Privacy policy

Privacy policy

Posted on by Data Terminator

Data Terminator Pte. Ltd. Data Protection Policy

This Data Protection Policy (“Policy”) sets out the basis which Data Terminator Pte. Ltd. (“DT”, “Company” or “we”) a company registered in Singapore (UEN Number 200705336M) Data Protection Policy (“Policy”) may collect, use, disclose or otherwise process personal data of persons in accordance with the Singapore Personal Protection Act (2012) (“PDPA”). The Policy may be updated from time to time without further notice. DT considers the privacy of individuals a priority and we strive to protect personal data in our possession or under our control against unauthorized disclosure or use. Please see below for our Data Protection Policy.

1. Introduction

1.1. This Policy sets out our privacy policy and the practices that will be followed with respect to the collection, use, disclosure and/or otherwise processing of personal data. This statement is provided in accordance with the PDPA.


2. Consent

2.1. You are deemed to have given your consent for the collection, usage and disclosure of your personal data in the following circumstances:

2.1.1 when you voluntarily provide your personal data to us at our premise or in connection with any business with our Company or visit our website;

2.1.2 it is reasonable for you to have provided the personal data to us in the circumstance which you have provided; and

2.1.3 in any other circumstances where consent is deemed under the PDPA.

3. Definition of Personal Data

3.1. As used in this Policy:

3.1.1 “person” means an individual who has (a) has contacted us through any means to find out more about any goods or services we provide, (b)
submitted a job or internship application with us, or (c) contacted us through any means for any other purposes; and

3.1.2 “personal data” means data, whether true or not, about an individual who can be identified: (a) from that data, or (b) from that data and other information to which we have or is likely to have access; but excludes (c) business contact information.

3.2. This may include the following which is not exhaustive:

3.2.1 Your name, NRIC, passport, employment pass numbers or any other identification numbers;

3.2.2 Telephone number(s), physical mailing address, email address, payment information including the name of cardholder, card number, billing address and expiry data; and

3.2.3 Biometric data (facial image)

3.2.4 Video recording, photograph/video image and

3.2.5 Any network data and any other information relating to any individual which you have provided to us in any form during dealing with the Company.

3.3. Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).


4. Collection, Use and Disclosure of Personal Data

4.1. DT generally collects personal data from our customers, contractors, employees and other individuals such as job applicants. We would only collect personal data that has been provided to us voluntarily by you or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”).

4.2. These personal data may be furnished to us in forms filled by you, face to face meetings, emails or telephone conversations. We may also keep a record of any contact you have with us. These data would be collected only for business purpose or for the purpose(s) stated by us when we gather the personal data from you.

4.3. You have choices regarding our collection, use or disclosure of your personal data. If you choose not to provide us with the personal data
described in this notice, we may not be in a position to process your required services. You have the right to object to the processing of your
personal data and withdraw your consent in the manner described in section
7 below.

4.4. We may collect, disclose or use your personal data pursuant to an exception under the Personal Data Protection Act or other written law such as during the following situations:

a. To respond to an emergency that threatens your life, health and safety or of another individual; and

b. Necessary in the national interest, for any investigation or proceedings


4.5. The personal data collected may be used for any or all of the following purposes:

4.5.1 to provide Goods and Services, process payments, make deliveries, communicate with you about our product and services;

4.5.2 as part of our business operations;

4.5.3 for billing and reporting, such as for invoicing and account management purposes;

4.5.4 for internship / employment application and recruitment purposes;

4.5.5 for follow-up action regarding any complaint, feedback, query or request received;

4.5.6 to improve our services in any form, detect fraud or abuse and enable third parties to carry out technical, logistical or other functions on behalf of the Company; and

4.5.7 to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority.

4.6. DT does not sell for a profit, rent or provide your personal data to any third party not in connection with your business dealing/s with us and in compliance with this PDPA.

4.7. DT may disclose your personal data:

4.7.1 with your consent, where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you;

4.7.2 to comply with any applicable laws, regulations, codes of practice, guidelines or rules; or

4.7.3 to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in Paragraph 4.5 above for us. Any third party engaged by us will be contractually bound to keep all personal data confidential.

4.8. The purposes listed in Paragraph 4.5 may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period necessary for our business or legal purposes).


