SlideShare a Scribd company logo
Data Protection &
Privacy During the
Coronavirus Pandemic
mashviral
Ulf Mattsson
www.TokenEx.com
Data Protection &
Privacy During the
Coronavirus Pandemic
mashviral
Please submit your questions
during our session!
1. Head of Innovation at TokenEx
2. Chief Technology Officer at
• Protegrity
• Atlantic BT
• Compliance Engineering
3. Architect & Developer at IBM Research and Development
4. Inventor of more than 70 awarded US Patents
5. Products and Services
• Data Encryption, Tokenization, and Data Discovery,
• Security and Privacy Benchmarking/Gap-analysis for Financial Industry
• Managed Security Services, and Security Operation Centers
• Cloud Application Security Brokers, and Web Application Firewalls,
• Robotics and Applications in Manufacturing,
Ulf Mattsson
3
Data from different sources:
WHO, CDC, NHC, earlyAlert
and more
https://www.arcgis.com/apps/webappviewer3d/index.html?id=d9d3f8fa9a23425c8f0889baab626186
Global Risk Perception
Source:
ISSA
Source:
ISSA
Evolution
of Cyber
Attacks
Source:
The US FEDERAL TRADE
COMMISSION
(FTC) , 2019
Credit card fraud tops
the list of identity theft
reports in 2018
• FTC received nearly three
million complaints from
consumers in 2018
• The FTC received more than
167,000 reports from people
who said their information
was misused on an existing
account or to open a new
credit card account
Mass move to work from
home in coronavirus crisis
creates opening for hackers:
cyber experts
https://www.reuters.com/article/
us-health-coronavirus-cyber/
mass-move-to-work-from-home-
in-coronavirus-crisis-creates-opening-
for-hackers-cyber-experts-idUSKBN2153YC
Passwords
Masquerading
Update VPN
New Windows 10 bug hits home working: Outlook, Office 365,
Teams can't access internet
https://www.zdnet.com/article/new-windows-10-bug-hits-home-working-outlook-o365-teams-cant-access-internet/?ftag=TRE-03-
10aaa6b&bhid=29092732071845353741741261859287
FBI: Cybercrime Gang Mailing 'BadUSB' Devices to Targets
Malicious USB Devices Accompanied by Fake Gift Cards to Entice Would-Be Victims
https://www.databreachtoday.com/fbi-cybercrime-gang-mailing-badusb-devices-to-targets-a-14029?rf=2020-03-
31_ENEWS_SUB_DBT__Slot1_ART14029&mkt_tok=eyJpIjoiT1RBd1ltRXpaamsxTmpFMCIsInQiOiJQYnh5YWtpVVZqNThvb0RldkszS1F6dFExUXBLS1wva1RmTmhrVkdhckIrSWdYV2dTeFVBNDZcL3FPTFBxM
El5NXRGZExmV29KaEJhbGsyMFJDXC8ycDZlR3dOeHdpN1V6WjNEUlRkWmE3Y09NMXd6RXNPNGVaZkhtWDNaNmluVlN2NzlOVEJOQUZYWmFxaXdSMENJVkxcLzNBPT0ifQ%3D%3D
Email Fraudsters Take Advantage Of Coronavirus Opportunity
https://www.pymnts.com/news/b2b-payments/2020/email-fraud-coronavirus-data-digest/ , Mar 2020
Officials are warning of a rise in phishing attacks, while retailers have also been warned about fraud risks,
with Amazon recently removing 1 million products for allegedly making fraudulent claims, recent Forbes
reports said.
“Another side effect of the Coronavirus is increased teleworking, which furthers the reliance on email for
communication adding yet another multiplier to these email fraud schemes,” the U.S. Secret Service
Department of Homeland Security wrote in a warning published earlier this month.
$2.1 billion in losses were reported to the FBI as a result of hackers targeting Microsoft Office 365 and
Google G suite in a slew of business email compromise attacks, Bleeping Computer reported earlier this
month.
The attacks that target workforce platforms reflects fraudsters’ shift to cloud email services as businesses
themselves migrate away from on-premise email systems, the publication noted, with the FBI warning that
fraudsters are infiltrating these email portals to better mimic legitimate employees to conduct their scams.
Trust only original/known links/sources!
Coronavirus: Warning over surge in Zoom security incidents
Check Point researchers have observed a surge in suspicious Zoom domains as cyber criminals target
popular remote working and collaboration tools
https://www.computerweekly.com/news/252480806/Coronavirus-Warning-over-surge-in-Zoom-security-
incidents?asrc=EM_EDA_125549257&utm_medium=EM&utm_source=EDA&utm_campaign=20200331_Coronavirus:%20Warning%20over%20surge%20in%20Zoom%20s
ecurity%20incidents
70 have now been identified as fake sites, which are impersonating genuine Zoom domains with the intention of
capturing and stealing personal information.
The numbers reinforce a trend for cyber criminals to take advantage of home working via Zoom, which is used by
over 60% of the Fortune 500, and has been downloaded more than 50 million times from the Google Play app
store.
“We have seen a sharp rise in the number of Zoom domains being registered, especially in the last week,” said
Omer Dembinsky, manager of cyber research at Check Point.
“This increase means that hackers have taken notice of the work-from-home paradigm shift that Covid-19 has
forced, and are seeing it as an opportunity to deceive, lure and exploit people.
“Each time you get a Zoom link or document messaged or forwarded to you, we recommend double-
checking to make sure it’s not a trap.”
China Suspected In Surge Of US Cyberattacks
https://www.pymnts.com/news/security-and-risk/2020/china-suspected-in-surge-of-us-
cyberattacks/
Cyberspying
13
Working in a coronavirus world:
Strategies and tools for staying productive
https://www.zdnet.com/article/effective-strategies
-and-tools-for-remote-work-during-coronavirus//
We tend to prefer the choice that ticks all the technical boxes
and/or is the most trusted/cost-effective.
However, if you want your investment in remote work to pay
off, pay special attention to whether the average worker will
be easily able to use your solution, as tools for digital access
span the range of complexity and user experience.
Whenever possible, put a strong emphasis on tools that are
simple, straightforward, and "just work."
The risk in not doing so is that your support costs for remote
work will simply be higher, with less to show for it in terms of
preserving productivity, as workers spend more of their time
getting the solution to work.
14
Coronavirus: How one team switched 4,000 staff to remote
working in just a week
https://www.zdnet.com/article/coronavirus-how-one-team-switched-4000-staff-to-remote-working-in-just-a-week/
Delivering laptops
15
Example:
Separate laptops for
Work vs Private
(Working from home
for several years)
https://finance.yahoo.com/news/amid-coronavirus-
walmart-says-its-seeing-increased-sales-of-tops-but-
not-bottoms-202959379.html , The Independent
Amid coronavirus, Walmart says it's seeing increased sales of tops
— but not bottoms
Authentication and
Passwords
Business Data
VPN tunnel
performanceInternet access
Working in a coronavirus world:
Strategies and tools for
staying productive
https://www.zdnet.com/article/effective-strategies
-and-tools-for-remote-work-during-coronavirus//
Remote worker
Enterprise
1
7
2
3
Microsoft Teams,
Zoom
5
17
Tele-health 4
eLearning 6
Mobile and Desktop Operating Systems Market Share
18
Windows
•In April 2019, Windows had a desktop market share of 79.24%.
(Source: StatCounter)
•Windows 10 had a desktop/laptop market share of 39.22%. This established it as the most
popular operating system on the market.
(Source: The Inquirer)
•Windows 7 was used by 33.38%.
(Source: StatCounter)
•6.05% of users relied on Windows 8.1.
(Source: StatCounter)
•2.2% of people used Windows 8.
(Source: StatCounter)
•5.26% of Windows PCs still ran on Windows XP.
(Source: WIRED)
•Microsoft’s revenue for 2018 was $110.36 billion. That is a 14.28% increase since 2017.
(Source: Macrotrends)
•Microsoft’s revenue for Q1 of 2019 was $30.571 billion.
(Source: Macrotrends)
Mac
•OS X reached a 14.64% desktop market share during the period of April 2018 – April 2019.
(Source: StatCounter)
•MacOS reached 9.65% of the desktop/laptop OS market share in February 2019.
(Source: AppleWorld)
https://hostingtribunal.com/blog/operating-systems-market-share/#gref
Upgrade to
Windows 10 !
Keep Updated /
patch
Malwarebytes:
https://app.hushly.com/runtime/content/XLSqVyFETZ8kY0TX
*: https://www.csoonline.com/article/3353416/what-is-mimikatz-and-
how-to-defend-against-this-password-stealing-tool.html
1. Enable BitLocker. ...
2. Use a "local" login account. ...
3. Enable Controlled Folder Access. ...
4. Turn on Windows Hello. ...
5. Enable Windows Defender. ...
6. Don't use the admin account. ...
7. Keep Windows 10 updated automatically. ...
8. Backup.
Source: Forbes
How To Secure
Microsoft
Windows 10
There’s been an increasing move over the last two years
to organizations over consumers.
Overall consumer threat detections are down by 2
percent from 2018, but business detections increased by
13 percent in 2019. This resulted in a mere 1 percent
increase in threat volume year-over-year.
The sophistication of threat capabilities in 2019
increased, with many using exploits, credentialstealing
tools, and multi-stage attacks involving mass infections of
a target.
While seven of 10 top consumer threat categories
decreased in volume, HackTools—a threat category for
tools used to hack into systems and computers—
increased against consumers by 42 percent year-over-
year, bolstered by families such as MimiKatz*, which also
targeted businesses.
19
PC Backup
https://www.pcmag.com/news/the-beginners-guide-to-pc-backup
Example
20
The Best Password Managers for 2020
https://www.pcmag.com/picks/the-best-password-managers
Example
21
Example of Password Manager (Free Edition)
https://www.pcmag.com/picks/the-best-password-managers
22
