SlideShare a Scribd company logo

Business cases internet 30 use cases

Priyanka Aash
Priyanka Aash

Information security officers will need to become involved in privacy issues to maintain relevance in the future. This session will provide the fundamentals of information privacy and building of a privacy program, touching on US, EU, Canadian and other global privacy laws to provide a foundation to begin to intelligently discuss the privacy issues. (Source: RSA Conference USA 2017)

Technology
1 of 59
Download to read offline
SESSION ID:SESSION ID: #RSAC Todd Fitzgerald, CISSP, CISM, CISA, CRISC, CGEIT, CIPP/US/E/C, CIPM, PMP, ISO27001, ITILv3f One Hour Privacy Primer For Security Officers CXO-R02RF todd_fitzgerald@yahoo.com @securityfitz
#RSAC 4. Privacy Program Design 3. Privacy Laws and Common Principles 1. Why Should Security Officers Care About Privacy? 2. The Language of Privacy Today's Agenda
#RSAC 1. What Is The Phishing Threat Today? Why Should Security Officers Care About Privacy?
#RSAC We Face Privacy Choices Daily
#RSAC The CISO Job Description Job description: This position will represent the information protection program of the’ region and requires the ability to understand business issues and processes and articulate appropriate security models to protect the assets of and entrusted to. A strong understanding of information security is necessary to manage, coordinate, plan, implement and organize the information protection and security objectives of the’ region. This position is a senior technical role within our information protection and security department. A high-level of technical and security expertise is required and will be responsible for managing information security professionals. This position will play a key role in defining acceptable and appropriate security models for protecting information and enabling secure business operations. This person must be knowledgeable of current data protection best practices, standards and applicable legislation and familiar with principles and techniques of security risk analysis, disaster recovery planning and business continuity processes and must demonstrate an understanding of the management issues involved in implementing security processes and security-aware culture in a large, global corporate environment. He or she will work with a wide variety of people from different internal organizational units, and bring them together to manifest information security controls that reflect workable compromises as well as proactive responses to current and future business risks to enable ongoing operations and protection of corporate assets. RESPONSIBILITIES INCLUDE: • Manage a cost-effective information security program for the Americas region; aligned with the global information security program, business goals and objectives • Assist with RFP and Information Security responses for clients • Implementing and maintaining documentation, policies, procedures, guidelines and processes related to ISO 9000, ISO 27000, ISO 20000, European Union Safe Harbor Framework, Payment Card Industry Data Protection Standards (PCI), SAS-70, General Computer Controls and client requirements • Performing information security risk assessments • Ensuring disaster recovery and business continuity plans for information systems are documented and tested • Participate in the system development process to ensure that applications adhere to an appropriate security model and are properly tested prior to production • Ensure appropriate and adequate information security training for employees, contractors, partners and other third parties • Manage information protection support desk and assist with resolution • Manage security incident response including performing investigative follow-up, assigning responsibility for corrective action, and auditing for effective completion • Manage the change control program • Monitor the compliance and effectiveness of Americas’ region information protection program • Develop and enhance the security skills and experience of infrastructure, development, information security and operational staff to improve the security of applications, systems, procedures and processes •
#RSAC …Continued Direct senior security personnel in order to achieve the security initiatives • Participate in the information security steering and advisory committees to address organization-wide issues involving information security matters and concerns, establish objectives and set priorities for the information security initiatives • Work closely with different departments and regions on information security issues • Consult with and advise senior management on all major information security related issues, incidents and violations • Update senior management regarding the security posture and initiative progress • Provide advice and assistance concerning the security of sensitive information and the processing of that information • Participate in security planning for future application system implementations • Stay current with industry trends relating to Information Security • Monitor changes in legislation and standards that affect information security • Monitor and review new technologies • Performs other Information Security projects / duties as needed MINIMUM QUALIFICATIONS: Transferable Skills (Competencies) • Strong communication and interpersonal skills • Strong understanding of computer networking technologies, architectures and protocols • Strong understanding of client and server technologies, architectures and systems • Strong understanding of database technologies • Strong knowledge of information security best practices, tools and techniques • Strong conceptual understanding of Information Security theory • Strong working knowledge of security architecture and recovery methods and concepts including encryption, firewalls, and VPNs • Knowledge of business, security and privacy requirements related to international standards and legislation (including ISO 9001, ISO 27001, ISO 20000, Payment Card Industry data protection standard (PCI), HIPPA, European Union Data Protection Directive, Canada’s Personal Information Protection and Electronic Documents Act, SAS-70 Type II, US state privacy legislation and Mexico’s E-Commerce Act) • Knowledge of risk analysis and security techniques • Working knowledge of BCP and DR plan requirements and testing procedures • Working knowledge of Windows XP/2000/2003, Active Directory, and IT Infrastructure security and recovery methods and concepts • Working knowledge of Web-based application security and recovery methods and concepts • Working knowledge of AS400 security and recovery methods and concepts • Working knowledge of PeopleSoft security and recovery methods and concepts • Working Knowledge of anti-virus systems, vulnerability management, and violation monitoring • Strong multi-tasking and analytical/troubleshooting skills • Knowledge of audit and control methods and concepts a plus • Knowledge of SAS-70 audit requirements a plus • Knowledge of ISO 9001 requirements a plus • Knowledge of ISO 27001 requirements a plus • Knowledge of ISO 20001 requirements a plus • Knowledge of COBIT requirements a plus • Knowledge of EU / Safe Harbor requirements a plus • Knowledge of Linux security a plus • Knowledge of VB.NET, C++, JAVA, or similar programming languages a plus • Proficient in MS-Office suite of products • Professional, team oriented Qualifications • Bachelor’s Degree (B.A., B.S.), or equivalent combination of education and experience in Information Security, Information Technology, Computer Science, Management Information Systems or similar curriculum • 7+ years of Information Technology or Information Security experience, including at least 5 years dedicated to Information Security • 2+ years of Travel Industry experience preferred • Must be a Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) preferred • Strong organizational, time management, decision making, and problem solving skills • Strong initiative and self motivated professional • Professional certifications from ISACA, (ISC)2, or SANS preferred • Experience with ISO certified systems a plus
