SlideShare a Scribd company logo
1 of 13
Download to read offline
GDPR or ‘How to Eat the Elephant
a bit at a time’!
Andy Powell
VP UK Cybersecurity
Sep17
2Copyright © Capgemini 2014. All Rights Reserved
Owned by Capgemini/Andy Powell (28 Mar 17) – This DOES NOT constitute any form of legal or legally binding advice
This is NOT an Elephant?!
It is in fact a vaguely purple
Octopus!
3Copyright © Capgemini 2014. All Rights Reserved
Worried about GDPR, but not sure why? How to eat the GDPR Elephant
a bit at a time!
Andy Powell will …
Simplify what GDPR really means and outline an Enterprise
approach – so that even the CFO gets it!
Explain the Threat – without hype – and why the Threat is not just
from ‘Hackers’ but also in other forms!
Explain how the Enterprise-wide principles of ‘Build, Watch, Proact
and React’, as practiced in Medieval Warfare, and viewed through
the lens of data management and Cybersecurity will help you be
ready!
There is NO silver bullet to dispatch the GDPR Elephant, just good old
fashioned common sense, prioritisation of effort and a balanced
programme of measures across people, process and tools!!
4Copyright © Capgemini 2014. All Rights Reserved
The GDPR Octopus
Transparency
Accountability Governance
Consent Rights
Safeguards
Data Management
Legal/Contracts
Breach Reporting
Security
‘ACCOUNTABILITY’
Appoint DPO
Controllers/Processors
3rd Parties
External to EU
Understand Exclusions
Etc......
Rights of:
Being Informed
Access
Rectification
Erasure
Restrict Processing
Data Portability
Objection
Automated Processing
Audit ‘HOW’
Legacy
GDPR by Design
‘Show Workings’
PIA
The ‘WHO’ owns -
Board OWN
Plus Enterprise-wide
Responsibility NOT Security/CIO
Definition of
Private Data
In-built e.g Encryption, Access etc..
And Security Controls e.g Review
SANS/CSC 20 v GDPR and adjust
Data: Discovery, Analytics
Store/Access/Dispose etc..
Owned by Capgemini/Andy Powell (28 Mar 17) – This DOES NOT constitute any form of legal or legally binding advice
5Copyright © Capgemini 2014. All Rights Reserved
Some Quotes….!
‘… to correct the scaremongering and misunderstanding, we will not be looking to make early
Examples to make a point on GDPR Compliance….’.
Elizabeth Denham, ICO
“The Government’s recent Cyber Risk Survey found
that whilst 69 per cent of businesses say their senior
management consider cyber security is a very or fairly
high priority for their organisation only half of
businesses have actually taken recommended actions
to identify cyber risks.” ICO
“I want organisations to think to themselves: ‘we base
our online user experience around what consumers
want. We shape our products and services around what
consumers want. We need to shape our data protection
approach around what consumers expect’.” ICO
“To meet the challenges I’ve described, we need to move
from a mindset of compliance to a mindset of
commitment: commitment to managing data sensitively
and ethically.” ICO
…the Vendor/Supplier base is over hyping the Cyber Risk and GDPR impact to panic
Business into investing in products and solutions they do not need….’
NCSC Leadership
6Copyright © Capgemini 2014. All Rights Reserved
The GDPR ‘Threat (s)’!
 GDPR ‘Threats’
 ‘Hackers’
 Internal Readiness/Complacency
 External/Legal Rights - Clients/Customers
 Why?
 Personal Data has value
 Identity is the ‘new boundary’
 Rights awareness.
 Who?
 Criminals – organized to various degrees?!
 Employees and Clients/Customers
 Lawyers - ‘There is money to be made by helping’!
 Likely Impact on Business
 Positive – ‘FINALLY! EXPLOIT YOUR DATA FOR BUSINESS ADVANTAGE’!
 Negative – ‘FAIL TO PROTECT YOUR DATA – LOSE BRAND,
SHAREHOLDER CONFIDENCE, CLIENTS and YOUR JOB’!