Examples of Anti-virus
Software products
Enterprise AV Product Issues
(Source: Remtcs-secure):
1 2 3 4
No built in vulnerability scanner to detect CVEs (common vulnerability and exposures) on local hosts x x x
Cloud only deployment model x x
No domain reputation filtering x x
No built in searchable database of CVE with direct links to mitigation details x x
No built in sandboxing x x
The sandbox is cloud based and not local to the appliance. Malware must be sent over for analysis,
increasing discovery latency
x
No CSO (Chief Security Officer) level reporting x
High false positive rate x
Must have cloud connectivity to see advanced alerts x
No Active Directory Integration x
Only supports Firewall integration with one vendor x
Endpoint only. No visibility into network proliferation of files/malware x
Malware remediation requires separate software and licensing x
Cannot determine the entry point for malware x
Can block a file from executing, but does not remove the file x
No domain reputation filtering x
Threat intel and malware analysis not included by default x
No built in searchable database of CVE with direct links to mitigation details x
Complex and labor intensive management x
Product
19 Issues with 4 major AV products
23
PCI DSS - Requirement #5
Source: https://www.trustedantiviruscompare.com/best-antivirus-softwareBest Antivirus Software (2020):
Example
24
Windows Defender is
better than nothing,
but McAfee's premium
software is much more
comprehensive in
terms of advanced
features and utilities.
Also, independent
tests prove that
McAfee is better than
Windows Defender in
terms of both
malware detection
and system
performance.
Feb 19, 2020,
https://www.proficien
tblogging.com/windo
ws-defender-vs-
mcafee/
Wi-Fi Protected Setup
https://www.digitalcitizen.life/simple-questions-what-wps-wi-fi-protected-setup , https://en.wikipedia.org/wiki/Wi-
Fi_Protected_Setup
Here's how WPS connections can be performed:
1.First, press the WPS button on your router to turn on the discovery of new devices. Then, go to your device and select the
network you want to connect to. The device is automatically connected to the wireless network without entering the network
password.
2.You may have devices like wireless printers or range extenders with their own WPS button that you can use for making quick
connections. Connect them to your wireless network by pressing the WPS button on the router and then on those devices.
You don't have to input any data during this process. WPS automatically sends the network password, and these devices
remember it for future use. They will be able to connect to the same network in the future without you having to use the WPS
button again.
3.A third method involves the use of an eight-digit PIN. All routers with WPS enabled have a PIN code that's automatically
generated, and it cannot be changed by users. You can find this PIN on the WPS configuration page on your router. Some devices
without a WPS button but with WPS support will ask for that PIN. If you enter it, they authenticate themselves and
connect to the wireless network.
4.A fourth and last method also involves using an eight-digit PIN. Some devices without a WPS button but with WPS support
will generate a client PIN. You can then enter this PIN in your router's wireless configuration panels, and the router will use it to
add that device to the network.
25
Use strong router password: “uppercase and lowercase letters, numbers, and special characters.”
What Are WEP, WPA, and WPA2? Which Is Best?
https://www.lifewire.com/what-are-wep-wpa-and-wpa2-which-is-best-2377353
Example
26
VPN use surges as coronavirus outbreak prompts huge rise in remote
working
https://www.zdnet.com/article/vpn-use-surges-as-coronavirus-outbreak-prompts-huge-rise-in-remote-working/
The growth in employees forced to work from home due to the COVID-19 coronavirus outbreak has led to a huge
spike in people using business virtual private networks (VPN) to secure their remote working.
Figures released by VPN provider NordVPN revealed that global use of its virtual private network technology had
increased by 165% since 11 March. A business VPN allows users to securely connect to corporate networks to send
and receive files, data and applications from anywhere – which in many cases right now is going to be people's
homes.
The UK's National Cyber Security Centre (NCSC) has issued security advice on using VPN services and remote working
in order to help both organisations and employees stay safe from cyberattacks – especially as, for many, this is the
first time they'd had to work remotely.
That advice includes recommendations for staff to use strong passwords and to use multi-factor authentication, if
available, in order to reduce the chances of cyber criminals being able to compromise accounts.
European cybersecurity agency ENISA* has also set out similar recommendations for securely working from home.
*: https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home
27
Telemedicine is changing the way we see doctors
https://www.techrepublic.com/article/telemedicine-is-changing-the-way-we-see-doctors/?ftag=COS-05-
10aaa0g&taid=5e7f9ffeef5fb4000146a90e&utm_campaign=trueAnthem:+Twitter+Card&utm_medium=trueAnthemCard&utm_source=twitterCard
28
TechRepublic's Karen Roby, Macy Bayern, and Veronica Combs discussed the
changes in healthcare during the coronavirus pandemic. The following is an edited
transcript of their conversation.
Karen Roby: One of the things that's really emerging is telemedicine. Veronica, I
know you've put together some great articles here as far as what is available to
people, how people can still see and talk to their doctors when they're in need. Talk
a little bit about some of the resources that you've found and have been writing
about, and how that can really help people at this time?
Veronica Combs: I think people always consider the gold standard is a visit with
your doctor, like I'm looking at you, you're looking at me. You can tell my health. But
now, it's really flipped around that you don't really want to leave your house if you
don't want to, and doctors don't really want you breathing on them if you don't have
to. Some of the hospital and health systems on the coasts were faster to have
these telemedicine platforms.
•Ontario Telemedicine Network
•Remote therapy
•Ronald S. Weinstein
•Tele-epidemiology
•Teladoc
•Telecare
•Telemental health
•Teleneuropsychology
•Telenursing
•Telepathology
•Telepsychology
•UNESCO Chair in Telemedicine
•Telemedecine 360
Telehealth Resources
https://en.wikipedia.org/wiki/Telehealth
29
•Medicine portal
•Technology portal
•Telecommunication portal
•American Telemedicine Association
•American Well
•Center for Telehealth and E-Health Law
•Connected health
•eHealth
•In absentia health care
•MDLIVE
•Mercy Virtual
•mHealth
•National Rural Health Association
Can I still use Voice-controlled Devices?
30
The EU Agency for Cybersecurity's
guidance and
CERT-EU News Monitor
31
CERT-EU News Monitor - Latest Threats
https://cert.europa.eu/cert/filteredition/en/CERT-LatestNews.html
32
European Union Agency for Cybersecurity
https://en.wikipedia.org/wiki/European_Union_Agency_for_Cybersecurity
ENISA
Centre of
Expertise
33
UK police criticized for using drones to publicly shame walkers in coronavirus lockdown
The UK is now following in the footsteps of Spain and Italy in drone usage.
https://www.zdnet.com/article/uk-police-use-drones-to-enforce-coronavirus-lockdown-shame-those-flouting-the-rules/?ftag=COS-05-
10aaa0g&taid=5e80aa005ef37700017855a2&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
How smart city tech is being used to control the coronavirus outbreak
https://www.techrepublic.com/article/how-smart-city-tech-is-being-used-to-control-the-coronavirus-outbreak/?ftag=COS-05-
10aaa0g&taid=5e8256ee9a7fcd0001c497db&utm_campaign=trueAnthem:+Twitter+Card&utm_medium=trueAnthemCard&utm_source=twitterCard
In Singapore, the Government Technology Agency of Singapore launched TraceTogether on March 20 in
collaboration with the Ministry of Health.
• The TraceTogether app uses short-distance Bluetooth signals to connect one phone using the app with another
user who is close by.
• It stores detailed records on a user's phone for 21 days but does not include location data.
• Authorities have said they will decrypt the data if there is a public health risk related to an individual's
movements.
China used a similar method to track a person's health status and to control movement in cities with high numbers
of coronavirus cases.
• Individuals had to use the app and share their status to be able to access public transportation.
David Heyman, founder and CEO of Smart City Works said that the keys to addressing privacy concerns about high-
tech surveillance by the state is anonymizing the data and giving individuals as much control over their own data as
possible.
• "Personal details that may reveal your identity such as a user's name should not be collected or should be
encrypted with access to be granted for only specific health purposes, and data should be deleted after its
specific use is no longer needed," he said.
Increase in Privacy Rights And Regulations
Are the EU GDPR,
California CCPA or
US HIPAA rules changing?
In Times Of Pandemic, GDPR Still Applies, EU Warns
https://www.forbes.com/sites/emmawoollacott/2020/03/20/in-times-of-pandemic-gdpr-still-applies-eu-
warns/#744505616215
38
Ensure
protection
of personal
data
Source: IBM
Encryption and
