This webinar will provide more information on the importance of information security and how you can take security well beyond compliance, an approach on building strong information security, privacy and data governance programs, and the importance of strong data governance in relation to privacy and information security requirements. The webinar covers • Information Security • Importance Of Information Security Today • Taking Information Security Beyond A Compliance First • Importance Of Data Governance In Information Security • Privacy • Changing And Evolving Privacy Requirements • Importance Of Data Governance In Privacy • Data Governance And Data Privacy • Data Privacy - Data Processing Principles Presenters: Moji is a Senior Business Process Analyst working with GemaltoThales, a leading firm in the IT industry. Moji has over fifteen years of experience in leading projects to improve processes, create and implement processes leading to increased revenue generation and eliminate redundancies. She has a zeal for adding value and increasing revenue for organizations. Moji is very passionate about Data Privacy and its application in business and consumer rights. Hardeep Mehrotara has 20+ years of senior leadership experience in Information Technology and Cyber Security working for public and private organizations building security programs from the ground up. He has been featured on Canadian television as a cyber expert and provided advice to various communities on implementing cybersecurity strategy, best practices and controls. He has been a co-author on numerous leading industry security control frameworks, technical benchmarks and industry best practice standards. ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701 Webinars: https://pecb.com/webinars Articles: https://pecb.com/article Whitepapers: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION YouTube video: https://youtu.be/aQcS5-RFIEY Website link: https://pecb.com/

2. Summary
◼ INFORMATION SECURITY
◼ IMPORTANCE OF INFORMATION SECURITY TODAY
◼ HIGH PROFILE SECURITY BREACHES (NOTABLE EVENTS)
◼ COMPLIANCE REQUIREMENTS FOR INFORMATION SECURITY (HIPPA, PCI-DSS, ISO 27001, FISMA, SOX)
◼ TAKING INFORMATION SECURITY BEYOND A COMPLIANCE FIRST
◼ BASICS OF INFORMATION SECURITY
◼ IMPORTANCE OF DATA GOVERNANCE IN INFORMATION SECURITY
◼ PRIVACY
◼ IMPORTANCE OF PRIVACY TODAY
◼ CHANGING AND EVOLVING PRIVACY REQUIREMENTS
◼ IMPORTANCE OF DATA GOVERNANCE IN PRIVACY
◼ DATA GOVERNANCE AND DATA PRIVACY
◼ WHY DATA?
◼ DATA PRIVACY - DATA PROCESSING PRINCIPLES
◼ DATA GOVERNANCE (ROPA ) AS A TOOL
◼ RECENT HIGH IMPACT DATA BREACHES
◼ RECENT HIGH PROFILE DATA BREACHES
◼ IMPACT ON CUSTOMER TRUST
◼ IMPACT OF DATA BREACH
◼ FURTHER NOTES

3. IMPORTANCE OF INFORMATION SECURITY TODAY
Hacking as Service
Hire hackers to get
access to company
networks
Ransomware as a
Service
Subscription based
model to use already-
developed ransomware.
Denial of Service as
a Service
A pre-configured
infrastructure for use of
DDoS attacks.
Supply Chain Attacks
Attack of a common vendor or
supplier to infiltrate numerous
company networks and systems.
Companies have a large number of
third-party vendors and SaaS
solutions that integrate with their
systems and networks.
Internet of Things
According to Gartner, IoT devices in
2020 which will grow to 75 million by
2025. IoT Malware attacks rose 700%
during the pandemic. Attacks towards
televisions, security cameras,
autonomous vehicles, to medical
devices/pacemakers.
Artificial Intelligence & Automation
Cyber criminals use AI for targeted spear-phishing
attacks using deepfakes and voice-cloning.
Weaponized AI self-seeks vulnerabilities, uses
concealed intelligent’ malware to laterally move,
executes at specific times, and acquires system
knowledge to vary attacks. PassGan uses neural
network to lean the statistical distribution of
passwords from leaks and generates high-quality
guesses.

4. COMPLIANCE REQUIREMENTS FOR INFORMATION
SECURITY

5. HIGH PROFILE SECURITY BREACHES (NOTABLE
EVENTS)
Ransomware attack in July that paralyzed as
many as 1,500 organizations by compromising
tech-management software from a company
called Kaseya
SolarWinds, a major US information
technology firm, was the subject of a
cyberattack that spread to its clients and
went undetected for months.
The hack that took down the largest fuel
pipeline in the U.S. and led to shortages
across the East Coast. Hackers entered
the network through a VPN account,
which did not use MFA.

6. TAKING INFORMATION SECURITY BEYOND COMPLIANCE
◼ Compliance Frameworks help drive business to
practice due diligence and make decisions not just
based on cost.
◼ Compliance frameworks are the basic building
blocks.
◼ Organizations looking to meet compliance
requirements may avoid penalties but may not
always be secure.
◼ Compliance is important, clearly, but it should be a
subset of the overall security strategy.
◼ One must always stay ahead of compliance. E.g., IoT.

7. START WITH THE BASICS – BASIC CYBER HYGENIE
A prioritized and prescriptive set of safeguards mitigate
approximately 83% of all attack techniques found in the MITRE
ATT&CK Framework.
Implementation Group 1 (IG1) of the Controls provide mitigation
against the attack techniques found in the top four attack patterns
listed in the 2019 Verizon Data Breach Investigations Report (DBIR),
including ransomware.
Key Next Steps:
 Identify business goals and objectives.
 Start with a gap assessment.
 Get senior leadership buy-in.
 Focus on the basics of cyber-hygiene and do it well.
 Strengthen your incident response.
 Roadmap to compliance & maturity.

