Privacy starting from general principles including monotonous growth of information. Introduction to EU Project PrimeLife. Introduction to Anonymous Credentials/Identity Mixer and Smart Identity Cards as technology solutions.
If you missed the webinar Marianne Halvorsen of http://Halvorsenonrisk.com gave on March 25th, 2013, please take a look at the slide presentation that accompanied the webinar. In it you will learn the different types of risks to your company, the costs when an event happens, and how you can protect yourself in the event of a cyber breach.
Privacy-by-Design Cavoukian TTI March 2011Bern Grush
Discussion of privacy guidance for automotive telemetric. Related to usage-based insurance, parking payment, road-use charging, emissions metering, etc
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Anup Narayanan
A talk that is based on my methodology HIMIS (Human Impact Management for Information Security) for reducing information security risks due to human error. To know more about HIMIS, visit http://www.isqworld.com/himis
If you missed the webinar Marianne Halvorsen of http://Halvorsenonrisk.com gave on March 25th, 2013, please take a look at the slide presentation that accompanied the webinar. In it you will learn the different types of risks to your company, the costs when an event happens, and how you can protect yourself in the event of a cyber breach.
Privacy-by-Design Cavoukian TTI March 2011Bern Grush
Discussion of privacy guidance for automotive telemetric. Related to usage-based insurance, parking payment, road-use charging, emissions metering, etc
Reducing Security Risks Due to Human Error - Information Security Summit, Kua...Anup Narayanan
A talk that is based on my methodology HIMIS (Human Impact Management for Information Security) for reducing information security risks due to human error. To know more about HIMIS, visit http://www.isqworld.com/himis
A Model for Reducing Security Risks due to Human Error - iSafe 2010, DubaiAnup Narayanan
This talk provides a model for reducing security risks due to poor information security awareness and poor attitude. Based on my methodology HIMIS (Human Impact Management for Information Security). To know more about HIMIS, visit http://www.isqworld.com/himis
This is a presentation prepared and delivered to the International Bar Association Conference in 2012 on behalf of the Interactive Direct Marketing Association. It looks at some of the pragmatic challenges that exist in getting organisations to adopt and adapt to the requirements of the Cookies regulations.
A model for reducing information security risks due to human errorAnup Narayanan
My recent presentation at cOcOn, an international Cyber Security and Policing Conference in Trivandrum Kerala. The talk focuses on reducing information security risks due to human error using information security awareness and competence management solutions.
Are You Ready for the Era of Big Data and Extreme Information Management?John Mancini
This is the first part of a 5-part series on the Information Challenges facing organizations. A white paper describing these challenges can be found here - http://pages2.aiim.org/CIPWebPage_InfoProWP.html
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
How Affiliate Marketers Can Avoid Legal PitfallsAffiliate Summit
The session will provide an overview of the legal landscape affiliate marketers face, including the common pitfalls that can threaten every business.
Experience level: Beginner
Target audience: Network
Niche/vertical: Compliance
Eric Crusius, Senior Attorney, Centre Law Group (Twitter @InternetBizLaw)
Originally delivered at Oracle Social Business Seminar - for more information on becoming a Certified Information Professional, go to http://www.aiim.org/certification.
Learn about threats to YOUR
Customer\'s privacy.
- Googling Your Corporate Privacy Away
- Tools and practices your users are already using that will compromise their privacy.
- Trends in Regulations
- Rules and regulations you need to know to stay current
- Trends in Financial Crimes - New crimes, old crimes with new tools and why your company is so attractive to attackers
- Effective Multicompliance - Tips, Techniques and lessons learned in staying compliant, while increasing profits and maintaining your sanity
A summary of some of the more significant changes in google adwords this year. In additon to the changes, there are tips on how to use them to better manage campaigns.
A Model for Reducing Security Risks due to Human Error - iSafe 2010, DubaiAnup Narayanan
This talk provides a model for reducing security risks due to poor information security awareness and poor attitude. Based on my methodology HIMIS (Human Impact Management for Information Security). To know more about HIMIS, visit http://www.isqworld.com/himis
This is a presentation prepared and delivered to the International Bar Association Conference in 2012 on behalf of the Interactive Direct Marketing Association. It looks at some of the pragmatic challenges that exist in getting organisations to adopt and adapt to the requirements of the Cookies regulations.
