SlideShare a Scribd company logo

Business: Security & Privacy

J
Jeremy Hilton

The document discusses how the way people work is changing due to ubiquitous internet access and web 2.0 technologies which support collaborative and distributed working. Virtual organizations are commonly used to enable collaborative work across disciplines like government services, healthcare, and research. The document advocates involving staff in security discussions and agreeing on controls to ensure accountability from senior management down.

1 of 63
Download to read offline
Jeremy Hilton With contributions from Pete Burnap and Anas Tawileh
  The way people work is changing – ubiquitous Internet access   Web 2.0 technology and Cloud computing is supporting/driving a collaborative, on-demand culture   Virtual Organisations are frequently used to support collaborative, distributed working   Government Services (Transformational Government)   Medical (Patient Records)   Research (e-Research)   Inter-disciplinary organisations contribute content, others have access to the content
“In relation to rights, the Government believes piracy of intellectual property for profit is theft and will be pursued as such through the criminal law.” “However, the Government also believes, and the evidence suggests, that most people, given a reasonable choice would much prefer not to do wrong or break the law…” “Personal data is the new currency of the digital world. Privacy and security of that data is an increasingly critical issue. “ 5
6
h"p://blog.stop‐idfraud.co.uk/

h"p://www.guardian.co.uk/media/blog/ 2009/oct/12/ukcrime‐id‐the?‐rising

  All organisations are unique.   Each organisation has its own culture and history.   Each organisation is inhabited (and the processes are undertaken) by its own unique group of people.   These people have their own perceptions, (interpretation), of their role.   They have their own perceptions of the relationship of their role to the organisation mission.   They have their own perceptions of the organisation mission itself.
  The range and nature of the multiple perceptions, related to the people within an organisation, are not necessarily consistent or uni-directional. (This gives rise to personal agendas, politics, and potential inter-personal conflict).   These multiple perceptions cannot be ignored in any description that tries to be relevant to a specific organisation.   Most organisations are best described as a mess.
How can you think about a Prison as a Human Activity System ?   A system to remove rights and privileges (punishment)   A system to control interaction between offenders and the community (security)   A system to instil Society’s norms and values (rehabilitation)   A system to enhance criminal activity (criminal education)
  Reality is not any one of these views.   Reality is some mixture of these views. There may be little (or no) agreement as to what this mixture is.
Ref: Anas Tawileh – PhD Thesis 2009
Business Purpose Business Objectives Problem Space Business Information Needs Processes Information Systems Solution Space Information Technology
Administration and infrastructure Support Human resource management Activities Product/technology development Value added – cost Procurement = MARGIN Inbound Operations Outbound Sales and Services logistics logistics marketing Primary Activities • Can we enhance the value added by that activity? • Is there an opportunity to reduce the cost of that activity • Or eliminate that activity? • Can we use that activity to differentiate the organisation? Porter, M. E., Competitive Advantage, The Free Press, 1985
Their Our suppliers Us Our Their retailers suppliers distributors Consumer Our competition Demand information Supply information
Requirements Support Product Info Invoice Order Product Customer Contracts Order Fulfillment Finished Sales & Mktg Forecast Goods Logistics Product Ideas Roadmap Operations Finished Goods P.O.s Components & Materials Product Finance Development Contracts Supplier Website Extranet Intranet ERP
tures Hack Critical Infrastruc ers Privacy Copyright Gove rnme nt k emar Trad Enfor Law cemen t
The Death of the Perimeter   (Banking) Business is conducted over networks –  Multitude of connection points –  Multitude of traffic types (protocols, content) –  Complication!   Traditional perimeter security doesn’t scale: –  For filtering of addresses or protocols –  For management of multiple gateways   Mobile & wireless technology (largely) ignores the perimeter control   Most large corporates have leaky perimeters   Perimeter security does nothing about data flow and residence
  Companies Act 2006   The Re-use of Public Sector Information Regulations 2005   Environmental Information Regulations 2004   Freedom of Information Act 2000   Electronic Communications Act 2000   Regulation of Investigatory Powers Act 2000   Data Protection Act 1998   Computer Misuse Act 1990   Copyright Designs and Patents Act 1988   Public Records Act 1967   Public Records Act 1958   Human Rights Act 1998   Software Licensing Regulations
As dependency grows … IT security important? http://www.berr.gov.uk/files/file45714.pdf
Controls are improving Security has changed http://www.berr.gov.uk/files/file45714.pdf
But some big exposures Most companies not doing remain enough   Confidential information is increasingly at risk, especially in large organisations http://www.berr.gov.uk/files/file45714.pdf
Private Sector % of Enterprises in UK Employment SME Large Micro SME Large
  Managers of SMEs are busy running their company, trying to survive in a very competitive environment   They rarely address anything that is not a legislative or regulatory requirement, and even then will often only comply if there is a penalty for not doing so   Will avoid spending money, and time is money, training is money   Rarely buy in expertise, staff left to help each other and ‘learn on the job’
http://www.fsb.org.uk/policy/assets/inhibiting%20enterprise%20fsb%20fraud%20&%20online%20crime%20rpt.pdf
http://www.fsb.org.uk/policy/assets/inhibiting%20enterprise%20fsb%20fraud%20&%20online%20crime%20rpt.pdf
  Not killing customers (food industry)   Cash flow   New orders/repeat business   Staffing   Legislation, Regulation   only so they can continue to trade   and directors not go to jail!   … and where does information security & privacy fit in?
“you have zero privacy, get over it” Scott McNealy 1999 http://www.wired.com/politics/law/news/1999/01/17538 Article 8 of the European Convention on Human Rights that states: Everyone has the right to respect for his private and family life, his home and his correspondence
  Process that enables organisations to   anticipate and address likely impacts of new initiatives   Foresee problems   Negotiate solutions   Manage risks   Design systems to avoid unnecessary privacy intrusion
  Requirement by law   Requirement of government organisational policy   Appreciation that project has significant implications that should be subject of investigation   Existing public concerns
ASSETS THREATS VULNERABILITIES RISKS ANALYSIS COUNTERMEASURES MANAGEMENT
Security Standards - Cobit, ISO 27001
  #2 Define the information architecture
and
much
more..

