SlideShare a Scribd company logo

Managing privacy

Juan Carlos Carrillo
Juan Carlos Carrillo

Manejo de privacidad

Technology
1 of 163
Managing Privacy RiskManaging Trust? Víctor Chapela – Sm4rt Nathaly Rey – ISMS Forum Spain
Privacy Origin Human Rights The right to a dignified life Legal order independence Universal Declaration of Rights (1942) Right to intimacy Information self-determination / Privacy
What do we understand by Privacy? Having control over my personal information The ability to limit: Who keeps it What can be done with it Purposes of use
Privacy in the World
Legal and Institutional Frameworks International: Standardization efforts European: Under revision US: Consumer Protection approach Canada: Sector based approach Latin America: European Model? Others
Privacy Regulatory Overview EU USA EU“light” Hábeas Data Four Main Groups
Universally Accepted Privacy DirectivesMadrid Conference: Privacy and Data Protection Authorities of the 5 continents
Principles Lawfulness and fairness Purpose specification Openness (Information) Proportionality Data quality Accountability
Legitimacy of Processing Consent Sensitive Data Provision of processing services International transfers
Rights Access Rectify Delete Opposition
Monitoring and Liability
Proactive Measures
Chief Privacy Officer What is a Chief Privacy Officer? Which is his place in the organization? Solid knowledge and ample experience Certified Data Privacy Professional
Risk Management 14
Risk Management Audit Independence Qualified expert
Privacy Impact Analysis
Mexico’s Privacy Law ü ü ü ü ü
Specific Aspects and Challenges Specific Aspects Financial Data Auto-regulation Criminal charges Fines up to US $2.8M Challenges Privacy Notice: proof Strategy for compliance Privacy Awareness
Link between Privacy and Security
Why isPrivacy agrowing concern?
How can we understand Digital Risk?
3 Types ofDigital Risk Accidental Opportunistic Intentional 3. Intentional
Intentional Digital Risk = Threat x Vulnerability
Threat hasincreasedgeometrically!
Vulnerabilities areincreasing exponentially!!
Digital Risk = Threat x Vulnerability Threat
Perceived Risk is Reduced
We all feel anonymous!This is true for criminals as well…
Without risk we all become lawbreakers!
By reducing the risk of breaking the law, everyone’s risk has grown
Profitability = Return / Risk
We are arriving at a new balance Profit Risk
Much more illegal money to be made!
Threathasincreasedgeometrically
Digital Risk = Threat x Vulnerability Vulnerability
Wehavelost Control
Computers used to be deterministic
Our digitalWorld hasbecome Undeterministic
Computers have become so complex they are not predictable any more
We rebootas a way to return to a known state
In chaotic systems we can only predict the first fewiterations
Networks increase complexity
36 Nodes 630 Connections 2,783,137,628,160 Sockets
Moredevices = even moreconnections
Connections Grow Exponentially
Network connection growth creates Value
Butitalso increases Complexity
Complexity andUnpredictability increaseFrustration
Risk As well as
How doesDigital Risk affectPrivacy?
Reduced Privacy risk perception
TheNature of Privacy Risk isnot new
Privacy Risk hasincreased because of4 aspects
1. Speed
It use to take days or weeks for information to be shared
Now it is instantaneous!
2. Dispersion
The same people that would keep our secrets…
… are now becoming digital information broadcasters
Every single tweet is received in average by over 487 people The most retweeted message was received by more than 24 million accounts
3. Persistence
We used to easily control, restrict access and destroy physical copies of our personal data
Source: http://www.civic.moveon.org/facebook/chart/
4. Clustering
Our files used to be difficult toaccess
Now it is all clusteredandavailable worldwide
Therefore, if you were caught at an inconvenient state…
…your girlfriend would have immediate access…
… as well as all her friends…
…probably, forever!
So yes, privacy is a growing concern And not only at a reputational level
Privacy is always a risk for INDIVIDUALS An organization’s risk always translates to individual stakeholder risks Employees get fired Users or customers are damaged Shareholders lose money
Two types of Privacy Intimacy Identity
Intimacy Ethnic origin or race Health Religious, philosophical and moral beliefs Syndicate affiliation Political views Sexual preference
Identity Name and address e-Mail Location Biometrical readings Payment card number User and password Behavioral information
Two types of Privacy Intimacy Perception <- Trust Regulation Compliance Identity Perception <- Trust Information Value