A model for reducing information security risks due to human errorAnup Narayanan
My recent presentation at cOcOn, an international Cyber Security and Policing Conference in Trivandrum Kerala. The talk focuses on reducing information security risks due to human error using information security awareness and competence management solutions.
Are You Ready for the Era of Big Data and Extreme Information Management?John Mancini
This is the first part of a 5-part series on the Information Challenges facing organizations. A white paper describing these challenges can be found here - http://pages2.aiim.org/CIPWebPage_InfoProWP.html
The continued expansion of file-based, business-critical information within extended enterprises is changing the storage dynamic in a wide range of industries and organizations. In a series of interviews with U.S. and European enterprises, IDC found that companies are increasing their file-based storage by 40% to 120% a year and place a high priority on boosting the efficiency and reliability of their management processes for file-based information. IDC research indicates that unstructured, filebased data drove a majority of new storage capacity in all organizations' datacenters in 2008 and projects this growth to accelerate, in spite of current economic conditions. By 2012, over 75% of new storage capacity shipped will be dedicated to the storage, organization, and protection of files.
How Affiliate Marketers Can Avoid Legal PitfallsAffiliate Summit
The session will provide an overview of the legal landscape affiliate marketers face, including the common pitfalls that can threaten every business.
Experience level: Beginner
Target audience: Network
Niche/vertical: Compliance
Eric Crusius, Senior Attorney, Centre Law Group (Twitter @InternetBizLaw)
Originally delivered at Oracle Social Business Seminar - for more information on becoming a Certified Information Professional, go to http://www.aiim.org/certification.
Learn about threats to YOUR
Customer\'s privacy.
- Googling Your Corporate Privacy Away
- Tools and practices your users are already using that will compromise their privacy.
- Trends in Regulations
- Rules and regulations you need to know to stay current
- Trends in Financial Crimes - New crimes, old crimes with new tools and why your company is so attractive to attackers
- Effective Multicompliance - Tips, Techniques and lessons learned in staying compliant, while increasing profits and maintaining your sanity
A summary of some of the more significant changes in google adwords this year. In additon to the changes, there are tips on how to use them to better manage campaigns.
Measuring the Fuzzy ROI of Social MediaSteve Hammer
Presented at Confluence Conference. Using your site to measure the impact of social media and measurement strategies. 4 tips and a bonus advanced method for using split testing.
IBM InfoSphere Guardium provides the simplest, most robust solution for assuring the privacy and integrity of trusted information in your data center (SAP, PeopleSoft, Cognos, Siebel, etc.) and reducing costs by automating the entire compliance auditing process in heterogeneous environments.
In the social, mobile and cloud era, what does it take to be an Information P...John Mancini
Summary of massive changes underway in the enterprise IT marketplace being driven by social, mobile, and cloud, and the implications of these changes on what it means to be an information professional.
http://www.aiim.org/certification
The NRB Group mainframe day 2021 - Security On Z - Guillaume HoareauNRB
Mainframe are a mainstay—especially for cyber security and compliance. IBM improved the mainframe release after release to help todays organizations in their security journey to protect their mission critical workloads. Open and resilient, Mainframe architecture and design evolve in order to face threats of the future.
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing the Impact of a Breach
Encryption has been viewed as the ultimate way to protect sensitive data for compliance. But it has also been considered very complex to implement. Today, encryption is essential to meet compliance objectives, and has become much simpler to implement. The challenge is knowing when and where to use encryption, how it can simplify compliance, what controls need to be in place, and the options for good encryption key management. This session will cover the options for encryption and key management, what each provides, and their requirements. Encryption and key management topics include application-level encryption for data in use, network encryption of data in motion, and storage encryption for data at rest.
