Data and Information Protection

Secure your data and keep it in your company

24 October 2006 (14-21)
Location: Crowne Plaza Brussels Airport (Diegem)
Presented in English
Price: 540 EUR (excl. 21% VAT)

This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related in-house workshops:

Google BigQuery in Practice (INHOUSE WORKSHOP - On Request)

Learning Objectives

Why do we organize this seminar ?

Today, information is a very important asset of many companies and these companies need to keep their information confidential internally as well as externally. The last few months have given us many examples how confidential information got lost and was exposed to the outside world.

Data confidentiality is not only a concern for companies and organisation towards the outside world, but also in the company itself. With the introduction of digital rights management (DRM) systems, companies can decide who can do what with which specific document or content.

It is not only important to protect confidential data, but also to protect the hardware device where this data is stored on. People are becoming more mobile using laptops, mobile phones, PDA's and so on which means that the information becomes more mobile. As a company, you should make sure that the devices used by your employees are protected so that the data stored on it can never be recovered by an unauthorized person.

Questions answered during this seminar:

This seminar explains how to correctly implement data protection solutions and related technologies nowadays:

What is the risk ?
What are the required procedures ?
What are the required policies ?
How can I protect my applications ?
What about device security ?
How can I strongly identify my users ?
How can my company benefit from Digital Rights Management solutions ?
What (supporting) infrastructure do I need ?
�

All these questions will be treated during the seminar and highlighted with recent use cases.

Who should attend this seminar ?

Any person needing to have a practical update from a business or security perspective on data protection and related technologies.

Functionally speaking these persons can be:

business managers, eGov-managers, B2B/B2C-project leaders
legal persons / auditors looking for an update in this field
architects and technical staff wanting to get a status update and overview

Full Programme

13.30h - 14.00h

Registration, coffee/tea and croissants

14.00h - 14.50h

Watch your Back

During the last few months, several cases of information losses and thefts became public and published in the press. These losses have a large impact on the company or organisation involved, and damages the public image and credibility of these companies and organisations. You can ask yourself what would happen to your company if internal information was spread to the public ...

In order to determine what the consequences can be, you need to know the risks involved when confidential information leaks and gets public. Do you have the right procedures, policies and audits in place? What can you do as a company to prevent such an incident? What are the legal consequences if such an event should take place ?

This module will discuss real world situations and the implications it can have for a company where its confidentiality was compromised.

What would happen to your company if internal information was spread to the public ?
What are the risks and the (legal) consequences ?
The right procedures, policies and audits
How can you prevent such an incident
Real-world situations and their implications

14.50h - 15.40h

Information and Application Protection

Today, many applications dealing with sensitive information are used within a company. These applications go from simple email communication to the company's ERP and CRM systems, databases, file servers and web applications. These applications should guarantee information confidentiality at all times and avoid getting internal information in the open.

This module will cover the different aspects of data protection at the application level, what the issues are and what you can do to prevent information leakage from these critical corporate applications.

Data protection at the application level
Examples: email servers, ERP and CRM systems, databases, file servers, web applications, ...
How to prevent information leakage from your critical corporate applications

15.40h - 16.00h

Coffee/Tea and Refreshments

16.00h - 16.50h

Device Protection

Not only applications are a weak link in data protection, but also the devices used to store this confidential information. As people are becoming more mobile, the information becomes more mobile and devices like laptops, PDA's, USB keys and handhelds are more commonly used.

How can you protect these devices in order to make sure that if they got lost, the data stored on these devices cannot be accessed by anyone else?

Protecting storage devices
Protecting mobile devices like laptops, PDA's, USB keys and handhelds
Preventing data access when these devices get lost or are stolen

16.50h - 17.40h

Secure Data Access and Secure Communication

Companies can have multiple sites which need to be connected and exchange information in a secure way. Besides that, not everyone can access the same information which means that a verification mechanism needs to be in place which makes it possible to identify a person before he gets access to the requested information.

How can (SSL)VPN's help you to protect your information and guarantee data confidentiality and how can you be sure that only authorized personnel gets access to the right information?

This module will give you an answer to these questions:

How can you exchange information in a secure way between multiple sites ?
How can you make sure that only authorized personnel gets access to the right information ?
How can (SSL)VPN's help you to protect your information and guarantee data confidentiality ?