  When developing policy(rules), it is critical to consider if and how they can be implemented.   For example, if the policy is that:   employees who breach a security rule, say, disclose information to someone unauthorised to see it, then they will be fired
  People generally do what they want to do, even at work.   Hopefully this aligns with the organisation’s needs   incentivising ; or   applying suitable sanctions.   May achieve short term benefit, but the change is short-lived unless   fundamental change is achieved   staff have a belief in the desired result
  Staff need to be involved, trained and supported.   Tools will be required in order to enable the desired controls on information and analysis/audit of use   Accountability and responsibility of staff must be clearly defined and agreed. Tell me and I’ll forget Show me and I’ll remember Involve me and I’ll understand Old Chinese saying
Adapting the creative commons approach for information classification and control
•  A set of licenses that are flexible enough to let you add as much or as little restrictions on you work as you like •  Expressed in 3 different formats: •  Lawyer-readable •  Human-readable •  Machine-readable •  www.creativecommons.org
  A set of classifications that are flexible enough to enable to define and communicate the controls to be applied to your information   May be combined with creative commons licenses   Expressed in 3 different formats:   Security Officer-readable   Human-readable   Machine readable
  Use   Confidentiality RA – Restricted Access PI – Personal Information OO – Organisation Only ND – Non-Disclosure CA – Community Access CG – Corporate Governance OA – Open Access SD – Safe Disposal CU – Controlled Until   Integrity AD – Approved for Disclosure BY – Attribution cc   Authentication AB – Authorised By ND – Non-Derivatives cc
Restricted Access   The information is restricted to the nominated recipients   The owner of the information will nominate the authorised recipients   The owner may delegate responsibility for nominating authorised recipients
Personal Information   The information contains personal information and consideration must be made before sharing the information   This classification is likely to be used in conjunction with other labels such as cc
Avon & Somerset Criminal Justice Board - PRIMADS 57
  Multi-Agency environment   Police   Courts Service   Probation Service   Lawyers   Social Services   Health, etc   Offender management   Privacy issues in data shared during arrest, prosecution and detention   Release under licence 58
  Changing individuals’ behaviour such that:   the need for safe handling of information is understood & accepted; and   controls agreed and applied   Because the individuals choose to, not because they are told to. 59
60
61
  ASCJS workshops confirmed the usefulness of the scenario-based risk assessment and icon-based approach for communicating controls   Identified a number of additional benefits that contributed to an increased understanding of the distributed community and the need for controls   In addition, they expressed an interest in the ability to implement a technical solution to provide fine-grained assess to data-sharing in a collaborative, distributed environment 62
  Know your staff   Ensure all understand the business and the part they play in it’s success   Be aware of your obligations   Discuss the issues and how they impact on the critical parts of your business   Involve staff   Agree controls, ensure accountability from top to bottom