5.Transfer of Personal Data Outside Singapore

5.1. Unless for business-related needs, DT generally does not transfer your personal data outside of Singapore. However, if we do so, we will ensure that the recipients provide a standard of protection to your personal data that is comparable to that provided under the PDPA.

6. Security of Personal Data

6.1. DT implements appropriate reasonable administrative, physical and technical measures to safeguard your personal data within our control or possession against loss and any unauthorised misuse, access, disclosure, alteration, and similar risks.

6.2. While no method of protection is completely secure and security cannot be guaranteed, we will do our best to maintain the security of personal data in our possession and/or under our control.

7. Withdrawal of Consent

7.1. The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is withdrawn by you in writing. You may withdraw your consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request to our Data Protection Officer (“DPO”) at the contact details below.

7.2. Depending on the complexity of the request and its impact to our relationship with you, DT will cease (and instruct any of our data
intermediaries and agents to cease) collecting, using or disclosing the personal data within a reasonable timeframe of receiving your request in writing, unless required or authorised under applicable laws.

7.3. If consent is withdrawn, you acknowledge and agree that the Company at its discretion may not able to serve you in connection with the provision of our goods or service and you will still be bound by your contract(s)for the goods or service with the Company entered before the withdrawal.


8. Access to and Correction of Personal Data


8.1. Subject to Paragraph 8.3 below, within a reasonable timeframe of receiving your request in writing, we will provide you with access to your personal data that is in our possession or control and/or information about the ways in which your personal data has been or may have been used or disclosed by us within a year before the date of the request. .

8.2. Subject to Paragraph 8.3 below, within a reasonable timeframe of receiving your request in writing, we will correct an error or omission in your personal data that is in our possession or control and send the corrected personal data to other organisations to which the personal data was disclosed within a year before your request was made.


8.3. If your request relates to personal data which we are processing on behalf of another organisation, we will instead forward your request to the relevant organisation for their necessary action.


8.4. You may submit your request for access to or correction of your personal data to our DPO at the contact details below. Please note that a
reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

9. Accuracy of Personal Data

9.1. We generally rely on your personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there is any changes to your personal data by informing our DPO at the contact details below.

9.2. You should ensure that all personal data submitted to us is complete and accurate. Failure on your part to do so may result in our inability to provide you with the goods and services you have requested.

10. Retention of Personal Data

10.1. Your personal data will be retain for as long as it is necessary to fulfil the purpose(s) for which it was collected or as required or
permitted by applicable laws, and the Company will cease to retain the personal data when it is no longer necessary for any legal or business
purpose.

11. Law, Jurisdiction and Language

11.1. This Policy and your use of this website shall be governed in all respects by the laws of Singapore and you agree to submit to the exclusive jurisdiction of the courts of Singapore.

12. Contacting Our Data Protection Officer

12.1. You may contact the below if you have any enquiry, feedback or complaint regarding our personal data protection policies and practices, if you wish to make any request or if you believe that information we hold about you is incorrect or outdated:

The Data Protection Officer

Phone: (65) 6463 9212

Email: dpo@data-terminator.com

Letter: 1 Bukit Batok Crescent #09-21 WCEGA Plaza Singapore 658064

The Company will attempt to resolve your query within a reasonable timeframe and will inform you in writing if more time is required to
investigate and respond to you. The Company will not respond to any anonymous query.

13. Changes

13.1. We may revise this Notice at any time without any prior notice. Your continued use of our services and/or products constitutes your
acknowledgement and acceptance of such changes.

Effective: August 23rd, 2021

Last Updated: April 27th, 2023

————————————-

Data Protection Notice for Customers

Data Protection Notice To Employees And Job Applicants

 

————————————-

 

 

Terms and conditions

Posted on by Data Terminator

Terms and conditions

These terms and conditions (“Terms”, “Agreement”) are an agreement between Website Operator (“Website Operator”, “us”, “we” or “our”) and you (“User”, “you” or “your”). This Agreement sets forth the general terms and conditions of your use of the https://data-terminator.com website and any of its products or services (collectively, “Website” or “Services”).

Backups

We are not responsible for Content residing on the Website. In no event shall we be held liable for any loss of any Content. It is your sole responsibility to maintain appropriate backup of your Content. Notwithstanding the foregoing, on some occasions and in certain circumstances, with absolutely no obligation, we may be able to restore some or all of your data that has been deleted as of a certain date and time when we may have backed up data for our own purposes. We make no guarantee that the data you need will be available.