#RSAC Contains Many Privacy References! Job description: This position will represent the information protection program of the’ region and requires the ability to understand business issues and processes and articulate appropriate security models to protect the assets of and entrusted to. A strong understanding of information security is necessary to manage, coordinate, plan, implement and organize the information protection and security objectives of the’ region. This position is a senior technical role within our information protection and security department. A high-level of technical and security expertise is required and will be responsible for managing information security professionals. This position will play a key role in defining acceptable and appropriate security models for protecting information and enabling secure business operations. This person must be knowledgeable of current data protection best practices, standards and applicable legislation and familiar with principles and techniques of security risk analysis, disaster recovery planning and business continuity processes and must demonstrate an understanding of the management issues involved in implementing security processes and security-aware culture in a large, global corporate environment. He or she will work with a wide variety of people from different internal organizational units, and bring them together to manifest information security controls that reflect workable compromises as well as proactive responses to current and future business risks to enable ongoing operations and protection of corporate assets. RESPONSIBILITIES INCLUDE: • Manage a cost-effective information security program for the Americas region; aligned with the global information security program, business goals and objectives • Assist with RFP and Information Security responses for clients • Implementing and maintaining documentation, policies, procedures, guidelines and processes related to ISO 9000, ISO 27000, ISO 20000, European Union Safe Harbor Framework, Payment Card Industry Data Protection Standards (PCI), SAS-70, General Computer Controls and client requirements • Performing information security risk assessments • Ensuring disaster recovery and business continuity plans for information systems are documented and tested • Participate in the system development process to ensure that applications adhere to an appropriate security model and are properly tested prior to production • Ensure appropriate and adequate information security training for employees, contractors, partners and other third parties • Manage information protection support desk and assist with resolution • Manage security incident response including performing investigative follow- up, assigning responsibility for corrective action, and auditing for effective completion • Manage the change control program • Monitor the compliance and effectiveness of Americas’ region information protection program • Develop and enhance the security skills and experience of infrastructure, development, information security and operational staff to improve the security of applications, systems, procedures and processes •
#RSAC Direct senior security personnel in order to achieve the security initiatives • Participate in the information security steering and advisory committees to address organization-wide issues involving information security matters and concerns, establish objectives and set priorities for the information security initiatives • Work closely with different departments and regions on information security issues • Consult with and advise senior management on all major information security related issues, incidents and violations • Update senior management regarding the security posture and initiative progress • Provide advice and assistance concerning the security of sensitive information and the processing of that information • Participate in security planning for future application system implementations • Stay current with industry trends relating to Information Security • Monitor changes in legislation and standards that affect information security • Monitor and review new technologies • Performs other Information Security projects / duties as needed MINIMUM QUALIFICATIONS: Transferable Skills (Competencies) • Strong communication and interpersonal skills • Strong understanding of computer networking technologies, architectures and protocols • Strong understanding of client and server technologies, architectures and systems • Strong understanding of database technologies • Strong knowledge of information security best practices, tools and techniques • Strong conceptual understanding of Information Security theory • Strong working knowledge of security architecture and recovery methods and concepts including encryption, firewalls, and VPNs • Knowledge of business, security and privacy requirements related to international standards and legislation (including ISO 9001, ISO 27001, ISO 20000, Payment Card Industry data protection standard (PCI), HIPPA, European Union Data Protection Directive, Canada’s Personal Information Protection and Electronic Documents Act, SAS-70 Type II, US state privacy legislation and Mexico’s E- Commerce Act) • Knowledge of risk analysis and security techniques • Working knowledge of BCP and DR plan requirements and testing procedures • Working knowledge of Windows XP/2000/2003, Active Directory, and IT Infrastructure security and recovery methods and concepts • Working knowledge of Web-based application security and recovery methods and concepts • Working knowledge of AS400 security and recovery methods and concepts • Working knowledge of PeopleSoft security and recovery methods and concepts • Working Knowledge of anti-virus systems, vulnerability management, and violation monitoring • Strong multi-tasking and analytical/troubleshooting skills • Knowledge of audit and control methods and concepts a plus • Knowledge of SAS-70 audit requirements a plus • Knowledge of ISO 9001 requirements a plus • Knowledge of ISO 27001 requirements a plus • Knowledge of ISO 20001 requirements a plus • Knowledge of COBIT requirements a plus • Knowledge of EU / Safe Harbor requirements a plus • Knowledge of Linux security a plus • Knowledge of VB.NET, C++, JAVA, or similar programming languages a plus • Proficient in MS-Office suite of products • Professional, team oriented Qualifications • Bachelor’s Degree (B.A., B.S.), or equivalent combination of education and experience in Information Security, Information Technology, Computer Science, Management Information Systems or similar curriculum • 7+ years of Information Technology or Information Security experience, including at least 5 years dedicated to Information Security • 2+ years of Travel Industry experience preferred • Must be a Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) preferred • Strong organizational, time management, decision making, and problem solving skills • Strong initiative and self motivated professional • Professional certifications from ISACA, (ISC)2, or SANS preferred • Experience with ISO certified systems a plus
#RSAC The Fortune 1000 Is Investing in Privacy and Values Relationships To Information Security Source: Benchmarking Privacy Management and Investments of the Fortune 1000, IAPP 2014 Research
#RSAC The 2018 CISO Evolution • Plan path away from operations • Refine risk management processes to business language • Widen vision to privacy, data management and compliance • Build support network • Create focus and attention of business leaders Leadership Strategic Thinking Business Knowledge Risk Management Communication Relationship Management Security Expertise Technical Expertise Source: Forrester Research: Evolve to become 2018 CISO or Face Extinction
#RSAC The New CISO will Need to Know Privacy 1990s-2000 2000-2003 2004-2008 2008-2014 2015-20+ Non Existent Security=Logon & Password FIRST CISO 1995 Regulatory Compliance Era Must hire security officer The "Risk-oriented" CISO emerges The Threat-aware Cybersecurity, Socially- Mobile CISO The Privacy and Data-aware CISO
#RSAC The security officer is increasingly dealing with privacy concerns beyond the 'privacy principles' Lack of global trustInconsistent application Data Governance/location Controller/Processor responsibilities Location of data Regulatory fines for privacy notice violation Retention, record correction, right to be forgotten Location tracking
#RSAC PRIVACY IS DEAD… OR IS IT ? 13 Privacy Is Completely And Utterly Dead, And We Killed It - Forbes, 8/19/14 Privacy Is Dead, Harvard Professors Tell Davos Forum - January 22, 2015 Why Privacy Is Actually Thriving Online - Wired, May 2014 Privacy Is Dead: What You Still Can Do to Protect Yourself - Huffington Post, 08/27/15
#RSAC © 2011 Tamara J. Erickson and Moxie Insight. U.S. Dept of Labor (Date Range 1946-64, 1965-79 Each generation approaches work differently, shaped by the economic, social and political forces of their time ultimately forming their individual preferences. Traditionalist 1928-45 Traditionalist 1946-64 Gen Y 1980-95 Gen X 1965-79 Gen Z 1996-? Privacy Concern Differs By Generation
#RSAC The Workforce Composition Is Shifting Source: Deloitte Research/UN Population Division, It’s 2008: Do You Know Where Your Talent Is?
