Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Who takes the blame? - Cogs of the Security Machine

94 views

Published on

- Máté Fodor - Information Security Consultant, PR-AUDIT -

The more companies become data-driven, the more emphasis the security of the used data requires. Regulations define the respective roles for the elevation of security and our presentation aims for pinpointing where their responsibilities lie from a practical point of view through the demonstration of more or less favourable precedents.

IVSZ | EuDEco project
Data Economy Conference
Budapest, 2018. 01. 31.

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Who takes the blame? - Cogs of the Security Machine

  1. 1. Who takes the blame? Cogs of the Security Machine
  2. 2. Máté Fodor Information Security Consultant IT Security Consultancy services Deep technological audits LOGNESS PCP
  3. 3. ’Whose responsibility is cybersecurity?’
  4. 4. ’Whose responsibility is cybersecurity?’ EVERYONE’S
  5. 5. Article 32 – Security of processing General Data Protection Regulation (1) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: a. the pseudonymisation and encryption of personal data; b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
  6. 6. • Swedish leak • Equifax hack • Target hack • Docs.com • Mirai Cases
  7. 7. Article 32 – Security of processing General Data Protection Regulation (1) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: a. the pseudonymisation and encryption of personal data; b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; c. the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
  8. 8. For information security improvement • Data classification • Chief Information Security Officer • Technical means • Monitoring • Security systems • Access management • Raising security awareness
  9. 9. Thank you for your attention! mate.fodor@praudit.hu

×