7Copyright © Capgemini 2014. All Rights Reserved
Countering the Threat – ‘a truly Medieval Approach’
BUILD
Create a Keep
(for precious things)
and build security into
your Castle (NOT just walls, but
small rooms and staircases to
contain threat once inside (it will get
in!)
• Locate and Track Precious Data
• Segment Architecture
• Target Security Controls
• Think Resilience
WATCH
Constant Reconnaissance
Outside and inside the walls
• Sentries Looking Out and In
• Understand the Threat
• Impact of Change!
• Adjust your Defence posture
constantly
PROACT
Be proactive
and unpredictable
• Deny the enemy cover (Access
Management)
• Slow their advance (Cyber
Hygiene)
• Change where and when you
patrol (Audits, Patching etc..)
REACT
Be prepared
to act!
• Be Prepared to Deal
with a Breach
• Tried and Tested
Consent and Access
Process
• Test and Adjust
Think laterally
and like a
human!
CxO!
8Copyright © Capgemini 2014. All Rights Reserved
Build
Think Data Life Cycle
Management from the start and
Design to support Secure but
Ready Access
1
• Understand Where Your Data is and How it Flows
• Compartment your Network and Data via Hard and Soft Means
• Build Resilience into your Components and Links
• Build to Change
• Instrument
‘think laterally and indirectly,
how could someone navigate
through this
and get at something vital for
good or bad!”
9Copyright © Capgemini 2014. All Rights Reserved
Watch2
The key to Data Management and
Security is constantly watching
And adapting your data processes
And security
• Strategic and Specific Intelligence
• Internal Threat Management
• People
• Data Flow
• Patterns
• External Threat Management
• Recruit, Train and Retain
• Users
• Data managers
• Security
• Network
“Intelligence-led, human in the loop,
all process harnessed to manage the data for effect, securely”
10Copyright © Capgemini 2014. All Rights Reserved
Proact3
The 7 Ps! There is NO silver bullet.
A combination of Training, Awareness
Governance and Process,
Underpinned by Tools!
• People
• Select, Train and Test
• Awareness
• Process
• Governance
• Consent
• Access
• Audit
• Change Management
• Tools
• Patch
• Run VM
• Data
“Mitigate the Threat by Preparation –
Good Data Management and Cyber Hygiene is cheap!”
11Copyright © Capgemini 2014. All Rights Reserved
React4
Be Decisive, Meet Obligations,
Be Ready for Changes, and
Practice!
• To Access Requests and Consent Changes
• To Events and Breaches
• Stop it and Immediate Forensics!
• External – Client, Media, Peers, Authority
• Internal – Lessons, Implement and Sustain
• Share – Intelligence with Peers and Authority
• Compliance/Mandate – Legal obligations
12Copyright © Capgemini 2014. All Rights Reserved
Synopsis, Bio & Picture
Andy Powell - VP Cyber Security - Capgemini
About Andy
Andy is Vice-President (VP) for UK Cybersecurity at
Capgemini with over 30 years experience in Defence and
Security roles and recent senior leadership roles as CIO
and CISO for the Royal Air Force, Joint Operations and as
head of the Ministry of Defence’s Cyber Defence
Operations and Network Operations. As VP for UK
Cybersecurity at Capgemini Andy leads a business that
covers all Sectors from Public to Energy and Utilities, and
including Consumer, Private Sector and Finance –
delivering a broad range of Consulting, Project and
Managed Cyber Services. A Systems and Electronic
Warfare engineer by training he describes Cyber as ‘ the
constant battle of wits between attacker and defender
where people, process and technology must converge to
enable the business!’
Andy.powell@capgemini.com
07891151835
13Copyright © Capgemini 2014. All Rights Reserved
Interrogation and/or Torture
can commence!