#RSAC
#RSAC 1. What Is The Phishing Threat Today? Privacy Laws and Common Principles
#RSAC Early Privacy Laws and Regulations 18 Year Milestone 1890 "The Right to Privacy" Warren and Brandeis 1947 Article 12 of Universal Declaration of Human Rights 1966 US Freedom of Information Act 1970 Fair Credit Reporting Act 1974 US Privacy Act 1978 France Data Protection Act 1980 Organization for Economic Cooperation and Development (OECD) 1981 Council of Europe Convention on the Protection of Personal Data Warren Brandeis
#RSAC Privacy Coverage Varies Across Countries 19 Source: Forrester Research, 2015 privacy Heat Map, Forbes 10/15/15 (relatively unchanged in 2016)
#RSAC Laws Vary in Approach 20 Sectoral Laws (US) PIPEDA (Canada) Comprehensive (EU) Co-Regulatory (AU) Australia Federal Privacy Act (amended in 2000) China- Draft Cybersecurity Hong Kong- 1996 Personal Data Ordinance Fair Credit Reporting Act HIPAA/HITECH/State laws Gramm-Leach-Bliley Act Children's Online Privacy Protection Act (COPPA) 1974 Privacy Act /FOIA 1995 EU Data Protection Directive (2018-GDPR) e-Privacy Directive Data retention directive Article 29 working party
#RSAC 2016 Saw Much Activity with Emerging EU/US Privacy Laws 21 General Data Protection Regulation EU/US Privacy Shield (Replace Safe Harbor) • Strong obligations for US Companies • Government access transparency • Redress • Regulation vs Directive • Reach beyond EU • Fines 4% revenue • 72 hour data breach notification May 2018 Compliance Approved In 2016 BREXIT Impact?
#RSAC Organization for Economic Co-operation and Development (OECD) Privacy Principles 22 Collection Limitation Data Quality Purpose Specification Use Limitation Security Safeguards Openness Individual Participation Accountability OECD
#RSAC OECD- 1. Collection Limitation Principle 23 There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
#RSAC OECD- 2. Data Quality Principle 24 Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
#RSAC OECD- 3. Purpose Specification Principle 25 The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. Why am I Getting All This SPAM Now ?
#RSAC OECD- 4. Use Limitation Principle 26 Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: a) with the consent of the data subject; or b) by the authority of law.
#RSAC OECD- 5. Security Safeguards Principle 27 Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
#RSAC OECD- 6. Openness Principle 28 There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. MR. CONTROLLER
#RSAC OECD- 7. Individual Participation Principle 29 Right to obtain confirmation DATA STORED REASONABLE TIME REASONABLE MANNER, COST and FORM If denied, be provided a reason Ability to challenge denials Right to erase, rectify complete, or amend information
#RSAC OECD- 8. Accountability Principle 30 A data controller should be accountable for complying with measures which give effect to the principles stated above.
#RSAC 1. What Is The Phishing Threat Today? The Language of Privacy
#RSACPrivacy Language Can Be Foreign To Business Environment… • Principles need to be communicated in business context • Companies care about the right people being able to use data when they need to. Period. • Oh, yes, and avoiding big fines and personal liability
#RSAC EU Defines Personal Data "Personal data shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity." Sensitive Personal Data or 'special categories of personal data' are generally prohibited from processing (some exemptions). De-Identified (non-personal) data – laws generally do not apply after identifying elements removed. 33
#RSAC Personal Information Elements Name Gender Age DOB Marital Status Citizenship Nationality Languages Spoken Veteran Status Disabled Status IP Address Demographics 34
#RSAC Sources of Personal Information 35 Public Records • Real estate • Criminal • Varies State/National/Local level Publicly Available • Names and addresses • Newspapers • Search engines • Facebook/Twitter Nonpublic • Medical records • Financial information • Adoption Records • Company customers • Employee database
#RSAC Sensitive Personal Information EUROPE UNITED STATES 36 • Racial or Ethic Origin • Political opinion • Religious or philosophical beliefs • Trade-union membership • Health or sex life • Offenses or criminal convictions • Social Security Number • Financial Information • Driver's License Number • Medical Records
#RSAC Data Protection Roles 37 Data Protection Authority Data Controller Data Subject Data Processor • Enforcement • Reporting • Determines purposes • Means of processing • Processes on behalf of data controller
#RSAC Privacy Policy and Notice Privacy Policy – Internal statement directing employees Privacy Notice- statement to data subject for collection, use, retention and disclosure of information Contracts, application forms, web pages, terms of use, Icons, signs, brochures 38 PRIVACY NOTICE • Initially, periodically • Clear and conspicuous • Accurate and complete • Readable, plain language
#RSAC Privacy Consent • Processed unless data subject objects • Box pre-checked to accept or check box to opt-out OPT-OUT • Information processed only if data subject agrees • Active affirmation OPT-IN 39
#RSAC OPT-IN or OPT-OUT ? A. DO YOU WANT TO RECEIVE ADDITIONAL INFORMATION?  YES  NO B.  CHECK BOX IF YOU DO NOT WANT TO RECEIVE MORE INFORMATION C. DO YOU WANT TO RECEIVE ADDITIONAL INFORMATION ?  YES  NO D. PLEASE SEND MORE INFORMATION ABOUT YOUR PRODUCTS 40
#RSAC 1. What Is The Phishing Threat Today? Privacy Program Design
#RSAC Privacy Information Life Cycle Collection Use Retention Disclosure 42 • Limits • Lawful and fair means • Consent • Identified purpose • Proportionate • Purposes identified in notice • Implicit or explicit consent • Retain only as long as necessary for purpose • Securely dispose, destroy, return • Rights maintained on transfer of data • New purposes subject to consent
#RSAC Privacy By Design – 7 Principles 1. PROACTIVE PREVENTATIVE 2. PRIVACY BY DEFAULT 3. EMBEDDED IN DESIGN 4. POSITIVE-SUM NOT ZERO-SUM 5. END-TO-END LIFECYCLE PROTECTION 6. VISIBILITY TRANSPARENCY 7. RESPECT FOR USERS IT Business Practices Physical
#RSAC 1. PROACTIVE PREVENTATIVE
#RSAC 2. PRIVACY BY DEFAULT
#RSAC 3. EMBEDDED IN DESIGN
#RSAC 4. POSITIVE SUM NOT ZERO- SUM
#RSAC 5. END-TO-END SECURITY; LIFECYCLE PROTECTION
#RSAC 6. VISIBILITY TRANSPARENCY
#RSAC 7. RESPECT FOR USERS
#RSAC Privacy Impact Assessment (PIA) 51 • Checklists to ensure systems evaluated for privacy risks • New systems • Changes to existing systems • Legal/Regulatory requirements • Policy/Practice consistency
#RSAC 1. What Is The Phishing Threat Today? Final Thoughts
#RSAC Data+Privacy+Security+Risk= New Focus 1990s-2000 2000-2003 2004-2008 2008-2014 2015-20+ Non Existent Security=Logon & Password FIRST CISO 1995 Regulatory Compliance Era Must hire security officer The 'Risk-oriented" CISO emerges The Threat-aware Cybersecurity, Socially- Mobile CISO The Privacy and Data-aware CISO
#RSAC 54 Next week you should: Schedule a meet n greet with the privacy officer or legal dept. In the first three months following this presentation you should: Read the EU Data Protection Directive and any local laws Visit the International Association of Privacy Professionals (IAPP) website at www.privacyassociation.org Examine your organization's privacy policies Within six months you should: Go forward with a privacy certification Drive an assessment project (with the privacy officer) to determine where the privacy gaps are Begin educating the workforce on privacy principles through regional meetings Apply What You Have Learned Today
#RSAC Today We Explored… 55 Why Privacy should be Important to the security officer 8 information OECD Privacy Principles Global laws impacting privacy Building a program through Privacy By Design Principles Understanding the data elements and language of privacy
#RSAC Resources Contributed To By Presenter (Books In Amazon, B&N, ISC2, EC-Council Website, RSA Bookstore) 56 Information Security Handbook Series Since 2004 New Book Coming in 2017-18
#RSAC Final Thoughts • Planning and advance communication of Phishing/awareness campaigns is essential • Learning must be behavioral to stick • Employees at every organization level will click • Significant reductions and follow-on willingness to learn will be achieved • Bury the once a year 1 hour training sessions…
#RSAC I leave you with this 60 second view of your next few years figuring out where all the data is and what privacy regulations apply…
#RSAC Thank You Very Much For Your Participation! Todd Fitzgerald, CISSP, CISM, CISA, CRISC, CGEIT, CIPP/US/E/C, CIPM, PMP, ISO27001, ITILv3f Deerfield, IL Todd_fitzgerald@yahoo.com linkedin.com/in/toddfitzgerald