Recommended

Enabling the digital economy: Postal services 2020
Enabling the digital economy: Postal services 2020Enabling the digital economy: Postal services 2020
Enabling the digital economy: Postal services 2020
angelic961
 
Simplified Business Event Processing
Simplified Business Event ProcessingSimplified Business Event Processing
Simplified Business Event Processing
Nigel Green
 
Manthan
Manthan Manthan
Manthan
Hiren Doshi
 
Supplier Collaboration - Doing it the right way
Supplier Collaboration - Doing it the right waySupplier Collaboration - Doing it the right way
Supplier Collaboration - Doing it the right way
Manthan
 
Patrick McLean: Verizon Interactive: A Case Study for Marketing Transformation
Patrick McLean: Verizon Interactive: A Case Study for Marketing TransformationPatrick McLean: Verizon Interactive: A Case Study for Marketing Transformation
Patrick McLean: Verizon Interactive: A Case Study for Marketing Transformation
[x+1]
 
Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...
Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...
Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...
eyefortransport
 
Big data skills can boost it salaries by 20%, contract rates by 35% compute...
Big data skills can boost it salaries by 20%, contract rates by 35% compute...Big data skills can boost it salaries by 20%, contract rates by 35% compute...
Big data skills can boost it salaries by 20%, contract rates by 35% compute...
Ness SES
 
Westfield Shopper Data
Westfield Shopper DataWestfield Shopper Data
Westfield Shopper Data
Datalicious
 

Recommended

Enabling the digital economy: Postal services 2020
Enabling the digital economy: Postal services 2020Enabling the digital economy: Postal services 2020
Enabling the digital economy: Postal services 2020
angelic961
 
Simplified Business Event Processing
Simplified Business Event ProcessingSimplified Business Event Processing
Simplified Business Event Processing
Nigel Green
 
Manthan
Manthan Manthan
Manthan
Hiren Doshi
 
Supplier Collaboration - Doing it the right way
Supplier Collaboration - Doing it the right waySupplier Collaboration - Doing it the right way
Supplier Collaboration - Doing it the right way
Manthan
 
Patrick McLean: Verizon Interactive: A Case Study for Marketing Transformation
Patrick McLean: Verizon Interactive: A Case Study for Marketing TransformationPatrick McLean: Verizon Interactive: A Case Study for Marketing Transformation
Patrick McLean: Verizon Interactive: A Case Study for Marketing Transformation
[x+1]
 
Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...
Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...
Keith Bradley from Ingram Micro Logistics; ‘Globalize the Supply Chain: Estab...
eyefortransport
 
Big data skills can boost it salaries by 20%, contract rates by 35% compute...
Big data skills can boost it salaries by 20%, contract rates by 35% compute...Big data skills can boost it salaries by 20%, contract rates by 35% compute...
Big data skills can boost it salaries by 20%, contract rates by 35% compute...
Ness SES
 
Westfield Shopper Data
Westfield Shopper DataWestfield Shopper Data
Westfield Shopper Data
Datalicious
 
What Can Bond Do For Your Company
What Can Bond Do For Your CompanyWhat Can Bond Do For Your Company
What Can Bond Do For Your Company
birney.james
 
Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012
MMMTechLaw
 
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain KnowledgeFinding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
EmPower Research, a Genpact company
 
Financial Technology July Market Analysis
Financial Technology July Market AnalysisFinancial Technology July Market Analysis
Financial Technology July Market Analysis
MMMTechLaw
 
E12 Sox And Identity Management
E12 Sox And Identity ManagementE12 Sox And Identity Management
E12 Sox And Identity Management
Alexandre Luna
 
