SlideShare a Scribd company logo

Encryption and Legal Considerations

Resilient Systems
Resilient Systems

This document provides an overview of encryption and incident response management. It begins with an agenda for a presentation on encryption, practical considerations, and legal limitations. It then discusses cryptography concepts like encryption, decryption, and hashing. It covers the goals of cryptography including privacy, authentication, integrity and non-repudiation. Next, it discusses symmetric, asymmetric and hashing algorithms as well as encryption versus hashing. The document then covers practical considerations like key length, encryption in transit versus storage. It also discusses legal requirements for encryption in various jurisdictions and restrictions on encryption. Finally, it discusses secure implementation, key management, and incident response management.

Technology
1 of 27
Download to read offline
2 Agenda •Introductions •What is encryption? •Practical Considerations •Legal Considerations •Legal Limitations
3 Introductions: Today’s Speakers •Gant Redmon, Esq., CIPP/US, General Counsel, Co3 Systems •SuhnaPierce, Associate, Morrison & FoersterLLC
4 About Co3 –Incident Response Management MITIGATE Document Results & Improve Performance •Generate reports for management, auditors, and authorities •Conduct post-mortem •Update SOPs •Track evidence •Evaluate historical performance •Educate the organization ASSESS Identify and Evaluate Incidents •Assign appropriate team members •Evaluate precursors and indicators •Correlate threat intelligence •Track incidents, maintain logbook •Prioritize activities based on criticality •Generate assessment summaries PREPARE Improve Organizational Readiness •Appoint team members •Fine-tune response SOPs •Escalate from existing systems •Run simulations (firedrills/ table tops) MANAGE Contain, Eradicate, and Recover •Generate real-time IR plan •Coordinate team response •Choose appropriate containment strategy •Isolate and remediate cause •Instruct evidence gathering and handling •Log evidence
5 Cryptography: Basic Concepts •Encryption is a component of cryptography •Cryptography: the science of communicating information secretly –Algorithm / cipher: The process used to transform information from plaintext to unintelligible ciphertextform –Encryption: The operation of transforming plaintext information using a cipher / algorithm –Decryption: The reverse operation, transforming a ciphertextmessage to plaintext –Key: The secret “password” or “code” that facilitates encryption and decryption
6 Goals of Cryptography: PAIN •PAIN: Privacy, Authentication, Integrity, Non-repudiation •Privacy: keep private information from being read by unauthorized readers •Authentication: verifying the identities of the individual or machine participating in the communications •Integrity: ensure that unauthorized changes have not been made to information •Non-repudiation: prevent the sender of a message from denying its origin
7 Three Basic Types of Algorithms •Symmetric (aka shared key secret key) –Sender and receiver share a secret key –A single key is used to encrypt and decrypt messages –Challenges: •How to share the secret key; non-repudiation; scalability •Asymmetric (public key) –Key pair-private key and public key –One is used to encrypt and the other to decrypt –Challenges: more computational effort required to encrypt / decrypt than symmetric •Reduces speed and performance •Hashing (one-way encryption) –Produces a “hash” or “message digest” –The original messages cannot be deciphered –Typically used for integrity
8 Encryption versus Hashing 1 •Hashing produces a fixed length message digest for each message input –Any change to input results in completely different output –Not reversible –Collision-resistant –Input iterated many times •Encryption produces ciphertextof length that will be related to the plaintext input –Reversible •If each secret message is a three-dimensional object, e.g., a snowflake: –Encryption: putting a snowflake inside a box and locking it –Hashing: tracing the snowflake on a piece of paper
9 Encryption versus Hashing 2 •When to use encryption, and when to use hashing? •Hashing: use when you want to check the validity of the secret message (i.e. that two values are the same) –Do not need the original input data back –Passwords •Encryption: use when you need to get the original input data back –Health data –Other sensitive data that needs to be read at a future point
10 Practical Considerations •Key length •Stream and block ciphers •Types of algorithms: symmetric, asymmetric, and hashing •Symmetric versus asymmetric: how do they work •Encryption modes •Encrypting in transit and encrypting in storage •Full disk versus partial disk
11 Key Length •Encryption / decryption keys are binary strings. –Each binary digit is a bit, and the total number of bits is the key length –The longer the encryption key, the more secure the encryption
18 Transmissions versus Storage •Data can be encrypted “at rest” and “in transit” •Encrypting data at rest (in storage) –Sensitive data should be encrypted –Can be encrypted in storage at various levels: individual files or folders, entire disk –Databases: individual cells, entire table –Removable media, mobile devices, other portable devices (e.g. printers) •Encrypting data in transit –Secure Sockets Layer (SSL): uses symmetric and asymmetric –Transport Layer Security (TLS): newer protocol •HTTPS: application of SSL / TLS to HTTP –Secure Shell (SSH): asymmetric –Internet Protocol Security (IPsec): secures IP-based messages •Used to create VPNs