More Related Content

What's hot

GDPR Compliance: The challenge for HR and how Cezanne HR helps
GDPR Compliance: The challenge for HR and how Cezanne HR helpsGDPR Compliance: The challenge for HR and how Cezanne HR helps
GDPR Compliance: The challenge for HR and how Cezanne HR helpsCezanne HR
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
 
The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national securityThe realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national securityDeloitte United States
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firmsRobert Westmacott
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital AgePresented by PwCACCA Smart Finance Series - Trust in the Digital AgePresented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwCACCASG Community Manager
 
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...CNseg
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsResilient Systems
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Shawn Tuma
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
A Focus on Data, Best's Review, September 2018
A Focus on Data, Best's Review, September 2018A Focus on Data, Best's Review, September 2018
A Focus on Data, Best's Review, September 2018Gates Ouimette
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...DVV Solutions Third Party Risk Management
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final ReportPhil Agcaoili
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceXenith Document Systems Ltd
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFERMA
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...Proofpoint
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingPhil Agcaoili
 

What's hot (20)

GDPR Compliance: The challenge for HR and how Cezanne HR helps
GDPR Compliance: The challenge for HR and how Cezanne HR helpsGDPR Compliance: The challenge for HR and how Cezanne HR helps
GDPR Compliance: The challenge for HR and how Cezanne HR helps
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
The realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national securityThe realist’s guide to quantum technology and national security
The realist’s guide to quantum technology and national security
 
Cyber security basics for law firms
Cyber security basics for law firmsCyber security basics for law firms
Cyber security basics for law firms
 
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
ACCA Smart Finance Series - Trust in the Digital AgePresented by PwCACCA Smart Finance Series - Trust in the Digital AgePresented by PwC
ACCA Smart Finance Series - Trust in the Digital Age Presented by PwC
 
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
6º Resseguro - A Evolução do Risco Cibernético e seu Impacto no Seguro - Kara...
 
Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise Digital trust and cyber challenge now extends beyond the Enterprise
Digital trust and cyber challenge now extends beyond the Enterprise
 
Looking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data IncidentsLooking Forward - Regulators and Data Incidents
Looking Forward - Regulators and Data Incidents
 
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
NetIQ Directory & Resource Administrator Helps Kindred Healthcare Achieve Com...
 
GDPR Readiness
GDPR ReadinessGDPR Readiness
GDPR Readiness
 
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
Data Security and Privacy by Contract: Hacking Us All Into Business Associate...
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
A Focus on Data, Best's Review, September 2018
A Focus on Data, Best's Review, September 2018A Focus on Data, Best's Review, September 2018
A Focus on Data, Best's Review, September 2018
 
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
Building the Business Case for TPRM - DVV Solutions Breakfast Briefing March ...
 
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
The State of TPRM in the UK - DVV Solutions Breakfast Briefing March 2019
 
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
2011 FCC CSRIC WG2A Cyber Security Best Practices Final Report
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – Finance
 
FORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for ITFORUM 2013 Cyber Risks - not just a domain for IT
FORUM 2013 Cyber Risks - not just a domain for IT
 
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ... 2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
2020 Cost of Insider Threats Global Report with Dr. Larry Ponemon, Chairman ...
 
CSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter MeetingCSA Atlanta Q1'2016 Chapter Meeting
CSA Atlanta Q1'2016 Chapter Meeting
 

Similar to CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Security For Free
Security For FreeSecurity For Free
Security For Freegwarden
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxSit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxjennifer822
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015ITSM Academy, Inc.
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezEC-Council
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiCrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiIBM Sverige
 
Jim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteJim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteSeattleSIM
 
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019TechMeetups
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being CompliantThe Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being CompliantJohn Bedrick
 
Information security for business majors
Information security for business majorsInformation security for business majors
Information security for business majorsPaul Melson
 

Similar to CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell (20)

People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Security For Free
Security For FreeSecurity For Free
Security For Free
 
Protecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software TechnologyProtecting Your IP: Data Security for Software Technology
Protecting Your IP: Data Security for Software Technology
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
Sit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docxSit in a common area and observe. This may be in your office, a co.docx
Sit in a common area and observe. This may be in your office, a co.docx
 
Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015Cyber resilience itsm academy_april2015
Cyber resilience itsm academy_april2015
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get Fired
 