Coutinho IIex sp2013
Coutinho IIex sp2013Coutinho IIex sp2013
Coutinho IIex sp2013
Marcelo Coutinho Lima
 
Tackling big data with hadoop and open source integration
Tackling big data with hadoop and open source integrationTackling big data with hadoop and open source integration
Tackling big data with hadoop and open source integration
DataWorks Summit
 
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Dmitry Tseitlin
 
Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
Enterprise Security Risk Management
 
Extreme Buyers + Extreme Governance + Extreme Engagement
Extreme Buyers + Extreme Governance + Extreme EngagementExtreme Buyers + Extreme Governance + Extreme Engagement
Extreme Buyers + Extreme Governance + Extreme Engagement
John Mancini
 
How information gives you competitive advantage
How information gives you competitive advantageHow information gives you competitive advantage
How information gives you competitive advantage
Sandeep Gunjan
 
Top things to consider when building your outsourcing strategy
Top things to consider when building your outsourcing strategyTop things to consider when building your outsourcing strategy
Top things to consider when building your outsourcing strategy
raulzamorano
 
What is an information professional?
What is an information professional?What is an information professional?
What is an information professional?
John Mancini
 
E commerce fundamentals-01mar06
E commerce fundamentals-01mar06E commerce fundamentals-01mar06
E commerce fundamentals-01mar06
Mavic Pineda
 
Noronesc
NoronescNoronesc
Noronesc
miguelnoronha
 
Plugin ch12edited-ok
Plugin ch12edited-okPlugin ch12edited-ok
Plugin ch12edited-ok
donasiilmu
 
Plugin ch12edited-ok
Plugin ch12edited-okPlugin ch12edited-ok
Plugin ch12edited-ok
donasiilmu
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise IT
John Mancini
 
Privacy lecture 8 resources
Privacy lecture 8 resourcesPrivacy lecture 8 resources
Privacy lecture 8 resources
Stanford University
 
Privacy lecture 7 partners
Privacy lecture 7 partnersPrivacy lecture 7 partners
Privacy lecture 7 partners
Stanford University
 
Frank oracle strategy v2.3 fb.ppt [compatibility m
Frank oracle strategy v2.3 fb.ppt [compatibility mFrank oracle strategy v2.3 fb.ppt [compatibility m
Frank oracle strategy v2.3 fb.ppt [compatibility m
Oracle Hrvatska
 
Greenplum hadoop
Greenplum hadoopGreenplum hadoop
Greenplum hadoop
Chiou-Nan Chen
 

More Related Content

What's hot

What Can Bond Do For Your Company
What Can Bond Do For Your CompanyWhat Can Bond Do For Your Company
What Can Bond Do For Your Company
birney.james
 
Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012
MMMTechLaw
 
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain KnowledgeFinding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
EmPower Research, a Genpact company
 
Financial Technology July Market Analysis
Financial Technology July Market AnalysisFinancial Technology July Market Analysis
Financial Technology July Market Analysis
MMMTechLaw
 
E12 Sox And Identity Management
E12 Sox And Identity ManagementE12 Sox And Identity Management
E12 Sox And Identity Management
Alexandre Luna
 
Coutinho IIex sp2013
Coutinho IIex sp2013Coutinho IIex sp2013
Coutinho IIex sp2013
Marcelo Coutinho Lima
 
Tackling big data with hadoop and open source integration
Tackling big data with hadoop and open source integrationTackling big data with hadoop and open source integration
Tackling big data with hadoop and open source integration
DataWorks Summit
 
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Dmitry Tseitlin
 

What's hot (8)

What Can Bond Do For Your Company
What Can Bond Do For Your CompanyWhat Can Bond Do For Your Company
What Can Bond Do For Your Company
 
Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012Financial Technology Market Analysis - March 2012
Financial Technology Market Analysis - March 2012
 
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain KnowledgeFinding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
Finding the “Sweet Spot”: Big Data, Smart Technology, and Domain Knowledge
 
Financial Technology July Market Analysis
Financial Technology July Market AnalysisFinancial Technology July Market Analysis
Financial Technology July Market Analysis
 
E12 Sox And Identity Management
E12 Sox And Identity ManagementE12 Sox And Identity Management
E12 Sox And Identity Management
 
Coutinho IIex sp2013
Coutinho IIex sp2013Coutinho IIex sp2013
Coutinho IIex sp2013
 
Tackling big data with hadoop and open source integration
Tackling big data with hadoop and open source integrationTackling big data with hadoop and open source integration
Tackling big data with hadoop and open source integration
 
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
Строим сообщество ( или общество единомышленников ) в Интернете . Web -2 нам ...
 

