GDPR

GDPR (General Data Protection Regulation)

The GDPR (General Data Protection Regulation) is a general EU regulation on the protection of personal data entering into force on 25 May 2018 in all EU countries. This regulation takes a new approach to personal data protection. It places an increased emphasis on security, documentation, and guarding data against unauthorized access, leakage, or other incident impacting personal privacy. Citadelo will utilize its many years of IT security experience and its understanding of the statutory and process environment in order to ensure that your information systems are ready to meet the requirements of this new law.

GDPR & ePrivacy Compliance

We provide the following analyses are part of our services:

• Gap analysis -- an overview of existing gaps between the current and the desired state
• Risk analysis - preparation of a table showing the most serious deficiencies, according to risk and impact
• Process analysis - an overview of processes for personal data processing
• Legal analysis - in collaboration with our experienced lawyers, we produce an analysis of the regulation’s legal impact on your organization

Based on the analysis and evaluation of the results, we will assist you in drawing up a plan of concrete steps to efficiently achieve compliance.

Data Protection Officer (DPO)

In collaboration with FlyEye, s.r.o. we can secure the outsourcing of an authorized Data Protection Officer (DPO). The DPO oversees the implementation of measures for your organization on the legal, process, and technical levels, sees to internal communications regarding personal data protection, and fulfills the legal obligations of the DPO emerging from the regulation.

Bear trap

We have created a sevice called Bear Trap to most effectively fulfill the requirements of the GDPR for data security, incident detection, and the process of incident handling and analysis, up through notification of the regulatory authority.

This solution combines detection tools against external and internal attackers. We use a so-called “honeypot”, the OSSIM open-source IPS monitoring tool (www.alienvault.com/products/ossim), and an incident response service including a telephone support line. This all comes based on an SLA contract for continuous outsourcing of all processes to be carried out following a successful attack.

Bear Trap includes:

• honeypot implementation with client infrastructure,
• Leak Detection web service which generates tracking documents (Honeydocs, ydocs, dumps, etc.) and which also detects their occurrence on the internet,
• implemetation of the open-source Ossim monitoring solution,
• implementation of an alert system for pentration of the honeypot
• implementation of a Kibana reporting dashboard for the honeypot, connected to existing IPS/IDS systems,
• Service-Level Agreement (SLA) for incident response,
• establishment of a secured communication channel,
• establishment of an incident handling process and introduction of testing exercises for a rehearsal incident,
• rehearsal and a presentation about GDPR compliance for employees for incident mitigation with a certified, pre-trained team, as per the GDPR,
• forensic analysis, incident response, and notification (incident documentation)
• annual review and updating of monitoring tools,
• automated penetration testing 1-2 times per year.

A honeypot as IDS/IPS?

The honeypot we offer consists of a file trap in which snare files (or folders) live on selected servers with attractive names like “backup”, “export”, “passwords”, etc., a system for monitoring access to them (listing as well as reading), and subsequent generation of alarms.

Traditional IDS systems work on two basic principles: sample detection and/or anomaly detection. The first approach brings a high level of detection failures, while the latter brings many false alarms.

As such, we decided to take our own approach in the form of a simple, low-interaction honeypot serving as an IDS “probe”. If someone does in fact interact with the honeypot system on the network, and nobody knows where it is, this likely points to unauthorized activity and the occurrence of false alarms is thus practically zero.

Thus, it doesn’t matter whether it’s a network intrusion, malware, or malicious activity by internal staff. What’s important is that an authorized person learn of the attack in its genesis, and can then begin taking the proper steps.