Data-Ed Online: How Safe is Your Data? Data Security Webinar

Welcome!
TITLE

How Safe is Your Data?
Data Security Management Webinar

Date: May 15, 2012
Time: 2:00 PM ET
Presenter: Dr. Peter Aiken
Twitter: #dataed

PRODUCED BY CLASSIFICATION DATE SLIDE
DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 5/15/2012 1
© Copyright this and previous years by Data Blueprint - all rights reserved!

New Feature: Live Twitter Feed
TITLE

Join the conversation on Twitter!
Follow us @datablueprint and @paiken
Ask questions and submit your comments:
#dataed

New Feature: LIKE US on Facebook
TITLE

www.facebook.com/datablueprint
Post questions and comments
Find industry news, insightful content
and event updates

TITLE
Meet Your Presenter: Dr. Peter Aiken
• Internationally recognized thought-leader in
the data management field with more than 30
years of experience
• Recipient of the 2010 International Stevens
Award
• Founding Director of Data Blueprint
(http://datablueprint.com)
• Associate Professor of Information Systems
at Virginia Commonwealth University
(http://vcu.edu)

• President of DAMA International (http://dama.org)
• DoD Computer Scientist, Reverse Engineering Program Manager/
Office of the Chief Information Officer
• Visiting Scientist, Software Engineering Institute/Carnegie Mellon
University
• 7 books and dozens of articles
• Experienced w/ 500+ data management practices in 20 countries
#dataed

How Safe Is Your
Data?

Dr. Peter Aiken: Data Security Management Webinar
DATA BLUEPRINT 10124-C W. BROAD ST, GLEN ALLEN, VA 23060 EDUCATION 4/10/2012

TITLE
Outline

Tweeting now:
#dataed


TITLE
Outline
1. Data Management Overview

Tweeting now:
#dataed


TITLE
Outline
2. What is data security management?

Tweeting now:
#dataed


TITLE
Outline
3. Why is data security important?
(1) Top Data Security Concerns & Requirements
(2) The Cost of Not Having Accurate Security
(3) Data Security Statistics & Examples of Security
Breaches

Tweeting now:
#dataed


TITLE
Outline
Breaches
4. Data Security Management Building
Blocks

Tweeting now:
#dataed


TITLE
Outline
Breaches
Blocks
5. Passwords & Policy Examples

Tweeting now:
#dataed


TITLE
Outline
Breaches
Blocks
6. Data Security Standards & Guiding
Principles
Tweeting now:
#dataed


TITLE
Outline
Breaches
Blocks
Principles
Tweeting now:
7. Take Aways, References & Q&A #dataed


TITLE
The DAMA Guide to the Data Management Body of Knowledge

Data Management Functions

TITLE
Published by DAMA
International


TITLE
Published by DAMA
International
• The professional
association for Data
Managers (40
chapters worldwide)


TITLE
Published by DAMA
International
Managers (40
chapters worldwide)
DMBoK organized
around


TITLE
Published by DAMA
International
Managers (40
chapters worldwide)
DMBoK organized
around
• Primary data
management
functions focused
around data delivery
to the organization


TITLE
Published by DAMA
International
Managers (40
chapters worldwide)
DMBoK organized
around
• Primary data
management
functions focused
around data delivery
to the organization
• Organized around
several
environmental
elements


TITLE


TITLE

Environmental Elements

TITLE

Amazon:
http://
www.amazon.com/
DAMA-Guide-
Management-
Knowledge-DAMA-
DMBOK/dp/
0977140083
Or enter the terms
"dama dm bok" at the
Amazon search
engine

Environmental Elements

TITLE
What is the CDMP?
• Certified Data Management
Professional
• DAMA International and ICCP
• Membership in a distinct group made
up of your fellow professionals
• Recognition for your specialized
knowledge in a choice of 17 specialty
areas
• Series of 3 exams
• For more information, please visit:
– http://www.dama.org/i4a/pages/
index.cfm?pageid=3399
– http://iccp.org/certification/
designations/cdmp
#dataed

TITLE
Data Management

#dataed

TITLE
Data Management

Data Program
Coordination

Organizational
Data Integration

Data Stewardship Data Development

Data Support
Operations

#dataed

TITLE
Data Management
Manage data coherently.