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby DominguezThe Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
The Cloud 9 - Threat & Solutions 2016 by Bobby Dominguez
 
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea RossiCrossIdeas Roadshow IBM IAM Governance Andrea Rossi
CrossIdeas Roadshow IBM IAM Governance Andrea Rossi
 
Jim Noble SEASIM Keynote
Jim Noble SEASIM KeynoteJim Noble SEASIM Keynote
Jim Noble SEASIM Keynote
 
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
Forcepoint exhibiting in Dublin Tech Job Fair Spring 2019
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
The Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being CompliantThe Difference Between Being Secure And Being Compliant
The Difference Between Being Secure And Being Compliant
 
Information security for business majors
Information security for business majorsInformation security for business majors
Information security for business majors
 

More from Capgemini

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022Capgemini
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Capgemini
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Capgemini
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022Capgemini
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Capgemini
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022Capgemini
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Capgemini
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですCapgemini
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Capgemini
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Capgemini
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Capgemini
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Capgemini
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021Capgemini
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Capgemini
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Capgemini
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Capgemini
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Capgemini
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Capgemini
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020Capgemini
 

More from Capgemini (20)

Top Healthcare Trends 2022
Top Healthcare Trends 2022Top Healthcare Trends 2022
Top Healthcare Trends 2022
 
Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022Top P&C Insurance Trends 2022
Top P&C Insurance Trends 2022
 
Commercial Banking Trends book 2022
Commercial Banking Trends book 2022Commercial Banking Trends book 2022
Commercial Banking Trends book 2022
 
Top Trends in Payments 2022
Top Trends in Payments 2022Top Trends in Payments 2022
Top Trends in Payments 2022
 
Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022Top Trends in Wealth Management 2022
Top Trends in Wealth Management 2022
 
Retail Banking Trends book 2022
Retail Banking Trends book 2022Retail Banking Trends book 2022
Retail Banking Trends book 2022
 
Top Life Insurance Trends 2022
Top Life Insurance Trends 2022Top Life Insurance Trends 2022
Top Life Insurance Trends 2022
 
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーですキャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
キャップジェミニ、あなたの『RISE WITH SAP』のパートナーです
 
Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021Property & Casualty Insurance Top Trends 2021
Property & Casualty Insurance Top Trends 2021
 
Life Insurance Top Trends 2021
Life Insurance Top Trends 2021Life Insurance Top Trends 2021
Life Insurance Top Trends 2021
 
Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021Top Trends in Commercial Banking: 2021
Top Trends in Commercial Banking: 2021
 
Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021Top Trends in Wealth Management: 2021
Top Trends in Wealth Management: 2021
 
Top Trends in Payments: 2021
Top Trends in Payments: 2021Top Trends in Payments: 2021
Top Trends in Payments: 2021
 
Health Insurance Top Trends 2021
Health Insurance Top Trends 2021Health Insurance Top Trends 2021
Health Insurance Top Trends 2021
 
Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021Top Trends in Retail Banking: 2021
Top Trends in Retail Banking: 2021
 
Capgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous PlanningCapgemini’s Connected Autonomous Planning
Capgemini’s Connected Autonomous Planning
 
Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020Top Trends in Retail Banking: 2020
Top Trends in Retail Banking: 2020
 
Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020Top Trends in Life Insurance: 2020
Top Trends in Life Insurance: 2020
 
Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020Top Trends in Health Insurance: 2020
Top Trends in Health Insurance: 2020
 
Top Trends in Payments: 2020
Top Trends in Payments: 2020Top Trends in Payments: 2020
Top Trends in Payments: 2020
 

Recently uploaded

Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54ZhazgulNurdinova
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!Loay Mohamed Ibrahim Aly
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Gokulks007
 
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024eCommerce Institute
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxkb31670
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8Access Innovations, Inc.
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdfravleel42
 

Recently uploaded (8)

Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54Burning Issue presentation of Zhazgul N. , Cycle 54
Burning Issue presentation of Zhazgul N. , Cycle 54
 
The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!The Real Story Of Project Manager/Scrum Master From Where It Came?!
The Real Story Of Project Manager/Scrum Master From Where It Came?!
 
Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024Machine learning workshop, CZU Prague 2024
Machine learning workshop, CZU Prague 2024
 
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024Juan Pablo Sugiura - eCommerce Day Bolivia 2024
Juan Pablo Sugiura - eCommerce Day Bolivia 2024
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 
Communication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptxCommunication Accommodation Theory Kaylyn Benton.pptx
Communication Accommodation Theory Kaylyn Benton.pptx
 
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
ISO 25964-1Working Group ISO/TC 46/SC 9/WG 8
 
Dynamics of Professional Presentationpdf
Dynamics of Professional PresentationpdfDynamics of Professional Presentationpdf
Dynamics of Professional Presentationpdf
 

CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell

  • 1. GDPR or ‘How to Eat the Elephant a bit at a time’! Andy Powell VP UK Cybersecurity Sep17
  • 2. 2Copyright © Capgemini 2014. All Rights Reserved Owned by Capgemini/Andy Powell (28 Mar 17) – This DOES NOT constitute any form of legal or legally binding advice This is NOT an Elephant?! It is in fact a vaguely purple Octopus!
  • 3. 3Copyright © Capgemini 2014. All Rights Reserved Worried about GDPR, but not sure why? How to eat the GDPR Elephant a bit at a time! Andy Powell will … Simplify what GDPR really means and outline an Enterprise approach – so that even the CFO gets it! Explain the Threat – without hype – and why the Threat is not just from ‘Hackers’ but also in other forms! Explain how the Enterprise-wide principles of ‘Build, Watch, Proact and React’, as practiced in Medieval Warfare, and viewed through the lens of data management and Cybersecurity will help you be ready! There is NO silver bullet to dispatch the GDPR Elephant, just good old fashioned common sense, prioritisation of effort and a balanced programme of measures across people, process and tools!!
  • 4. 4Copyright © Capgemini 2014. All Rights Reserved The GDPR Octopus Transparency Accountability Governance Consent Rights Safeguards Data Management Legal/Contracts Breach Reporting Security ‘ACCOUNTABILITY’ Appoint DPO Controllers/Processors 3rd Parties External to EU Understand Exclusions Etc...... Rights of: Being Informed Access Rectification Erasure Restrict Processing Data Portability Objection Automated Processing Audit ‘HOW’ Legacy GDPR by Design ‘Show Workings’ PIA The ‘WHO’ owns - Board OWN Plus Enterprise-wide Responsibility NOT Security/CIO Definition of Private Data In-built e.g Encryption, Access etc.. And Security Controls e.g Review SANS/CSC 20 v GDPR and adjust Data: Discovery, Analytics Store/Access/Dispose etc.. Owned by Capgemini/Andy Powell (28 Mar 17) – This DOES NOT constitute any form of legal or legally binding advice
  • 5. 5Copyright © Capgemini 2014. All Rights Reserved Some Quotes….! ‘… to correct the scaremongering and misunderstanding, we will not be looking to make early Examples to make a point on GDPR Compliance….’. Elizabeth Denham, ICO “The Government’s recent Cyber Risk Survey found that whilst 69 per cent of businesses say their senior management consider cyber security is a very or fairly high priority for their organisation only half of businesses have actually taken recommended actions to identify cyber risks.” ICO “I want organisations to think to themselves: ‘we base our online user experience around what consumers want. We shape our products and services around what consumers want. We need to shape our data protection approach around what consumers expect’.” ICO “To meet the challenges I’ve described, we need to move from a mindset of compliance to a mindset of commitment: commitment to managing data sensitively and ethically.” ICO …the Vendor/Supplier base is over hyping the Cyber Risk and GDPR impact to panic Business into investing in products and solutions they do not need….’ NCSC Leadership