8. “NOT IF BUT WHEN” AN INCIDENT WILL OCCUR
◼ USE the “CYBER KILL CHAIN” to understand how cyber
criminals attack and gain access to systems.
◼ Build “DETECTION & PREVENTION” based on the kill chain
to reduce the mean time to detect.
◼ Develop an “INCIDENT RESPONSE PLAN” to be prepared
and reduce the mean time to respond.
Source: 2021 IBM Cost of Data Breach Report found that the average time to detect and contain a data breach is 280 days
https://www.ibm.com/security/data-breach
Source: Lockheed Martin Cyber Kill Chain
https://www.lockheedmartin.com/en-us/capabilities/cyber/cyber-kill-chain.html

9. DATA DRIVEN ERA - IMPORTANCE OF DATA GOVERNANCE
◼ Data today is one of the most important assets of the organization.
◼ Data governance saves money reducing duplication, errors and increasing integrity.
◼ Data governance increases access to data sharing across the organization
◼ Strong data governance ensures an organization is complying with all regulatory requirements and compliance frameworks.
Data-driven organizations are 23
times more likely to acquire
customers.
Sources:
https://www.mckinsey.com/business-functions/marketing-and-sales/our-insights
https://bi-survey.com/big-data-benefits
https://www.forrester.com/report/InsightsDriven+Businesses+Set+The+Pace+For+Global+Growth/-/E-RES130848
Businesses that use big
data increase their profit
by 8 percent.
62% of retailers report that the
use of information and analytics
is creating a competitive
advantage for their
organization.
Insight-driven businesses are
growing at an average of 30% each
year; by 2021, they are predicted
to take $1.8 trillion annually from
their less-informed industry
competitors.

10. WHY DATA?
The world’s most valuable resource is no longer oil, but data | The Economist
The world’s most valuable resource is no longer oil but DATA.
What are you doing to PROTECT your most precious resource? Who has ACCESS to it? Do you know
WHERE it is? Do you know its VALUE?
What do you know about your most precious resource?

11. DATA PRIVACY - DATA PROCESSING PRINCIPLES
UK GDPR outlines 7 principles for processing data to create a solid framework for minimizing risk exposure:
1. Lawfulness, Fairness and Transparency
2. Purpose Limitation
3. Data Minimization
4. Accuracy
5. Storage Limitation
6. Integrity and Confidentiality
7. Accountability
Failure to comply leads to fines, breach of trust, operational disruption …..
Art. 5 GDPR – Principles relating to processing of personal data | General Data Protection Regulation (GDPR) (gdpr-info.eu)

12. DATA GOVERNANCE & (RECORD of PROCESSING ACTIVITIES) AS TOOLS
The GDPR obligates documentation of the processing activities relating to your data.
Good data governance and RoPA allow you to understand:
1. What data you have
2. Where your data is located
3. How the data is used
4. Who the data is shared with
This ensures data security, availability, integrity and consistency
Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org)
Records of Processing Activities | General Data Protection Regulation (GDPR) (gdpr-info.eu)

13. HIGH IMPACT DATA BREACHES
These data breaches show case the importance of data governance, information security and data privacy in
protecting data
June 2021
Impact: 700 Million records
Hackers scraped data by exploiting
LinkedIn’s API
Exposed data includes: Email
addresses, phone numbers,
geolocation records, LinkedIn
usernames and profile URLs, other
social media accounts & details
among others
April 2019
Impact: 533 Million records
2 Third party Facebook app datasets
exposed to public internet
Exposed data includes: Account
names, Facebook ID’s, likes, reactions,
comments and others
July 2021
Impact: Up to 1500 Organizations
records
Supply Chain Ransom ware
Exposed data includes: Organizational
database, user names and passwords
and sensitive information
The 57 Biggest Data Breaches (Updated for 2021) | UpGuard

14. RECENT DATA BREACH FINES
1.
2.
3.
4.
$886 MILLION
€50 MILLION
€35.3 MILLION
£20 MILLION
Three years of GDPR: the biggest fines so far - BBC News

15. IMPACT ON CONSUMER TRUST
The average customer is becoming privacy aware,
security aware and over all, DATA AWARE
Building consumer trust: Protecting personal data in the consumer product industry | Deloitte Insights

16. IMPACT OF DATA BREACH
1. FINANCIAL LOSS
2. REPUTATIONAL DAMAGE
3. OPERATIONAL DOWNTIME
4. LEGAL ACTION
5. LOSS OF SENSITIVE DATA
Boosting Cyber Security With Data Governance and Enterprise Data Management (isaca.org)
What’s New in the 2021 Cost of a Data Breach Report - Security Intelligence

17. FURTHER NOTES
Data & Information Governance at UNSW | Data Governance
According to a Cisco analysis (2020), companies who have invested in privacy measures
experience positive returns on investments.
Based on responses from 2,500 professionals across 13 countries, companies on average
received $2.70 for every $1 spend on their privacy program.
Implementing a mature privacy program, developing a robust data governance in alignment with
company goals and implementing an efficient information security system proactive in threat
detection and incident response are key to reducing data breaches.
Study: Mature privacy programs experience higher ROI (iapp.org)

18. SUMMARY
1. KNOW YOUR DATA
2. PROTECT YOUR DATA
3. APPLY THE DATA PROCESSING PRINCPLES
4. INVEST IN A MATURE PRIVACY PROGRAM
5. BUILD AND IMPLEMENT A ROBUST INFORMATION SECURITY PROGRAM

19. THANK YOU
?
hardeep.mehrotara@gmail.com Hardeep Mehrotara
olasow@yahoo.com Mojisola Abi Sowemimo