TokenizationDiscover
Data Assets
Security
by Design
GDPR Framework core – Discovery, Encryption and Tokenization
39
40
Source: BigID
Data sources
Data
Warehouse
In Italy
Complete policy-
enforced de-
identification of
sensitive data across
all bank entities
Example of Cross Border Data-centric Security
• Protecting Personally Identifiable Information
(PII), including names, addresses, phone, email,
policy and account numbers
• Compliance with EU Cross Border Data
Protection Laws
• Utilizing Data Tokenization, and centralized
policy, key management, auditing, and
reporting
41
https://www.bytebacklaw.com/2020/03/responding-to-ccpa-requests-during-the-coronavirus-pandemic/ 42
CCPA Redefines Personal Data
• According to “PI Vs PII: How CCPA Redefines What Is Personal Data” the CCPA
definition “creates the potential for extremely broad legal interpretation around
what constitutes personal information, holding that personal information is any
data that could be linked with a California individual or household.”
• CCPA states that ”Personal information” means information that identifies,
relates to, describes, is capable of being associated with, or could reasonably be
linked, directly or indirectly, with a particular consumer or household.“
• This goes well beyond data that is obviously associated with an identity, such
as name, birth date, or social security number, which is traditionally regarded as
PII.
• It’s ultimately this “indirect” information–such as product preference or
geolocation data that is material since it is much more difficult to identify it and
connect it with a person than well-structured personally identifiable information
43
HHS Issues Limited Waiver of HIPAA Sanctions Due to Coronavirus
https://healthitsecurity.com/news/hhs-issues-limited-waiver-of-hipaa-sanctions-due-to-coronavirus
44
Information
sharing
Information
sharing
PCI SSC is aware of the unprecedented situation caused by the spread of COVID-19
https://www.pcisecuritystandards.org/covid19?utm_content=123288427&utm_medium=social&utm_source=twitter&hss_channel=tw-20256309
45
eLearning – 2020 Workplace Learning
https://learning.linkedin.com/content/dam/me/learning/resources/pdfs/LinkedIn-Learning-2020-Workplace-Learning-Report.pdf
46
After years of being under-resourced, L&D
(Learning and development, in human resource
management) budgets are expected to continue
to grow—shifting from Instructor-Led Training
(ILT) to online learning—and executive buy-in
continues to build.
As we enter 2020, talent developers are focused
on finding innovative ways to drive engagement,
activate managers, and measure the business
impact of learning.
Simultaneously, they are looking ahead,
preparing for the upskilling and reskilling
revolution coming in the next 3-5 years, when
digital transformation and automation are
expected to have a greater impact on the
workforce globally.
eLearning – 2020 Workplace Learning
https://learning.linkedin.com/content/dam/me/learning/resources/pdfs/LinkedIn-Learning-2020-Workplace-Learning-Report.pdf
47
eLearning – 2020 Workplace Learning
https://learning.linkedin.com/content/dam/me/learning/resources/pdfs/LinkedIn-Learning-2020-Workplace-Learning-Report.pdf
48
A learning journey is a curated collection of learning content,
both formal and informal, that can be used to acquire skills for a specific role or technology area.
https://www.ibm.com/services/learning/journeys
Encryption and
Privacy Models
50
True Data Privacy requires All of these techniques for On-
prem, Hybrid and Cloud environments
51
• Privacy enhancing data de-identification terminology and classification of techniques
Source: INTERNATIONAL STANDARD ISO/IEC 20889
Encrypted data
has the same
format
Server model Local model
Differential
Privacy (DP)
Formal privacy measurement models
(PMM)
De-identification techniques
(DT)
Cryptographic tools
(CT)
Format
Preserving
Encryption (FPE)
Homomorphic
Encryption
(HE)
Two values
encrypted can
be combined*
K-anonymity
model
Responses to queries
are only able to be
obtained through a
software component
or “middleware”,
known as the
“curator**
The entity
receiving the
data is looking
to reduce risk
Ensures that for
each identifier there
is a corresponding
equivalence class
containing at least K
records
*: Multi Party Computation (MPC)
**: Example Apple and Google
ISO Standard for Encryption and Privacy Models
52
Data
Warehouse
Centralized Distributed
On-
premises
Public
Cloud
Private
Cloud
Vault-based tokenization y y
Vault-less tokenization y y y y y y
Format preserving
encryption
y y y y y
Homomorphic encryption y y
Masking y y y y y y
Hashing y y y y y y
Server model y y y y y y
Local model y y y y y y
L-diversity y y y y y y
T-closeness y y y y y y
Formal
privacy
measurement
models
Differential
Privacy
K-anonymity
model
Privacy enhancing data de-identification
terminology and classification of techniques
De-
identification
techniques
Tokenization
Cryptographic
tools
Suppression
techniques
Example of mapping of data security and privacy techniques (ISO) to different
deployment models
53
Risk reduction and truthfulness of some de-identification techniques and
models
Singling out Linking Inference
Deterministic
encryption
Yes All attributes No Partially No
Order-preserving
encryption
Yes All attributes No Partially No
Homomorphic
encryption
Yes All attributes No No No
Masking Yes Local identifiers Yes Partially No
Local suppression Yes Identifying attributes Partially Partially Partially
Record suppression Yes
Sampling Yes N/A Partially Partially Partially
Pseudonymization Yes Direct identifiers No Partially No
Generalization Yes Identifying attributes
Rounding Yes Identifying attributes No Partially Partially
Top/bottom coding Yes Identifying attributes No Partially Partially
Noise addition No Identifying attributes Partially Partially Partially
Cryptographic tools
Suppression
Generalization
Technique name
Data
truthfulness at
record level
Applicable to types of
attributes
Reduces the risk of
Source: INTERNATIONAL STANDARD ISO/IEC 20889 54
Cloud
56
Shared
responsibilities
across cloud
service models
Source:
Microsoft
Still Customer
Responsibility for:
• User security
• (App security)
• Data security
57
User
Payment
Applicatio
n
Payment
Network
Payment
Data
Tokenization
(VBT),
encryption
and keys
User CASB
User
Call
Center
Applicatio
n
Format Preserving Encryption (FPE)
PII
Data
Vault-based
tokenization (VBT)
Examples of Data Protection Use Cases
User Data
Warehous
e
PII Data
Vault-less tokenization (VLT)
Salesforce
58
On Premise tokenization
• Limited PCI DSS scope reduction - must
still maintain a CDE with PCI data
• Higher risk – sensitive data still resident
in environment
• Associated personnel and hardware costs
Cloud-Based tokenization
• Significant reduction in PCI DSS scope
• Reduced risk – sensitive data removed
from the environment
• Platform-focused security
• Lower associated costs – cyber
insurance, PCI audit, maintenance
Total Cost and Risk of Tokenization in Cloud vs On-prem
Source: TokenEx 59
Risk and Operational Aspects with different Cloud Models
Risk
Elasticity
Out-sourcedIn-house
On-premises
system
On-premises Private
Cloud
Hosted Private Cloud
Public Cloud
Low -
High -
Compute Cost
- High
- Low
Risk Adjusted Computation
60
References:
1. Coronavirus disinformation unit, https://www.computerweekly.com/news/252479721/DCMS-to-oversee-coronavirus-disinformation-
unit
2. Here are 2,780+ free ebooks and 100 free audiobooks,
https://www.reddit.com/r/FreeEBOOKS/comments/fip0m1/here_are_2780_free_ebooks_and_100_free_audiobooks/?utm_medium
=social&utm_source=twitter&utm_content=reddit&utm_campaign=text
3. All the free online resources parents need in home 'schooling' during coronavirus outbreak , https://www.zdnet.com/article/all-the-
free-online-resources-parents-guardians-need-in-home-schooling/?ftag=COS-
0510aaa0g&taid=5e7e0e06ef5fb4000146a263&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&ut
m_source=twitter
4. California Consumer Privacy Act, OCT 4, 2019, https://www.csoonline.com/article/3182578/california-consumer-privacy-act-what-
you-need-to-know-to-be-compliant.html
5. GDPR and Tokenizing Data, https://tdwi.org/articles/2018/06/06/biz-all-gdpr-and-tokenizing-data-3.aspx
6. GDPR VS CCPA, https://wirewheel.io/wp-content/uploads/2018/10/GDPR-vs-CCPA-Cheatsheet.pdf
7. General Data Protection Regulation, https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
8. IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation, https://ibmsystemsmag.com/IBM-
Z/03/2018/ibm-framework-gdpr
9. INTERNATIONAL STANDARD ISO/IEC 20889, https://webstore.ansi.org/Standards/ISO/ISOIEC208892018?gclid=EAIaIQobChMIvI-
k3sXd5gIVw56zCh0Y0QeeEAAYASAAEgLVKfD_BwE
10. INTERNATIONAL STANDARD ISO/IEC 27018, https://webstore.ansi.org/Standards/ISO/
ISOIEC270182019?gclid=EAIaIQobChMIleWM6MLd5gIVFKSzCh3k2AxKEAAYASAAEgKbHvD_BwE
11. ISO/TS 25237:2008(E), Health Informatics—Pseudonymization, https://www.sis.se/api/document/preview/911119/
12. NIST PRIVACY FRAMEWORK: A TOOL FOR IMPROVING PRIVACY THROUGH ENTERPRISE RISK MANAGEMENT,
https://www.nist.gov/system/files/documents/2019/09/09/nist_privacy_framework_preliminary_draft.pdf
13. NISTIR 8053, De-Identification of Personal Information, https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf
14. Data Security: On Premise or in the Cloud, ISSA Journal, December 2019,
https://mydigitalpublication.com/publication/?m=1336&i=639272&p=28 61
2
2
THANK YOU
www.TokenEx.comUlf Mattsson