Data Program
Coordination

Organizational
Data Integration


Data Support
Operations

#dataed

TITLE
Data Management

Data Program
Coordination
Share data across boundaries.
Organizational
Data Integration


Data Support
Operations

#dataed

TITLE
Data Management

Data Program
Coordination
Organizational
Data Integration


Assign responsibilities for data.

Data Support
Operations

#dataed

TITLE
Data Management

Data Program
Coordination
Organizational
Data Integration


Engineer data delivery systems.

Data Support
Operations

#dataed

TITLE
Data Management

Data Program
Coordination
Organizational
Data Integration


Engineer data delivery systems.

Data Support
Operations

Maintain data availability.

#dataed

TITLE
Outline
Breaches
Blocks
Principles
Tweeting now:


TITLE
Summary: Data Security Management

#dataed from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International

TITLE
Definition: Data Security Management
Planning, development and execution of security policies
and procedures to provide proper authentication,
authorization, access and auditing of data and information
assets.


TITLE
Outline
Breaches
Blocks
Principles
Tweeting now:


TITLE
Top Data Security Concerns

#dataed

TITLE
1. Confidentiality
– Making sure that data is supposed to be restricted to
the company

#dataed

TITLE
1. Confidentiality
the company
2. Integrity
– Ensure that the are no changes to data except those
intentional ones

#dataed

TITLE
1. Confidentiality
the company
2. Integrity
intentional ones
3. Availability
– Ability to get data when it is needed

#dataed

TITLE
1. Confidentiality
the company
2. Integrity
intentional ones
3. Availability
– Ability to get data when it is needed
4. Non-repudiation
– Ability to prove what was sent, when, who sent it as
well as what was delivered, when it was delivered and
who received it
#dataed

TITLE

Data Security Requirements
Requirements and the procedures to meet them are
categorized into 4 basic groups (the 4 As):

#dataed

TITLE

1. Authentication
Validate users are who they say they are

#dataed

TITLE

1. Authentication
2. Authorization
Identify the right individuals and grant them
the right privileges to specific, appropriate
views of data

#dataed

TITLE

1. Authentication
2. Authorization
views of data
3. Access
Enable these individuals and their privileges
in a timely manner

#dataed

TITLE

1. Authentication
2. Authorization
views of data
3. Access
Enable these individuals and their privileges
in a timely manner
4. Audit
Review security actions and user activity to
ensure compliance with regulations and
conformance with policy and standards
#dataed

TITLE
Data Security in the News
6 Worst Data Breaches of 2011
1. Sony
– Attacks compromised Sony PlayStation Network, Sony Online
Entertainment, and Sony Pictures
– Failure to protect 100+ user records
– On-going customer relations fallout and class-action
lawsuits
– Recovery costs: $2+ million

2. Epsilon
– Cloud-based email service provider fell victim to spear-
phishing attack
– Breach affected data from 75 clients who trusted Epsilon
with their customers’ data
– 60 million customer email addresses were breached
(conservative estimate)
– Largest security breach ever
Source: http://www.informationweek.com/news/security/attacks/232301079?itc=edit_in_body_cross

TITLE
Data Security in the News, cont’d
3. RSA
– Didn’t involve consumer information but one of the world’s most-used
2-factor authentication system
– Failure to detail exactly what had been stolen by low-tech spear
phishing attack
– Result of this attack: Many companies retooled security and training
processes to help prevent these low-cost, easy-to-execute social-
engineering attacks

