The Shifting Regulatory Landscape for Privacy and Data Protection in Australia and the European Union in 2018

Part 1: Australia & the National Data Breach Scheme

 There has been little media attention on the Privacy Act amendments which came into effect on February 22nd. Inspired by the proliferation of information stored in e-format, the Australian Government has introduced new data breach regulations governed by the Office of the Australian Information Commissioner (OAIC). The Privacy Amendment (Notifiable Data Breaches) Act establishes new requirements for businesses responding to data breaches – introducing reporting and data breach investigation obligations for many Australian businesses when a breach is suspected.

Do you need to comply?

You will be obligated to comply with the National Nata Breach Scheme (NDBS) if you are:

  • an Australian Government Agency, Business or Non-Profit with annual turnover greater than AU$3 Million; or
  • a private sector health provider; or
  • a childcare centre or private education institution; or
  • a credit provider, or if your business handles consumer credit, or tax file numbers

Ultimately, the government has cast a wide web, and many Australian businesses will be obligated to comply.

What are your obligations if you suspect a breach?

When you suspect that a breach has occurred, you are obligated to take all reasonable steps to perform a comprehensive investigation of the breach within 30-calendar days of the breach being identified to determine its extent and severity. Should you determine that the breach could result in serious harm to the individuals, then you are obligated to notify the affected persons and the OAIC. Where you suspect that the breach is likely to result in serious harm, when it is first identified, you are obligated to immediately notify the OAIC.

 How do you meet these expectations?

Mandatory Data Breach laws require your businesses to have the right mix of technical and administrative controls in place. It is crucial that you assess the policies and procedures that you have in place, undertake an audit of the information that you store, and implement policies that will protect this information

What are the ramifications for failing to comply?

The Australian Government views a failure to comply with the NDBS as “…an interference with the privacy of an individual”, and accordingly attaches sever pecuniary penalties. The financial penalty on individuals is up to AU$360,000 while the penalty for businesses is up to $1.8 million.

There is no silver bullet to complying with the regulations. Compliance requires a combination of people management, administrative processes and technological controls – working together to keep data secure. Using Snare can help you implement the requisite technical controls, if you need help with one or more of the other areas, then seek advice from a trusted advisor.

 For more information on how Snare can support your Privacy Act Compliance, refer to our whitepaper: Mandatory Data Breach Disclosure: Equipping your business for Privacy Act Compliance with Snare

 For more information specifically on the NDBS refer to these useful links:

https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme

https://www.oaic.gov.au/resources/agencies-and-organisations/guides/data-breach-preparation-and-response.pdf

 

/by

Snare Alliance Joins Prophecy

We are incredibly excited to announce that Snare Alliance has joined the Prophecy team. A long time partner with us here at Prophecy, and a critical part in Snare’s growth over the last several years, Snare Alliance joins us as we head into 2018, a year shaping up to be the most exciting yet in our long history. While several other major announcements are on the horizon we’d like to welcome the Snare Alliance team on board as well as all their wonderful customers who’ve we’ve been reaching out to and should hear more shortly if they haven’t already.

For those of you new to the Intersect website and Prophecy in general here are a few links to get you started, but you can of course just use the nav bar at the top of the page.

Product Information
Free Trial
Contact Us

Stay tuned as many more exciting announcements are coming soon!

The Prophecy Team

/by

Way too many SIEM implementations are wasting money

Don’t be one of them.

Output driven filtering. Do you know what that is? Does your organization leverage it in their log collection and management? Do you think that you need all of your logs? With all the innovation at the analytics level, interest in well executed data collection has suffered. Log collection tools lack sophistication and have almost regressed in recent years, and those are the solutions that at least work.

While our broad set of Snare functionality that helps you “reduce the noise” can help you save money, I want to zero in on filtering, an output driven strategy and how the Snare Reflector makes implementation palatable for even the most log hungry incident responders.

Filtering is simple, collect some logs, and ignore others. Having an output driven strategy means zeroing in on the log data that you know how to utilize immediately and how to present it. In other words, forward the longs that serve a purpose in your SIEM on to your SIEM and simply store the rest in an easily accessed repository empowering incident response while contributing to compliance. Spamming your network and your SIEM with log data you have no current use for is a waste of time and money. This is key. Time, because you’ll eventually have to scale your solution and also the lengthy mean time to detection that results from hefty amounts of unneeded data. Money because the increase in data load can mandate new hardware, and a lot of SIEMs charge by the amount of data they take in.

So, how exactly does filtering work? You basically cut out all the data you don’t have an immediate use for. This can make incident responders nervous as you can never be 100% sure what data will be relevant in the future. What if seemingly useless logs have hidden forensic value? There are tons of log types, how can I be sure which ones I want and which I don’t? Sweat not my friend, this is a rare occasion where you can have your cake and eat it too. The Snare Reflector can not only filter the collected logs but can forward immediately pertinent logs to your SIEM while archiving the rest for any number of reasons including compliance and incident response (and forensics, of course).

Filtering in Snare is incredibly easy. What some call a “white list” and a “black list” are simply the “Include” and “Exclude” fields in Snare, simplifying both setup and future modifications.
Logs you need to strongly consider collecting or absolutely should include:

  • Application Servers
  • Databases
  • IDS
  • Firewalls
  • Antivirus
  • Routers
  • Switches
  • Domain Controllers
  • Wireless Access Points
  • Intranet Applications
  • Data Loss Prevention
  • VPN Concentrators
  • Web filters
  • Honeypots

Some examples of logs you don’t need to include:

  • Access tokens
  • Commercially sensitive, non-pertinent information
  • Application source code
  • Sensitive personal data (although pseudonymization is a work around)

That about sums it up. If you are already a Snare user you can get started on this today. If not download the free trial and try it out yourself. If you’re looking for more ways to reduce the noise, check out our post on it.

/by