Post on 11-Oct-2020
transcript
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
GDPR NU ESTE O
DESTINATIE ! Dan Gavojdea
Cyber Security Specialist
dgavojde@cisco.com
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ARE YOU SECURE ? WHO SAID SO ?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Grace Hopper,
Predicted in 1965 that“data will become morevaluable than hardware”
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
General Data Protection Regulation
To be Enforced on May 25, 2018
65 Days….Enables innovation &
participation in global digital
economy
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco at a Glance
28.8MW
Data Center
Capacity
72,468Employees
482Offices
offices in 94countries
4,326Routers
6,572LAN Switches
136,381Connected
Stakeholders
201,023Connected
User Devices
94Services
Data as of January 2017
doing business in
165+ countries
2000+ Production applications
348Active Production DBs
What is Cisco doing to be GDPR-ready?
Data Protection
Program
Third-party Review/
Updates
Update & asses
International
Transfers of Personal
Data
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
What Does “GDPR-Ready” Look Like?
Know Your
DataAssess &
ManageSecure
Report
Progress
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Cisco Internal Program
Awareness and
Education
Incident
Response
Asses the RiskIdentification and
Classification
Policies and
Standards
Program
EnforcementPrivacy by
Design/Default
(in products)
Design Security
Methodologies
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
1. Form a multi-disciplinary team, it takes a village of diverse skilled people
2. Choose a program framework that works for your organization
3. Sets your goals and priorities
4. Inventory your data - start with high-risk categories & PII
5. Asses your organization's status on data protection
6. Review existing processes
7. Identify and close gaps
8. Training– people awareness is important as technology
Our tips
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
ETAPELE PROIECTULUI DE CONSULTANTA GDPR(EXEMPLU)
1. START PROIECT GDPR
2. EVALUARE
3. IDENTIFICARE RISCURI
4. EVALUARE IMPACT
5. MASURI ADMINISTRATIVE
6. IDENTIFICARE DATE PERSONALE
7. MASURI TEHNICE
8. IMPLEMENTARE SI TESTARE
9. REVIZUIRE CONTINUA
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco ConfidentialAssets
RISK
Measures to reduce
The Risks
1. Administrative controls
2. Physical controls
3. Technical Controls
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Build Security In Maturity Model (BSIMM)
If the chocolate chips are not part of the mix… you end up having cookies with chips on the outside… (well sort of…)
When the chocolate chips are part of the mix…. you end up with chocolate chip cookies
Engage SECURITY early in any process
.
GDPR is like a cake and SECURITY like chocolate chips
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Complete Security by Cisco layered approach
AnyConnect
ThreatGrid
ISE
AMP
FirepowerASA ESA WSA
Cisco StealthWatch
OpenDNS
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Closing thought
Being Compliant does not make
you secure
Being Secure helps you to be
compliant
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
NEXT STEP ?
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Ask for Security Assessment
!
…and implement
”APPRORIATE”security
controls
© 2017 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank you!
Eveniment sutinut de