19 Full Disk versus Partial Disk •Encryption can be implemented on storage media (e.g., laptops, USB drives) on full disk or partial disk •Full disk encryption on laptops: encrypt entire drive with an encryption utility that modifies boot process –Uses symmetric encryption –Prompts user to enter password / passphrase / USB drive –Encryption / decryption key is loaded into memory –Laptop resumes booting as normal –Decrypts OS and data files as-needed, transparent to user •Partial disk: encrypts only designated parts of the disk (e.g. file, folder, partition) –Uses symmetric and asymmetric encryption –User enters password / key to decrypt and access the encrypted portion –When decrypted data is cleared from memory, the key is also cleared from memory
POLL
21 Laws that Require Encryption 1 •Many data protection laws and regulations require encryption of sensitive types of personal data •United States –Massachusetts: “Personal information” stored on laptops and other portable devices or transmitted across public networks or wirelessly –Nevada: “Personal information” stored on data storage devices moved beyond the control of the responsible entity or transmitted outside its secure systems –HIPAA: e-PHI, if, after a risk assessment, the entity has determined that use of encryption is a reasonable and appropriate safeguard •Argentina: sensitive data stored on removable media or portable storage devices or transmitted through communication networks •Japan: biometric information stored on servers, portable devices and portable storage media •Poland: all personal data transmitted across public networks or wirelessly and on laptops transported outside secured facilities
22 Laws that Require Encryption 2 •Portugal: sensitive and criminal data transmitted over a network •Norway: personal data for which confidentiality is necessary, when transferred electronically by means of a transfer medium that is beyond the physical control of the entity •South Korea: complex encryption requirements for “peculiar identification data” and “bio data” and one-way encryption (hashing) required for passwords •United Kingdom: personal data, the loss of which could cause damage or distress to individuals, on portable and mobile devices including magnetic media •And others
23 Safe Harbor for Encryption •Breach notification laws in 48 U.S. states –Encryption tied to the definition of a breach –All contain a safe harbor for encrypted personal information –Lose that safe harbor in many of them if the encryption key is also accessed or acquired –In MA: a 128-bit algorithmic process must be used, unless regulations further define encryption. •Over 15 other countries with mandatory laws, many others with voluntary guidelines
POLL
25 Restrictions on Encryption •US export restrictions –Encryption is a “dual use” item governed for export by the Bureau of Industry and Security (BIS) within the Dept. of Commerce –Must classify your product with the BIS or self classify and include that classification on your shippers export declaration •Import, Export and Use Restrictions –See http://www.cryptolaw.org/cls-sum.htm –Use controls only export. Russia controls all three •License requirements –Description of the product –List of algorithms used –Description of how they are used and if they may be modified
26 Encryption Is Not a Panacea •Encryption is only part of a comprehensive security program. •Also need to have: –Suitable solution –Trustworthy implementation –Key management –Other appropriate security processes –Adequate training in technology and processes •Encryption does not provide availability -need adequate backups.
27 Hypothetical: Lost USB Drive •Lost USB drive belonging to HR manager contains several spreadsheets containing employee personal information, including SSNs, and utilizes file encryption •Does the company know which files on the drive contained SSNs? •Can the company prove that those files were encrypted?
28 Hypothetical: Stolen laptop •Stolen laptop belonging to HR manager contains several spreadsheets containing employee personal information, including SSNs, and utilizes full disk encryption •Was the laptop running when stolen? •Was the laptop running shortly before it was stolen?
29 Secure Implementation •Use an encryption algorithm that has not been demonstrated to be insecure –National Institute of Standards for Technology (NIST) publishes list of algorithms approved for federal government use in Federal Information Processing Standards (FIPS) •NIST Cryptographic Algorithm Validation Program (CAVP) –Validation testing of implementation of NIST approved algorithms –Validation list contains some information about the implementations tested and found to have correctly implemented the algorithm
30 Key Management •Keys should be at least 192 bits for organizational data •Keys should be securely and randomly generated •Restrict access to keys to fewest number of custodians needed •Store keys securely in the fewest number of places needed •Distribute keys securely •Key rotation process
■
32 Upcoming Co3 Systems Events •Cyber IP Expo, London, UK: October 8-9 •FS-ISAC EU Summit, London, UK: November 3-5
One Alewife Center, Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE “One of the hottest products at RSA…” NETWORK WORLD –FEBRUARY 2013 “Co3…defines what software packages for privacy look like.” GARTNER “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE SuhnaPierce, Associate Morrison & FoersterLLC