Similar to Business: Security & Privacy

Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
Enterprise Security Risk Management
 
Extreme Buyers + Extreme Governance + Extreme Engagement
Extreme Buyers + Extreme Governance + Extreme EngagementExtreme Buyers + Extreme Governance + Extreme Engagement
Extreme Buyers + Extreme Governance + Extreme Engagement
John Mancini
 
How information gives you competitive advantage
How information gives you competitive advantageHow information gives you competitive advantage
How information gives you competitive advantage
Sandeep Gunjan
 
Top things to consider when building your outsourcing strategy
Top things to consider when building your outsourcing strategyTop things to consider when building your outsourcing strategy
Top things to consider when building your outsourcing strategy
raulzamorano
 
What is an information professional?
What is an information professional?What is an information professional?
What is an information professional?
John Mancini
 
E commerce fundamentals-01mar06
E commerce fundamentals-01mar06E commerce fundamentals-01mar06
E commerce fundamentals-01mar06
Mavic Pineda
 
Noronesc
NoronescNoronesc
Noronesc
miguelnoronha
 
Plugin ch12edited-ok
Plugin ch12edited-okPlugin ch12edited-ok
Plugin ch12edited-ok
donasiilmu
 
Plugin ch12edited-ok
Plugin ch12edited-okPlugin ch12edited-ok
Plugin ch12edited-ok
donasiilmu
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise IT
John Mancini
 
Privacy lecture 8 resources
Privacy lecture 8 resourcesPrivacy lecture 8 resources
Privacy lecture 8 resources
Stanford University
 
Privacy lecture 7 partners
Privacy lecture 7 partnersPrivacy lecture 7 partners
Privacy lecture 7 partners
Stanford University
 
Frank oracle strategy v2.3 fb.ppt [compatibility m
Frank oracle strategy v2.3 fb.ppt [compatibility mFrank oracle strategy v2.3 fb.ppt [compatibility m
Frank oracle strategy v2.3 fb.ppt [compatibility m
Oracle Hrvatska
 
Greenplum hadoop
Greenplum hadoopGreenplum hadoop
Greenplum hadoop
Chiou-Nan Chen
 
Greenplum hadoop
Greenplum hadoopGreenplum hadoop
Greenplum hadoop
Chiou-Nan Chen
 
PowerPoint presentation
PowerPoint presentationPowerPoint presentation
PowerPoint presentation
webhostingguy
 
Bundling article 2010
Bundling article 2010Bundling article 2010
Bundling article 2010
Fernando Torres MSc
 
Information Governance
Information GovernanceInformation Governance
Information Governance
Atle Skjekkeland
 
Big Data Analytics
Big Data AnalyticsBig Data Analytics
Big Data Analytics
EMC
 
Information Management on Mobile Steroids
Information Management on Mobile SteroidsInformation Management on Mobile Steroids
Information Management on Mobile Steroids
John Mancini
 

Similar to Business: Security & Privacy (20)

Developing a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sourcesDeveloping a corporate intelligence strategy from online sources
Developing a corporate intelligence strategy from online sources
 
Extreme Buyers + Extreme Governance + Extreme Engagement
Extreme Buyers + Extreme Governance + Extreme EngagementExtreme Buyers + Extreme Governance + Extreme Engagement
Extreme Buyers + Extreme Governance + Extreme Engagement
 
How information gives you competitive advantage
How information gives you competitive advantageHow information gives you competitive advantage
How information gives you competitive advantage
 
Top things to consider when building your outsourcing strategy
Top things to consider when building your outsourcing strategyTop things to consider when building your outsourcing strategy
Top things to consider when building your outsourcing strategy
 
What is an information professional?
What is an information professional?What is an information professional?
What is an information professional?
 
