This document provides a profile of an expert presenter including their extensive experience in IT advisory, consulting, auditing, training, and project management spanning 16 years. The presenter has advised 6 companies, served as an international subject matter expert for ISACA, developed certification exams, reviewed publications, audited and consulted over 30 companies, delivered over 200 training sessions to over 7,000 attendees, and written over 300 articles. The document then outlines the presenter's upcoming session on information privacy and security which will discuss definitions, taxonomies, expectations, types of information collected, standards, challenges, and lessons learned.
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Using international standards to improve US cybersecurityIT Governance Ltd
Understand the current cyber threat facing US businesses, President Obama's proposed data protection act and how you can implement international standards to get your business cybersecure in this informative webinar with expert Alan Calder.
Leveraging Compliance to “Help” Prevent a Future BreachKevin Murphy
This presentation will use the major attacks of 2017 as examples to show how “real” compliance could have prevented these attacks. The call to action will show how a responsive GRC program partnered with your Security Engineering teams is the best defense for future attacks.
What is cyber law?
What is cyber crime?
Cybercrimes areas
what law relating to
Data protection and privacy
Software Licensing Issues
IT acts
Policy Versus Law
Codes of Ethics and Professional Organizations
Final presentation january iia cybersecurity securing your 2016 audit planCameron Forbes Over
With 2015 cybersecurity themes and realities nearly in the rearview mirror, “Cybersecurity – Securing your 2016 Audit Plan” will shift our outlook to looking forward into what cybersecurity predictions are being made for 2016, and what key topics and themes will drive 2016 audit planning in the cybersecurity area.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
The ICT Association Suriname in collaboration with the Telecommunication Authority Suriname (TAS) presented a Cybersecurity awareness session for the members of the Chamber of Commerce. TAS presented the national response to IT incidents by explaining the implementation of the Computer Emergency Response Team (CERT).
Using international standards to improve US cybersecurityIT Governance Ltd
Understand the current cyber threat facing US businesses, President Obama's proposed data protection act and how you can implement international standards to get your business cybersecure in this informative webinar with expert Alan Calder.
Leveraging Compliance to “Help” Prevent a Future BreachKevin Murphy
This presentation will use the major attacks of 2017 as examples to show how “real” compliance could have prevented these attacks. The call to action will show how a responsive GRC program partnered with your Security Engineering teams is the best defense for future attacks.
Cyberattacks and vulnerabilities are being increased day by day, and usage of technologies being increased during covid-19. This presentation covers the scenario with respect to Bangladesh in new normal days.
Emerging technologies such as artificial intelligence (AI) have a huge impact on our economy. Despite the glimmering potential it seemed to offer for many businesses, not every company benefit from it. In this presentation, we'll share the considerations and strategies that business leaders should bear in mind before jumping on the bandwagon to avoid the pitfalls of a "shiny toy syndrome".
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Using international standards to improve EU cyber securityIT Governance Ltd
Cyber security expert Alan Calder takes you through the current cyber threat facing European organisations, the upcoming GDPR and NIS Directive, and how you can use international best practice to get your business cyber secure.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
Learn what steps an employer must take after their IT systems are breached. Covers both state and federal rules regarding employer data breach responses.
This presentation is prepared by Author for Perbanas Institute as a part of Author Lecture Series. It is to be used for educational and non-commercial purposes only and is not to be changed, altered, or used for any commercial endeavor without the express written permission from Author and/or Perbanas Institute. Appropriate legal action may be taken against any person, organization, or entity attempting to misrepresent, charge, or profit from the educational materials contained here.
Authors are allowed to use their own articles without seeking permission from any person, organization, or entity.
Shaping the Future of Trusted Digital IdentityNoreen Whysel
May 2019 presentation by Noreen Whysel to the CARIN Technology Committee. Discusses the Identity Ecosystem Framework Registry (idefregistry.org) and proposed health data use cases for potential trusted identity API for healthcare.
Cyberattacks and vulnerabilities are being increased day by day, and usage of technologies being increased during covid-19. This presentation covers the scenario with respect to Bangladesh in new normal days.
Emerging technologies such as artificial intelligence (AI) have a huge impact on our economy. Despite the glimmering potential it seemed to offer for many businesses, not every company benefit from it. In this presentation, we'll share the considerations and strategies that business leaders should bear in mind before jumping on the bandwagon to avoid the pitfalls of a "shiny toy syndrome".
