close

Вход

Забыли?

вход по аккаунту

?

How to Monitor Access to Your Big Data in Insurance

код для вставки
How to monitor access to your Big Data: A case study from FCT Insurance Company Ltd.
Srdjan Vujosevic CISA, CIPP/C
FCT Insurance Company Ltd.
6
th
March, 2013 V 1.0
2
Agenda
пѓ�
About FCT Company Limited
пѓ�
Why monitor access to data?
пѓ�
How hard this can be?
пѓ�
FCT deployment process
пѓ�
We capture the information –
so what!
пѓ�
Lessons learned
пѓ�
What questions do you have?
3
About FCT
вћ¤
Industry leader in title insurance and real estate related products
вћ¤
The Canadian arm of one of the world’s largest title insurers, First American Title Company
вћ¤
800+ employees across Canada
вћ¤
Business Divisions:
в– Residential and Commercial title insurance services
в– Residential and Commercial refinance programs for lenders
в– Valuation services
в– Default solutions
4
Why monitor access and changes to data?
пѓ�
Governance requirements imposed by our own risk committees;
пѓ�
Legislations such as HIPPA, SOX 404 and it’s Canadian counterparts;
пѓ�
Industry legislators such as OSFI;
пѓ�
Industry mandates such as PCI DSS;
пѓ�
Contracts with customers;
пѓ�
As a support of other IT Control Processes (for example monitoring and detection of unauthorized changes to database schemas or configuration data it self);
5
How hard this can be?
6
FCT deployment process
пѓ�
Identify applicable governance and scope the coverage;
пѓ�
Identify specific solution requirements:
пѓ�
Integration with existing applications and programming languages;
пѓ�
Minimum performance impact on existing systems and infrastructure;
пѓ�
Ability to filter events at the source as well on the level of collection and aggregation devices;
пѓ�
Selection of the vendor that can effectively support unknowns (and you will have them).
пѓ�
Perform POC (Proof Of Concept) inclusive of application code changes;
пѓ�
Defined deployment strategy based on the data types collected and quantities of RDBMS transactions captured. 7
We capture the information –
so what?
пѓ�
You will collect significant amount of data –
do not forget about data backup strategy and retention periods required by your governance requirements;
пѓ�
Be prepared that you will need to invest time and effort in filtering “noise” from the collected data;
пѓ�
As a part of your implementation strategy you will need to establish reporting responsibilities, document processes for monitoring and detected incident management; пѓ�
And yes, you will now need to create and monitor reports and triggers you create in your deployment;
пѓ�
Mastering your base requirements may lead you to expending into other aspects of IBM InfoSphere Guardium possibilities.
8
Lessons learned
пѓ�
Ensure you clearly understand what types of data access monitoring governance apply to your environment;
пѓ�
Scope carefully to avoid under/over coverage;
пѓ�
Engage your Data and Enterprise Architects to clearly understand what RDBMS platforms contain the data you want to monitor access to;
пѓ�
Invest in resource training prior to (or even better just before) deployment –
it will pay back;
пѓ�
When you are at the stage to select a product remember that you are not selecting only a product, but also a partner that will need to support your implementation, your operation and your ability to eventually use the product to its fullest. Something we have certainly found in IBM and InfoSphere Guardium solution.
Thank you!
What questions do you have? 10
About the presenter
10
Srdjan Vujosevic, CISA, CIPP/C, ITIL
Srdjan's
professional experience includes 20 years in various Information Technology Management Roles and last 10 years in Information Security and Risk Governance field. He managed Information Security aspects for the delivery of projects and ser
vic
es to Provincial and Federal Governments as well as major North American Financial institutions. Currently, employed with FCT Insurance Company Ltd. As Director IT Risk Governance and Security. He holds an MSc in IT as well as CISA, CIPP/C and ITIL designations. He has authored books in the fields of wireless applications and mobile databases.
Srdjan can be contacted at:
svujosevic@fct.ca
Автор
Editor
Editor160   документов Отправить письмо
Документ
Категория
Образовательные
Просмотров
26
Размер файла
572 Кб
Теги
insurance, Big Data, security
1/--страниц
Пожаловаться на содержимое документа