4. Sutter Physician Services
– Thief stole desktop containing 2.2 million patients’ medical details
– Security lapse on 2 levels:
• (1)Data (unencrypted)
• (2)Physical location (unsecured)
– Failure to alert affected patients in timely manner
– Class action lawsuit


TITLE
Data Security in the News, cont’d
5. Tricare and SAIC
– Backup tapes containing unencrypted data were stolen from an
employee’s personal car
– 5.1 million people affected: Current and retired members of
armed services and their families
– Significant because victims are at risk of medical identify
theft AND financial identity theft
– $4.9 billion lawsuit

6. Nasdaq
– Attack on Directors Desk, a cloud-based Nasdaq system
designed to facilitate boardroom-level communications for
10,000 senior executives and company directors
– Possible access to inside information that might have been
sold to competitors or used to make beneficial stock market


TITLE
Cost of NOT having Accurate Security: Other Examples

• 2008: Heartland Payment • 2006: Department of VA
Systems – Stolen laptop exposed records
– 130 million credit card numbers on 26.5 million veterans,
including SSNs
– $140 million recovery costs
– $14 million recovery costs

• 2008: Hannaford Bros.
– 4.2 million credit and debit card
• 2005: Card Systems
numbers Solutions
– Class action lawsuit – 40 million credit and debit card
accounts

• 2007: TJ X Co.
– 45 + million credit and debit card
numbers stolen
– $250+ million recovery cost

#dataed

TITLE
Polling Question #1
What is the cost of data security? Estimated cost
per individual breach:

1. $194
2. $467
3. $855
4. $1026


TITLE
Data Security Statistics (2011)

Source: http://www.informationweek.com/news/security/attacks/232602891

TITLE
• Cost of individual data breach is decreasing for the first time in 7
years


TITLE
years
• Cost of individual data breach:
– $5.5 million (2011) vs. $7.2 million (2010)


TITLE
years
• Cost per compromised record:
– $194 (2011) from $215 (2010)
– Exception: Breach as a result of malicious attacks average $222 per record
(higher because companies need to do more after the fact)


TITLE
years
– $194 (2011) from $215 (2010)
• Costs are generally lower if organizations have Chief Information
Security Officer (CISO)


TITLE
years
– $194 (2011) from $215 (2010)
• Other declines in 2011:
– Average size of data breaches declined by 16%
– Abnormal customer churn decreased by 18%


TITLE
years
– $194 (2011) from $215 (2010)
• Other declines in 2011:
– Average size of data breaches declined by 16%
– Abnormal customer churn decreased by 18%
• Interesting fact: in 2011 39% of data breaches were caused by
negligent insiders and 24% by system glitches

TITLE


TITLE
• Breaches caused by malicious attacks increased: 37% (2011) from
31% (2010)
– 50% malware
– 33% malicious insiders
– 28% device theft
– 28% SQL injection
– 22% phishing attacks
– 17% social engineering attacks


TITLE
31% (2010)
– 50% malware
• Businesses’ detection costs decreased by 6%: $428,330 (2011)
from $455,670 (2010)
– Companies are more efficient in investigating breaches and organizing around
response plans


TITLE
31% (2010)
– 50% malware
• Businesses’ detection costs decreased by 6%: $428,330 (2011)
from $455,670 (2010)
– Companies are more efficient in investigating breaches and organizing around
response plans
• Notification costs increased by 10% $561,495 (2011)
– Failure to accurately determine # of individuals affected can result in notifying
more people than necessary, which leads to higher churn and other cost-
increasing factors
– Balance of being timely and accurate at the same time


TITLE
Other Costs Related to Data Security Breaches

#dataed

TITLE
• Customer churn (replacing lost customers with new ones)