The most valuable piece of our personal information is our Identity
Most valuable, for others!
2009 Data Breach Investigations Report Verizon Business RISK Team
98% Payment Card Data
1.5% Other Personal Information
Information posted for Sale Rank % Information 23% CVV2 Numbers 18% Credit Card Numbers 15% Credit card expiration dates 12% Addresses 11% Phone numbers 6% Email addresses 5% PIN for credit or debit cards 4% Social Security numbers 4% Full names 2% Dates of birth http://www.symantec.com/business/theme.jsp?themeid=threatreport
How was this data stolen?
2/3 Hacking
1/3 Malware
Malware
Hacking
79% SQL Injection
Credit or Debit Cards
and OnlineBanking
Personal Information
Are both part of IdentityTheft
Over100billion per year in losses
300% yearly growth rate
Two types of Privacy Intimacy Privacy Regulation Risk Management Identity Value Based Risk Management
They are divided into two groups: Redundancy Availability? Business Impact BIA Filters andAuthentication Confidentiality and Integrity? Market Value IVA
Information Value Analysis Information Risk= Impact x Probability Impact is determined by estimatingEconomic Value Probabilityismeasured by calculating Potential Connections
How tocalculateinformation value?
Intentionality Information Assets Information User Profiles Potential Losses Possible Attacks High Risk Nodes EconomicValue Access to High Risk Nodes Attacker Profit Known Attacks
We need to accept Risk Potential moves are infinite
Highly Dynamic Environment
Theboard changes daily
ThePieceschange daily
Therules change daily
Players change daily
TheEnd justifies theMeans In preventing Intentional Risk nothing less than securing allvectors is enough
Defense must be Optimized
Optimize Speed
Optimize Resources
Value Management Method Possible Incidents Real Incidents Applicable Incidents Recurring Incidents Measurement of Added Value Prioritized Incidents
This is how we estimate threatandImpact
How are probability andVulnerabilitycalculated?
Assets& Account Profiles
Assets & Account Profiles
COBIT Risks EfectividadEficienciaConfidencialidadIntegridadDisponibilidadCumplimientoConfiabilidad Business Requirements AplicacionesInfraestructuraInformaciónPersonas DOMINIOS PROCESOSACTIVIDADES IT Resources IT Processes Nodes Connections
Types ofNodes Information User Connection Information Node User Node Transfer Process Store Consult
NodeGrouping User Profiles
Graph Segmentation
Connection Measurement
Redundancy Availability? Business Impact Assets Filters andAuthentication Confidentiality and Integrity? Market Value Assets Accounts
Monitoring is also Required Availability? Business Impact Monitoring & Response Assets Confidentiality and Integrity? Market Value AssetsProfiles
Identity is the key to better risk management
Default Close Default Open Availability Confidentiality
Focus controls on main risks
Determinewhich nodes tomonitor
Redundancy Activos Monitoring Filtering &Authenticacion Risk Operation Center
RiskAnalysis
Always R1 Weak password storage protocol R5 R2 R2 Absence of robust password policy R3 Absence of data entry validation for web applications R3 R4 Possible Probability R1 R6 R4 Existing applications with vulnerable remote support R5 Weak wireless ciphered communication protocol R6 Absence of operating system security configuration Almost never Very high Insignificant Medium Impact Main Risks
Quick Hits High S1 S2 Password Policy S5 S4 S2 Migration of wireless communication protocol Strategic Quick Hits S6 S3 S1 Strategic S7 S3 Security configuration guidelines for applications Moderate Positive Impact of Implementation S4 Security configuration guidelines for operating systems Not Viable Nice To Have S5 Migration of passwords storage protocols S6 Secure application development process Minimum S7 Migration of remote support protocol Minor Medium Major Effort Action Plan
Procesos Gente Tecnología Policies and Configuration Guidelines S3 Security configuration guidelines for applications S4 Security configuration guidelines for operating systems Governance S1 Password policy Processes and Roles S1 Superior Technologies User controls S7 S8 S0 S9 Migration of remote support protocols Network controls S5 Migration of password storage protocols S2 Migration of wireless communication protocols S2 Host controls S4 S5 Recommendations for Sustainability Application controls S3 4 S7 S8 Secure change process administration Data level controls S9 Risk administration process S0 Vulnerability patches and updates process S6 Secure application development process Recommendations