Links to other websites

Although this Website may be linked to other websites, we are not, directly or indirectly, implying any approval, association, sponsorship, endorsement, or affiliation with any linked website, unless specifically stated herein. We are not responsible for examining or evaluating, and we do not warrant the offerings of, any businesses or individuals or the content of their websites. We do not assume any responsibility or liability for the actions, products, services and content of any other third parties. You should carefully review the legal statements and other conditions of use of any website which you access through a link from this Website. Your linking to any other off-site websites is at your own risk.

Limitation of liability

To the fullest extent permitted by applicable law, in no event will Website Operator, its affiliates, officers, directors, employees, agents, suppliers or licensors be liable to any person for (a): any indirect, incidental, special, punitive, cover or consequential damages (including, without limitation, damages for lost profits, revenue, sales, goodwill, use or content, impact on business, business interruption, loss of anticipated savings, loss of business opportunity) however caused, under any theory of liability, including, without limitation, contract, tort, warranty, breach of statutory duty, negligence or otherwise, even if Website Operator has been advised as to the possibility of such damages or could have foreseen such damages. To the maximum extent permitted by applicable law, the aggregate liability of Website Operator and its affiliates, officers, employees, agents, suppliers and licensors, relating to the services will be limited to an amount greater of one dollar or any amounts actually paid in cash by you to Website Operator for the prior one month period prior to the first event or occurrence giving rise to such liability. The limitations and exclusions also apply if this remedy does not fully compensate you for any losses or fails of its essential purpose.

Changes and amendments

We reserve the right to modify this Agreement or its policies relating to the Website or Services at any time, effective upon posting of an updated version of this Agreement on the Website. When we do we will revise the updated date at the bottom of this page. Continued use of the Website after any such changes shall constitute your consent to such changes.

Acceptance of these terms

You acknowledge that you have read this Agreement and agree to all its terms and conditions. By using the Website or its Services you agree to be bound by this Agreement. If you do not agree to abide by the terms of this Agreement, you are not authorized to use or access the Website and its Services.

Contacting us

If you have any questions about this Agreement, please contact us.

This document was last updated on July 6, 2017

INTERPOL World Event

Posted on by Data Terminator

What is the event about

Fostering Innovation for Global Security Challenges INTERPOL World is a biennial international security trade event owned by INTERPOL – the world’s largest international police organization with 190 member countries. Scheduled to be in Singapore from 14-16 April 2015, INTERPOL Worldwill be held in conjunction with the official opening of the INTERPOL Global Complex for Innovation (IGCI) on 13 April 2015 and the 22nd INTERPOL Asian Regional Conference from 15-17 April 2015.

INTERPOL World provides unprecedented opportunities for security manufacturers and solution-providers to interact with international police organizations, law enforcement agencies and security professionals to identify current and future challenges and offer innovative solutions. It also promotes public-private partnerships to develop and drive security initiatives for real world security situations. Heads of States, Governmental high representatives, Chiefs of Police of INTERPOL’s 190 member countries and at least 450 key decision makers from INTERPOL and law enforcement community will be invited to attend INTERPOL

Supported by Singapore Ministry of Home Affairs and managed by MP International, INTERPOL World will focus on 4 main domains, but not limited to: Cybersecurity, Border Management, Safe Cities and Supply Chain Security. The three-day event will also play host to over 250 international and local exhibitors and 8,000 trade and professional visitors.

Getting to INTERPOL World

Sands Expo and Convention Centre Marina Bay Sands 10 Bayfront Ave Singapore 018970 Located in the heart of Singapore’s central business district, Marina Bay Sands is the ultimate destination for entertainment, business and shopping. The landmark building comprises a luxury hotel, state-of-the-art convention and exhibition facilities, theatres and some of the finest shopping and dining in the region.

Direction

By Car

Car park entrance is located at Sands Expo and Convention Centre via the Bayfront Link (enter from Bayfront Avenue and turn right into covered car park). Valet parking is available at entrance driveways of Hotel Towers 1 and 3, and Casino.

Alternatively, drivers may opt for the Park and Ride scheme where a satellite car park will be operated at Marina South (located on Marina Grove). Under this Park and Ride scheme, for a fixed $10 entry fee, drivers can park their vehicles and board the Marina Bay Sands shuttle bus at the entrance of the car park to travel to the property.