E commerce fundamentals-01mar06
E commerce fundamentals-01mar06E commerce fundamentals-01mar06
E commerce fundamentals-01mar06
 
Noronesc
NoronescNoronesc
Noronesc
 
Plugin ch12edited-ok
Plugin ch12edited-okPlugin ch12edited-ok
Plugin ch12edited-ok
 
Plugin ch12edited-ok
Plugin ch12edited-okPlugin ch12edited-ok
Plugin ch12edited-ok
 
Wake up, Enterprise IT
Wake up, Enterprise ITWake up, Enterprise IT
Wake up, Enterprise IT
 
Privacy lecture 8 resources
Privacy lecture 8 resourcesPrivacy lecture 8 resources
Privacy lecture 8 resources
 
Privacy lecture 7 partners
Privacy lecture 7 partnersPrivacy lecture 7 partners
Privacy lecture 7 partners
 
Frank oracle strategy v2.3 fb.ppt [compatibility m
Frank oracle strategy v2.3 fb.ppt [compatibility mFrank oracle strategy v2.3 fb.ppt [compatibility m
Frank oracle strategy v2.3 fb.ppt [compatibility m
 
Greenplum hadoop
Greenplum hadoopGreenplum hadoop
Greenplum hadoop
 
Greenplum hadoop
Greenplum hadoopGreenplum hadoop
Greenplum hadoop
 
PowerPoint presentation
PowerPoint presentationPowerPoint presentation
PowerPoint presentation
 
Bundling article 2010
Bundling article 2010Bundling article 2010
Bundling article 2010
 
Information Governance
Information GovernanceInformation Governance
Information Governance
 
Big Data Analytics
Big Data AnalyticsBig Data Analytics
Big Data Analytics
 
Information Management on Mobile Steroids
Information Management on Mobile SteroidsInformation Management on Mobile Steroids
Information Management on Mobile Steroids
 

Recently uploaded

How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
MJ Global
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
Corey Perlman, Social Media Speaker and Consultant
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
thesiliconleaders
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
46adnanshahzad
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
Aggregage
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
Alexandra Fulford
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
FelixPerez547899
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
Christian Dahlen
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
my Pandit
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
Top Forex Brokers Review
 
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & InnovationInnovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Operational Excellence Consulting
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Kalyan Satta Matka Guessing Matka Result Main Bazar chart
 

Recently uploaded (20)

How MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdfHow MJ Global Leads the Packaging Industry.pdf
How MJ Global Leads the Packaging Industry.pdf
 
Authentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto RicoAuthentically Social by Corey Perlman - EO Puerto Rico
Authentically Social by Corey Perlman - EO Puerto Rico
 
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfThe 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdf
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
 
Understanding User Needs and Satisfying Them
Understanding User Needs and Satisfying ThemUnderstanding User Needs and Satisfying Them
Understanding User Needs and Satisfying Them
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
Business storytelling: key ingredients to a story
Business storytelling: key ingredients to a storyBusiness storytelling: key ingredients to a story
Business storytelling: key ingredients to a story
 
Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024Company Valuation webinar series - Tuesday, 4 June 2024
Company Valuation webinar series - Tuesday, 4 June 2024
 
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta MatkaDpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
Dpboss Matka Guessing Satta Matta Matka Kalyan Chart Satta Matka
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
Industrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and CreationIndustrial Tech SW: Category Renewal and Creation
Industrial Tech SW: Category Renewal and Creation
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your TasteZodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Taste
 
Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024Best Forex Brokers Comparison in INDIA 2024
Best Forex Brokers Comparison in INDIA 2024
 
Innovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & InnovationInnovation Management Frameworks: Your Guide to Creativity & Innovation
Innovation Management Frameworks: Your Guide to Creativity & Innovation
 
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Fin...
 