17.40h - 19.00h

Dinner

19.00h - 19.50h

Digital Rights Management (DRM)

Digital Rights Management becomes more important when it comes to data protection. DRM allows you to clearly define the access and usage rights of digital data and enables you to granularly define which actions can be performed by who on which specific data.

Digital Rights Management offers a supplemental security layer to the company's information security which enables you to enforce more restrictive access policies and usage rights for your company's internal information.

This module explains what Digital Rights Management exactly is, how it works and how you can use it in your company.

Why DRM is becoming more and more important
What is DRM and how does it work ?
Clearly defining the access and usage rights of digital data
Specifying which actions can be performed by who on which specific data
How can you use DRM in your company ?

19.50h - 20.40h

Secure Design: Required Infrastructure and Processes

For a company to be able to implement data protection solutions, it must implement data protection as a complete solution:

What are the required processes ?
What are the required policies ?
What is the required (supporting) infrastructure for implementation ?
How will you identify and authenticate users ?
How will you recover lost/inaccessible information ?

This module will give you an overview of the analysis and design requirements necessary for implementing a data protection solution for your company.

20.40h - 21.00h

Final Q & A

21.00h

End of this seminar

Speakers

Erik van Zuuren (Deloitte Enterprise Risk Services)

ir. Erik R. van Zuuren MBA is Senior Manager at Deloitte Enterprise Risk Services and has an extensive experience in Information Security Governance and Risk Management related disciplines, both at strategic and tactical level and has an extensive experience at C-level in the private sector and management- / cabinet-level in the public sector.

ir. Erik R. van Zuuren MBA is active as consultant since over 10 years and since participated in and led a broad range of strategic and tactical projects mostly in Belgium and The Netherlands. Some examples of his experience are:

extensive experience in governments (Belgian Federal and Flemish) and related agencies and wide experience in a diverse spectrum of private industry (financial/insurance/industry/energy/...).
one of the fathers/authors of the blueprint for the Belgian Personal Identity Card Project (BelPIC) and e.g. program manager for the Flemish government�s identity and access management platform.
assistant to several CIO/CTO/CISO�s and coach in several Information- and ICT- Security projects (incl. strategic level, tactical level, architectural angle, organisational/procedural angle, ...)
creator of security strategies, policies, frameworks and architectures for medium/large organisations, multinationals and government agencies
creator of e-business- and e-government enabling Identity and Access Control Management as well as Public Key Infrastructure blueprints, concepts and architectures
co-organiser/chairman/speaker/moderator at several security- and ICT-related events (CSI US, L-SEC, esec2001-esec2004, I.T. Works, ...)

Steven Ackx (Ascure NV)

Steven Ackx is a Certified Senior level consultant at Ascure NV with extensive experience in ICT and Information Security related disciplines both at the strategic, tactical, operational and technical levels where he has focused on Information Security Governance, Information Security Management, Assessments/Audits, Awareness Programs and Risk Management. He started his career in the Media/Movie-theatre sector, where he was involved in the introduction of new technologies, like Internet, e-ticketing and e-business. After this he joined Ubizen where he continued his career starting as a security pre-sales consultant/engineer. Two years later he was promoted to technical product manager of two high-volume security products, which were developed in-house by Ubizen. After being a technical product manager at Ubizen for more than two years, he joined the Ascure company as an Information Security Consultant mainly working on Information Governance and Security Management. He is also responsible for all Ascure education, marketing and communication activities.

Mr. Ackx has a consultancy and management background in information security, networking and security applications disciples and has engaged in several major and medium security and related projects throughout his career.

He obtained the CISSP certification (Certified Information Security Systems Professional issued by ISC²) and the CISA certification (Certified Information Systems Auditor issued by ISACA) as well as the CISM certification (Certified Information Systems Manager issued by ISACA). He graduated with an EMBIS masters degree (European Master in Business Information Systems) at the EHSAL (Brussels - Belgium).

Cristof Fleurus (Ascure NV)

Cristof Fleurus has worked in the PKI and Trusted Services profession for a number of years and has large experience in designing and implementing PKI architectures. He is currently employed by Ascure as Information Security Consultant. In his current function as Consultant, Cristof is responsible for analyzing, designing and implementing PKI architectures and applications for clients. Besides PKI and Trusted Services, Cristof also consults on application and web application security. He has experience in a number of business and industry sectors including: Banking, Government, Social Security, Energy Services, and the Information and Telecommunication (ICT) sector.

Questions about this ? Interested but you can't attend ? Send us an email !