Your SlideShare is downloading. ×
0
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Establishing Security and Trust in the Digital World
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Establishing Security and Trust in the Digital World

139

Published on

IT Governance's Gareth Neal discusses the challenges facing business owners and top managers in establishing security and trust online.

IT Governance's Gareth Neal discusses the challenges facing business owners and top managers in establishing security and trust online.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
139
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  1. TM Establishing Security & Trust in the Digital World Gareth Neal Information Risk Consultant IT Governance Ltd www.itgovernance.co.uk © IT Governance Ltd 2013
  2. TM Agenda ● Introduction to IT Governance Ltd and presenter ● The threats that consumers and businesses face ● Data protection, privacy & information security challenges across the mobile ecosystem ● Data security – ensuring confidentiality, integrity and availability and security of Personal Identifiable Data ● How to create secure information systems and managing the mobile enterprise to reduce risk and improve consumer confidence ● Case study example © IT Governance Ltd 2013 *
  3. TM About IT Governance Ltd IT Governance is a one-stop-shop for organisation’s to meet their information security, risk management and compliance needs. Our Vision: Information, information technology and information security is always a business issue, never just an IT one. Our Mission: To enable boards and business executives to properly manage their information technology strategies. © IT Governance Ltd 2013 *
  4. TM About the presenter •Career –Internal Audit Manager (Accountancy practice) –Lead Auditor – DPA 1998 (ICO) –Information Risk Consultant (IT Governance) •Experience –Public and private sector internal auditing –Public sector risk management –Data Protection Act compliance auditing –Management consultancy – ISO 27001 and ISO 9001
  5. The threats that consumers and businesses face TM •Consumer threats –Identity theft and other forms of personal data misuse –Sensitive personal data is lost / stolen – causing substantial damage and distress –Victim of fraud © IT Governance Ltd 2013 *
  6. The threats that consumers and businesses face TM •Business threats –Nature and accidents –Current and past employees –Competitors –Litigants –The Press –Hackers –Criminals –Governments, Terrorists and Political Organisation's •Resulting in: –Regulatory fines –Damaged reputation –Loss of business © IT Governance Ltd 2013 *
  7. Data protection, privacy & information security challenges across the mobile ecosystem Legislation •Data Protection Act 1998 - Principle 7 Security • UK Regulator (ICO) activity is increasing – Audits and Enforcement action • ICO Good Practice audit team has a shift in focus towards risks associated with mobile working • ICO Enforcement fines (Civil Monetary Penalties) are primarily based on Principle 7 breaches, with specific CMP cases finding a lack of encryption for mobile devices, lack of staff training and insufficient policies to be the key downfalls © IT Governance Ltd 2013 TM
  8. Data protection, privacy & information security challenges across the mobile ecosystem TM •Human Rights Act 1998 – Article 8 Privacy ● Growing trend in that society is increasingly knowledgeable and concerned about individual privacy rights ● Pressure on public and private sector business to get things right first time and maintain robust compliance with current and future legislation ● Balanced approach is needed to investing in new mobile technological advances whilst investing resources to identify and manage privacy risks *
  9. Data protection, privacy & information security challenges across the mobile ecosystem International Standard •ISO 27001 – Information Security Management System (ISMS) • Confidentiality • Integrity • Availability •Business, legal, regulatory, and contractual security obligations © IT Governance Ltd 2013 TM
  10. Data Security – ensuring confidentiality, integrity and availability of Personal Identifiable Data ● CIA ● Important to identify what data your business processes, where, in what format, and by whom ● Data should be categorised in terms of its sensitivity/ critical importance ● Data and data processing environments/systems should be risk assessed ● Controls should be put in place to manage data security risks ● Authorisation for new processing/working arrangements is important ● Training staff is fundamental ● Continual improvement, which includes internal audits is crucial to ensure good data security management TM
  11. Audit results - common areas of good practice ● Strong information security / data protection governance structures with Board level oversight ● Audit assurance and consultancy plans are completed ● Organisation wide training strategy and plans incorporate information security and data protection within induction and refresher training programmes. ● Physical security protocols, systems and entry controls ● Regular review and monitoring of systems user access permissions. TM
  12. Audit results - common areas for improvement ● Insufficient Information Asset Registers and lack of risk assessments covering remote / home working ● Lack of Privacy Impact Assessments (PIAs) ● Tracking and reporting on information security training completion rates and ensuring refresher training is actually completed ● Uncontrolled movement of paper-based records ● Unsecure electronic data transmission to third parties ● Unsecure disposal of personal data held in paper and electronic format ● Lack of encryption for laptops and removable media devices TM
  13. How to create secure information systems and manage the mobile enterprise to reduce risk and improve consumer confidence ● Key points – risk reduction ● Conduct risk assessments for mobile / remote / home working ● Complete Privacy Impact Assessments (ICO Guidance) ● Develop appropriate policies and procedures covering mobile working based on risk assessment outcomes ● Staff training and awareness, including board members, temporary workers and contractors ● Access permissions – physical and logical ● Deploy encryption software TM
  14. How to create secure information systems and manage the mobile enterprise to reduce risk and improve consumer confidence TM ● Key points – consumer confidence Implementation of international standards - ISO 27001 Accredited Certification. Demonstrate compliance with industry recognised standards – assurance statements for PCI DSS, NHS IG Toolkit etc. Senior management commitment to investing resources in continual information security and data protection compliance activity. Openness and transparency agendas for information security and data protection compliance regimes. *
  15. TM Case Study: Wirefast Confidentiality Integrity Availability Product and services ISO 27001 © IT © IT Governance Ltd Governance Ltd 2013 2013 *
  16. TM Questions and Answers Questions? © IT Governance Ltd 2013 *
  17. TM Thank you Find us: www.itgovernance.co.uk Email us: servicecentre@itgovernance.co.uk Call us: 0845 070 1750 Tweet us: @ITGovernance Connect: Facebook and Linkedin © IT © IT Governance Ltd Governance Ltd 2013 2013 *

×