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Using international standards to improve EU cyber securityIT Governance Ltd
Cyber security expert Alan Calder takes you through the current cyber threat facing European organisations, the upcoming GDPR and NIS Directive, and how you can use international best practice to get your business cyber secure.
With the new interconnected age comes new risks for cyber attacks and other fraudulent activity. Do you know what you need to keep your end users protected? Digital Insight discusses security and compliance in the interconnected age.
Watch this previously recorded webinar event with special guest Karthik Sundaram of Frost & Sullivan as he expands on his recently published research, “Cybersecurity in the Era of Industrial IoT". Leveraging insights from actual use cases, new policy initiatives, and available solutions, the research explores cybersecurity approaches, including a deep dive into the concept of “defense-in-depth” and its implications for a converged IT-OT environment in the future.
Dealing Data Leaks: Creating Your Data Breach Response Planbenefitexpress
Learn what steps an employer must take after their IT systems are breached. Covers both state and federal rules regarding employer data breach responses.
This presentation is prepared by Author for Perbanas Institute as a part of Author Lecture Series. It is to be used for educational and non-commercial purposes only and is not to be changed, altered, or used for any commercial endeavor without the express written permission from Author and/or Perbanas Institute. Appropriate legal action may be taken against any person, organization, or entity attempting to misrepresent, charge, or profit from the educational materials contained here.
Authors are allowed to use their own articles without seeking permission from any person, organization, or entity.
Shaping the Future of Trusted Digital IdentityNoreen Whysel
May 2019 presentation by Noreen Whysel to the CARIN Technology Committee. Discusses the Identity Ecosystem Framework Registry (idefregistry.org) and proposed health data use cases for potential trusted identity API for healthcare.
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
Part of the webinar series:
CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Principles of Holistic Information Governance (PHIGs) presentation for the January 15, 2014 ARMA Edmonton Chapter lunch event.
PHIGs are a business centric way of looking at managing corporate information.
Copyright Notice:
This presentation is prepared by Author for Perbanas Institute as a part of Author Lecture Series. It is to be used for educational and non-commercial purposes only and is not to be changed, altered, or used for any commercial endeavor without the express written permission from Author and/or Perbanas Institute. Appropriate legal action may be taken against any person, organization, or entity attempting to misrepresent, charge, or profit from the educational materials contained here.
Authors are allowed to use their own articles without seeking permission from any person, organization, or entity.
Launch of ODI 2019 data trust pilots workPeter Wells
Slidedeck from April 2019 launch of ODI data trust pilots work, includes slides from ODI team, Involve, Comms Chambers, Chris Reed, Nabeel Ahmed from OpenNorth and Sylvie Delacroix
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
Presentation to the ABA Cyberspace Law Committee 2014 Winter Meeting in Denver, CO. Bruce Antley and Jason Haislmaier. Covering legal issues in location based services and the use of predictive analytics.
Data protection law in India is currently facing many problem and resentments due the absence of proper legislative framework. There is an ongoing explosion of cyber crimes on a global scale. The theft and sale of stolen data is happening across vast continents where physical boundaries pose no restriction or seem non-existent in this technological era. India being the largest host of outsourced data processing in the world could become the epicentre of cyber crimes this is mainly due absence of the appropriate legislation
Training innovations information governance slideshare 2015Patrick Doyle
What you will learn in this training:
Principles of Information Governance and their application to health and social care organisations
Accessing Information Governance resources including national legislation, guidance and local policies & procedures
Health and social care organisations’ responsibilities
Protection of an individual’s confidentiality and the Caldicott Principles
How to practice and promote a confidential service
Principles of ensuring and maintaining good client records
Recognising / responding to Freedom of Information requests
Keeping Information Secure
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
Siskinds, a leading Law Firm in Ontario, presented updates on PIPEDA legislation including what you need to know, and what you need to do in order to ensure your company is compliant.
Establishing a Trusted Identity in CyberspaceRightPatient®
The digitalization of the world economy has created demand for privacy enhancing identity solutions that support civil liberties and improve security. Running parallel to the need for trusted identities in cyberspace is the need for identities to be interoperable so that individuals can manage multiple credentials and choose which to use for a particular transaction or activity. The demand to establish a more secure identity ecosystem requires solutions to be user friendly and convenient including equitable access to the tools that establish this online identity credential for everyone, not only the affluent.