More Related Content

What's hot

Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
Felipe Prado
 
How to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jarHow to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jar
JudgeEagle
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
Cisco Security
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
Ulf Mattsson
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
Ulf Mattsson
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
Joseph White MPA CPM
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
IAEME Publication
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
EMC
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london   data protection, security and privacy risks - on premis...Jul 16 isaca london   data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
Camilo do Carmo Pinto
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
RapidSSLOnline.com
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
Ulf Mattsson
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
CODE BLUE
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills Gap
Stephen Cobb
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Who is the next target proactive approaches to data security
Who is the next target   proactive approaches to data securityWho is the next target   proactive approaches to data security
Who is the next target proactive approaches to data security
Ulf Mattsson
 
ghostsinthemachine2
ghostsinthemachine2ghostsinthemachine2
ghostsinthemachine2
Shane Kite
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42
Felipe Prado
 

What's hot (20)

Insecure magazine - 51
Insecure magazine - 51Insecure magazine - 51
Insecure magazine - 51
 
How to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jarHow to protect the cookies once someone gets into the cookie jar
How to protect the cookies once someone gets into the cookie jar
 
Cisco 2014 Midyear Security Report
Cisco 2014 Midyear Security ReportCisco 2014 Midyear Security Report
Cisco 2014 Midyear Security Report
 
Where Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the CloudWhere Data Security and Value of Data Meet in the Cloud
Where Data Security and Value of Data Meet in the Cloud
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
 
Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014Target Data Breach Case Study 10242014
Target Data Breach Case Study 10242014
 
Implementing security on android application
Implementing security on android applicationImplementing security on android application
Implementing security on android application
 
Why Passwords are not strong enough
Why Passwords are not strong enoughWhy Passwords are not strong enough
Why Passwords are not strong enough
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london   data protection, security and privacy risks - on premis...Jul 16 isaca london   data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
IE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReportIE_ERS_CyberAnalysisReport
IE_ERS_CyberAnalysisReport
 
Symantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnlineSymantec Website Security Threat Report 2014 - RapidSSLOnline
Symantec Website Security Threat Report 2014 - RapidSSLOnline
 
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf MattssonISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
ISACA NA CACS 2012 Orlando session 414 Ulf Mattsson
 
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive...
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Sizing the Cyber Skills Gap
Sizing the Cyber Skills GapSizing the Cyber Skills Gap
Sizing the Cyber Skills Gap
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Who is the next target proactive approaches to data security
Who is the next target   proactive approaches to data securityWho is the next target   proactive approaches to data security
Who is the next target proactive approaches to data security
 
ghostsinthemachine2
ghostsinthemachine2ghostsinthemachine2
ghostsinthemachine2
 
INSECURE Magazine - 42
INSECURE Magazine - 42INSECURE Magazine - 42
INSECURE Magazine - 42
 

Similar to Data Protection & Privacy During the Coronavirus Pandemic

Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023
K7 Computing Pvt Ltd
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
nimbleappgenie
 
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...
Open Source Insight:  Amazon Servers Exposed  Open Source & the Public Sector...Open Source Insight:  Amazon Servers Exposed  Open Source & the Public Sector...
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...
Black Duck by Synopsys
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
Greg Wartes, MCP
 
2008 Trends
2008 Trends2008 Trends
2008 Trends
TBledsoe
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree Model
IRJET Journal
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
Hokme
 
Exploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docxExploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docx
ssuser454af01
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Marco Essomba
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Organization
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET Journal
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
InfinityGroup5
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
Case IQ
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
Symantec Italia
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
sraina2
 
World best web apps security and Active detection of malicious link
World best web apps  security and  Active detection of malicious linkWorld best web apps  security and  Active detection of malicious link
World best web apps security and Active detection of malicious link
임채호 박사님
 
REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS
Accelerite
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
Ban Selvakumar
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
Patrick Bouillaud
 

Similar to Data Protection & Privacy During the Coronavirus Pandemic (20)

Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023Top Security Threats to Look Out for in 2023
Top Security Threats to Look Out for in 2023
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...
Open Source Insight:  Amazon Servers Exposed  Open Source & the Public Sector...Open Source Insight:  Amazon Servers Exposed  Open Source & the Public Sector...
Open Source Insight: Amazon Servers Exposed Open Source & the Public Sector...
 