By Mass Rapid Transit

The nearest MRT station is the Bayfront MRT Station (CE2 and Exit B, C, D and E).

By Bus

Bus services to Marina Bay Sands include SBS 97/97E, 106, 133, 502/502A, 518/518A; and Night-rider service: NR1 and NR6 (available on Fridays and Saturdays).

By Taxi

Taxi service is available from the taxi stand situated at the main entrance. Available 24 hours, advance bookings can be made with the taxi companies with a booking fee. Electronic road payment, city area, midnight and peak hour surcharges apply. You can book for a taxi using the following local numbers:

CityCab/Comfort Taxi 65 6552 1111
Premier Taxis 65 6363 6888
Prime Taxi 65 6778 0808
SMRT Taxis 65 6555 8888
Smart Automobile 65 6485 7777
Trans-cab 65 6555 3333
Yellow-Top Taxi 65 6293 5545

RSA Conference 2015 – Asia Pacific & Japa

Posted on by Data Terminator
22 – 24 July, 2015
Marina Bay Sands, Singapore
Visit DT-Asia Group at booths E55 & E80

Conference Tracks

  • Cloud and Data Security

    Data Security covers strategies, practices, and technologies to classify, track and protect data and will cover issues such as compliance, privacy, regulations and big data trends. Cloud Security includes data sovereignty, security architecture in the cloud, cloud security governance, risks, migration issues, and vendor Service Level Agreements (SLAs).

  • Cyber Investigation and Law Enforcement

    This track provides the latest information and practical demonstrations of techniques to address cyber investigation. It covers strategies to enable local law enforcement personnel to collaborate more closely with international police organizations as well as tap global intelligence for tackling high-tech crimes and formulate appropriate cybersecurity policies. Topics covered include identifying and addressing emerging crime threats, fraud, intellectual property theft, environmental and organized crime, analytics and incident response.

  • Governance and Risk Management

    This track provides a business-oriented view and covers the creation and implementation of risk management frameworks, standards, governance, and quantification and management of risk. Sessions will cover how to successfully communicate and enforce policies and standards in the enterprise as well as how organizations measure and calibrate risk as well as exploring people-related issues like social networking/engineering, insider threats and security awareness programs.

  • Mobile Security

    Mobile Security will focus on the policies, processes and technologies for managing employee-owned devices and BYOD programs, smartphone/tablet security and consumerization trends. In this track you’ll find in-depth sessions on mobile malware, mobile application threats, device management and emerging threats to mobile platforms and workers.

  • Security Infrastructure

    This track will cover the architectural and strategic planning considerations for the deployment of security-enabled technologies, including trends in emerging technologies, network and endpoint security, vulnerability assessments, penetration testing , IDS/IPS, physical and embedded device security. In this track you’ll also find the processes, technologies and policies for identity and access management including managing digital identities, their authentication, authorization, roles, and privileges.

  • Sponsor Special Topics

    Listen to a spectrum of experts and security issues delivered and discussed by leading edge companies.

  • Threats and Threat Actors

    These sessions include discussions on the threat landscape, advanced threats, APTs, new classes of vulnerabilities, exploitation techniques, malware, reverse engineering, hacktivism and how to combat these problems. Some sessions will include live demos and code dissection.

Personal Data Protection Act

Posted on by Data Terminator
The purpose of Personal Data Protection Act is to govern the collection, use and disclosure of personal data by organisations in a manner that recognises both the right of individuals to protect their personal data and the need of organisations to collect, use or disclose personal data for purposes that a reasonable person would consider appropriate in the circumstances.
Overview

What is Personal Data?

Personal data refers to data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access. Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA).

What is the Personal Data Protection Act?

The PDPA establishes a data protection law that comprises various rules governing the collection, use, disclosure and care of personal data. It recognises both the rights of individuals to protect their personal data, including rights of access and correction, and the needs of organisations to collect, use or disclose personal data for legitimate and reasonable purposes.

The PDPA provides for the establishment of a national Do Not Call (DNC) Registry. The DNC Registry allows individuals to register their Singapore telephone numbers to opt out of receiving marketing phone calls, mobile text messages such as SMS or MMS, and faxes from organisations.

Objectives of the Personal Data Protection Act

Today, vast amounts of personal data are collected, used and even transferred to third party organisations for a variety of reasons. This trend is expected to grow exponentially as the processing and analysis of large amounts of personal data becomes possible with increasingly sophisticated technology.