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Risk Administration Implementation Secure application development implementation Vulnerability patches and updates process administration Secure change process administration Migration to robust remote support protocols Migration of wireless communication protocol Migration of password storage Password policy Security configuration guidelines for operating system Security configuration guidelines for applications 2010 2011 Mitigation Roadmap
Demystifying the Privacy Implementation Process Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Business Process Analysis Business Process Analysis Data Lifecycle Inventory Identification of applicable Law Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Business Process Analysis Stakeholder Information acquisition Types of data Internal and external data flows Purpose of treatment Information systems and security measures Retention policies Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Data Lifecycle Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Privacy Legal & Regulatory Requirements (PIA) 1. Legal & Regulatory Contracts Clauses Privacy notices Authorizations Jurisdictions Other regulations Money laundering Sectorial Etc. Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Privacy Legal & Regulatory Requirements (PIA) 2. Technical Authentication & authorization Access control Incident log Removable media and document management Security copies Recovery tests Physical Access Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Privacy Legal & Regulatory Requirements (PIA) 3. Organizational Data privacy officer Roles and responsibilities Policies, procedures and standards Notifications to authorities Audits Compliance and evidence Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Legal & Regulatory Data Categories High Risk Syndicate Affiliation Health Sexual life Beliefs Racial Origin Medium Risk Financial Profile Personal Fines Credit Scoring Tax Payment Information Basic Risk Personal Identifying Information Employment Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
External Economic Data Value (IVA) Black Market Value Sale price News Value Newspaper Magazines Television Competition Market Value Brand Value Political Value Authorities Fines Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Data Value Categories Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Asset Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Policy Generation How should this data be: generated? stored? transferred? processed? accessed? backed-up? destroyed? monitored? How should we react and escalate an incident or breach? How will we punish compliance? Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Controls are defined and mapped for each policy level Technical Standards Procedures Compensatory Controls Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Implementation & Audit Business Process Analysis Data Lifecycle Inventory BestPractices Laws and Regulations Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory PROCESSES Policy Generation APPLICATIONS PEOPLE Controls Controls, Standards, Procedures Evidence Implementation & Audit I.ACT D.SEG LOPD SOX LSSI ASSETS NETWORKS COMUNIC. CONTRACT
Implementation & Audit Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
RegulatoryRisk Management Types Impact Fines Reputation Image Good Corporative Governance Laws and norms Indemnities Client Forfeits Internal Operative Improvement Contracts Risk Management Competitive Difference Business Continuity Guarantee Standards and Codes Stockholder trust Corporative Culture Fight Internalfraud Internalpolicies 155
How can Privacy Risks be classified? Economic Operational Reputational Competition
Quick tips Doing International Business What to watch out for? Localization Local regulations Due diligence Audit Monitoring Contact with authorities Jurisdiction
Non compliance TOP 5 Employee awareness Lack of transparency Third parties Intercompany data flows Collection of unnecessary information
Two types of Privacy Intimacy Privacy Regulation Compliance Identity Information Value Risk Management
3 Main Aspects of Privacy Legal Organizational Technical
Privacy is not only about Compliance! Through Privacy we guarantee individual rights. By doing so, we increase stakeholder trust and increase our competitiveness.
Privacy Risk Management: Stakeholders Trust Management “Trust is the belief that a person or group will be able or willing to act an adequate and predictable manner under certain situations.”
Thank you! Víctor Chapela Nathaly Reyvictor@sm4rt.com nrey@ismsforum.es