Recommended

The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
isc2-hellenic
 
Mash f43
Mash f43Mash f43
Mash f43
SelectedPresentations
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
IGN MANTRA
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and Training
Priyank Hada
 
Martin_Leroux_2014
Martin_Leroux_2014Martin_Leroux_2014
Martin_Leroux_2014
Martin Leroux
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
360 BSI
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 

Recommended

The evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISOThe evolving threats and the challenges of the modern CISO
The evolving threats and the challenges of the modern CISO
isc2-hellenic
 
Mash f43
Mash f43Mash f43
Mash f43
SelectedPresentations
 
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
ISO 27001 2013 Introduction Study Case IGN Mantra, 2nd Day, 3rd Session.
IGN MANTRA
 
Security Awareness and Training
Security Awareness and TrainingSecurity Awareness and Training
Security Awareness and Training
Priyank Hada
 
Martin_Leroux_2014
Martin_Leroux_2014Martin_Leroux_2014
Martin_Leroux_2014
Martin Leroux
 
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...IT Information Security Management Principles, 28 February - 02 March 2016 Du...
IT Information Security Management Principles, 28 February - 02 March 2016 Du...
360 BSI
 
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAEIT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE
360 BSI
 
CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1CISSP Certification- Security Engineering-part1
CISSP Certification- Security Engineering-part1
Hamed Moghaddam
 
CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
Hamed Moghaddam
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
Greenway Health
 
Information Security
Information Security Information Security
Information Security
Alok Katiyar
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
guest08b1e6
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
Hamed Moghaddam
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
NUS-ISS
 
Information security
Information security Information security
Information security
razendar79
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
Elliott Franklin
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
Alfred Ouyang
 
CNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk ManagementCNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk Management
Sam Bowne
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
newbie2019
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
Infosys
 
Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
Priyanka Aash
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
 

More Related Content

What's hot

IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
360 BSI
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
PECB
 

What's hot (20)

CISSP Certification-Asset Security
CISSP Certification-Asset SecurityCISSP Certification-Asset Security
CISSP Certification-Asset Security
 
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAEIT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
IT Information Security Management Principles, 23 - 26 November 2015 Dubai UAE
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Roadmap to IT Security Best Practices
Roadmap to IT Security Best PracticesRoadmap to IT Security Best Practices
Roadmap to IT Security Best Practices
 
Information Security
Information Security Information Security
Information Security
 
Information Security Intelligence
Information Security IntelligenceInformation Security Intelligence
Information Security Intelligence
 
Become CISSP Certified
Become CISSP CertifiedBecome CISSP Certified
Become CISSP Certified
 
CISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security LeadersCISSP Preview - For the next generation of Security Leaders
CISSP Preview - For the next generation of Security Leaders
 
