White Paper: Data Protection Under POPI
6 Step Data Privacy Protection Plan for the South African Protection of Personal Information (POPI) Bill
Is your organization ready to address the South African Protection of Personal Information (POPI) bill? POPI prescribes information protection principles to regulate collection and processing of South African citizens' personal data. In this paper, we review POPI's eight principles and discuss how best to address those with practical data security processes and solutions.
Gartner Report: Five High-Priority Changes to Tackle the EU GDPR
The GDPR takes effect soon and requires huge changes in privacy data processing. Not sure where to start? Read Gartner’s Focus on Five High-Priority Changes to Tackle the EU GDPR report now to ensure your organization is on track for compliance.
eBook: Steps for Securing Data to Comply with the GDPR
This guide is for CISOs who want to understand whether their companies are impacted by the new regulation, what the effects might be, and the steps their teams need to take to be compliant with the GDPR data security requirements.
Forrester Report: The Future of Data Security and Privacy
Most security professionals still explain the value of data security to the business only in terms of risk reduction, cost reduction and regulatory compliance. Data Security today is so much more than cost reduction. Read this Forrester report to learn how Data Security today is, in fact, a driver of revenue and growth.
GDPR: New Data Protection Rules in the EU
The European Union is changing the way it regulates data protection in the wake of large-scale cyber attacks and data loss incidents. The enforcement of the General Data Protection Regulation (GDPR). will begin on 25 May 2018, and the new rules apply to all organisations that do any business in the EU or process personal data originating in the EU. For the reasons explained in this white paper, businesses need to start working towards compliance now. This paper looks at the new data security requirements under the GDPR and provides practical tips on how to prevent a data breach disaster from happening to you and your customers.
Beginners Guide to Data Masking
As data continues to grow and proliferate throughout the enterprise, data breaches continue to make headlines across all industries. As a result, regulators are increasingly focused on data protection and privacy. Beginners Guide to Data Masking explores what data masking is and how it can help organizations defend themselves against data breaches and improve compliance with data protection regulations.
eBook: Cyber Security is the Board’s Business
Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?
In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.
Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks
Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.
In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.
Combat today’s threats with a single platform for app and data security
Read Combat Today’s Threats with a Single Platform for App and Data Security and learn how to protect web applications and sensitive data across the enterprise and in the cloud. Employing a practical approach, this paper guides you through four simple steps to discover, assess, protect and monitor access to sensitive data.
Imperva Automates NERC CIP Compliance and Secure Critical Infrastructure
Meeting the aggressive NERC requirements, including the April 2016 deadline for NERC CIP (Critical Infrastructure Protection) Version 5 Framework is challenging by itself. The NERC CIP Framework only address a minimal baseline for security. Simply meeting compliance does not guarantee that an organization’s web applications and data are secure. Those organizations wishing to enhance their security postures need to use NERC as a starting point and put in place preventive, investigative, and corrective cyber controls that enhance overall cyber security, that are operationally efficient, and produce compliance outputs as a natural byproduct of the security best practices.
The Hidden Costs of “Free” Database Auditing
To achieve compliance for regulatory mandates, many organizations turn to the “free” auditing tools within their database servers. In reality, these “free” auditing tools may be costing businesses a significant amount more than other, independent tools such as the SecureSphere data audit and protection(DAP) solution from Imperva. In addition to their hidden monetary costs, the native auditing mechanisms leave basic audit requirements unfulfilled and expose businesses to a host of risks and vulnerabilities that leave sensitive data unprotected. This is true for any of the commercially available databases on the market today. This paper presents the true costs associated with an organization’s decision to implement native database auditing. To illustrate the costs, a scenario is presented in which a medium sized business is hit with hidden costs of $2 million when the business implements native database auditing. In contrast, Imperva SecureSphere database auditing solution would fulfill the organization’s compliance requirements at a fraction of the cost while providing more rigorous data security and auditing capabilities.
Five Keys to Big Data Audit and Protection
To help IT security and compliance teams select an ideal data-centric audit and protection (DCAP) solution for their big data environments, this paper identifies five key requirements for evaluating candidate offerings. It also explains how Imperva SecureSphere addresses each of these requirements to deliver a unified solution that enables enterprises to support not only a growing portfolio of big data assets, but their traditional database environments as well.
Seven Keys to a Secure Data Solution: How to choose the right data centric audit and security solution
Explosive data growth and a marked increase in the number and types of repositories in which it is being stored are driving enterprises to revisit their strategies for data security and governance. Rather than relying on tools and methods that result in numerous disconnected pockets of coverage, the focus needs to shift to data-centric audit and protection (DCAP). To help organizations navigate the evaluation process, this paper shares seven ways Imperva SecureSphere solutions for data security and governance surpass the competition.
Four Ways Built-in Database Auditing Drains Your IT Budget
IT organizations are under pressure to deliver innovative solutions, while keeping overall IT costs in check. That’s why database auditing and protection projects often leverage existing resources, particularly built-in database auditing tools. The problem with built-in database auditing is that it leaves businesses with compliance and security gaps and burdens them with expensive hidden costs.