#dataed

TITLE

• Value of stolen data

#dataed

TITLE


• Cost of protecting
affected victims

#dataed

TITLE


affected victims

• Cost of remedial
security measures

#dataed

TITLE


affected victims

security measures

• Fines/Lawsuits

#dataed

TITLE


affected victims

security measures

• Fines/Lawsuits

• Loss of good will and reputation
#dataed

TITLE
Other Examples of Security Breaches
Organization Type of Security Breach
Medical Records thrown in trash
Boulder Hospital exposing 14 patients
1,000 patients radiology studies data
Griffin Hospital
stolen
Stolen backup tapes expose unknown
Proxima Alfa Investments number of clients’ names, addresses,
LLC SSNs, bank and tax numbers and copies
of passports
Data of 3,300,000 names, addresses,
Educational Credit
DoB and SSNs exposed on stolen
Management Corporation portable media device

Northwestern Memorial 250 patients’ files stolen from unlocked
Hospital cabinets by cleaning crew

Source: http://dataloss.db.org/; David Schlesinger

TITLE
Other Examples, cont’d
Organization Type of Security Breach
Evergreen, Vancouver, 5,000 employee’s information, including
Washington Schools back account information, SSNs and
Information Cooperative birth dates are compromised
Names, addresses and SSNs of 11,000
Connecticut Office of Policy
rebate applications are stolen
and Management
Stolen laptop exposes 9,500 clients’
Thrivent Financial for
names, addresses, SSNs and health
Lutherans information
Data of 100 million gamers exposed
when hackers broke into PC games
Sony Online Entertainment network, including names, addresses,
user names, passwords, credit card
information

Source: http://dataloss.db.org/; David Schlesinger

TITLE
Polling Question #2
How much time should be committed to data
security?
1. 1 day per week
2. Ongoing activity
3. 1 hour per day
4. 1 hour per month


TITLE
And in this corner we have Dave!


TITLE
Outline
Breaches
Blocks
Principles
Tweeting now:


TITLE
Data Security Management Overview

      
      
      
      

#dataed Illustration from The DAMA Guide to the Data Management Body of Knowledge p. 37 © 2009 by DAMA International
©36
Copyright this and previous years by Data Blueprint - all rights reserved!

TITLE
Goals and Principles

from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International

TITLE
1. Enable appropriate, and
prevent inappropriate
access and change to data
assets


TITLE
assets

2. Meet regulatory
requirements for privacy
and confidentiality


TITLE
assets

2. Meet regulatory
requirements for privacy
and confidentiality

3. Endure the privacy and
confidentiality needs of all
stakeholders are met

TITLE
Potentially Competing Concerns


TITLE
1. Stakeholder Concerns
• Clients, patients, students, citizens, suppliers,
partners


TITLE
partners
2. Government Regulations
• Restricting access to information
• Openness, transparency and accountability


TITLE
partners
3. Proprietary Business
Concerns
• Competitive advantage, IP,
intimate knowledge of
customer needs/relationships


TITLE
partners
3. Proprietary Business
Concerns
• Competitive advantage, IP,
intimate knowledge of
customer needs/relationships
4. Legitimate Access Needs
• Strategy, rules, processes

TITLE
Data Security Activities


TITLE
• Understand Data Security Needs and
Regulatory Requirements


TITLE
– Business requirements


TITLE
– Regulatory requirements


TITLE
• Define Data Security Policy


TITLE
• Define Data Security Standards


TITLE
• Classify Information Confidentiality


TITLE
• Audit Data Security


TITLE
• Define Data Security Controls and Procedures


TITLE
• Manage Users, Passwords, and Group Membership
– Password standards and procedures


TITLE
• Manage Data Access Views and Permissions


TITLE
• Manage Data Access Views and Permissions
• Monitor User Authentication and Access Behavior

TITLE
Primary Deliverables


TITLE
• Data Security Policies


TITLE
• Data Access Views


TITLE
• Document Classifications


TITLE
• Data Security Audits


TITLE
• Data Security Controls


TITLE
• Data Privacy and Confidentiality Standards


TITLE
• User Profiles, Passwords and Memberships


TITLE
• Data Security Permissions


TITLE
• Data Security Permissions
• Authentication and Access History

TITLE
Roles and Responsibilities


TITLE
Suppliers:
• Data Stewards
• IT Steering Committee
• Data Stewardship Council
• Government
• Customers


