The GDPR (General Data Protection Regulation) is a general EU regulation on the protection of personal data entering into force on 25 May 2018 in all EU countries. This regulation takes a new approach to personal data protection. It places an increased emphasis on security, documentation and guarding data against unauthorized access, leakage or other incidents impacting personal privacy. Citadelo will utilize its many years of IT security experience and its understanding of the statutory and process environment in order to ensure that your information systems are ready to meet the requirements of this new law.
We provide the following analysis as part of our services:
In collaboration with FlyEye, s.r.o. we can secure the outsourcing of an authorized Data Protection Officer (DPO). The DPO oversees the implementation of measures for your organization on the legal, process, and technical levels, sees to internal communications regarding personal data protection, and fulfills the legal obligations of the DPO emerging from the regulation.
We have created a service called Bear Trap to most effectively fulfill the requirements of the GDPR for data security, incident detection and the process of incident handling and analysis, up through notification of the regulatory authority.
This solution combines detection tools against external and internal attackers. We use a so-called “honeypot”, the OSSIM open-source IPS monitoring tool (www.alienvault.com/products/ossim), and an incident response service including a telephone support line. This all comes based on an SLA contract for continuous outsourcing of all processes to be carried out following a successful attack.
The honeypot we offer consists of a file trap in which snare files (or folders) live on selected servers with attractive names like “backup”, “export”, “passwords”, etc., a system for monitoring access to them (listing as well as reading), and subsequent generation of alarms.
Traditional IDS systems work on two basic principles: sample detection and/or anomaly detection. The first approach brings a high level of detection failures, while the latter brings many false alarms.
As such, we decided to take our own approach in the form of a simple, low-interaction honeypot serving as an IDS “probe”. If someone does in fact interact with the honeypot system on the network, and nobody knows where it is, this likely points to unauthorized activity and the occurrence of false alarms is thus practically zero.
Thus, it doesn’t matter whether it’s a network intrusion, malware, or malicious activity by internal staff. What’s important is that an authorized person can learn the attack in its genesis, and can then begin taking the proper steps.