With such a trend comes growing concerns from individuals about how their personal data is being used. Hence, a data protection regime to govern the collection, use and disclosure of personal data is necessary to address these concerns and to maintain individuals’ trust in organisations that manage data.

By regulating the flow of personal data among organisations, the PDPA also aims to strengthen and entrench Singapore’s competitiveness and position as a trusted, world-class hub for businesses.

How does the Personal Data Protection Act Work?

The PDPA will ensure a baseline standard of protection for personal data across the economy by complementing sector-specific legislative and regulatory frameworks. This means that organisations will have to comply with the PDPA as well as the common law and other relevant laws that are applied to the specific industry that they belong to, when handling personal data in their possession.

The PDPA takes into account the following concepts:

  • Consent – Organisations may collect, use or disclose personal data only with the individual’s knowledge and consent (with some exceptions);
  • Purpose – Organisations may collect, use or disclose personal data in an appropriate manner for the circumstances, and only if they have informed the individual of purposes for the collection, use or disclosure; and
  • Reasonableness – Organisations may collect, use or disclose personal data only for purposes that would be considered appropriate to a reasonable person in the given circumstances.

Application of the Personal Data Protection Act

The PDPA covers personal data stored in electronic and non-electronic forms.

The data protection provisions in the PDPA (parts III to VI) generally do not apply to:

  • Any individual acting in a personal or domestic basis.
  • Any employee acting in the course of his or her employment with an organisation.
  • Any public agency or an organisation in the course of acting on behalf of a public agency in relation to the collection, use or disclosure of the personal data. You may wish to refer to the Personal Data Protection (Statutory Bodies) Notification 2013 for the list of specified public agencies.
  • Business contact information. This refers to an individual’s name, position name or title, business telephone number, business address, business electronic mail address or business fax number and any other similar information about the individual, not provided by the individual solely for his or her personal purposes.

These rules are intended to be the baseline law which operates as part of the law of Singapore. It does not supersede existing statutes, such as the Banking Act and Insurance Act but will work in conjunction with them and the common law.

When does the Personal Data Protection Act Come into Effect?

The PDPA takes effect in phases starting with the provisions relating to the formation of the PDPC on 2 January 2013. Provisions relating to the DNC Registry came into effect on 2 January 2014 and the main data protection rules on 2 July 2014. This allows time for organisations to review and adopt internal personal data protection policies and practices, to help them comply with the PDPA.

Development of the Personal Data Protection Act

In the development of this law, references were made to the data protection regimes of key jurisdictions that have established comprehensive data protection laws, including the EU, UK, Canada, Hong Kong, Australia and New Zealand, as well as the OECD Guidelines on the Protection of Privacy and Transborder Flow of Personal Data, and the APEC Privacy Framework. These references are helpful for the formulation of a regime for Singapore that is relevant to the needs of individuals and organisations, and takes into account international best practices on data protection.

Three public consultations were conducted since 2011 to seek feedback on the proposed data protection regime. The public consultation sought the public’s views on topics including the coverage of the proposed law, the proposed data management rules and transitional arrangements for organisations to comply with the new law. For more information on the public consultations, please visit the MCI website.

What can we do for you to cope with Personal Data Protection Act?

  •  Degauss onsite using NSA evaluated degaussers which is capable of erasing both longitudinal and perpendicular magnetic disk storage devices with coercivity of up to 5,000 Oersteds
  •  Shredded/crushed onsite by built-for-purpose HDD and SSD shredder/crusher to break it into smaller pieces

Cyber Intelligence Asia 2014

Posted on by Data Terminator

Singapore, Singapore
11th March 2014 – 14th March 2014

Grand Copthorne Waterfront Hotel

392 Havelock Road, Singapore 169663

Tel: +65 6733 0880

After the successful launch of our Cyber Intelligence conferences and exhibitions our Asia show is moving to Singapore. With many governments in Asia looking to share knowledge and gain a better understanding of how to combat cyber attacks in the region, this is the must attend event in Asia to gain the knowledge and meet with the key policy and strategy makers in the regional governments and law enforcement agencies.

With more sophisticated and harder to trace cyber breaches taking place, governments are finding it harder to keep up to date with the hackers, and are continuing to look towards cooperate with the private sector to be one step ahead of the criminals.

