DATA INTEGRITY: THE ELEPHANT THREAT IN THE … or circumstances leading to degraded data integrity? What are the implicaons of small content changes vs. outright theH? What

SESSION ID:

MODERATOR:

#RSAC

PANELISTS:

PDAC-W04

Michelle Dennedy VP, Chief Privacy Officer Cisco

Diana Kelley Cybersecurity Field CTO, MicrosoH ECG @dianakelley14

DATA INTEGRITY: THE ELEPHANT THREAT IN THE ROOM

Lisa Lee ExecuOve Security Advisor MicrosoH, ECG @LisainMiami

Randy Sabe> Special Counsel Cooley, LLP

#RSAC

Meet the Panel

2

Randy SabeR Lisa Lee Michelle Dennedy

#RSAC

Applying what we Learn

3

Educate + Learn = Apply

We’ll provide a quick hit set of next steps at close

ARendees will engage, ask for clarificaOons and ask

criOcal quesOons

Panelists will share their hands on experiences and

insights

#RSAC

In Simple Terms…

4

#RSAC

IS THIS REALLY A PROBLEM?

Isn’t theG the bigger risk? Recent examples.

#RSAC

THREAT MODELING INTEGRITY ATTACKS

What could go wrong?

#RSAC

TALKING CONTROLS

What works, what doesn’t?

#RSAC

Apply What You Have Learned Today

8

Next week you should: Review the NCCoE/NIST data integrity resources, hRps://nccoe.nist.gov/projects/building-blocks/data-integrity

In the first three months following this presentaOon you should: Create a Data Lifecycle Management Process – from creaOon to deleOon Build out a data map - who is accessing all data (structured and unstructured) from where and why

Assess control efficacy for data integrity and incident response plans

Within six months you should: Implement the new DLMP Test and assess new/exisOng controls and IRPs

#RSAC

THANK YOU!

#RSAC

Abstract

10

How many organizaOons have controls in place to defend against aRacks or circumstances leading to degraded data integrity? What are the implicaOons of small content changes vs. outright theH? What if a decimal is moved or a criOcal word is tweaked? This panel will look at recent data breaches and threat model integrity aRacks with grave consequences for our health, safety, and poliOcs.