Recommended

Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemAlchemist095
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsAlchemist095
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Security fundamentals
Security fundamentalsSecurity fundamentals
Security fundamentalsSofoklisEfremidisAIT
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 

Recommended

Lecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemLecture 8 comp forensics 03 10-18 file system
Lecture 8 comp forensics 03 10-18 file systemAlchemist095
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer ForensicsAlchemist095
 
Lecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemLecture 9 and 10 comp forensics 09 10-18 file system
Lecture 9 and 10 comp forensics 09 10-18 file systemAlchemist095
 
Protecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementProtecting Sensitive Data using Encryption and Key Management
Protecting Sensitive Data using Encryption and Key ManagementStuart Marsh
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityLecture 4,5, 6 comp forensics 19 9-2018 basic security
Lecture 4,5, 6 comp forensics 19 9-2018 basic securityAlchemist095
 
Security fundamentals
Security fundamentalsSecurity fundamentals
Security fundamentalsSofoklisEfremidisAIT
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Key Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataKey Concepts for Protecting the Privacy of IBM i Data
Key Concepts for Protecting the Privacy of IBM i DataPrecisely
 
Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iamgocybersec
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Cyber security
Cyber securityCyber security
Cyber securityJahirUddinKomol
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgEric Vanderburg
 
Introduction To Forensic Methodologies
Introduction To Forensic MethodologiesIntroduction To Forensic Methodologies
Introduction To Forensic MethodologiesLedjit
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3jemtallon
 
cyber forensics
cyber forensicscyber forensics
cyber forensicsAmbuj Kumar
 
[ppt]
[ppt][ppt]
[ppt]webhostingguy
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote AccessMLG College of Learning, Inc
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Vishal Tandel
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecuritySam Bowne
 
Uc14 chap09
Uc14 chap09Uc14 chap09
Uc14 chap09Rashid Yahye
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3FRSecure
 
A k i l o y u n l a r i
A k i l o y u n l a r iA k i l o y u n l a r i
A k i l o y u n l a r iNLPDAP Danışmanlık ve Eğitim Merkezi
 
Applicant/Candidate Resume Guideline
Applicant/Candidate Resume GuidelineApplicant/Candidate Resume Guideline
Applicant/Candidate Resume GuidelineDenni Domingo
 

More Related Content

What's hot

Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romneywoyaoni
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iamgocybersec
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgEric Vanderburg
 
Introduction To Forensic Methodologies
Introduction To Forensic MethodologiesIntroduction To Forensic Methodologies
Introduction To Forensic MethodologiesLedjit
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentalsManesh T
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniDr Raghu Khimani
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3jemtallon
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Vishal Tandel
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecuritySam Bowne
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3FRSecure
 

What's hot (20)

Ch8ed12romney
Ch8ed12romneyCh8ed12romney
Ch8ed12romney
 
501 ch 2 understanding iam
501 ch 2 understanding iam501 ch 2 understanding iam
501 ch 2 understanding iam
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access Management
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Cyber security
Cyber securityCyber security
Cyber security
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
 
Introduction To Forensic Methodologies
Introduction To Forensic MethodologiesIntroduction To Forensic Methodologies
Introduction To Forensic Methodologies
 
Security in computer systems fundamentals
Security in computer systems fundamentalsSecurity in computer systems fundamentals
Security in computer systems fundamentals
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu KhimaniInvestigative Tools and Equipments for Cyber Crime by Raghu Khimani
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
[ppt]
[ppt][ppt]
[ppt]
 
Lesson 3- Remote Access
Lesson 3- Remote AccessLesson 3- Remote Access
Lesson 3- Remote Access
 
Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.Case study on Physical devices used in Computer forensics.
Case study on Physical devices used in Computer forensics.
 
CNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset SecurityCNIT 125 Ch 3. Asset Security
CNIT 125 Ch 3. Asset Security
 
Uc14 chap09
Uc14 chap09Uc14 chap09
Uc14 chap09
 
Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3Slide Deck CISSP Class Session 3
Slide Deck CISSP Class Session 3
 

Viewers also liked

Applicant/Candidate Resume Guideline
Applicant/Candidate Resume GuidelineApplicant/Candidate Resume Guideline
Applicant/Candidate Resume GuidelineDenni Domingo
 
Slide show
Slide showSlide show
Slide showmbjame
 
Brochure Womens Leadership Programme
Brochure Womens Leadership ProgrammeBrochure Womens Leadership Programme
Brochure Womens Leadership Programmehelenhouman
 
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?Resilient Systems
 
Summer scholars presentation (final)
Summer scholars presentation (final)Summer scholars presentation (final)
Summer scholars presentation (final)Nikki VandeVliet
 
Notable quotations work and workers rights
Notable quotations work and workers rightsNotable quotations work and workers rights
Notable quotations work and workers rightsDenni Domingo
 
教育学特殊XIV 第4講
教育学特殊XIV 第4講教育学特殊XIV 第4講
教育学特殊XIV 第4講Koyo Yamamori
 
งานนำเสนอ1
งานนำเสนอ1งานนำเสนอ1
งานนำเสนอ1surasak2222
 
10 habilidades docente de la post-era digital
10 habilidades docente de la post-era digital10 habilidades docente de la post-era digital
10 habilidades docente de la post-era digitalAlma de Docente
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarResilient Systems
 
Lilibeth-Caliwan-Parungao-resume
Lilibeth-Caliwan-Parungao-resumeLilibeth-Caliwan-Parungao-resume
Lilibeth-Caliwan-Parungao-resumeLilibeth Parungao
 
Webstore Design Gallery
Webstore Design GalleryWebstore Design Gallery
Webstore Design GalleryRobert Langius
 
An Overview of Red Rocket Ventures
An Overview of Red Rocket VenturesAn Overview of Red Rocket Ventures
An Overview of Red Rocket VenturesRed Rocket Ventures
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 

Viewers also liked (20)

A k i l o y u n l a r i
A k i l o y u n l a r iA k i l o y u n l a r i
A k i l o y u n l a r i
 
Applicant/Candidate Resume Guideline
Applicant/Candidate Resume GuidelineApplicant/Candidate Resume Guideline
Applicant/Candidate Resume Guideline
 
Slide show
Slide showSlide show
Slide show
 
Brochure Womens Leadership Programme
Brochure Womens Leadership ProgrammeBrochure Womens Leadership Programme
Brochure Womens Leadership Programme
 
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?
 
Summer scholars presentation (final)
Summer scholars presentation (final)Summer scholars presentation (final)
Summer scholars presentation (final)
 
Notable quotations work and workers rights
Notable quotations work and workers rightsNotable quotations work and workers rights
Notable quotations work and workers rights
 
Hot tubs wisconsin
Hot tubs wisconsinHot tubs wisconsin
Hot tubs wisconsin
 
INDIAN CULTURE
INDIAN CULTURE INDIAN CULTURE
INDIAN CULTURE
 
教育学特殊XIV 第4講
教育学特殊XIV 第4講教育学特殊XIV 第4講
教育学特殊XIV 第4講
 
งานนำเสนอ1
งานนำเสนอ1งานนำเสนอ1
งานนำเสนอ1
 
PI Report
PI ReportPI Report
PI Report
 
10 habilidades docente de la post-era digital
10 habilidades docente de la post-era digital10 habilidades docente de la post-era digital
10 habilidades docente de la post-era digital
 
Co3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions WebinarCo3's Annual Review & Predictions Webinar
Co3's Annual Review & Predictions Webinar
 
Nlpdap ile düşünce yönetimi ve stratejik iletişim
Nlpdap ile düşünce yönetimi ve stratejik iletişimNlpdap ile düşünce yönetimi ve stratejik iletişim
Nlpdap ile düşünce yönetimi ve stratejik iletişim
 
Lilibeth-Caliwan-Parungao-resume
Lilibeth-Caliwan-Parungao-resumeLilibeth-Caliwan-Parungao-resume
Lilibeth-Caliwan-Parungao-resume
 
Webstore Design Gallery
Webstore Design GalleryWebstore Design Gallery
Webstore Design Gallery
 