Security Minded - Ransomware Awareness
Security Minded - Ransomware AwarenessSecurity Minded - Ransomware Awareness
Security Minded - Ransomware Awareness
 
2008 Trends
2008 Trends2008 Trends
2008 Trends
 
Phishing Detection using Decision Tree Model
Phishing Detection using Decision Tree ModelPhishing Detection using Decision Tree Model
Phishing Detection using Decision Tree Model
 
Securing Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP LeaksSecuring Your Intellectual Property: Preventing Business IP Leaks
Securing Your Intellectual Property: Preventing Business IP Leaks
 
Exploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docxExploring new mobile and cloud platforms without a governance .docx
Exploring new mobile and cloud platforms without a governance .docx
 
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaperClearswift f5 information_visibility_reducing_business_risk_whitepaper
Clearswift f5 information_visibility_reducing_business_risk_whitepaper
 
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an UncertaintyCyber Security Trends - Where the Industry Is Heading in an Uncertainty
Cyber Security Trends - Where the Industry Is Heading in an Uncertainty
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdfJust-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
Just-How-Secure-is-your-Remote-Workforce-Infinity-Group-Ebook.pdf
 
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the CloudCE Cybersecurity Trends and Strategies for Hosting in the Cloud
CE Cybersecurity Trends and Strategies for Hosting in the Cloud
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summary
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
World best web apps security and Active detection of malicious link
World best web apps  security and  Active detection of malicious linkWorld best web apps  security and  Active detection of malicious link
World best web apps security and Active detection of malicious link
 
REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS REAL TIME ENDPOINT INSIGHTS
REAL TIME ENDPOINT INSIGHTS
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 

More from Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
Book
BookBook
May 6 evolving international privacy regulations and cross border data tran...
May 6   evolving international privacy regulations and cross border data tran...May 6   evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
Ulf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
Ulf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
Ulf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
Ulf Mattsson
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Ulf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
Ulf Mattsson
 

More from Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
May 6 evolving international privacy regulations and cross border data tran...
May 6   evolving international privacy regulations and cross border data tran...May 6   evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics   ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 

Recently uploaded

Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
Ivanti
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
ZachWylie3
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
Zilliz
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
sunilverma7884
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
ldtexsolbl
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
DianaGray10
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
David Wilson
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Nicolás Lopéz
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
BrainSell Technologies
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
Bhajan Mehta
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
FIDO Alliance
 
Gen AI: Privacy Risks of Large Language Models (LLMs)
Gen AI: Privacy Risks of Large Language Models (LLMs)Gen AI: Privacy Risks of Large Language Models (LLMs)
Gen AI: Privacy Risks of Large Language Models (LLMs)
Debmalya Biswas
 

Recently uploaded (20)

Patch Tuesday de julio
Patch Tuesday de julioPatch Tuesday de julio
Patch Tuesday de julio
 
Redefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI CapabilitiesRedefining Cybersecurity with AI Capabilities
Redefining Cybersecurity with AI Capabilities
 
Camunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptxCamunda Chapter NY Meetup July 2024.pptx
Camunda Chapter NY Meetup July 2024.pptx
 
The History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal EmbeddingsThe History of Embeddings & Multimodal Embeddings
The History of Embeddings & Multimodal Embeddings
 
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
Girls call Kolkata 👀 XXXXXXXXXXX 👀 Rs.9.5 K Cash Payment With Room Delivery
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
Types of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technologyTypes of Weaving loom machine & it's technology
Types of Weaving loom machine & it's technology
 
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision MakingConnector Corner: Leveraging Snowflake Integration for Smarter Decision Making
Connector Corner: Leveraging Snowflake Integration for Smarter Decision Making
 
Mastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for SuccessMastering OnlyFans Clone App Development: Key Strategies for Success
Mastering OnlyFans Clone App Development: Key Strategies for Success
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024Vertex AI Agent Builder - GDG Alicante - Julio 2024
Vertex AI Agent Builder - GDG Alicante - Julio 2024
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Acumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptxAcumatica vs. Sage Intacct _Construction_July (1).pptx
Acumatica vs. Sage Intacct _Construction_July (1).pptx
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17Mule Experience Hub and Release Channel with Java 17
Mule Experience Hub and Release Channel with Java 17
 
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consume...
 
Gen AI: Privacy Risks of Large Language Models (LLMs)
Gen AI: Privacy Risks of Large Language Models (LLMs)Gen AI: Privacy Risks of Large Language Models (LLMs)
Gen AI: Privacy Risks of Large Language Models (LLMs)
 