TITLE
Suppliers: Consumers:
• Data Stewards • Data Producers
• IT Steering Committee • Knowledge Workers
• Data Stewardship Council • Managers
• Government • Executives
• Customers • Customers
• Data Professionals


TITLE
Suppliers: Consumers:
• Data Stewards • Data Producers
• IT Steering Committee • Knowledge Workers
• Data Stewardship Council • Managers
• Government • Executives
• Customers • Customers
• Data Professionals
Participants:
• Data Stewards
• Data Security Administrators
• Database Administrators
• BI Analysts
• Data Architects
• CIO/CTO
• Help Desk Analysts

TITLE
Polling Question #4
Who is responsible for data security?
1. Everyone
2. CIO
3. Data Stewards
4. Data Security Officer


TITLE
Technology


TITLE
Technology
• Database Management System


TITLE
Technology

• Business Intelligence Tools


TITLE
Technology


• Application Frameworks


TITLE
Technology



• Identify Management
Technologies


TITLE
Technology



Technologies

• Change Control Systems


TITLE
Technology



Technologies


• Practices & Techniques


TITLE
Technology



Technologies


• Practices & Techniques

• Organization & Culture

TITLE
Outline
Breaches
Blocks
Principles
Tweeting now:


TITLE
Polling Question #3
• What is the most common password?
1. 123456
2. password
3. asdf123
4. dragon


TITLE
Passwords Pointers
• Contains at least 8 characters
• Contains an uppercase letter and a numeral
• Not the same as the username
• Note be the same as the previous 5 passwords used
• Not contain complete dictionary words in any
language
• Not be incremental (password1, password2, etc.)
• Not have two characters repeated sequentially
• Not use adjacent characters on the keyboard
• Incorporate a space (if possible)
• Changed every 45 to 60 days

TITLE
Information Confidentially Classifications


TITLE
• For general audiences
– Default


TITLE
– Default
• Internal use only
– Minimal risk if shared – not to be
copied outside of the organization


TITLE
– Default
• Confidential
– Not shared outside of the
organization


TITLE
– Default
• Confidential
organization
• Restricted Confidential
– Only shown to individuals within the
organization who "need to know"


TITLE
– Default
• Confidential
organization
• Restricted Confidential
– Only shown to individuals within the
organization who "need to know"
• Registered Confidential
– Shared only with the existence of a
legal agreement

TITLE
Data Security Policies
• Americans with Disabilities Act (ADA)
• Cable Communications Policy Act of 1984 (Cable Act)
• California Senate Bill 1386 (SB 1386)
• Children’s Internet Protection Act of 2001 (CIPA)
• Children’s Online Privacy Protection Act of 1998 (COPPA)
• Communications Assistance for Law Enforcement Act of 1994 (CALEA)
• Computer Fraud and Abuse Act of 1986 (CFAA)
• Computer Security Act of 1987 – (Superseded by the Federal Information
Security Management Act FISMA)
• Consumer Credit Reporting Reform Act of 1996 (CCRRA) – Modifies the
Fair Credit Reporting Act (FCRA)
• Controlling the Assault of Non-Solicited Pornography and Marketing
(CAN-SPAM) Act of 2003
• Electronic Funds Transfer Act (EFTA)
• Fair and Accurate Credit Transactions Act (FACTA) of 2003
• Fair Credit Reporting Act