Control cloud data access privilege and anonymity with fully anonymous attrib...LeMeniz Infotech
Control cloud data access privilege and anonymity with fully anonymous attribute based encryption
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Control cloud data access privilege and anonymity with fully anonymous attri...LeMeniz Infotech
Control cloud data access privilege and anonymity with fully anonymous attribute based encryption
Do Your Projects With Technology Experts
To Get this projects Call : 9566355386 / 99625 88976
Visit : www.lemenizinfotech.com / www.ieeemaster.com
Mail : projects@lemenizinfotech.com
Peter Wood and his team conduct ethical hacking engagements for multi-national organisations in varied business sectors. Peter will address the top three emerging threats, how they affect the attack surface of a typical business and how they can be exploited.
Similar to Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross (20)
Presenting the works of the EU projects PrimeLife and ABC4Trust, on how to employ attribute-based credentials (at the Newcastle security forum). The slides are provided by IBM Research - Zurich, in particular Jan Camenisch, Gregory Neven and Anja Lehmann.
CCSW’12: Automated Verification of Virtualized InfrastructuresThomas Gross
We explore feasibility of automated analysis of actual cloud configurations against high-level security goals. We look at topology (VM and host, as well as network and storage interconnection). At ACM CCSW 2012.
VALID Rules - A language for cloud verification (EU CSP\’12)Thomas Gross
How can we specify high-level security goals for clouds and be sure that the infrastructure actually fulfills the goals?
Presented at the EU Cyber Security and Privacy Forum 2012.
Anonymous Credentials on Java Card - SIT Smartcard 2011Thomas Gross
How anonymous credentials can enhance electronic identity cards with strong security and privacy. A feasibility study presented at the Fraunhofer SIT Smartcard workshop 2011
CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...Thomas Gross
We propose a protocol framework for credential-authenticated key exchange, in which two parties aim at establishing a secure channel without a joint PKI. Both parties prove in zero-knowledge that their credentials fulfill a relationship, say that both are citizens of a certain country or that they know a password. If they both fulfill the relation, they will obtain a joint random key for secure channel establishment. Otherwise they won’t learn anything about each other.
13. PrimeLife's Objectives
Bringing Sustainable Privacy and Identity Management to
Future Networks and Services
Fundamentally understanding privacy-enhancing identity
management ‘for life’
Bringing Privacy to the future web
Develop and make tools for privacy friendly identity
management widely available – privacy live!
13
14. PrimeLife’s 6 Activities
Mechanisms HCI
Policies
Privacy In Life
Infrastructures
Privacy Live!
14
22. State of the Art: How to Build Them
asking for a credential
23. State of the Art: How to Build Them
getting a credential ...
containing “birth date = April 3, 1987”
24. State of the Art: How to Build Them
showing a credential ...
goes off-line
- driver's license
- insurance
- older > 20
25. State of the Art: How to Build Them
showing a credential ...
containing statements “driver's
license, age (as stated in
driver’s ) > 20, and insurance”
Using identity mixer, user can transform
(different) token(s) into a new single one
that, however, still verifies w.r.t. original
signers' public keys.
26. Other Properties: Offline Usage
Zzzzz
ID providers (issuers) need sleep, too!
• Sometimes it is too expensive to have connectivity
• Or a security risk (e.g., ID cards)
Certs can be used as many times as needed!
• cf. Revocation; can be done w/ signer's secrets offline
27. Other Properties: Cheating Prevention
World of
Warcraft
Limits of anonymity possible (optional):
• If Alice and Eve are on-line together they are caught!
• Use Limitation – anonymous until:
● If Alice used certs > 100 times total...
● ... or > 10'000 times with Bob
• Alice's cert can be bound to hardware token (e.g., TPM)
28. Privacy Preserving Access Control
DNA Database
Simple case: DB learns not who accesses DB
Better: Oblivious Access to Database (OT with AC)
● Server must not learn who accesses
● which record
● Still, Alice can access only records she is authorized for
29. Secret Handshakes
• Alice and Bob both define some predicate PA and PB
• Alice learns whether Bob satisfies PA if she satisfies PB