The following is a summary of a recent podcast we scheduled with NSTIC to discuss the goals and initiatives of NSTIC, how they are advancing the need to establish trusted identities in cyberspace and what impact they are making to advance the cause.
It refers to the dynamic flow of information of public interest that allows stakeholders to make better decisions.The act of the institutions must be transparent: access to citizens, under public scrutiny.
Standardized ethical data collection assesment testJoel Drotts
Developed by the Association for Consumer Effectiveness the copyright protected first of its kind standardized test for those companies operating on-line and that do collect their customers data.
Similar to Reinforcement of Information Privacy and Security Nowadays (20)
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
1st Session titled Redefining Fraud, Examination, Investigation and Cyber Crime delivered for Indonesia's Risk Management Certification Agency named Badan Sertifikasi Manajemen Resiko (BSMR).
The seminar itself titled 'Preventing Fraud within E-Channels in Banking Sector'.
Valuing Information Management and IT ArchitectureGoutama Bachtiar
Delivered in guest lecture session for International Business Accounting Program, Faculty of Business and Management, Petra Christian University, Surabaya, East Java, Indonesia.
Riding and Capitalizing the Next Wave of Information TechnologyGoutama Bachtiar
Delivered in guest lecture session for International Business Accounting Program, Faculty of Business and Management, Petra Christian University, Surabaya, East Java, Indonesia.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
3. Presenter Profile
• 16 years of working experience with exposure in IT advisory, consulting,
audit, training and education and project management
• Advisor at six companies
• ISACA International Subject Matter Expert (COBIT 5 Configuration
Management, COBIT 5 Enabling Information, Risk Scenarios with COBIT 5
for Risk, Big Data Privacy Risk and Control)
• ISACA International Certification Exam and QAE Developer for CISA, CISM,
CGEIT, and CRISC
• Reviewer Panel at three international journals: AECT TechTrends, BJET and
ISACA Journals
• Have audited and consulted 30+ companies
• More than 65 international certifications under his belt
• Has been delivering and hosting 200+ sessions with 7,000+ attendees and
5000+ hours of training, lecture, conference, workshop, seminar across
Indonesia and outside the country for 70+ organizations
• Writes, reviews and edits 300+ articles, encyclopedia entries, manuscripts
and white paper concerning ICT, management and business on more than 20
media, publications, organizations, journals and conferences.
May 2014 3
6. Okay, Let’s Put it this Way
Information Privacy is the relationship
between collection and
dissemination of:
•Information
•Technology
•Personal and public expectations
•Laws and regulations surrounding
them
May 2014 6
7. What does Privacy Mean Now?
• In the past: Privacy is about secrecy.
• These days: Privacy is all about control.
People's relationship with privacy is socially
complicated
Agree or Disagree?
May 2014 7
8. Primary Concerns
• The act of data collection: Legal versus Illegal
• Improper access (Authentication)
• Unauthorized use (Authorization)
May 2014 8
Image courtesy of: City Caucus Image courtesy of:ngshire
10. How Big Consumer Data is
•In 1996 E-commerce revenue in 1996:
US$600M
•In 2015 E-commerce revenue expected
to hit US$995B
•Big Bang of Social Networks: 1 billion
Facebook, 800 million Google+, 400
million Twitter, and 250 million LinkedIn
users.
May 2014 10
11. In Regards to Expectations
• Individuals would expect reasonable
measures on:
• Technical
• Physical
• Administrative
• Privacy (and Information Security) professionals in
organizations handle compliance with privacy promises
• No such thing as Perfect Privacy, just acceptable levels
of risk
May 2014 11
12. Wide Range of Information
• Healthcare records
• Criminal justice investigations
• Financial institutions and
transactions
• Residence and geographic
records
• Invisible traces of our presence
• Data trails
• Credit Card Databases
• Phone Company Databases
• Customer Databases
May 2014 12
13. Web Data Collection
• Personal/profile
• Other types of info
• Device information
• Cookies
• Log information
• User communications
• Location
• Software
• Application
• Behavior
May 2014 13
Image courtesy of NBCNews
14. Government
• Edward Snowden,
Hero or Traitor (?)