Information security
Information security Information security
Information security
 
isicg - 3 r's v4
isicg - 3 r's v4isicg - 3 r's v4
isicg - 3 r's v4
 
1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt1 Info Sec+Risk Mgmt
1 Info Sec+Risk Mgmt
 
CNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk ManagementCNIT 160 3a Information Risk Management
CNIT 160 3a Information Risk Management
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
 
Chapter 12 iso 27001 awareness
Chapter 12 iso 27001 awarenessChapter 12 iso 27001 awareness
Chapter 12 iso 27001 awareness
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 

Similar to Business cases internet 30 use cases

Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin Carrow
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
360 BSI
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
360 BSI
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
360 BSI
 
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAEIT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
360 BSI
 
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARYCHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
Chuck Davis
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
360 BSI
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training Course
Ricky Lionel Vaz
 

Similar to Business cases internet 30 use cases (20)

Super CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your JobSuper CISO 2020: How to Keep Your Job
Super CISO 2020: How to Keep Your Job
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015Erwin (Chris) Carrow resume Brief 10-23-2015
Erwin (Chris) Carrow resume Brief 10-23-2015
 
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAECybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
Cybersecurity Management Principles, 12 - 15 Nov 2017 Dubai, UAE
 
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
Cybersecurity Management Principles, 11 - 14 Sept 2017 KL, Malaysia / 17 - 20...
 
CISSO Certification | CISSO Training | CISSO
CISSO Certification | CISSO Training | CISSOCISSO Certification | CISSO Training | CISSO
CISSO Certification | CISSO Training | CISSO
 
CISSO Certification| CISSO Training | CISSO
CISSO Certification| CISSO Training | CISSOCISSO Certification| CISSO Training | CISSO
CISSO Certification| CISSO Training | CISSO
 
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAEIT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE
 
Skills Needed to Become a Cyber.pdf
Skills Needed to Become a Cyber.pdfSkills Needed to Become a Cyber.pdf
Skills Needed to Become a Cyber.pdf
 
Information Security Manager Jobs Remote.pdf
Information Security Manager Jobs Remote.pdfInformation Security Manager Jobs Remote.pdf
Information Security Manager Jobs Remote.pdf
 
Information Security Manager Jobs Remote.pdf
Information Security Manager Jobs Remote.pdfInformation Security Manager Jobs Remote.pdf
Information Security Manager Jobs Remote.pdf
 
Certified Information Systems Security Professional
Certified Information Systems Security ProfessionalCertified Information Systems Security Professional
Certified Information Systems Security Professional
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62
 
Information Security Analyst- Infosec train
Information Security Analyst- Infosec trainInformation Security Analyst- Infosec train
Information Security Analyst- Infosec train
 
Irfan Ur Rehman
Irfan Ur RehmanIrfan Ur Rehman
Irfan Ur Rehman
 
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAEIT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
IT Security Architecture & Leadership, 24 - 27 November 2013 Dubai UAE
 
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARYCHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
CHARLES E DAVIS SailPoint PROFESSIONAL SUMMARY
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
 
CISSP Certification Training Course
CISSP Certification Training CourseCISSP Certification Training Course
CISSP Certification Training Course
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
 

More from Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Business cases internet 30 use cases