This paper explores four key built-in database auditing inefficiencies that drain IT budgets. It will also demonstrate how organizations can use an automated solution to streamline database audit and protection and, in the process, free up more than 80% of the IT resources and budget dollars they are spending on database compliance today.
Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security
A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.
How Malware and Targeted Attacks Infiltrate Your Data Center
Advanced targeted attacks leverage social engineering techniques and malware to bypass the security perimeter and compromise those individuals already on the inside of your enterprise. It only takes one infected employee to unknowingly unleash an attack on your entire network. This white paper will examine the seven stages of an advanced targeted attack, explore why traditional defenses, such as firewalls and IPS solutions lack the application and data focus needed to protect data center assets, and outline the functionality required to safeguard your organization from targeted attacks.
[eBook] Targeted Attacks: 8 Steps to Safeguard Your Organization
User accounts and devices provide a direct pathway for hackers to access your most valuable asset - your data. By targeting your trusted employees, attackers can circumvent conventional solutions like firewalls and IPS solutions to penetrate your network and compromise your data center. A multi-layered strategy with malware detection and data center security is critical as it buys your IT department time to remediate compromised devices on your schedule and without impeding user productivity. This eBook includes case studies from eight organizations in highly targeted industries that suffered an advanced targeted attack; explains how targeted attacks, often using spear phishing and malware, consistently defy firewalls and IPS solutions; details critical layers of technology that businesses can implement to ensure data center protection; and provides an eight step plan for safeguarding your organization from attack.
SharePoint Governance and Security: Where to Start
SharePoint is a complex platform experiencing explosive growth in adoption, exposure, and storage of sensitive content. Consequently, SharePoint security and governance are under greater scrutiny at the executive level and require immediate mitigation actions. The phased, risk-based perspective outlined in this paper aligns investments and priorities to accomplish the greatest security return for existing SharePoint deployments. Security plans should include both preventative and analytical capabilities and incorporate automated tools to provide controls and information that cannot be addressed practically by native SharePoint functionality or corporate resources.
Data Privacy: The High Cost of Unprotected Sensitive Data
Today, organizations face a heightened threat landscape with data breaches constantly on the rise. Financial records, medical records, personally identifiable information (PII), and other private business data exist in virtually every enterprise data center. Failing to safeguard the databases that store this information can damage your reputation, impact your operations, and result in regulatory violations, fines, and legal fees. This white paper will (1) present 6 steps to automate and enforce enterprise data privacy policies (2) identify the database security tools needed to accomplish each step (3) highlight Imperva's market-leading SecureSphere Data Security Suite.
Advanced Persistent Threat - Are You the Next Target?
Security researchers have been talking about advanced persistent threat (APT) for some time. Recently, we have seen a steep increase in the number of organizations hit by this type of attack. Initially, researchers thought APTs were mostly aimed at government agencies or political targets, but the latest attacks on enterprises suggest that APTs are not confined to a specific type of organization or sector.
Compliance with the HIPAA Security Rule - Meeting the Electronic Code of Federal Requirements
The HIPAA Security Rule establishes national standards to protect individuals' medical records and other personal health information. In this paper we review the security standards for protection of e-PHI as listed under part 164 of the 45 CFR, and map SecureSphere Data Security Suite solutions to the specified requirements described in these standards.
How to Secure Your SharePoint Deployment
This paper presents five best practices for securing your SharePoint environment. It discusses how SecureSphere for SharePoint can help organizations get the most out of SharePoint's existing permissions system, and fill some of SharePoint's security gaps.
Meeting NIST SP 800-53 Guidelines
This paper reviews information security requirements described by NIST in SP 800-53. It discusses the main implementation challenges organizations struggle with. The paper also maps key capabilities of Imperva's SecureSphere Data Security Suite to NIST SP 800-53 guidelines, describing how SecureSphere solutions can be used to implement required controls, manage risk to federal information and demonstrate compliance.
Security for PCI Compliance
Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers
For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.
This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.
Five Signs Your File Data is at Risk
Persistent insider threats and regulatory compliance mandates make protecting sensitive file data a business requirement for virtually every organization. However, the sheer volume of file data and its rapid and continuous growth make it a challenge to secure properly. This whitepaper reviews the five questions to help you assess your file security posture. If you aren't able to answer these five questions confidently, your file data is probably at risk.
Top 10 Guide to Data Security for Federal Agencies
Web application and database security remains one of the most vulnerable areas across federal agencies as well as the private sector in virtually every geography and business vertical. An essential difference between enterprises and federal agencies is the attacker.
Irrespective of attacks from inside or outside an organization data remains the prize. Traditional network security controls while valuable and necessary simply don't scale to address data-centric attacks, and organizations need to augment them with data-centric solutions focused on the targets: Web applications and databases. But federal agencies are not just focused on security - they also need to demonstrate compliance to both agency and congressional mandates.
Implementing Sarbanes-Oxley Audit Requirements
The Sarbanes-Oxley Act (SOX) of 2002 set requirements for the integrity of the source data related to financial transactions and reporting. In particular, auditors are looking at regulated data residing in databases connected to enterprise applications such as SAP, Oracle E-Business Suite, PeopleSoft, and other Web Applications. In this White Paper, Imperva presents the range of functions that need to take place to achieve and demonstrate compliance with SOX.