Data Protection & Privacy During the Coronavirus Pandemic

  • 1. Data Protection & Privacy During the Coronavirus Pandemic mashviral Ulf Mattsson www.TokenEx.com
  • 2. Data Protection & Privacy During the Coronavirus Pandemic mashviral Please submit your questions during our session!
  • 3. 1. Head of Innovation at TokenEx 2. Chief Technology Officer at • Protegrity • Atlantic BT • Compliance Engineering 3. Architect & Developer at IBM Research and Development 4. Inventor of more than 70 awarded US Patents 5. Products and Services • Data Encryption, Tokenization, and Data Discovery, • Security and Privacy Benchmarking/Gap-analysis for Financial Industry • Managed Security Services, and Security Operation Centers • Cloud Application Security Brokers, and Web Application Firewalls, • Robotics and Applications in Manufacturing, Ulf Mattsson 3
  • 4. Data from different sources: WHO, CDC, NHC, earlyAlert and more https://www.arcgis.com/apps/webappviewer3d/index.html?id=d9d3f8fa9a23425c8f0889baab626186
  • 7. Source: The US FEDERAL TRADE COMMISSION (FTC) , 2019 Credit card fraud tops the list of identity theft reports in 2018 • FTC received nearly three million complaints from consumers in 2018 • The FTC received more than 167,000 reports from people who said their information was misused on an existing account or to open a new credit card account
  • 8. Mass move to work from home in coronavirus crisis creates opening for hackers: cyber experts https://www.reuters.com/article/ us-health-coronavirus-cyber/ mass-move-to-work-from-home- in-coronavirus-crisis-creates-opening- for-hackers-cyber-experts-idUSKBN2153YC Passwords Masquerading Update VPN
  • 9. New Windows 10 bug hits home working: Outlook, Office 365, Teams can't access internet https://www.zdnet.com/article/new-windows-10-bug-hits-home-working-outlook-o365-teams-cant-access-internet/?ftag=TRE-03- 10aaa6b&bhid=29092732071845353741741261859287
  • 10. FBI: Cybercrime Gang Mailing 'BadUSB' Devices to Targets Malicious USB Devices Accompanied by Fake Gift Cards to Entice Would-Be Victims https://www.databreachtoday.com/fbi-cybercrime-gang-mailing-badusb-devices-to-targets-a-14029?rf=2020-03- 31_ENEWS_SUB_DBT__Slot1_ART14029&mkt_tok=eyJpIjoiT1RBd1ltRXpaamsxTmpFMCIsInQiOiJQYnh5YWtpVVZqNThvb0RldkszS1F6dFExUXBLS1wva1RmTmhrVkdhckIrSWdYV2dTeFVBNDZcL3FPTFBxM El5NXRGZExmV29KaEJhbGsyMFJDXC8ycDZlR3dOeHdpN1V6WjNEUlRkWmE3Y09NMXd6RXNPNGVaZkhtWDNaNmluVlN2NzlOVEJOQUZYWmFxaXdSMENJVkxcLzNBPT0ifQ%3D%3D
  • 11. Email Fraudsters Take Advantage Of Coronavirus Opportunity https://www.pymnts.com/news/b2b-payments/2020/email-fraud-coronavirus-data-digest/ , Mar 2020 Officials are warning of a rise in phishing attacks, while retailers have also been warned about fraud risks, with Amazon recently removing 1 million products for allegedly making fraudulent claims, recent Forbes reports said. “Another side effect of the Coronavirus is increased teleworking, which furthers the reliance on email for communication adding yet another multiplier to these email fraud schemes,” the U.S. Secret Service Department of Homeland Security wrote in a warning published earlier this month. $2.1 billion in losses were reported to the FBI as a result of hackers targeting Microsoft Office 365 and Google G suite in a slew of business email compromise attacks, Bleeping Computer reported earlier this month. The attacks that target workforce platforms reflects fraudsters’ shift to cloud email services as businesses themselves migrate away from on-premise email systems, the publication noted, with the FBI warning that fraudsters are infiltrating these email portals to better mimic legitimate employees to conduct their scams. Trust only original/known links/sources!
  • 12. Coronavirus: Warning over surge in Zoom security incidents Check Point researchers have observed a surge in suspicious Zoom domains as cyber criminals target popular remote working and collaboration tools https://www.computerweekly.com/news/252480806/Coronavirus-Warning-over-surge-in-Zoom-security- incidents?asrc=EM_EDA_125549257&utm_medium=EM&utm_source=EDA&utm_campaign=20200331_Coronavirus:%20Warning%20over%20surge%20in%20Zoom%20s ecurity%20incidents 70 have now been identified as fake sites, which are impersonating genuine Zoom domains with the intention of capturing and stealing personal information. The numbers reinforce a trend for cyber criminals to take advantage of home working via Zoom, which is used by over 60% of the Fortune 500, and has been downloaded more than 50 million times from the Google Play app store. “We have seen a sharp rise in the number of Zoom domains being registered, especially in the last week,” said Omer Dembinsky, manager of cyber research at Check Point. “This increase means that hackers have taken notice of the work-from-home paradigm shift that Covid-19 has forced, and are seeing it as an opportunity to deceive, lure and exploit people. “Each time you get a Zoom link or document messaged or forwarded to you, we recommend double- checking to make sure it’s not a trap.”
  • 13. China Suspected In Surge Of US Cyberattacks https://www.pymnts.com/news/security-and-risk/2020/china-suspected-in-surge-of-us- cyberattacks/ Cyberspying 13
  • 14. Working in a coronavirus world: Strategies and tools for staying productive https://www.zdnet.com/article/effective-strategies -and-tools-for-remote-work-during-coronavirus// We tend to prefer the choice that ticks all the technical boxes and/or is the most trusted/cost-effective. However, if you want your investment in remote work to pay off, pay special attention to whether the average worker will be easily able to use your solution, as tools for digital access span the range of complexity and user experience. Whenever possible, put a strong emphasis on tools that are simple, straightforward, and "just work." The risk in not doing so is that your support costs for remote work will simply be higher, with less to show for it in terms of preserving productivity, as workers spend more of their time getting the solution to work. 14
  • 15. Coronavirus: How one team switched 4,000 staff to remote working in just a week https://www.zdnet.com/article/coronavirus-how-one-team-switched-4000-staff-to-remote-working-in-just-a-week/ Delivering laptops 15 Example: Separate laptops for Work vs Private (Working from home for several years)
  • 16. https://finance.yahoo.com/news/amid-coronavirus- walmart-says-its-seeing-increased-sales-of-tops-but- not-bottoms-202959379.html , The Independent Amid coronavirus, Walmart says it's seeing increased sales of tops — but not bottoms
  • 17. Authentication and Passwords Business Data VPN tunnel performanceInternet access Working in a coronavirus world: Strategies and tools for staying productive https://www.zdnet.com/article/effective-strategies -and-tools-for-remote-work-during-coronavirus// Remote worker Enterprise 1 7 2 3 Microsoft Teams, Zoom 5 17 Tele-health 4 eLearning 6
  • 18. Mobile and Desktop Operating Systems Market Share 18 Windows •In April 2019, Windows had a desktop market share of 79.24%. (Source: StatCounter) •Windows 10 had a desktop/laptop market share of 39.22%. This established it as the most popular operating system on the market. (Source: The Inquirer) •Windows 7 was used by 33.38%. (Source: StatCounter) •6.05% of users relied on Windows 8.1. (Source: StatCounter) •2.2% of people used Windows 8. (Source: StatCounter) •5.26% of Windows PCs still ran on Windows XP. (Source: WIRED) •Microsoft’s revenue for 2018 was $110.36 billion. That is a 14.28% increase since 2017. (Source: Macrotrends) •Microsoft’s revenue for Q1 of 2019 was $30.571 billion. (Source: Macrotrends) Mac •OS X reached a 14.64% desktop market share during the period of April 2018 – April 2019. (Source: StatCounter) •MacOS reached 9.65% of the desktop/laptop OS market share in February 2019. (Source: AppleWorld) https://hostingtribunal.com/blog/operating-systems-market-share/#gref Upgrade to Windows 10 ! Keep Updated / patch
  • 19. Malwarebytes: https://app.hushly.com/runtime/content/XLSqVyFETZ8kY0TX *: https://www.csoonline.com/article/3353416/what-is-mimikatz-and- how-to-defend-against-this-password-stealing-tool.html 1. Enable BitLocker. ... 2. Use a "local" login account. ... 3. Enable Controlled Folder Access. ... 4. Turn on Windows Hello. ... 5. Enable Windows Defender. ... 6. Don't use the admin account. ... 7. Keep Windows 10 updated automatically. ... 8. Backup. Source: Forbes How To Secure Microsoft Windows 10 There’s been an increasing move over the last two years to organizations over consumers. Overall consumer threat detections are down by 2 percent from 2018, but business detections increased by 13 percent in 2019. This resulted in a mere 1 percent increase in threat volume year-over-year. The sophistication of threat capabilities in 2019 increased, with many using exploits, credentialstealing tools, and multi-stage attacks involving mass infections of a target. While seven of 10 top consumer threat categories decreased in volume, HackTools—a threat category for tools used to hack into systems and computers— increased against consumers by 42 percent year-over- year, bolstered by families such as MimiKatz*, which also targeted businesses. 19
  • 21. The Best Password Managers for 2020 https://www.pcmag.com/picks/the-best-password-managers Example 21
  • 22. Example of Password Manager (Free Edition) https://www.pcmag.com/picks/the-best-password-managers 22