  • 1. SESSION ID:SESSION ID: #RSAC Todd Fitzgerald, CISSP, CISM, CISA, CRISC, CGEIT, CIPP/US/E/C, CIPM, PMP, ISO27001, ITILv3f One Hour Privacy Primer For Security Officers CXO-R02RF todd_fitzgerald@yahoo.com @securityfitz
  • 2. #RSAC 4. Privacy Program Design 3. Privacy Laws and Common Principles 1. Why Should Security Officers Care About Privacy? 2. The Language of Privacy Today's Agenda
  • 3. #RSAC 1. What Is The Phishing Threat Today? Why Should Security Officers Care About Privacy?
  • 4. #RSAC We Face Privacy Choices Daily
  • 5. #RSAC The CISO Job Description Job description: This position will represent the information protection program of the’ region and requires the ability to understand business issues and processes and articulate appropriate security models to protect the assets of and entrusted to. A strong understanding of information security is necessary to manage, coordinate, plan, implement and organize the information protection and security objectives of the’ region. This position is a senior technical role within our information protection and security department. A high-level of technical and security expertise is required and will be responsible for managing information security professionals. This position will play a key role in defining acceptable and appropriate security models for protecting information and enabling secure business operations. This person must be knowledgeable of current data protection best practices, standards and applicable legislation and familiar with principles and techniques of security risk analysis, disaster recovery planning and business continuity processes and must demonstrate an understanding of the management issues involved in implementing security processes and security-aware culture in a large, global corporate environment. He or she will work with a wide variety of people from different internal organizational units, and bring them together to manifest information security controls that reflect workable compromises as well as proactive responses to current and future business risks to enable ongoing operations and protection of corporate assets. RESPONSIBILITIES INCLUDE: • Manage a cost-effective information security program for the Americas region; aligned with the global information security program, business goals and objectives • Assist with RFP and Information Security responses for clients • Implementing and maintaining documentation, policies, procedures, guidelines and processes related to ISO 9000, ISO 27000, ISO 20000, European Union Safe Harbor Framework, Payment Card Industry Data Protection Standards (PCI), SAS-70, General Computer Controls and client requirements • Performing information security risk assessments • Ensuring disaster recovery and business continuity plans for information systems are documented and tested • Participate in the system development process to ensure that applications adhere to an appropriate security model and are properly tested prior to production • Ensure appropriate and adequate information security training for employees, contractors, partners and other third parties • Manage information protection support desk and assist with resolution • Manage security incident response including performing investigative follow-up, assigning responsibility for corrective action, and auditing for effective completion • Manage the change control program • Monitor the compliance and effectiveness of Americas’ region information protection program • Develop and enhance the security skills and experience of infrastructure, development, information security and operational staff to improve the security of applications, systems, procedures and processes •
  • 6. #RSAC …Continued Direct senior security personnel in order to achieve the security initiatives • Participate in the information security steering and advisory committees to address organization-wide issues involving information security matters and concerns, establish objectives and set priorities for the information security initiatives • Work closely with different departments and regions on information security issues • Consult with and advise senior management on all major information security related issues, incidents and violations • Update senior management regarding the security posture and initiative progress • Provide advice and assistance concerning the security of sensitive information and the processing of that information • Participate in security planning for future application system implementations • Stay current with industry trends relating to Information Security • Monitor changes in legislation and standards that affect information security • Monitor and review new technologies • Performs other Information Security projects / duties as needed MINIMUM QUALIFICATIONS: Transferable Skills (Competencies) • Strong communication and interpersonal skills • Strong understanding of computer networking technologies, architectures and protocols • Strong understanding of client and server technologies, architectures and systems • Strong understanding of database technologies • Strong knowledge of information security best practices, tools and techniques • Strong conceptual understanding of Information Security theory • Strong working knowledge of security architecture and recovery methods and concepts including encryption, firewalls, and VPNs • Knowledge of business, security and privacy requirements related to international standards and legislation (including ISO 9001, ISO 27001, ISO 20000, Payment Card Industry data protection standard (PCI), HIPPA, European Union Data Protection Directive, Canada’s Personal Information Protection and Electronic Documents Act, SAS-70 Type II, US state privacy legislation and Mexico’s E-Commerce Act) • Knowledge of risk analysis and security techniques • Working knowledge of BCP and DR plan requirements and testing procedures • Working knowledge of Windows XP/2000/2003, Active Directory, and IT Infrastructure security and recovery methods and concepts • Working knowledge of Web-based application security and recovery methods and concepts • Working knowledge of AS400 security and recovery methods and concepts • Working knowledge of PeopleSoft security and recovery methods and concepts • Working Knowledge of anti-virus systems, vulnerability management, and violation monitoring • Strong multi-tasking and analytical/troubleshooting skills • Knowledge of audit and control methods and concepts a plus • Knowledge of SAS-70 audit requirements a plus • Knowledge of ISO 9001 requirements a plus • Knowledge of ISO 27001 requirements a plus • Knowledge of ISO 20001 requirements a plus • Knowledge of COBIT requirements a plus • Knowledge of EU / Safe Harbor requirements a plus • Knowledge of Linux security a plus • Knowledge of VB.NET, C++, JAVA, or similar programming languages a plus • Proficient in MS-Office suite of products • Professional, team oriented Qualifications • Bachelor’s Degree (B.A., B.S.), or equivalent combination of education and experience in Information Security, Information Technology, Computer Science, Management Information Systems or similar curriculum • 7+ years of Information Technology or Information Security experience, including at least 5 years dedicated to Information Security • 2+ years of Travel Industry experience preferred • Must be a Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) preferred • Strong organizational, time management, decision making, and problem solving skills • Strong initiative and self motivated professional • Professional certifications from ISACA, (ISC)2, or SANS preferred • Experience with ISO certified systems a plus
