SESSION ID: MODERATOR: #RSAC PANELISTS: PDAC-W04 Michelle Dennedy VP, Chief Privacy Officer Cisco Diana Kelley Cybersecurity Field CTO, MicrosoH ECG @dianakelley14 DATA INTEGRITY: THE ELEPHANT THREAT IN THE ROOM Lisa Lee ExecuOve Security Advisor MicrosoH, ECG @LisainMiami Randy Sabe> Special Counsel Cooley, LLP
10
Embed
DATA INTEGRITY: THE ELEPHANT THREAT IN THE … or circumstances leading to degraded data integrity? What are the implicaons of small content changes vs. outright theH? What
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SESSION ID:
MODERATOR:
#RSAC
PANELISTS:
PDAC-W04
Michelle Dennedy VP, Chief Privacy Officer Cisco
Diana Kelley Cybersecurity Field CTO, MicrosoH ECG @dianakelley14
DATA INTEGRITY: THE ELEPHANT THREAT IN THE ROOM
Lisa Lee ExecuOve Security Advisor MicrosoH, ECG @LisainMiami
Randy Sabe> Special Counsel Cooley, LLP
#RSAC
Meet the Panel
2
Randy SabeR Lisa Lee Michelle Dennedy
#RSAC
Applying what we Learn
3
Educate + Learn = Apply
We’ll provide a quick hit set of next steps at close
ARendees will engage, ask for clarificaOons and ask
criOcal quesOons
Panelists will share their hands on experiences and
insights
#RSAC
In Simple Terms…
4
#RSAC
IS THIS REALLY A PROBLEM?
Isn’t theG the bigger risk? Recent examples.
#RSAC
THREAT MODELING INTEGRITY ATTACKS
What could go wrong?
#RSAC
TALKING CONTROLS
What works, what doesn’t?
#RSAC
Apply What You Have Learned Today
8
Next week you should: Review the NCCoE/NIST data integrity resources, hRps://nccoe.nist.gov/projects/building-blocks/data-integrity
In the first three months following this presentaOon you should: Create a Data Lifecycle Management Process – from creaOon to deleOon Build out a data map - who is accessing all data (structured and unstructured) from where and why
Assess control efficacy for data integrity and incident response plans
Within six months you should: Implement the new DLMP Test and assess new/exisOng controls and IRPs
#RSAC
THANK YOU!
#RSAC
Abstract
10
How many organizaOons have controls in place to defend against aRacks or circumstances leading to degraded data integrity? What are the implicaOons of small content changes vs. outright theH? What if a decimal is moved or a criOcal word is tweaked? This panel will look at recent data breaches and threat model integrity aRacks with grave consequences for our health, safety, and poliOcs.