Company
• Data and information collection
• Revenue lost and recovery costs
• Security awareness
• Protect users’ data and information
(from hacking, cracking and
phreaking activities)
• Safeguard the service-remote
storage service “Cloud”
• Image/Credibility
• Legal charge/fine
Costs for Information Privacy
May 2014 14
Image courtesy of Wikipedia
15. Consumer
• Time to learn (learning
curve)
• Credibility/Reputation
• Opportunity/revenue
loss
• Recovery costs
Costs of Information Privacy (cont’d)
May 2014 15
Image courtesy of smh.com.au
16. Challenges in the Future
• What is “private” information by now?
• Make information more accessible
• Evolve systems to prevent breaches
May 2014 16
Image courtesy of theinspirationroom.com
17. Moving Forward to Information Security
May 2014 17
Image courtesy of BBInsurance.com
18. ISACA Says…
Information shall be protected against disclosure to
unauthorized users (confidentiality), improper
modification (integrity) and non-access when required
(availability).
Explicitly, it says to us on what to do:
• Confidentiality: preserving authorized restrictions on access
and disclosure to protect privacy and proprietary information
• Integrity: guarding against improper modification or
destruction, and ensuring information non-repudiation and
authenticity
• Availability: making sure timely and reliable access and use
of information
May 2014 18
19. Information Security Principles
According to Information Systems Security
Certification Consortium
A. Support the business
• Focus on the business functions and
processes
• Deliver quality and value to stakeholders
• Comply to law and regulation requirements
• Provide timely and accurate information
• Evaluate existing and future information
threats
• Improve information security continuously
May 2014 19
20. Information Security Principles (cont’d)
B. Secure the organization
• Adopt a risk-based approach
• Protect classified information
• Focus on critical business processes
• Develop systems securely
C. Promote information security
• Attain responsible behavior
• Act in professional and ethical manner
• Foster information security positive culture
May 2014 20
21. Information Security Standards
International wide named ‘ISO/IEC 27001’
Best practice recommendations for initiating,
developing, implementing, and maintaining Information
Security Management Systems (ISMS) with:
• Risk Assessment
• Security Policy
• Asset Management
• Physical/Environmental Security
• Access Control
• And many others
May 2014 21
26. How it Applies Country to Country
“No one shall be subjected to arbitrary
interference with his privacy, family, home
or correspondence, nor to attacks upon
his honor and reputation. Everyone has
the right to the protection of the law
against such interference or attacks.”
—Universal Declaration of Human Rights, Article 12
May 2014 26
27. Laws by Countries
• The U.S.
• HIPAA
• Electronic Communications Privacy Act
• PATROIT Act
• The Children’s Online Privacy Protection
Act
• European Union (EU)
• Data Protection Directive
• European Data Protection Regulation
May 2014 27
28. For Indonesia? We Have UU #14 Year of 2008
Keterbukaan Informasi Publik (Disclosure of Public Information)
“Setiap Badan Publik berkewajiban membuka akses bagi setiap
pemohon informasi publik untuk memperoleh informasi publik,
kecuali beberapa informasi tertentu”
• 8 years of development and 64 clauses that regulates:
1. Menjamin hak warga negara untuk mengetahui rencana
pembuatan kebijakan publik, program kebijakan publik, dan
proses pengambilan keputusan publik, serta alasan
pengambilan suatu keputusan publik;
2. Mendorong partisipasi masyarakat dalam proses
pengambilan kebijakan publik;
3. Meningkatkan peran aktif masyarakat dalam pengambilan
kebijakan publik dan pengelolaan Badan Publik yang baik;
May 2014 28
29. UU No. 14 Year of 2008 (cont’d)
4. Mewujudkan penyelenggaraan negara yang
baik, yaitu yang transparan, efektif dan efisien,
akuntabel serta dapat dipertanggungjawabkan;
5. Mengetahui alasan kebijakan publik yang
memengaruhi hajat hidup orang banyak;
6. Mengembangkan ilmu pengetahuan dan
mencerdaskan kehidupan bangsa;
7. Meningkatkan pengelolaan dan pelayanan
informasi di lingkungan Badan Publik untuk
menghasilkan layanan informasi yang berkualitas.
