The Most Common Mistakes in Data Protection

Alessandro Vallega‒ Security Business Development Director for Oracle

EMEA. ‒ He leads/coordinates some GDPR activities

(marketing, legal, sales, training, technology) in Oracle EMEA. Created an external blog on the GDPR (Europrivacy.info). Founder and chairman of the Oracle Community for Security. Author.

‒ CLUSIT board of directors.

ClusitCLUSIT was born in 2000 at the Department of Computer Science of the University of Milan. It is the most numerous and influential Italian association in the field of information security. Today, it represents more than 500 organizations from all sectors of the country

We do training and awareness; we contribute to the development of laws; we promote good security practices to citizens, industries and public sector; we make our publications; we organize security conferences (inter alia Security Summit); we produce the Clusit Italian ICT security report; we collaborate with ENISA and work with several universities and communities...

Cybersecurity is more and more important because of attacks

‒ Go to google ‒ Type data breach‒ Add a filter: only past hour‒ Do not be surprised!

‒ Increasing attack surface (internet, mobile, cloud...)

‒ System complexity. It is really difficult!

‒ Human factors & management focus

‒ Impunity of the delinquents

Why this situation?

Risk and compliance in your decisions‒ In 2014.

And today?

Some compliances today (EU)‒ General data protection regulation (GDPR)‒ Directive on security of network and information systems (NIS)‒ Regulation on electronic identification and trust services (eIDAS)‒ Directive on payment services in the internal market (PSD2)‒ Proposal for a new ePrivacy regulation

What do these laws and regulations have in common?‒ They require a multidisciplinar approach (from legal to technology)‒ They stress Accountability and Risk Management‒ They refer more and more to international best practices and concepts‒ They require good IT and good security

‒ Oracle has been assessing our customer security posture for years with a practice called Security Assessment or Security Maturity Evaluation

‒ We have collected IT “Most Common Mistakes” for example:• Sharing passwords• No logging• Poor patching• No encryption• Eccessive privileges

Check this video for the DBSecurity http://bit.ly/29GIYF3

We have evidence that there is often a lack of basic security in data protection

MCM #AC3Developers know and use application user credential

MCM #LG2No or partial and inconsistent logs

MCM #DP6Production data copied to development environments

MCM #SC3No security patching

It is really necessary to start from the basics!

‒ Invest in the quality of your people, awareness, and risk analysis‒ Check your operations and infrastructures ‒ Implement security services (from the cloud)

Thank you