Taking place in Singapore, which as a nation has one of the best critical infrastructures in place. Furthermore, Singapore is where many information security firms locate in Asia allowing attendees to opportunity to meet with many global private sector companies to discuss the latest technologies on offer.

Cyber Security is becoming a faster and a more sophisticated market and Cyber Intelligence Asia 2014 will allow attendees to analyse the latest defences on offer with regards to Malware, Data Loss Protection, Password Security, Critical Infrastructure, Digital Forensics, Data Recovery and Data Retrieving.

Cyber Intelligence Asia attracts a global attendance to network and discuss the latest solutions and systems in the market place that is targeted to law enforcement agencies and government’s in the region.

23rd GovernmentWare (GovWare) 2014

Posted on by Data Terminator

Join Us at the Premium Infocomm Security Conference Established in Asia!

September 23-25, 2014 – Suntec Singapore Int. Convention & Exhibition Center – Join us at Booths G28A, G27 and H27A

The Ministry of Home Affairs, Singapore, is proud to present the 23rd GovernmentWare (GovWare) conference & exhibition event. This annual event will be held from 23 to 25 September 2014 at the Suntec Singapore International Convention & Exhibition Centre.

The theme of this year’s conference is: “Strengthening The Cyber Security Ecosystem”.

An effective cyber security ecosystem requires not only the continual development of efficient cyber defence processes and technologies, but also a close collaboration between the public and private sectors. The effectiveness and resilience of this ecosystem, however, can be hampered by the cyber threats in today’s connected cyber world.

As cyber attacks become increasingly sophisticated, complex and difficult to detect, advanced cyber solutions that enable seamless security processes are essential. It is also no longer feasible for a single entity to rely on its own capabilities to defend against such cyber attacks. There is a crucial need for the various entities in the cyber ecosystem to work together to tackle the challenge.

Accordingly, the Government, the academia and industry partners have been urged to develop a close partnership which will enable such initiatives and measures as the sharing information, the development of innovative cyber solutions, the training of the next generation of cyber security professionals and the establishment of local operational or research facilities. These and other collaborative efforts of all stakeholders will aid in the shaping of a cyber security ecosystem that is both robust and vibrant.

Come join us at GovWare 2014 as we explore how we can work together to enhance the resilience of our cyber security ecosystem to create a safer cyber space for all.

Banking Vietnam Event – May 20th, 2014

Posted on by Data Terminator

Banking Vietnam, organized by State Bank of Vietnam, Vietnam Banks Association and IDG Vietnam is the largest and most influential annual banking conference and expo in Vietnam. On behalf of organizers, we are pleased to invite you to participate in Banking Vietnam 2014 on 20-22 May 2014 at Melia Hotel, Hanoi to enjoy the latest excitements in Banking trends and IT solutions.

With the 17th organization, Banking Vietnam is the most prestigious annual banking conference and exposition in Vietnam. With the participation and strong supports from the State Bank of Vietnam’s government leaders, Banking Vietnam has gained enormous interest and been marked as the “must-attend” conferences by bankers’ community in Vietnam.

This year, featuring the theme “Innovative Banking: Building Trust and Customer Engagement” , the 17th Banking Vietnam 2014 hopes to bring in the latest insights that enable audience to stay on top of current development, update technology solutions to enjoy higher satisfaction and loyalty from customers while  improving scalability and agility in banking system.

Together with the conference, the exhibition will excite you with the showcase of newest technologies and products within the banking field and brings unique access to 400 CIOs, CSOs, IT Directors – Key decision makers for IT Purchasing.

Speaker – Mike Tan – Founder and Director of DT Asia group

Mike graduated from University of Alberta, Canada in 1989 with a degree in Computer Engineering. He did R&D work for his university and the Singapore Defence Science Organization before working the next 15 years for technology giants Hewlett-Packard and Dell. Since 2007, Mike has founded various business start-ups. DT Asia was created as a value added distribution for best-in-class information leakage protection service and solutions for government and financial institutions across Asia. DT technology partners include leading-edge security companies from USA, Israel, Hungary, Finland and South Korea .

Topic – How Top Government Organizations and Global Technology Companies Fight Advanced Cyber Threats

Governmentware 2013

Posted on by Data Terminator

Dear Valuable Customers,

Data Terminator (DT) is an Information Leakage Protection Specialist in providing solution and services that secure data at rest, data in motion as well as data in use.