TITLE
Data Security Policies, cont’d
• Federal Information Security Management Act (FISMA)
• Federal Trade Commission Act (FTCA)
• Drivers Privacy Protection Act of 1994
• Electronic Communications Privacy Act of 1986 (ECPA)
• Electronic Freedom of Information Act of 1996 ( E-FOIA)
• Fair Credit Reporting Act of 1999 (FCRA)
• Family Education Rights and Priacy Act of 1974 (FERPA; also known as
Buckley Amendment)
• Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA)
• Privacy Act of 1974
• Privacy Protection Act of 1980 (PPA)
• Right to Financial Privacy Act of 1978 (RFPA)
• Telecommunications Act of 1996
• Telephone Consumer Protection Act of 1991 (TCPA)
• Uniting and Strengthening America by Providing Appropriate Tools Required
to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
• Video Privacy Protection Act of 1988

TITLE
Data Security in an Outsourced World


TITLE
• Any form of outsourcing increases risk to the organization


TITLE
• Data security risk is escalated to the outsource vendor


TITLE
• Transferring control (but not accountability) requires
tighter risk management and control mechanisms


TITLE
• Transferring control (but not accountability) requires
tighter risk management and control mechanisms
• Some mechanisms include:
– Service level agreements
– Limited liability provisions in the outsourcing contract
– Right-to-audit clauses in the contract
– Clearly defined consequences to
breaching contractual obligations
– Frequent data security reports from the service vendor
– Independent monitoring of vendor system activity
– More frequent and thorough data security auditing


TITLE
Outline
Breaches
Blocks
Principles
Tweeting now:


TITLE
Data Security Standards


TITLE
• Tools for data security


TITLE
• Encryption standards/mechanisms


TITLE
• Access guidelines


TITLE
• Data transmission requirements


TITLE
• Documentation requirements


TITLE
• Remote access standards


TITLE
• Security breach reporting


TITLE
• Using mobile devices


TITLE
• Storage of data on portable devices (laptops, phones,
iPads) BYOD


TITLE
• Storage of data on portable devices (laptops, phones,
iPads) BYOD
• Disposal of devices

TITLE
Security Role Hierarchy Diagram


TITLE
Guiding Principles


TITLE
Guiding Principles
1. Be a responsible data
trustee (governance)


TITLE
Guiding Principles
2. Understand and comply
with pertinent regulations
and guidelines


TITLE
Guiding Principles
and guidelines
3. Use data-to-process and data-to-role matrices to
document needs and guide role groups and
permissions


TITLE
Guiding Principles
and guidelines
permissions
4. Defining data security requirements and policies is a
collaborative effort


TITLE
Guiding Principles
and guidelines
permissions
4. Defining data security requirements and policies is a
collaborative effort
5. Define security requirements in conjunction with
development projects from The DAMA Guide to the Data Management Body of Knowledge © 2009 by DAMA International

TITLE
Guiding Principles, cont’d


TITLE
6. Classify enterprise data
against a confidentiality
classification schema


TITLE
7. Follow strong
password guidelines


TITLE
7. Follow strong
password guidelines
8. Create role groups, define privileges by role; grant
privileges to users by role – where possible restrict
users to one role


TITLE
7. Follow strong
password guidelines
users to one role
9. Formally manage the requests and approvals for
initial authorizations and changes


TITLE
7. Follow strong
password guidelines
users to one role
9. Formally manage the requests and approvals for
initial authorizations and changes
10. Centrally manager user identities and group
memberships

TITLE
Outline
Breaches
Blocks
Principles
Tweeting now:


TITLE
How safe is your data?
• Do you feel that your data is:
a.Trustably safe?
b.Safe enough?
c. Not safe?
d.Dangerous to
our
organization


TITLE
Summary: Data Security Management


TITLE
Who would be interested in a more in-depth version of this webinar?
How many times has your organization admitted to not knowing where / what their data is? What
about an incident where data is lost and you cannot identify how many records or customers were
affected? The problems ARE common in corporate America, but more importantly, they are
symptomatic of a greater deficiency. This deficiency can be seen throughout the countless articles
associated with lost data or miscalculated financials. The root cause of these deficiencies has forced
our data managers and our GRC managers to develop a common understanding of all things data;
this is your primary corporate asset!

