Brief overview of concepts and data about how we create, storage and consume information we use daily. Covers also information time-span paradox, and limited research about what personal risks related to cyberspace and information domain are available to capture with simple survey.
2. Dla niecierpliwych:
• Informacje to dane i ich kontekst (w tym wartość)
• Proces zarządzania informacjami w chmurze jest zwielokrotniony
• Czas życia informacji jest subiektywny i różny od postrzeganego publicznie
• W chmurze danych rodzi się nasz cyfrowy bliźniak, warto go znać!
• Wiemy o chmurze mniej niż nam się wydaje, potrzebujemy lepszych raportów
• Współcześnie zabezpieczanie danych możliwe jest jedynie w modelu współdzielonej odpowiedzialności
• Przenoszenie do chmury starych nawyków jest bardzo niebezpieczne
• Warto użyć modeli i standardów do oceny kondycji zabezpieczeń danych w swojej organizacji
• Niezbędne jest rozszerzenie modeli oceny o czynnik ludzki i osobiste analizy ryzyka dla każdej sytuacji
• Własny przykład działa!
9. WHERE IS MY DATA?
Cloud Security Alliance: Security Guidance for Critical Areas of Focus In Cloud Computing v4.0, based on http://www.securosis.com/blog/data-security-lifecycle-2.0
12. INFORMATION LIFESPAN PARADOX (controlled vs uncontrolled)
Picture taken
Picture
print
Print
decay/destroyed
Picture
composed
Picture
stored
Picture
analyzed
Picture
shared
Picture
modified
Picture
deleted?
Metadata
created
Metadata
enhanced
Metadata
enriched
Metadata
used by you
Metadata re-
used by others
Picture print
digitalized
classical camera
digital camera
/smartphone
lifespan
controlled
uncontrolled
service provider
other service provider
unauthorized use
25. 3,263,144,325
Total events per month
3,217Anomalous events per month
31.3Threats per month
An average institution statistics:
3x109
3x103
3x101
WORLD
SMALL CITY
FAMILLY
USER BEHAVIOR ANALYTICS ROLE
THE CHALLENGE
https://www.skyhighnetworks.com/cloud-computing-trends-2019/ 30 million McAfee MVISION Cloud users, 50 attributes of user behavior analysis, signatures for 25,000 cloud services
28. CLOUD USERS SIDE VIEW: HOW MANY CLOUD APPLICATIONS YOU USE?
https://www.skyhighnetworks.com/cloud-computing-trends-2019/ 30 million McAfee MVISION Cloud users, 50 attributes of user behavior analysis, signatures for 25,000 cloud services + survey of 1,400 security professionals in 11 countries
29. CLOUD PROVIDER SIDE CONTROLS: ADAPTATION OF CRITICAL SECURITY CONTROLS
https://www.skyhighnetworks.com/cloud-computing-trends-2019/ 30 million McAfee MVISION Cloud users, 50 attributes of user behavior analysis, signatures for 25,000 cloud services
PicturebyAdrianGrigorof,MariusMocanu
30. HOW TO ANALYZE THE DATA LIFECYCLE IN CLOUD ENVIRONMENT?
http://www.securosis.com/blog/data-security-lifecycle-2.0
31. HOW TO SECURE MOVE TO THE CLOUD?
https://cloudsecurityalliance.org/guidance/#_overview
Don’t bring bad habits!
35. HOW TO ANALYZE PERSONAL SECURITY POSTURE?
MODERN DECALOG OF SAFETY
FOR HUMANS WITH MACHINES
RESPECT PRIVACY PRUDENCE ASSERTIVENESS EXEMPLAR
IDENTIFY PROTECT DETECT RESPOND RECOVER
DESIGNED BY SAFETY CULTURE INITIATIVE PICTOGRAMS FROM WWW.ENTYPO.COM
NIST CSF
HUMAN FACTOR
#poProstuBezpiecznie
36. PERSONAL RISK EXPOSURE AND REMEDIATION PLANS
#projektFeniks
https://uodo.gov.pl/pl/138/667
https://sci-ikb.blogspot.com/2019/01/projektfeniks.html
disaster, what to do?
will handle, sometime
can do that
inconvenient
that is happened
barely noticed
disaster, what to do?
will handle, sometime
can do that
inconvenient
that is happened
barely noticed
By accident, error or criminal activity you’ve lost UNIQUE
data that can’t be recover or recreated.
Examples are: photos, recordings, personal
documentation – in general archives and memories.
How this will impact you?
72 responses
By criminal, third party or yourself activity your
SENSITIVE and CONFIDENTIAL data you OWN are
disclosed. You’ve lost control over these data what is
adverse for you.
Examples are: PII, PHI, private photos that can
compromise you reputation, credentials, access keys,
information about your habits, addictions – in general
these are your secrets. How this will impact you?
72 responses
37. PERSONAL RISK EXPOSURE AND REMEDIATION PLANS
#projektFeniks
https://uodo.gov.pl/pl/138/667
https://sci-ikb.blogspot.com/2019/01/projektfeniks.html
disaster, what to do?
will handle, sometime
can do that
inconvenient
that is happened
barely noticed disaster, what to do?
will handle, sometime
can do that
inconvenient
that is happened
barely noticed