An Overview of Red Rocket Ventures
An Overview of Red Rocket VenturesAn Overview of Red Rocket Ventures
An Overview of Red Rocket Ventures
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Mk12 it trans-new
Mk12 it trans-newMk12 it trans-new
Mk12 it trans-new
 

Similar to Encryption and Legal Considerations

Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Information Security
Information SecurityInformation Security
Information Securitysonykhan3
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdfGnanavi2
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
501 ch 11 operational security
501 ch 11 operational security501 ch 11 operational security
501 ch 11 operational securitygocybersec
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.pptajajkhan16
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesST_World
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecuritySam Bowne
 

Similar to Encryption and Legal Considerations (20)

cyber Forensics
cyber Forensicscyber Forensics
cyber Forensics
 
CF.ppt
CF.pptCF.ppt
CF.ppt
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
ISBB_Chapter6.pptx
ISBB_Chapter6.pptxISBB_Chapter6.pptx
ISBB_Chapter6.pptx
 
Information Security
Information SecurityInformation Security
Information Security
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
644205e3-8f85-43da-95ac-e4cbb6a7a406-150917105917-lva1-app6892.pdf
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Forensics Analysis and Validation
Forensics Analysis and Validation Forensics Analysis and Validation
Forensics Analysis and Validation
 
security in is.pptx
security in is.pptxsecurity in is.pptx
security in is.pptx
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
501 ch 11 operational security
501 ch 11 operational security501 ch 11 operational security
501 ch 11 operational security
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.ppt
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
 

More from Resilient Systems

You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentResilient Systems
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features Resilient Systems
 
Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Resilient Systems
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Resilient Systems
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response FunctionResilient Systems
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeResilient Systems
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUResilient Systems
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response PlanResilient Systems
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 DaysResilient Systems
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksResilient Systems
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The MoneyResilient Systems
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightResilient Systems
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueResilient Systems
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeResilient Systems
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 

More from Resilient Systems (20)

You've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The IncidentYou've Been Breached: How To Mitigate The Incident
You've Been Breached: How To Mitigate The Incident
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 
By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features By Popular Demand: Co3's Latest and Greatest Features
By Popular Demand: Co3's Latest and Greatest Features
 
Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents Are We Breached How to Effectively Assess and Manage Incidents
Are We Breached How to Effectively Assess and Manage Incidents
 
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits
 
How To Build An Incident Response Function
How To Build An Incident Response FunctionHow To Build An Incident Response Function
How To Build An Incident Response Function
 
Today's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About ItToday's Breach Reality, The IR Imperative, And What You Can Do About It
Today's Breach Reality, The IR Imperative, And What You Can Do About It
 
EU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response ImperativeEU Cyber Attacks And The Incident Response Imperative
EU Cyber Attacks And The Incident Response Imperative
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
The Target Breach - Follow The Money EU
The Target Breach - Follow The Money EUThe Target Breach - Follow The Money EU
The Target Breach - Follow The Money EU
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
New CISO - The First 90 Days
New CISO - The First 90 DaysNew CISO - The First 90 Days
New CISO - The First 90 Days
 
How To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their TracksHow To Stop Target-Like Breaches In Their Tracks
How To Stop Target-Like Breaches In Their Tracks
 
The Target Breach – Follow The Money
The Target Breach – Follow The MoneyThe Target Breach – Follow The Money
The Target Breach – Follow The Money
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 Predictions
 
Incident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It RightIncident Response: Don't Mess It Up, Here's How To Get It Right
Incident Response: Don't Mess It Up, Here's How To Get It Right
 
Treat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance IssueTreat a Breach Like a Customer, Not a Compliance Issue
Treat a Breach Like a Customer, Not a Compliance Issue
 
You're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat LandscapeYou're Breached: Information Risk Analysis for Today's Threat Landscape
You're Breached: Information Risk Analysis for Today's Threat Landscape
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 

Recently uploaded

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 

Recently uploaded (20)

Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 

Encryption and Legal Considerations

  • 1.
  • 2. 2 Agenda •Introductions •What is encryption? •Practical Considerations •Legal Considerations •Legal Limitations
  • 3. 3 Introductions: Today’s Speakers •Gant Redmon, Esq., CIPP/US, General Counsel, Co3 Systems •SuhnaPierce, Associate, Morrison & FoersterLLC
  • 4. 4 About Co3 –Incident Response Management MITIGATE Document Results & Improve Performance •Generate reports for management, auditors, and authorities •Conduct post-mortem •Update SOPs •Track evidence •Evaluate historical performance •Educate the organization ASSESS Identify and Evaluate Incidents •Assign appropriate team members •Evaluate precursors and indicators •Correlate threat intelligence •Track incidents, maintain logbook •Prioritize activities based on criticality •Generate assessment summaries PREPARE Improve Organizational Readiness •Appoint team members •Fine-tune response SOPs •Escalate from existing systems •Run simulations (firedrills/ table tops) MANAGE Contain, Eradicate, and Recover •Generate real-time IR plan •Coordinate team response •Choose appropriate containment strategy •Isolate and remediate cause •Instruct evidence gathering and handling •Log evidence
  • 5. 5 Cryptography: Basic Concepts •Encryption is a component of cryptography •Cryptography: the science of communicating information secretly –Algorithm / cipher: The process used to transform information from plaintext to unintelligible ciphertextform –Encryption: The operation of transforming plaintext information using a cipher / algorithm –Decryption: The reverse operation, transforming a ciphertextmessage to plaintext –Key: The secret “password” or “code” that facilitates encryption and decryption
  • 6. 6 Goals of Cryptography: PAIN •PAIN: Privacy, Authentication, Integrity, Non-repudiation •Privacy: keep private information from being read by unauthorized readers •Authentication: verifying the identities of the individual or machine participating in the communications •Integrity: ensure that unauthorized changes have not been made to information •Non-repudiation: prevent the sender of a message from denying its origin
  • 7. 7 Three Basic Types of Algorithms •Symmetric (aka shared key secret key) –Sender and receiver share a secret key –A single key is used to encrypt and decrypt messages –Challenges: •How to share the secret key; non-repudiation; scalability •Asymmetric (public key) –Key pair-private key and public key –One is used to encrypt and the other to decrypt –Challenges: more computational effort required to encrypt / decrypt than symmetric •Reduces speed and performance •Hashing (one-way encryption) –Produces a “hash” or “message digest” –The original messages cannot be deciphered –Typically used for integrity
  • 8. 8 Encryption versus Hashing 1 •Hashing produces a fixed length message digest for each message input –Any change to input results in completely different output –Not reversible –Collision-resistant –Input iterated many times •Encryption produces ciphertextof length that will be related to the plaintext input –Reversible •If each secret message is a three-dimensional object, e.g., a snowflake: –Encryption: putting a snowflake inside a box and locking it –Hashing: tracing the snowflake on a piece of paper
  • 9. 9 Encryption versus Hashing 2 •When to use encryption, and when to use hashing? •Hashing: use when you want to check the validity of the secret message (i.e. that two values are the same) –Do not need the original input data back –Passwords •Encryption: use when you need to get the original input data back –Health data –Other sensitive data that needs to be read at a future point
  • 10. 10 Practical Considerations •Key length •Stream and block ciphers •Types of algorithms: symmetric, asymmetric, and hashing •Symmetric versus asymmetric: how do they work •Encryption modes •Encrypting in transit and encrypting in storage •Full disk versus partial disk
  • 11. 11 Key Length •Encryption / decryption keys are binary strings. –Each binary digit is a bit, and the total number of bits is the key length –The longer the encryption key, the more secure the encryption
  • 12. 18 Transmissions versus Storage •Data can be encrypted “at rest” and “in transit” •Encrypting data at rest (in storage) –Sensitive data should be encrypted –Can be encrypted in storage at various levels: individual files or folders, entire disk –Databases: individual cells, entire table –Removable media, mobile devices, other portable devices (e.g. printers) •Encrypting data in transit –Secure Sockets Layer (SSL): uses symmetric and asymmetric –Transport Layer Security (TLS): newer protocol •HTTPS: application of SSL / TLS to HTTP –Secure Shell (SSH): asymmetric –Internet Protocol Security (IPsec): secures IP-based messages •Used to create VPNs
  • 13. 19 Full Disk versus Partial Disk •Encryption can be implemented on storage media (e.g., laptops, USB drives) on full disk or partial disk •Full disk encryption on laptops: encrypt entire drive with an encryption utility that modifies boot process –Uses symmetric encryption –Prompts user to enter password / passphrase / USB drive –Encryption / decryption key is loaded into memory –Laptop resumes booting as normal –Decrypts OS and data files as-needed, transparent to user •Partial disk: encrypts only designated parts of the disk (e.g. file, folder, partition) –Uses symmetric and asymmetric encryption –User enters password / key to decrypt and access the encrypted portion –When decrypted data is cleared from memory, the key is also cleared from memory