  • 7. #RSAC Contains Many Privacy References! Job description: This position will represent the information protection program of the’ region and requires the ability to understand business issues and processes and articulate appropriate security models to protect the assets of and entrusted to. A strong understanding of information security is necessary to manage, coordinate, plan, implement and organize the information protection and security objectives of the’ region. This position is a senior technical role within our information protection and security department. A high-level of technical and security expertise is required and will be responsible for managing information security professionals. This position will play a key role in defining acceptable and appropriate security models for protecting information and enabling secure business operations. This person must be knowledgeable of current data protection best practices, standards and applicable legislation and familiar with principles and techniques of security risk analysis, disaster recovery planning and business continuity processes and must demonstrate an understanding of the management issues involved in implementing security processes and security-aware culture in a large, global corporate environment. He or she will work with a wide variety of people from different internal organizational units, and bring them together to manifest information security controls that reflect workable compromises as well as proactive responses to current and future business risks to enable ongoing operations and protection of corporate assets. RESPONSIBILITIES INCLUDE: • Manage a cost-effective information security program for the Americas region; aligned with the global information security program, business goals and objectives • Assist with RFP and Information Security responses for clients • Implementing and maintaining documentation, policies, procedures, guidelines and processes related to ISO 9000, ISO 27000, ISO 20000, European Union Safe Harbor Framework, Payment Card Industry Data Protection Standards (PCI), SAS-70, General Computer Controls and client requirements • Performing information security risk assessments • Ensuring disaster recovery and business continuity plans for information systems are documented and tested • Participate in the system development process to ensure that applications adhere to an appropriate security model and are properly tested prior to production • Ensure appropriate and adequate information security training for employees, contractors, partners and other third parties • Manage information protection support desk and assist with resolution • Manage security incident response including performing investigative follow- up, assigning responsibility for corrective action, and auditing for effective completion • Manage the change control program • Monitor the compliance and effectiveness of Americas’ region information protection program • Develop and enhance the security skills and experience of infrastructure, development, information security and operational staff to improve the security of applications, systems, procedures and processes •
  • 8. #RSAC Direct senior security personnel in order to achieve the security initiatives • Participate in the information security steering and advisory committees to address organization-wide issues involving information security matters and concerns, establish objectives and set priorities for the information security initiatives • Work closely with different departments and regions on information security issues • Consult with and advise senior management on all major information security related issues, incidents and violations • Update senior management regarding the security posture and initiative progress • Provide advice and assistance concerning the security of sensitive information and the processing of that information • Participate in security planning for future application system implementations • Stay current with industry trends relating to Information Security • Monitor changes in legislation and standards that affect information security • Monitor and review new technologies • Performs other Information Security projects / duties as needed MINIMUM QUALIFICATIONS: Transferable Skills (Competencies) • Strong communication and interpersonal skills • Strong understanding of computer networking technologies, architectures and protocols • Strong understanding of client and server technologies, architectures and systems • Strong understanding of database technologies • Strong knowledge of information security best practices, tools and techniques • Strong conceptual understanding of Information Security theory • Strong working knowledge of security architecture and recovery methods and concepts including encryption, firewalls, and VPNs • Knowledge of business, security and privacy requirements related to international standards and legislation (including ISO 9001, ISO 27001, ISO 20000, Payment Card Industry data protection standard (PCI), HIPPA, European Union Data Protection Directive, Canada’s Personal Information Protection and Electronic Documents Act, SAS-70 Type II, US state privacy legislation and Mexico’s E- Commerce Act) • Knowledge of risk analysis and security techniques • Working knowledge of BCP and DR plan requirements and testing procedures • Working knowledge of Windows XP/2000/2003, Active Directory, and IT Infrastructure security and recovery methods and concepts • Working knowledge of Web-based application security and recovery methods and concepts • Working knowledge of AS400 security and recovery methods and concepts • Working knowledge of PeopleSoft security and recovery methods and concepts • Working Knowledge of anti-virus systems, vulnerability management, and violation monitoring • Strong multi-tasking and analytical/troubleshooting skills • Knowledge of audit and control methods and concepts a plus • Knowledge of SAS-70 audit requirements a plus • Knowledge of ISO 9001 requirements a plus • Knowledge of ISO 27001 requirements a plus • Knowledge of ISO 20001 requirements a plus • Knowledge of COBIT requirements a plus • Knowledge of EU / Safe Harbor requirements a plus • Knowledge of Linux security a plus • Knowledge of VB.NET, C++, JAVA, or similar programming languages a plus • Proficient in MS-Office suite of products • Professional, team oriented Qualifications • Bachelor’s Degree (B.A., B.S.), or equivalent combination of education and experience in Information Security, Information Technology, Computer Science, Management Information Systems or similar curriculum • 7+ years of Information Technology or Information Security experience, including at least 5 years dedicated to Information Security • 2+ years of Travel Industry experience preferred • Must be a Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) preferred • Strong organizational, time management, decision making, and problem solving skills • Strong initiative and self motivated professional • Professional certifications from ISACA, (ISC)2, or SANS preferred • Experience with ISO certified systems a plus
  • 9. #RSAC The Fortune 1000 Is Investing in Privacy and Values Relationships To Information Security Source: Benchmarking Privacy Management and Investments of the Fortune 1000, IAPP 2014 Research
  • 10. #RSAC The 2018 CISO Evolution • Plan path away from operations • Refine risk management processes to business language • Widen vision to privacy, data management and compliance • Build support network • Create focus and attention of business leaders Leadership Strategic Thinking Business Knowledge Risk Management Communication Relationship Management Security Expertise Technical Expertise Source: Forrester Research: Evolve to become 2018 CISO or Face Extinction
  • 11. #RSAC The New CISO will Need to Know Privacy 1990s-2000 2000-2003 2004-2008 2008-2014 2015-20+ Non Existent Security=Logon & Password FIRST CISO 1995 Regulatory Compliance Era Must hire security officer The "Risk-oriented" CISO emerges The Threat-aware Cybersecurity, Socially- Mobile CISO The Privacy and Data-aware CISO
  • 12. #RSAC The security officer is increasingly dealing with privacy concerns beyond the 'privacy principles' Lack of global trustInconsistent application Data Governance/location Controller/Processor responsibilities Location of data Regulatory fines for privacy notice violation Retention, record correction, right to be forgotten Location tracking
  • 13. #RSAC PRIVACY IS DEAD… OR IS IT ? 13 Privacy Is Completely And Utterly Dead, And We Killed It - Forbes, 8/19/14 Privacy Is Dead, Harvard Professors Tell Davos Forum - January 22, 2015 Why Privacy Is Actually Thriving Online - Wired, May 2014 Privacy Is Dead: What You Still Can Do to Protect Yourself - Huffington Post, 08/27/15
  • 14. #RSAC © 2011 Tamara J. Erickson and Moxie Insight. U.S. Dept of Labor (Date Range 1946-64, 1965-79 Each generation approaches work differently, shaped by the economic, social and political forces of their time ultimately forming their individual preferences. Traditionalist 1928-45 Traditionalist 1946-64 Gen Y 1980-95 Gen X 1965-79 Gen Z 1996-? Privacy Concern Differs By Generation
  • 15. #RSAC The Workforce Composition Is Shifting Source: Deloitte Research/UN Population Division, It’s 2008: Do You Know Where Your Talent Is?
  • 16. #RSAC
  • 17. #RSAC 1. What Is The Phishing Threat Today? Privacy Laws and Common Principles
