKnehr dot  com

Identity and Access Management

5 Identity and Access Management Copyright Doug Knehr

Click on the above link for a condensed view (not all links opened) of my deep research and expertise in Identity and Access Management covering the following areas:

physical and logical access to assets
Access control systems should consider three abstractions
PACS physical access control systems
Identification and authentication of people and devices
Identification methods
user identification guidelines
2. Identity management implementation
Identity as a service
Integrate third-party identity services
implement and manage authorization mechanisms
prevent or mitigate access control attacks
identity and access provisioning lifecycle

Copyright

Douglas Knehr

Doug at DougKnehr dot  com