Business: Security & Privacy

  • 1. Jeremy Hilton With contributions from Pete Burnap and Anas Tawileh
  • 2.
  • 3.
  • 4.   The way people work is changing – ubiquitous Internet access   Web 2.0 technology and Cloud computing is supporting/driving a collaborative, on-demand culture   Virtual Organisations are frequently used to support collaborative, distributed working   Government Services (Transformational Government)   Medical (Patient Records)   Research (e-Research)   Inter-disciplinary organisations contribute content, others have access to the content
  • 5. “In relation to rights, the Government believes piracy of intellectual property for profit is theft and will be pursued as such through the criminal law.” “However, the Government also believes, and the evidence suggests, that most people, given a reasonable choice would much prefer not to do wrong or break the law…” “Personal data is the new currency of the digital world. Privacy and security of that data is an increasingly critical issue. “ 5
  • 6. 6
  • 7.
  • 10.   All organisations are unique.   Each organisation has its own culture and history.   Each organisation is inhabited (and the processes are undertaken) by its own unique group of people.   These people have their own perceptions, (interpretation), of their role.   They have their own perceptions of the relationship of their role to the organisation mission.   They have their own perceptions of the organisation mission itself.
  • 11.   The range and nature of the multiple perceptions, related to the people within an organisation, are not necessarily consistent or uni-directional. (This gives rise to personal agendas, politics, and potential inter-personal conflict).   These multiple perceptions cannot be ignored in any description that tries to be relevant to a specific organisation.   Most organisations are best described as a mess.
  • 12. How can you think about a Prison as a Human Activity System ?   A system to remove rights and privileges (punishment)   A system to control interaction between offenders and the community (security)   A system to instil Society’s norms and values (rehabilitation)   A system to enhance criminal activity (criminal education)
  • 13.   Reality is not any one of these views.   Reality is some mixture of these views. There may be little (or no) agreement as to what this mixture is.
  • 14.
  • 15. Ref: Anas Tawileh – PhD Thesis 2009
  • 16. Business Purpose Business Objectives Problem Space Business Information Needs Processes Information Systems Solution Space Information Technology
  • 17. Administration and infrastructure Support Human resource management Activities Product/technology development Value added – cost Procurement = MARGIN Inbound Operations Outbound Sales and Services logistics logistics marketing Primary Activities • Can we enhance the value added by that activity? • Is there an opportunity to reduce the cost of that activity • Or eliminate that activity? • Can we use that activity to differentiate the organisation? Porter, M. E., Competitive Advantage, The Free Press, 1985
  • 18. Their Our suppliers Us Our Their retailers suppliers distributors Consumer Our competition Demand information Supply information
  • 19. Requirements Support Product Info Invoice Order Product Customer Contracts Order Fulfillment Finished Sales & Mktg Forecast Goods Logistics Product Ideas Roadmap Operations Finished Goods P.O.s Components & Materials Product Finance Development Contracts Supplier Website Extranet Intranet ERP
  • 20. tures Hack Critical Infrastruc ers Privacy Copyright Gove rnme nt k emar Trad Enfor Law cemen t
  • 21. The Death of the Perimeter   (Banking) Business is conducted over networks –  Multitude of connection points –  Multitude of traffic types (protocols, content) –  Complication!   Traditional perimeter security doesn’t scale: –  For filtering of addresses or protocols –  For management of multiple gateways   Mobile & wireless technology (largely) ignores the perimeter control   Most large corporates have leaky perimeters   Perimeter security does nothing about data flow and residence
  • 22.   Companies Act 2006   The Re-use of Public Sector Information Regulations 2005   Environmental Information Regulations 2004   Freedom of Information Act 2000   Electronic Communications Act 2000   Regulation of Investigatory Powers Act 2000   Data Protection Act 1998   Computer Misuse Act 1990   Copyright Designs and Patents Act 1988   Public Records Act 1967   Public Records Act 1958   Human Rights Act 1998   Software Licensing Regulations
  • 23. As dependency grows … IT security important? http://www.berr.gov.uk/files/file45714.pdf
  • 24. Controls are improving Security has changed http://www.berr.gov.uk/files/file45714.pdf
  • 25. But some big exposures Most companies not doing remain enough   Confidential information is increasingly at risk, especially in large organisations http://www.berr.gov.uk/files/file45714.pdf
  • 26.
  • 27. Private Sector % of Enterprises in UK Employment SME Large Micro SME Large