  • 23. Examples of Anti-virus Software products Enterprise AV Product Issues (Source: Remtcs-secure): 1 2 3 4 No built in vulnerability scanner to detect CVEs (common vulnerability and exposures) on local hosts x x x Cloud only deployment model x x No domain reputation filtering x x No built in searchable database of CVE with direct links to mitigation details x x No built in sandboxing x x The sandbox is cloud based and not local to the appliance. Malware must be sent over for analysis, increasing discovery latency x No CSO (Chief Security Officer) level reporting x High false positive rate x Must have cloud connectivity to see advanced alerts x No Active Directory Integration x Only supports Firewall integration with one vendor x Endpoint only. No visibility into network proliferation of files/malware x Malware remediation requires separate software and licensing x Cannot determine the entry point for malware x Can block a file from executing, but does not remove the file x No domain reputation filtering x Threat intel and malware analysis not included by default x No built in searchable database of CVE with direct links to mitigation details x Complex and labor intensive management x Product 19 Issues with 4 major AV products 23 PCI DSS - Requirement #5 Source: https://www.trustedantiviruscompare.com/best-antivirus-softwareBest Antivirus Software (2020):
  • 24. Example 24 Windows Defender is better than nothing, but McAfee's premium software is much more comprehensive in terms of advanced features and utilities. Also, independent tests prove that McAfee is better than Windows Defender in terms of both malware detection and system performance. Feb 19, 2020, https://www.proficien tblogging.com/windo ws-defender-vs- mcafee/
  • 25. Wi-Fi Protected Setup https://www.digitalcitizen.life/simple-questions-what-wps-wi-fi-protected-setup , https://en.wikipedia.org/wiki/Wi- Fi_Protected_Setup Here's how WPS connections can be performed: 1.First, press the WPS button on your router to turn on the discovery of new devices. Then, go to your device and select the network you want to connect to. The device is automatically connected to the wireless network without entering the network password. 2.You may have devices like wireless printers or range extenders with their own WPS button that you can use for making quick connections. Connect them to your wireless network by pressing the WPS button on the router and then on those devices. You don't have to input any data during this process. WPS automatically sends the network password, and these devices remember it for future use. They will be able to connect to the same network in the future without you having to use the WPS button again. 3.A third method involves the use of an eight-digit PIN. All routers with WPS enabled have a PIN code that's automatically generated, and it cannot be changed by users. You can find this PIN on the WPS configuration page on your router. Some devices without a WPS button but with WPS support will ask for that PIN. If you enter it, they authenticate themselves and connect to the wireless network. 4.A fourth and last method also involves using an eight-digit PIN. Some devices without a WPS button but with WPS support will generate a client PIN. You can then enter this PIN in your router's wireless configuration panels, and the router will use it to add that device to the network. 25 Use strong router password: “uppercase and lowercase letters, numbers, and special characters.”
  • 26. What Are WEP, WPA, and WPA2? Which Is Best? https://www.lifewire.com/what-are-wep-wpa-and-wpa2-which-is-best-2377353 Example 26
  • 27. VPN use surges as coronavirus outbreak prompts huge rise in remote working https://www.zdnet.com/article/vpn-use-surges-as-coronavirus-outbreak-prompts-huge-rise-in-remote-working/ The growth in employees forced to work from home due to the COVID-19 coronavirus outbreak has led to a huge spike in people using business virtual private networks (VPN) to secure their remote working. Figures released by VPN provider NordVPN revealed that global use of its virtual private network technology had increased by 165% since 11 March. A business VPN allows users to securely connect to corporate networks to send and receive files, data and applications from anywhere – which in many cases right now is going to be people's homes. The UK's National Cyber Security Centre (NCSC) has issued security advice on using VPN services and remote working in order to help both organisations and employees stay safe from cyberattacks – especially as, for many, this is the first time they'd had to work remotely. That advice includes recommendations for staff to use strong passwords and to use multi-factor authentication, if available, in order to reduce the chances of cyber criminals being able to compromise accounts. European cybersecurity agency ENISA* has also set out similar recommendations for securely working from home. *: https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home 27
  • 28. Telemedicine is changing the way we see doctors https://www.techrepublic.com/article/telemedicine-is-changing-the-way-we-see-doctors/?ftag=COS-05- 10aaa0g&taid=5e7f9ffeef5fb4000146a90e&utm_campaign=trueAnthem:+Twitter+Card&utm_medium=trueAnthemCard&utm_source=twitterCard 28 TechRepublic's Karen Roby, Macy Bayern, and Veronica Combs discussed the changes in healthcare during the coronavirus pandemic. The following is an edited transcript of their conversation. Karen Roby: One of the things that's really emerging is telemedicine. Veronica, I know you've put together some great articles here as far as what is available to people, how people can still see and talk to their doctors when they're in need. Talk a little bit about some of the resources that you've found and have been writing about, and how that can really help people at this time? Veronica Combs: I think people always consider the gold standard is a visit with your doctor, like I'm looking at you, you're looking at me. You can tell my health. But now, it's really flipped around that you don't really want to leave your house if you don't want to, and doctors don't really want you breathing on them if you don't have to. Some of the hospital and health systems on the coasts were faster to have these telemedicine platforms.
  • 29. •Ontario Telemedicine Network •Remote therapy •Ronald S. Weinstein •Tele-epidemiology •Teladoc •Telecare •Telemental health •Teleneuropsychology •Telenursing •Telepathology •Telepsychology •UNESCO Chair in Telemedicine •Telemedecine 360 Telehealth Resources https://en.wikipedia.org/wiki/Telehealth 29 •Medicine portal •Technology portal •Telecommunication portal •American Telemedicine Association •American Well •Center for Telehealth and E-Health Law •Connected health •eHealth •In absentia health care •MDLIVE •Mercy Virtual •mHealth •National Rural Health Association
  • 30. Can I still use Voice-controlled Devices? 30
  • 31. The EU Agency for Cybersecurity's guidance and CERT-EU News Monitor 31
  • 32. CERT-EU News Monitor - Latest Threats https://cert.europa.eu/cert/filteredition/en/CERT-LatestNews.html 32
  • 33. European Union Agency for Cybersecurity https://en.wikipedia.org/wiki/European_Union_Agency_for_Cybersecurity ENISA Centre of Expertise 33
  • 34. UK police criticized for using drones to publicly shame walkers in coronavirus lockdown The UK is now following in the footsteps of Spain and Italy in drone usage. https://www.zdnet.com/article/uk-police-use-drones-to-enforce-coronavirus-lockdown-shame-those-flouting-the-rules/?ftag=COS-05- 10aaa0g&taid=5e80aa005ef37700017855a2&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&utm_source=twitter
  • 35. How smart city tech is being used to control the coronavirus outbreak https://www.techrepublic.com/article/how-smart-city-tech-is-being-used-to-control-the-coronavirus-outbreak/?ftag=COS-05- 10aaa0g&taid=5e8256ee9a7fcd0001c497db&utm_campaign=trueAnthem:+Twitter+Card&utm_medium=trueAnthemCard&utm_source=twitterCard In Singapore, the Government Technology Agency of Singapore launched TraceTogether on March 20 in collaboration with the Ministry of Health. • The TraceTogether app uses short-distance Bluetooth signals to connect one phone using the app with another user who is close by. • It stores detailed records on a user's phone for 21 days but does not include location data. • Authorities have said they will decrypt the data if there is a public health risk related to an individual's movements. China used a similar method to track a person's health status and to control movement in cities with high numbers of coronavirus cases. • Individuals had to use the app and share their status to be able to access public transportation. David Heyman, founder and CEO of Smart City Works said that the keys to addressing privacy concerns about high- tech surveillance by the state is anonymizing the data and giving individuals as much control over their own data as possible. • "Personal details that may reveal your identity such as a user's name should not be collected or should be encrypted with access to be granted for only specific health purposes, and data should be deleted after its specific use is no longer needed," he said.
  • 36. Increase in Privacy Rights And Regulations
  • 37. Are the EU GDPR, California CCPA or US HIPAA rules changing?