  • 14. POLL
  • 15. 21 Laws that Require Encryption 1 •Many data protection laws and regulations require encryption of sensitive types of personal data •United States –Massachusetts: “Personal information” stored on laptops and other portable devices or transmitted across public networks or wirelessly –Nevada: “Personal information” stored on data storage devices moved beyond the control of the responsible entity or transmitted outside its secure systems –HIPAA: e-PHI, if, after a risk assessment, the entity has determined that use of encryption is a reasonable and appropriate safeguard •Argentina: sensitive data stored on removable media or portable storage devices or transmitted through communication networks •Japan: biometric information stored on servers, portable devices and portable storage media •Poland: all personal data transmitted across public networks or wirelessly and on laptops transported outside secured facilities
  • 16. 22 Laws that Require Encryption 2 •Portugal: sensitive and criminal data transmitted over a network •Norway: personal data for which confidentiality is necessary, when transferred electronically by means of a transfer medium that is beyond the physical control of the entity •South Korea: complex encryption requirements for “peculiar identification data” and “bio data” and one-way encryption (hashing) required for passwords •United Kingdom: personal data, the loss of which could cause damage or distress to individuals, on portable and mobile devices including magnetic media •And others
  • 17. 23 Safe Harbor for Encryption •Breach notification laws in 48 U.S. states –Encryption tied to the definition of a breach –All contain a safe harbor for encrypted personal information –Lose that safe harbor in many of them if the encryption key is also accessed or acquired –In MA: a 128-bit algorithmic process must be used, unless regulations further define encryption. •Over 15 other countries with mandatory laws, many others with voluntary guidelines
  • 18. POLL
  • 19. 25 Restrictions on Encryption •US export restrictions –Encryption is a “dual use” item governed for export by the Bureau of Industry and Security (BIS) within the Dept. of Commerce –Must classify your product with the BIS or self classify and include that classification on your shippers export declaration •Import, Export and Use Restrictions –See http://www.cryptolaw.org/cls-sum.htm –Use controls only export. Russia controls all three •License requirements –Description of the product –List of algorithms used –Description of how they are used and if they may be modified
  • 20. 26 Encryption Is Not a Panacea •Encryption is only part of a comprehensive security program. •Also need to have: –Suitable solution –Trustworthy implementation –Key management –Other appropriate security processes –Adequate training in technology and processes •Encryption does not provide availability -need adequate backups.
  • 21. 27 Hypothetical: Lost USB Drive •Lost USB drive belonging to HR manager contains several spreadsheets containing employee personal information, including SSNs, and utilizes file encryption •Does the company know which files on the drive contained SSNs? •Can the company prove that those files were encrypted?
  • 22. 28 Hypothetical: Stolen laptop •Stolen laptop belonging to HR manager contains several spreadsheets containing employee personal information, including SSNs, and utilizes full disk encryption •Was the laptop running when stolen? •Was the laptop running shortly before it was stolen?
  • 23. 29 Secure Implementation •Use an encryption algorithm that has not been demonstrated to be insecure –National Institute of Standards for Technology (NIST) publishes list of algorithms approved for federal government use in Federal Information Processing Standards (FIPS) •NIST Cryptographic Algorithm Validation Program (CAVP) –Validation testing of implementation of NIST approved algorithms –Validation list contains some information about the implementations tested and found to have correctly implemented the algorithm
  • 24. 30 Key Management •Keys should be at least 192 bits for organizational data •Keys should be securely and randomly generated •Restrict access to keys to fewest number of custodians needed •Store keys securely in the fewest number of places needed •Distribute keys securely •Key rotation process
  • 25.
  • 26. 32 Upcoming Co3 Systems Events •Cyber IP Expo, London, UK: October 8-9 •FS-ISAC EU Summit, London, UK: November 3-5
  • 27. One Alewife Center, Suite 450 Cambridge, MA 02140 PHONE 617.206.3900 WWW.CO3SYS.COM “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.” PC MAGAZINE, EDITOR’S CHOICE “One of the hottest products at RSA…” NETWORK WORLD –FEBRUARY 2013 “Co3…defines what software packages for privacy look like.” GARTNER “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE SuhnaPierce, Associate Morrison & FoersterLLC