  • 28.   Managers of SMEs are busy running their company, trying to survive in a very competitive environment   They rarely address anything that is not a legislative or regulatory requirement, and even then will often only comply if there is a penalty for not doing so   Will avoid spending money, and time is money, training is money   Rarely buy in expertise, staff left to help each other and ‘learn on the job’
  • 31.
  • 32.   Not killing customers (food industry)   Cash flow   New orders/repeat business   Staffing   Legislation, Regulation   only so they can continue to trade   and directors not go to jail!   … and where does information security & privacy fit in?
  • 33.
  • 34. “you have zero privacy, get over it” Scott McNealy 1999 http://www.wired.com/politics/law/news/1999/01/17538 Article 8 of the European Convention on Human Rights that states: Everyone has the right to respect for his private and family life, his home and his correspondence
  • 35.   Process that enables organisations to   anticipate and address likely impacts of new initiatives   Foresee problems   Negotiate solutions   Manage risks   Design systems to avoid unnecessary privacy intrusion
  • 36.   Requirement by law   Requirement of government organisational policy   Appreciation that project has significant implications that should be subject of investigation   Existing public concerns
  • 37. ASSETS THREATS VULNERABILITIES RISKS ANALYSIS COUNTERMEASURES MANAGEMENT
  • 38.
  • 39. Security Standards - Cobit, ISO 27001
  • 40.   #2 Define the information architecture
  • 41.
  • 42.
  • 43.
  • 45.   When developing policy(rules), it is critical to consider if and how they can be implemented.   For example, if the policy is that:   employees who breach a security rule, say, disclose information to someone unauthorised to see it, then they will be fired
  • 46.   People generally do what they want to do, even at work.   Hopefully this aligns with the organisation’s needs   incentivising ; or   applying suitable sanctions.   May achieve short term benefit, but the change is short-lived unless   fundamental change is achieved   staff have a belief in the desired result
  • 47.
  • 48.   Staff need to be involved, trained and supported.   Tools will be required in order to enable the desired controls on information and analysis/audit of use   Accountability and responsibility of staff must be clearly defined and agreed. Tell me and I’ll forget Show me and I’ll remember Involve me and I’ll understand Old Chinese saying
  • 49. Adapting the creative commons approach for information classification and control
  • 50.
  • 51.
  • 52. •  A set of licenses that are flexible enough to let you add as much or as little restrictions on you work as you like •  Expressed in 3 different formats: •  Lawyer-readable •  Human-readable •  Machine-readable •  www.creativecommons.org
  • 53.   A set of classifications that are flexible enough to enable to define and communicate the controls to be applied to your information   May be combined with creative commons licenses   Expressed in 3 different formats:   Security Officer-readable   Human-readable   Machine readable
  • 54.   Use   Confidentiality RA – Restricted Access PI – Personal Information OO – Organisation Only ND – Non-Disclosure CA – Community Access CG – Corporate Governance OA – Open Access SD – Safe Disposal CU – Controlled Until   Integrity AD – Approved for Disclosure BY – Attribution cc   Authentication AB – Authorised By ND – Non-Derivatives cc
  • 55. Restricted Access   The information is restricted to the nominated recipients   The owner of the information will nominate the authorised recipients   The owner may delegate responsibility for nominating authorised recipients
  • 56. Personal Information   The information contains personal information and consideration must be made before sharing the information   This classification is likely to be used in conjunction with other labels such as cc
  • 57. Avon & Somerset Criminal Justice Board - PRIMADS 57
  • 58.   Multi-Agency environment   Police   Courts Service   Probation Service   Lawyers   Social Services   Health, etc   Offender management   Privacy issues in data shared during arrest, prosecution and detention   Release under licence 58
  • 59.   Changing individuals’ behaviour such that:   the need for safe handling of information is understood & accepted; and   controls agreed and applied   Because the individuals choose to, not because they are told to. 59
  • 60. 60
  • 61. 61
  • 62.   ASCJS workshops confirmed the usefulness of the scenario-based risk assessment and icon-based approach for communicating controls   Identified a number of additional benefits that contributed to an increased understanding of the distributed community and the need for controls   In addition, they expressed an interest in the ability to implement a technical solution to provide fine-grained assess to data-sharing in a collaborative, distributed environment 62
  • 63.   Know your staff   Ensure all understand the business and the part they play in it’s success   Be aware of your obligations   Discuss the issues and how they impact on the critical parts of your business   Involve staff   Agree controls, ensure accountability from top to bottom