  • 6. 6Copyright © Capgemini 2014. All Rights Reserved The GDPR ‘Threat (s)’!  GDPR ‘Threats’  ‘Hackers’  Internal Readiness/Complacency  External/Legal Rights - Clients/Customers  Why?  Personal Data has value  Identity is the ‘new boundary’  Rights awareness.  Who?  Criminals – organized to various degrees?!  Employees and Clients/Customers  Lawyers - ‘There is money to be made by helping’!  Likely Impact on Business  Positive – ‘FINALLY! EXPLOIT YOUR DATA FOR BUSINESS ADVANTAGE’!  Negative – ‘FAIL TO PROTECT YOUR DATA – LOSE BRAND, SHAREHOLDER CONFIDENCE, CLIENTS and YOUR JOB’!
  • 7. 7Copyright © Capgemini 2014. All Rights Reserved Countering the Threat – ‘a truly Medieval Approach’ BUILD Create a Keep (for precious things) and build security into your Castle (NOT just walls, but small rooms and staircases to contain threat once inside (it will get in!) • Locate and Track Precious Data • Segment Architecture • Target Security Controls • Think Resilience WATCH Constant Reconnaissance Outside and inside the walls • Sentries Looking Out and In • Understand the Threat • Impact of Change! • Adjust your Defence posture constantly PROACT Be proactive and unpredictable • Deny the enemy cover (Access Management) • Slow their advance (Cyber Hygiene) • Change where and when you patrol (Audits, Patching etc..) REACT Be prepared to act! • Be Prepared to Deal with a Breach • Tried and Tested Consent and Access Process • Test and Adjust Think laterally and like a human! CxO!
  • 8. 8Copyright © Capgemini 2014. All Rights Reserved Build Think Data Life Cycle Management from the start and Design to support Secure but Ready Access 1 • Understand Where Your Data is and How it Flows • Compartment your Network and Data via Hard and Soft Means • Build Resilience into your Components and Links • Build to Change • Instrument ‘think laterally and indirectly, how could someone navigate through this and get at something vital for good or bad!”
  • 9. 9Copyright © Capgemini 2014. All Rights Reserved Watch2 The key to Data Management and Security is constantly watching And adapting your data processes And security • Strategic and Specific Intelligence • Internal Threat Management • People • Data Flow • Patterns • External Threat Management • Recruit, Train and Retain • Users • Data managers • Security • Network “Intelligence-led, human in the loop, all process harnessed to manage the data for effect, securely”
  • 10. 10Copyright © Capgemini 2014. All Rights Reserved Proact3 The 7 Ps! There is NO silver bullet. A combination of Training, Awareness Governance and Process, Underpinned by Tools! • People • Select, Train and Test • Awareness • Process • Governance • Consent • Access • Audit • Change Management • Tools • Patch • Run VM • Data “Mitigate the Threat by Preparation – Good Data Management and Cyber Hygiene is cheap!”
  • 11. 11Copyright © Capgemini 2014. All Rights Reserved React4 Be Decisive, Meet Obligations, Be Ready for Changes, and Practice! • To Access Requests and Consent Changes • To Events and Breaches • Stop it and Immediate Forensics! • External – Client, Media, Peers, Authority • Internal – Lessons, Implement and Sustain • Share – Intelligence with Peers and Authority • Compliance/Mandate – Legal obligations
  • 12. 12Copyright © Capgemini 2014. All Rights Reserved Synopsis, Bio & Picture Andy Powell - VP Cyber Security - Capgemini About Andy Andy is Vice-President (VP) for UK Cybersecurity at Capgemini with over 30 years experience in Defence and Security roles and recent senior leadership roles as CIO and CISO for the Royal Air Force, Joint Operations and as head of the Ministry of Defence’s Cyber Defence Operations and Network Operations. As VP for UK Cybersecurity at Capgemini Andy leads a business that covers all Sectors from Public to Energy and Utilities, and including Consumer, Private Sector and Finance – delivering a broad range of Consulting, Project and Managed Cyber Services. A Systems and Electronic Warfare engineer by training he describes Cyber as ‘ the constant battle of wits between attacker and defender where people, process and technology must converge to enable the business!’ Andy.powell@capgemini.com 07891151835
  • 13. 13Copyright © Capgemini 2014. All Rights Reserved Interrogation and/or Torture can commence!