May 2014 29
30. UU #14 Year of 2008 (cont’d)
Definition of undisclosed information :
1. Informasi Publik yang apabila dibuka dan diberikan kepada
Pemohon Informasi Publik dapat menghambat proses
penegakan hukum;
2. Informasi Publik yang apabila dibuka dan diberikan kepada
Pemohon Informasi Publik dapat mengganggu kepentingan
perlindungan hak atas kekayaan intelektual dan
perlindungan dari persaingan usaha tidak sehat;
3. Informasi Publik yang apabila dibuka dan diberikan kepada
Pemohon Informasi Publik dapat membahayakan
pertahanan dan keamanan negara;
4. Informasi Publik yang apabila dibuka dan diberikan kepada
Pemohon Informasi Publik dapat mengungkapkan kekayaan
alam Indonesia;
May 2014 30
31. UU #14 Year of 2008 (cont’d)
5. Informasi Publik yang apabila dibuka dan diberikan dapat
merugikan ketahanan ekonomi nasional;
6. Informasi Publik yang apabila dibuka dan diberikan dapat
merugikan kepentingan hubungan luar negeri;
7. Informasi Publik yang apabila dibuka dapat mengungkapkan
isi akta otentik yang bersifat pribadi dan kemauan terakhir
ataupun wasiat seseorang;
8. Informasi Publik yang apabila dibuka dan diberikan dapat
mengungkap rahasia pribadi;
9. Memorandum atau surat-surat antar Badan Publik atau intra
Badan Publik, kecuali atas putusan Komisi Informasi atau
pengadilan;
10. Informasi yang tidak boleh diungkapkan berdasarkan
Undang-Undang.
May 2014 31
32. State-Owned Companies Must Provide
• Nama dan tempat kedudukan, maksud dan tujuan serta jenis
kegiatan usaha, jangka waktu pendirian, dan permodalan,
• Nama lengkap pemegang saham, anggota direksi, dan
anggota Dewan Komisaris perseroan;
• Laporan tahunan, laporan keuangan, neraca laporan laba rugi,
dan laporan tanggung jawab sosial perusahaan yang telah
diaudit;
• Hasil penilaian oleh auditor eksternal, lembaga pemeringkat
kredit dan lembaga pemeringkat lainnya;
• Sistem dan alokasi dana remunerasi anggota komisaris/dewan
pengawas dan direksi;
• Mekanisme penetapan direksi dan komisaris/dewan pengawas;
May 2014 32
33. State-Owned Companies Must Provide (cont’d)
• Kasus hukum yang berdasarkan Undang-Undang terbuka
sebagai Informasi Publik;
• Pedoman pelaksanaan tata kelola perusahaan yang baik
berdasarkan prinsip-prinsip transparansi, akuntabilitas,
pertanggungjawaban, kemandirian, dan kewajaran;
• Pengumuman penerbitan efek yang bersifat utang;
• Penggantian akuntan yang mengaudit perusahaan;
• Perubahan tahun fiskal perusahaan;
• Kegiatan penugasan pemerintah dan/atau kewajiban
pelayanan umum atau subsidi;
• Mekanisme pengadaan barang dan jasa;
• Informasi lain yang ditentukan oleh Undang-Undang yang
berkaitan dengan BUMN dan BUMD
May 2014 33
34. By Utilizing Such Framework and or Standard
Reduce complexity of activities and processes
Deliver better understanding of information
security
Attain cost-effectiveness in managing privacy
and security
Enhance user satisfaction with the
arrangements and outcomes
Improve integration of information security
May 2014 34
35. By Utilizing Such Framework and or Standard (cont’d)
Inform risk decisions and risk awareness
Enhance prevention, detection and
recovery
Reduce probability and impact of
security incidents
Leverage support for organization
innovation and competitiveness
May 2014 35
36. ISACAFramework on Information Security
May 2014 36
ISMS: Information Security Management Systems
R: Responsible; A: Accountable; C: Coordinate; I: Informed
37. Lessons Learned on IP and IS
May 2014 37
Image courtesy of businesscomputingworld.co.uk
38. Highlight these and Give Them A Boom!
Having IS policies, procedures, and
technologies in place to prevent and
deal with Information Privacy issues is
a MUST.
Negligence in IS and maintaining PII
can have damaging effects on the
customer satisfaction and employee
relationship.
May 2014 38
39. For Individuals, Here is the Takeaways
• One user, one device (PC, notebook,
mobile)
• One user, one account (email, social
media, social network and others)
• Password safety, complexity and routines
• Do periodic back-up and put it off-site
• If shared, be mindful to be at your own risk
• Your information, your privacy
• Your privacy, your security
May 2014 39