  • 38. In Times Of Pandemic, GDPR Still Applies, EU Warns https://www.forbes.com/sites/emmawoollacott/2020/03/20/in-times-of-pandemic-gdpr-still-applies-eu- warns/#744505616215 38 Ensure protection of personal data
  • 39. Source: IBM Encryption and TokenizationDiscover Data Assets Security by Design GDPR Framework core – Discovery, Encryption and Tokenization 39
  • 41. Data sources Data Warehouse In Italy Complete policy- enforced de- identification of sensitive data across all bank entities Example of Cross Border Data-centric Security • Protecting Personally Identifiable Information (PII), including names, addresses, phone, email, policy and account numbers • Compliance with EU Cross Border Data Protection Laws • Utilizing Data Tokenization, and centralized policy, key management, auditing, and reporting 41
  • 43. CCPA Redefines Personal Data • According to “PI Vs PII: How CCPA Redefines What Is Personal Data” the CCPA definition “creates the potential for extremely broad legal interpretation around what constitutes personal information, holding that personal information is any data that could be linked with a California individual or household.” • CCPA states that ”Personal information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.“ • This goes well beyond data that is obviously associated with an identity, such as name, birth date, or social security number, which is traditionally regarded as PII. • It’s ultimately this “indirect” information–such as product preference or geolocation data that is material since it is much more difficult to identify it and connect it with a person than well-structured personally identifiable information 43
  • 44. HHS Issues Limited Waiver of HIPAA Sanctions Due to Coronavirus https://healthitsecurity.com/news/hhs-issues-limited-waiver-of-hipaa-sanctions-due-to-coronavirus 44 Information sharing Information sharing
  • 45. PCI SSC is aware of the unprecedented situation caused by the spread of COVID-19 https://www.pcisecuritystandards.org/covid19?utm_content=123288427&utm_medium=social&utm_source=twitter&hss_channel=tw-20256309 45
  • 46. eLearning – 2020 Workplace Learning https://learning.linkedin.com/content/dam/me/learning/resources/pdfs/LinkedIn-Learning-2020-Workplace-Learning-Report.pdf 46 After years of being under-resourced, L&D (Learning and development, in human resource management) budgets are expected to continue to grow—shifting from Instructor-Led Training (ILT) to online learning—and executive buy-in continues to build. As we enter 2020, talent developers are focused on finding innovative ways to drive engagement, activate managers, and measure the business impact of learning. Simultaneously, they are looking ahead, preparing for the upskilling and reskilling revolution coming in the next 3-5 years, when digital transformation and automation are expected to have a greater impact on the workforce globally.
  • 47. eLearning – 2020 Workplace Learning https://learning.linkedin.com/content/dam/me/learning/resources/pdfs/LinkedIn-Learning-2020-Workplace-Learning-Report.pdf 47
  • 48. eLearning – 2020 Workplace Learning https://learning.linkedin.com/content/dam/me/learning/resources/pdfs/LinkedIn-Learning-2020-Workplace-Learning-Report.pdf 48
  • 49. A learning journey is a curated collection of learning content, both formal and informal, that can be used to acquire skills for a specific role or technology area. https://www.ibm.com/services/learning/journeys
  • 51. True Data Privacy requires All of these techniques for On- prem, Hybrid and Cloud environments 51
  • 52. • Privacy enhancing data de-identification terminology and classification of techniques Source: INTERNATIONAL STANDARD ISO/IEC 20889 Encrypted data has the same format Server model Local model Differential Privacy (DP) Formal privacy measurement models (PMM) De-identification techniques (DT) Cryptographic tools (CT) Format Preserving Encryption (FPE) Homomorphic Encryption (HE) Two values encrypted can be combined* K-anonymity model Responses to queries are only able to be obtained through a software component or “middleware”, known as the “curator** The entity receiving the data is looking to reduce risk Ensures that for each identifier there is a corresponding equivalence class containing at least K records *: Multi Party Computation (MPC) **: Example Apple and Google ISO Standard for Encryption and Privacy Models 52
  • 53. Data Warehouse Centralized Distributed On- premises Public Cloud Private Cloud Vault-based tokenization y y Vault-less tokenization y y y y y y Format preserving encryption y y y y y Homomorphic encryption y y Masking y y y y y y Hashing y y y y y y Server model y y y y y y Local model y y y y y y L-diversity y y y y y y T-closeness y y y y y y Formal privacy measurement models Differential Privacy K-anonymity model Privacy enhancing data de-identification terminology and classification of techniques De- identification techniques Tokenization Cryptographic tools Suppression techniques Example of mapping of data security and privacy techniques (ISO) to different deployment models 53
  • 54. Risk reduction and truthfulness of some de-identification techniques and models Singling out Linking Inference Deterministic encryption Yes All attributes No Partially No Order-preserving encryption Yes All attributes No Partially No Homomorphic encryption Yes All attributes No No No Masking Yes Local identifiers Yes Partially No Local suppression Yes Identifying attributes Partially Partially Partially Record suppression Yes Sampling Yes N/A Partially Partially Partially Pseudonymization Yes Direct identifiers No Partially No Generalization Yes Identifying attributes Rounding Yes Identifying attributes No Partially Partially Top/bottom coding Yes Identifying attributes No Partially Partially Noise addition No Identifying attributes Partially Partially Partially Cryptographic tools Suppression Generalization Technique name Data truthfulness at record level Applicable to types of attributes Reduces the risk of Source: INTERNATIONAL STANDARD ISO/IEC 20889 54
  • 55. Cloud
  • 56. 56
  • 57. Shared responsibilities across cloud service models Source: Microsoft Still Customer Responsibility for: • User security • (App security) • Data security 57
  • 58. User Payment Applicatio n Payment Network Payment Data Tokenization (VBT), encryption and keys User CASB User Call Center Applicatio n Format Preserving Encryption (FPE) PII Data Vault-based tokenization (VBT) Examples of Data Protection Use Cases User Data Warehous e PII Data Vault-less tokenization (VLT) Salesforce 58
  • 59. On Premise tokenization • Limited PCI DSS scope reduction - must still maintain a CDE with PCI data • Higher risk – sensitive data still resident in environment • Associated personnel and hardware costs Cloud-Based tokenization • Significant reduction in PCI DSS scope • Reduced risk – sensitive data removed from the environment • Platform-focused security • Lower associated costs – cyber insurance, PCI audit, maintenance Total Cost and Risk of Tokenization in Cloud vs On-prem Source: TokenEx 59
  • 60. Risk and Operational Aspects with different Cloud Models Risk Elasticity Out-sourcedIn-house On-premises system On-premises Private Cloud Hosted Private Cloud Public Cloud Low - High - Compute Cost - High - Low Risk Adjusted Computation 60
  • 61. References: 1. Coronavirus disinformation unit, https://www.computerweekly.com/news/252479721/DCMS-to-oversee-coronavirus-disinformation- unit 2. Here are 2,780+ free ebooks and 100 free audiobooks, https://www.reddit.com/r/FreeEBOOKS/comments/fip0m1/here_are_2780_free_ebooks_and_100_free_audiobooks/?utm_medium =social&utm_source=twitter&utm_content=reddit&utm_campaign=text 3. All the free online resources parents need in home 'schooling' during coronavirus outbreak , https://www.zdnet.com/article/all-the- free-online-resources-parents-guardians-need-in-home-schooling/?ftag=COS- 0510aaa0g&taid=5e7e0e06ef5fb4000146a263&utm_campaign=trueAnthem%3A+Trending+Content&utm_medium=trueAnthem&ut m_source=twitter 4. California Consumer Privacy Act, OCT 4, 2019, https://www.csoonline.com/article/3182578/california-consumer-privacy-act-what- you-need-to-know-to-be-compliant.html 5. GDPR and Tokenizing Data, https://tdwi.org/articles/2018/06/06/biz-all-gdpr-and-tokenizing-data-3.aspx 6. GDPR VS CCPA, https://wirewheel.io/wp-content/uploads/2018/10/GDPR-vs-CCPA-Cheatsheet.pdf 7. General Data Protection Regulation, https://en.wikipedia.org/wiki/General_Data_Protection_Regulation 8. IBM Framework Helps Clients Prepare for the EU's General Data Protection Regulation, https://ibmsystemsmag.com/IBM- Z/03/2018/ibm-framework-gdpr 9. INTERNATIONAL STANDARD ISO/IEC 20889, https://webstore.ansi.org/Standards/ISO/ISOIEC208892018?gclid=EAIaIQobChMIvI- k3sXd5gIVw56zCh0Y0QeeEAAYASAAEgLVKfD_BwE 10. INTERNATIONAL STANDARD ISO/IEC 27018, https://webstore.ansi.org/Standards/ISO/ ISOIEC270182019?gclid=EAIaIQobChMIleWM6MLd5gIVFKSzCh3k2AxKEAAYASAAEgKbHvD_BwE 11. ISO/TS 25237:2008(E), Health Informatics—Pseudonymization, https://www.sis.se/api/document/preview/911119/ 12. NIST PRIVACY FRAMEWORK: A TOOL FOR IMPROVING PRIVACY THROUGH ENTERPRISE RISK MANAGEMENT, https://www.nist.gov/system/files/documents/2019/09/09/nist_privacy_framework_preliminary_draft.pdf 13. NISTIR 8053, De-Identification of Personal Information, https://nvlpubs.nist.gov/nistpubs/ir/2015/NIST.IR.8053.pdf 14. Data Security: On Premise or in the Cloud, ISSA Journal, December 2019, https://mydigitalpublication.com/publication/?m=1336&i=639272&p=28 61