Profile cover photo
Profile photo
Ulf Mattsson
107 followers
107 followers
About
Ulf's posts

Post has attachment

Post has attachment

How can I Find My Data Security Blind Spots?

We need to detect our increasing issue of data security blind spots that allows attackers to steal sensitive data across big data, cloud and other platforms. This will also impact our real compliance posture and compliance to regulations, including PCI DSS.

Without formal and automated processes to detect and alert to new data discovery findings and critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data. New approaches can automatically detect and report on these data security blind spots.


Post has attachment
You may have a blind spot during an attack

How do you know that all the agents are up and running and delivering critical SIEM data after all configurations changes you have done over the years? Or you may have a blind spot potentially during an attack. Will this impact your compliance posture? Are you paying licenses for agents that are not working?

PCI DSS 3.2 requirements 10.8 & 10.8.1 states that Service providers need to detect & report on failures of critical security control systems. PCI Security Standards Council CTO Troy Leach explained “without formal processes to detect and alert to critical security control failures as soon as possible, the window of time grows that allows attackers to identify a way to compromise the systems and steal sensitive data from the cardholder data environment.” “While this is a new requirement only for service providers, we encourage all organizations to evaluate the merit of this control for their unique environment and adopt as good security hygiene.”
Please look at the LinkedIn group “Managing Security Control Systems” at https://www.linkedin.com/groups/8559877



Post has attachment
How can we find methods to quickly and accurately discover all PII?

How can we find methods to quickly and accurately discover personally identifiable information (PII), intellectual property (IP), payment card industry (PCI) and HIPAA/HiTECH data in order to scope and measure its associated risk?

PCI DSS 3.2 A3.2.5 states: Implement a data-discovery methodology to confirm PCI DSS scope and to locate all sources and locations of clear-text PAN at least quarterly. So, how can find methods to quickly and accurately discover personally identifiable information (PII), intellectual property (IP), payment card industry (PCI) and HIPAA/HiTECH data in order to scope and measure its associated risk.

Do you need agents for this? Can we apply machine learning to better deal with SSN false positives? Please look at the LinkedIn group “Enterprise Data Discovery” at https://www.linkedin.com/groups/8563068


Post has attachment
The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk.

Post has attachment
This webinar will cover PCI DSS, Cloud, Big Data, NIST, FPE, ANSI X9, Tokenization, Masking, SOC, MSS, and MTSS.

Post has attachment
How the Latest Trends in Data Security Can Help Your Data Protection Strategy
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.

Post has attachment
Data breaches are on the rise. The constant threat of cyber attacks combined with the high cost and a shortage of skilled security engineers has put many companies at risk. There is a shift in cybersecurity investment and IT risk and security leaders must move from trying to prevent every threat and acknowledge that perfect protection is not achievable. PCI DSS 3.2 is out with an important update on data discovery and requirements to detect security control failures.
In this webinar, cybersecurity expert Ulf Mattsson will highlight current trends in the security landscape based on major industry report findings, and discuss how we should re-think our security approach.

Post has attachment
What should I cover this month in "How the Latest Trends in Data Security Can Help Your Data Protection Strategy"?
Wait while more posts are being loaded