DT’s new and innovative products and services include:

SSH CryptoAuditor provides control, monitor and audit of privilege user access to mission critical servers and other network devices. It deploy transparently and independently from the Client/Server environment, while minimizing the impact on network architecture.

Enterprise Fraud Management (EFM) is an enterprise solution to enforce corporate security policies by detecting security breaches and exceptions.

NSA certified Equipment and Services for all Data End of Life management

ISO Certified professional services for All-in-One asset declassification
For more details, please visit https://data-terminator.com

 

Secure Shell key mismanagement poses big risk to your data

Posted on by Data Terminator

Nearly every major network environment today – including governments, large enterprises and financial institutions – uses a version of the Secure Shell data-in-transit protocol, to protect data as it moves throughout the network and allow for administrators to manage systems remotely.

Secure Shell works by creating an encryption key pair – one key for the user’s machine, and the other key for the server – while encrypting the data that is transmitted between those two keys. Organisations use Secure Shell to encrypt everything from logins to financial data, health records and other personally-identifiable information. While Secure Shell keys protect highly sensitive information, organisations have been astonishingly indifferent at managing the creation, location and access of Secure Shell keys giving access to critical assets.

Many organisations are unable to control the creation quantity and location of keys in the network; they are leaving themselves open to security breaches and noncompliance with international regulations including Payment Card Industry Data Security Standard (PCI-DSS), Sarbanes-Oxley Act (SOX), as well as Singapore standard such as Monetary Authority of Singapore (MAS). Organisations may also be infringing upon other security policies, including those mandated by their customers.

Attacking key-based access network
Having thousands to millions of these keys is common for the majority of enterprises, governments and financial institutions worldwide. However, most of them are still using manual processes for generating, configuring and deploying the Secure Shell keys. Over time, this results in the uncontrolled proliferation of authentication keys, with little to no visibility into what each key does. A malicious actor, that gains access to a private key, can mimic an authorized user and access sensitive information with impunity.

Network breaches are commonplace as attacks become more prevalent and sophisticated. Implementing Secure Shell keys as an attack vector in a virus is fairly simple, requiring only a few hundred lines of code. Once a virus gains successful entry, it can use improperly managed Secure Shell keys to spread from server to server.

In fact, key-based access networks are so tightly woven that it is highly likely that a successful attack will infect virtually all servers within an organisation, particularly if the virus also uses other attack vectors to elevate privileges to “root” after breaching a server. With so many keys being distributed, odds are the virus will corrupt nearly all servers in a matter of seconds to minutes, including disaster recovery and backup machines that are usually also managed using such keys.

Under the worst circumstances, a virus using numerous attack vectors could spread Internet-wide, quickly and, merged with destruction technologies, could destroy immense amounts of data.

Time to take pivotal steps

Taking the steps to address Secure Shell key mismanagement will require proper support and endorsement within the organisation itself. The core of the remediation project is comprised of multiple steps:

– Automating key setups and key removals; eliminating manual work, human errors, and reducing the number of administrators from several hundred to virtually none.
– Managing what commands can be executed using the key and where the key execution can happen.
– Requiring proper processes for all key setups and other key operations.
– Monitoring the environment in order to establish which keys are actually used and removing keys that are no longer in use.
– Rotating keys, i.e., changing every authorised key (and corresponding identity keys) regularly, so that any compromised (copied) keys cease to work.
– Identifying all current trust-relationships (who has access to what).

Going forward

Today a considerable portion of the global financial institutes, Fortune 500 and many major government agencies continue to operate out of compliance, and are unknowingly facing major security threats from hackers or rogue employees. Best practices, such as the ones identified above, will position organisations to prepare for security threats and new compliance mandates before they occur.

In addition to IT involvement, executive management needs to step-in to protect the company from neglecting any compliance regulations that could bring about liability; and make it a priority to ensure that SSH user keys are properly managed in their organisations.

Tommi Lampila is Vice President, APAC, SSH Communications Security.

Data Terminator is a trusted brand in Data Leakage and End-of-Life Data Protection. Our processes are ISO 9001:2015 and ISO 14001: 2015 certified. Our mission is to provide our Customers effective and efficient Data Leakage Prevention solutions. Read more..

SiteLock

Quick Links

Our Services

Contact us