Most corporate leaders know that corporations require a solid Enterprise Governance, Risk and
Compliance Program. Leaders also understand the need for a good Data Governance Program, but
how do the two overlap and how do I achieve both in my organization? Our approach is designed to
provide quantitative gains in your organization and answer the following tough questions:

• How do I minimize F.U.D. and R.O.T.?
• What are the intersecting points between data governance and GRC?
• How do I turn my corporate data into a protected and managed asset?

By consolidating your efforts between your Data Owner and the protectors of said Data, you save
money and eliminate R.O.T and F.U.D. from your enterprise. This solution also provides a simplified
way to have discussions between the CISO and the CIO whom typically own these respective
functions. Let this framework guide you to a managed environment and repeatable processes, all
whilst producing measurable results in managing controls.

• I would be interested in the more in-depth version of this webinar
– Yes

TITLE
References


TITLE
Additional References
• http://www.dispatch.com/live/content/business/stories/2011/05/09/fbi-probing-consumer-data-breach-at-
sony.html?sid=101
• http://sanfrancisco.cbslocal.com/2011/05/06/sony-ceo-apologizes-for-massive-playstation-data-breach/
• http://www.pcworld.com/article/226357/sony_playstation_network_personal_user_data_stolen.html
• http://www.reuters.com/article/2011/05/05/us-sony-insurance-idUSTRE74472120110505
• http://wiki.answers.com/Q/What_are_the_common_data_security_concerns_for_a_business
• http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/
US_Ponemon_CODB_09_012209_sec.pdf
• http://www.informationweek.com/news/198701100
• http://blog.mpecsinc.ca/2010/05/update-heartland-payment-systems-breach.html
• http://www.computerworld.com/s/article/9070281/
Hannaford_hit_by_class_action_lawsuits_in_wake_of_data_breach_disclosure
• Todd Newton: What Every Company Should Know About Data Security and Electronic
Discovery


TITLE
Additional References
• http://www.dispatch.com/live/content/business/stories/2011/05/09/fbi-probing-consumer-data-breach-at-
sony.html?sid=101
• http://sanfrancisco.cbslocal.com/2011/05/06/sony-ceo-apologizes-for-massive-playstation-data-breach/
• http://www.pcworld.com/article/226357/sony_playstation_network_personal_user_data_stolen.html
• http://www.reuters.com/article/2011/05/05/us-sony-insurance-idUSTRE74472120110505
• http://wiki.answers.com/Q/What_are_the_common_data_security_concerns_for_a_business
• http://www.ponemon.org/local/upload/fckjail/generalcontent/18/file/
US_Ponemon_CODB_09_012209_sec.pdf
• http://www.informationweek.com/news/198701100
• http://www.computerworld.com/s/article/9070281/
Hannaford_hit_by_class_action_lawsuits_in_wake_of_data_breach_disclosure
• Todd Newton: What Every Company Should Know About Data Security and Electronic
Discovery


TITLE
Questions?

+ =

It’s your turn!
Use the chat feature or Twitter (#dataed) to submit
your questions to Peter now.


TITLE
Upcoming Events
June Webinar:
Master Data Management:
Quality is not an Option but a Requirement
June 12, 2012 @ 2:00 PM ET/11:00 AM PT

July Webinar:
Practical Applications for Data Warehousing,
Analytics, BI, and Meta-Integration Technologies
July 10, 2012 @ 2:00 PM ET/11:00 AM PT
Sign up here:
• www.datablueprint.com/webinar-schedule
• www.Dataversity.net
Brought to you by:


Data-Ed Online: How Safe is Your Data? Data Security Webinar

More Related Content

What's hot (19)

Viewers also liked (20)

Similar to Data-Ed Online: How Safe is Your Data? Data Security Webinar (20)

More from Data Blueprint (20)

Recently uploaded (20)

Data-Ed Online: How Safe is Your Data? Data Security Webinar

Editor's Notes