  • 18. #RSAC Early Privacy Laws and Regulations 18 Year Milestone 1890 "The Right to Privacy" Warren and Brandeis 1947 Article 12 of Universal Declaration of Human Rights 1966 US Freedom of Information Act 1970 Fair Credit Reporting Act 1974 US Privacy Act 1978 France Data Protection Act 1980 Organization for Economic Cooperation and Development (OECD) 1981 Council of Europe Convention on the Protection of Personal Data Warren Brandeis
  • 19. #RSAC Privacy Coverage Varies Across Countries 19 Source: Forrester Research, 2015 privacy Heat Map, Forbes 10/15/15 (relatively unchanged in 2016)
  • 20. #RSAC Laws Vary in Approach 20 Sectoral Laws (US) PIPEDA (Canada) Comprehensive (EU) Co-Regulatory (AU) Australia Federal Privacy Act (amended in 2000) China- Draft Cybersecurity Hong Kong- 1996 Personal Data Ordinance Fair Credit Reporting Act HIPAA/HITECH/State laws Gramm-Leach-Bliley Act Children's Online Privacy Protection Act (COPPA) 1974 Privacy Act /FOIA 1995 EU Data Protection Directive (2018-GDPR) e-Privacy Directive Data retention directive Article 29 working party
  • 21. #RSAC 2016 Saw Much Activity with Emerging EU/US Privacy Laws 21 General Data Protection Regulation EU/US Privacy Shield (Replace Safe Harbor) • Strong obligations for US Companies • Government access transparency • Redress • Regulation vs Directive • Reach beyond EU • Fines 4% revenue • 72 hour data breach notification May 2018 Compliance Approved In 2016 BREXIT Impact?
  • 22. #RSAC Organization for Economic Co-operation and Development (OECD) Privacy Principles 22 Collection Limitation Data Quality Purpose Specification Use Limitation Security Safeguards Openness Individual Participation Accountability OECD
  • 23. #RSAC OECD- 1. Collection Limitation Principle 23 There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
  • 24. #RSAC OECD- 2. Data Quality Principle 24 Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.
  • 25. #RSAC OECD- 3. Purpose Specification Principle 25 The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose. Why am I Getting All This SPAM Now ?
  • 26. #RSAC OECD- 4. Use Limitation Principle 26 Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: a) with the consent of the data subject; or b) by the authority of law.
  • 27. #RSAC OECD- 5. Security Safeguards Principle 27 Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data.
  • 28. #RSAC OECD- 6. Openness Principle 28 There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller. MR. CONTROLLER
  • 29. #RSAC OECD- 7. Individual Participation Principle 29 Right to obtain confirmation DATA STORED REASONABLE TIME REASONABLE MANNER, COST and FORM If denied, be provided a reason Ability to challenge denials Right to erase, rectify complete, or amend information
  • 30. #RSAC OECD- 8. Accountability Principle 30 A data controller should be accountable for complying with measures which give effect to the principles stated above.
  • 31. #RSAC 1. What Is The Phishing Threat Today? The Language of Privacy
  • 32. #RSACPrivacy Language Can Be Foreign To Business Environment… • Principles need to be communicated in business context • Companies care about the right people being able to use data when they need to. Period. • Oh, yes, and avoiding big fines and personal liability
  • 33. #RSAC EU Defines Personal Data "Personal data shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity." Sensitive Personal Data or 'special categories of personal data' are generally prohibited from processing (some exemptions). De-Identified (non-personal) data – laws generally do not apply after identifying elements removed. 33
  • 34. #RSAC Personal Information Elements Name Gender Age DOB Marital Status Citizenship Nationality Languages Spoken Veteran Status Disabled Status IP Address Demographics 34
  • 35. #RSAC Sources of Personal Information 35 Public Records • Real estate • Criminal • Varies State/National/Local level Publicly Available • Names and addresses • Newspapers • Search engines • Facebook/Twitter Nonpublic • Medical records • Financial information • Adoption Records • Company customers • Employee database
  • 36. #RSAC Sensitive Personal Information EUROPE UNITED STATES 36 • Racial or Ethic Origin • Political opinion • Religious or philosophical beliefs • Trade-union membership • Health or sex life • Offenses or criminal convictions • Social Security Number • Financial Information • Driver's License Number • Medical Records
  • 37. #RSAC Data Protection Roles 37 Data Protection Authority Data Controller Data Subject Data Processor • Enforcement • Reporting • Determines purposes • Means of processing • Processes on behalf of data controller
  • 38. #RSAC Privacy Policy and Notice Privacy Policy – Internal statement directing employees Privacy Notice- statement to data subject for collection, use, retention and disclosure of information Contracts, application forms, web pages, terms of use, Icons, signs, brochures 38 PRIVACY NOTICE • Initially, periodically • Clear and conspicuous • Accurate and complete • Readable, plain language
  • 39. #RSAC Privacy Consent • Processed unless data subject objects • Box pre-checked to accept or check box to opt-out OPT-OUT • Information processed only if data subject agrees • Active affirmation OPT-IN 39
  • 40. #RSAC OPT-IN or OPT-OUT ? A. DO YOU WANT TO RECEIVE ADDITIONAL INFORMATION?  YES  NO B.  CHECK BOX IF YOU DO NOT WANT TO RECEIVE MORE INFORMATION C. DO YOU WANT TO RECEIVE ADDITIONAL INFORMATION ?  YES  NO D. PLEASE SEND MORE INFORMATION ABOUT YOUR PRODUCTS 40
  • 41. #RSAC 1. What Is The Phishing Threat Today? Privacy Program Design
  • 42. #RSAC Privacy Information Life Cycle Collection Use Retention Disclosure 42 • Limits • Lawful and fair means • Consent • Identified purpose • Proportionate • Purposes identified in notice • Implicit or explicit consent • Retain only as long as necessary for purpose • Securely dispose, destroy, return • Rights maintained on transfer of data • New purposes subject to consent
  • 43. #RSAC Privacy By Design – 7 Principles 1. PROACTIVE PREVENTATIVE 2. PRIVACY BY DEFAULT 3. EMBEDDED IN DESIGN 4. POSITIVE-SUM NOT ZERO-SUM 5. END-TO-END LIFECYCLE PROTECTION 6. VISIBILITY TRANSPARENCY 7. RESPECT FOR USERS IT Business Practices Physical
  • 51. #RSAC Privacy Impact Assessment (PIA) 51 • Checklists to ensure systems evaluated for privacy risks • New systems • Changes to existing systems • Legal/Regulatory requirements • Policy/Practice consistency
  • 52. #RSAC 1. What Is The Phishing Threat Today? Final Thoughts
  • 53. #RSAC Data+Privacy+Security+Risk= New Focus 1990s-2000 2000-2003 2004-2008 2008-2014 2015-20+ Non Existent Security=Logon & Password FIRST CISO 1995 Regulatory Compliance Era Must hire security officer The 'Risk-oriented" CISO emerges The Threat-aware Cybersecurity, Socially- Mobile CISO The Privacy and Data-aware CISO
  • 54. #RSAC 54 Next week you should: Schedule a meet n greet with the privacy officer or legal dept. In the first three months following this presentation you should: Read the EU Data Protection Directive and any local laws Visit the International Association of Privacy Professionals (IAPP) website at www.privacyassociation.org Examine your organization's privacy policies Within six months you should: Go forward with a privacy certification Drive an assessment project (with the privacy officer) to determine where the privacy gaps are Begin educating the workforce on privacy principles through regional meetings Apply What You Have Learned Today
  • 55. #RSAC Today We Explored… 55 Why Privacy should be Important to the security officer 8 information OECD Privacy Principles Global laws impacting privacy Building a program through Privacy By Design Principles Understanding the data elements and language of privacy
  • 56. #RSAC Resources Contributed To By Presenter (Books In Amazon, B&N, ISC2, EC-Council Website, RSA Bookstore) 56 Information Security Handbook Series Since 2004 New Book Coming in 2017-18
  • 57. #RSAC Final Thoughts • Planning and advance communication of Phishing/awareness campaigns is essential • Learning must be behavioral to stick • Employees at every organization level will click • Significant reductions and follow-on willingness to learn will be achieved • Bury the once a year 1 hour training sessions…
  • 58. #RSAC I leave you with this 60 second view of your next few years figuring out where all the data is and what privacy regulations apply…
  • 59. #RSAC Thank You Very Much For Your Participation! Todd Fitzgerald, CISSP, CISM, CISA, CRISC, CGEIT, CIPP/US/E/C, CIPM, PMP, ISO27001, ITILv3f Deerfield, IL Todd_fitzgerald@yahoo.com linkedin.com/in/toddfitzgerald