• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CTO Cybersecurity Forum 2013 Ashley Jelleyman
 

CTO Cybersecurity Forum 2013 Ashley Jelleyman

on

  • 171 views

Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications ...

Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.

Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.

Statistics

Views

Total Views
171
Views on SlideShare
171
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CTO Cybersecurity Forum 2013 Ashley Jelleyman CTO Cybersecurity Forum 2013 Ashley Jelleyman Presentation Transcript

    • Privacy vs Security You Can’t Have Both At the same time Ashley Jelleyman FBCS CITP M Inst. ISP Head of Information Assurance
    • © British Telecommunications plc Privacy vs Security • We can look at privacy in a number of ways – Sometimes we as individuals willing give up our privacy – Sometimes we are forced to give up our privacy to get something we want – and sometimes it happens beyond our control. • And there is a third side to the triangle.
    • © British Telecommunications plc Privacy vs Security • Let me introduce Ethan, aged 13. • He has an expectation of privacy – He keeps his bedroom door shut because he’s a teenage lad who wants his privacy
    • © British Telecommunications plc Privacy vs Security • Which means his bedroom looks like this: • Because he wants his privacy he surrenders the “security” of his mum cleaning the bedroom.
    • © British Telecommunications plc Privacy vs Security • He has two PCs, one in his room for homework, one in the conservatory for games. • His homework computer has no games on it and only goes to restricted educational web sites. • But if he wants to have a computer to play games on he has to surrender his privacy so I can protect him. • MS Family Safety. – Gives remote control and reporting
    • © British Telecommunications plc Privacy vs Security • So again, he has surrendered his privacy and control, for the right to use the computer. • I know both he and the network at home are safe and secure !
    • © British Telecommunications plc Privacy vs Security • Then there is my wife; Margaret, aged, no comment. • We share a bank account, but I manage the reconciliation • So my wife gives me all the receipts for the money she spends. • She has surrendered her privacy to ensure that we have the security of knowing what money we have, and don’t go overdrawn. • But if she wants to surprise me with a gift at Christmas it’s difficult, so I’ve surrendered that pleasure.
    • © British Telecommunications plc Privacy vs Security • So what about at work: • Most of us have access to the corporate email and to the internet. • Our emails are monitored for appropriateness, spam and Phishing attacks. So if we receive a private message we can expect it will be at least scanned by an automated system. • We have surrendered our privacy for the right to receive private emails at work
    • © British Telecommunications plc Privacy vs Security • And when the monitoring doesn’t work • You get incidents like Aramco – a click on a dodgy link The August attacks, using a virus called Shamoon, wiped the hard drive of the Saudi computers and left thousands of Aramco employees unable to access email and kept them off company networks for a week or more
    • © British Telecommunications plc Privacy vs Security • Internet access is monitored to ensure people don’t visit in-appropriate sites. • That gives the company security from viruses trojans and other malware. • But we as employees don’t expect the company to sniff our banking passwords, or other credentials. • So now we are introducing the concept of trust into the surrender of privacy equation.
    • © British Telecommunications plc Privacy vs Security • Then we move out into the wider world: • BT and many other ISPs provide access to the internet. • As we transact more and more business on the internet we expose more information, not just to the end website, but potentially our ISP. • But again we trust our ISP not to read all of our traffic, look at what we are viewing, and record our activity – Except that sometimes they have to by law – New laws requiring the storage of all on-line activity are being enacted for National Security reasons. • Matters of national security can over ride the personal privacy agenda.
    • © British Telecommunications plc Privacy vs Security • But again, we also surrender our privacy for benefits. – We allow cookies to be stored on our machines – Many web sites don’t work without them • We allow companies to use our experience of their software to improve the next version, we get better software. • We are regularly willing to trade our privacy for the “security” of a better, more reliable feature rich service.
    • © British Telecommunications plc Privacy vs Security • What about when we really want privacy, • We can establish an encrypted link: https: – But that only works on the sites that offer it – It isn’t 100% – Still exposes your IP address – What about other sites that don’t offer HTTPs:
    • © British Telecommunications plc Privacy vs Security • There are some commercial offerings,
    • © British Telecommunications plc Privacy vs Security • This one promises to encrypt your connection to the target • It masks your IP address by proxying the connection • It will even offer to make your connection appear to come from a different country. – Useful if you want to watch domestic online TV from a different country
    • © British Telecommunications plc Privacy vs Security • But are you really getting privacy ? – Depends if you trust the provider who is proxying the traffic. • I assume that they can see all your traffic. • So again to get that “security” you are placing your trust in someone else.
    • © British Telecommunications plc Privacy vs Security • So in most cases the truth isn’t a simple Privacy Vs Security slider. • It’s usually a three way deal between – Privacy – Security – and Trust. Trust Privacy Security
    • © British Telecommunications plc Privacy vs Security • And it’s up to each of us to decide how big each circle is. Trust Privacy Security
    • Any Questions ?