Recommended

Managing privacy by Victor Chapela
Managing privacy by Victor ChapelaManaging privacy by Victor Chapela
Managing privacy by Victor ChapelaJuan Carlos Carrillo
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5Patrick Florer
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
How Much Do You Trust Email?
How Much Do You Trust Email?How Much Do You Trust Email?
How Much Do You Trust Email?Echoworx
 
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Ricardo Bn. Baretzky
 

Recommended

Managing privacy by Victor Chapela
Managing privacy by Victor ChapelaManaging privacy by Victor Chapela
Managing privacy by Victor ChapelaJuan Carlos Carrillo
 
Deconstructing the cost of a data breach
Deconstructing the cost of a data breachDeconstructing the cost of a data breach
Deconstructing the cost of a data breachPatrick Florer
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5Patrick Florer
 
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzDark Net The Devil in the Details - Larry Boettger and Michael Horsch Fizz
Dark Net The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
How Much Do You Trust Email?
How Much Do You Trust Email?How Much Do You Trust Email?
How Much Do You Trust Email?Echoworx
 
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzThe Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch Fizz
The Dark Net - The Devil in the Details - Larry Boettger and Michael Horsch FizzFitCEO, Inc. (FCI)
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementseadeloitte
 
Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Baretzky & Associates Presentation.
Baretzky & Associates Presentation.Ricardo Bn. Baretzky
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
E commerce security system 0605
E commerce security system 0605E commerce security system 0605
E commerce security system 0605SovanChanda
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
 
Compliant Cloud Hosting: What You Need to Know | Symmetry™
Compliant Cloud Hosting: What You Need to Know | Symmetry™Compliant Cloud Hosting: What You Need to Know | Symmetry™
Compliant Cloud Hosting: What You Need to Know | Symmetry™Symmetry™
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...hdicapitalarea
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryFerrariT1
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBakerTillyConsulting
 
Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Stan Stahl, PhD
 
Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalVivek Ahuja
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 

More Related Content

What's hot

Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperShaun O'keeffe
 
E commerce security system 0605
E commerce security system 0605E commerce security system 0605
E commerce security system 0605SovanChanda
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
 
Compliant Cloud Hosting: What You Need to Know | Symmetry™
Compliant Cloud Hosting: What You Need to Know | Symmetry™Compliant Cloud Hosting: What You Need to Know | Symmetry™
Compliant Cloud Hosting: What You Need to Know | Symmetry™Symmetry™
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be Youseadeloitte
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9seadeloitte
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trustlmgangi
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106Ted Richmond
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...hdicapitalarea
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attackerseadeloitte
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryFerrariT1
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1wardell henley
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBakerTillyConsulting
 
Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Stan Stahl, PhD
 

What's hot (20)

Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Reduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - WhitepaperReduce PCI Scope - Maximise Conversion - Whitepaper
Reduce PCI Scope - Maximise Conversion - Whitepaper
 
E commerce security system 0605
E commerce security system 0605E commerce security system 0605
E commerce security system 0605
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]
 
Compliant Cloud Hosting: What You Need to Know | Symmetry™
Compliant Cloud Hosting: What You Need to Know | Symmetry™Compliant Cloud Hosting: What You Need to Know | Symmetry™
Compliant Cloud Hosting: What You Need to Know | Symmetry™
 
June 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be YouJune 2017 - Your Biggest Risk Could Be You
June 2017 - Your Biggest Risk Could Be You
 
September 2019 part 9
September 2019 part 9September 2019 part 9
September 2019 part 9
 
Security Built Upon a Foundation of Trust
Security Built Upon a Foundation of TrustSecurity Built Upon a Foundation of Trust
Security Built Upon a Foundation of Trust
 
ThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network PresentationThreatMetrix Fraud Network Presentation
ThreatMetrix Fraud Network Presentation
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
 
Richmond reprint 20151106
Richmond reprint 20151106Richmond reprint 20151106
Richmond reprint 20151106
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
HDI Capital Area Meeting May 2019 Cybersecurity Planning for the Modern Techn...
 
August 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber AttackerAugust 2017 - Anatomy of a Cyber Attacker
August 2017 - Anatomy of a Cyber Attacker
 
Cyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care IndustryCyber & Privacy Liability for Health Care Industry
Cyber & Privacy Liability for Health Care Industry
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
Payment card industry data security standard 1
Payment card industry data security standard 1Payment card industry data security standard 1
Payment card industry data security standard 1
 
Baker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in CybersecurityBaker Tilly Presents: Emerging Trends in Cybersecurity
Baker Tilly Presents: Emerging Trends in Cybersecurity
 
Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511
 

Similar to Managing privacy

Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalVivek Ahuja
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604ISSA LA
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataTyler Hannan
 
Defensive information warfare
Defensive information warfareDefensive information warfare
Defensive information warfarestuimrozsm
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for NonprofitsNPowerCR
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
Pre-PostBreach_Are_Your_Ready
Pre-PostBreach_Are_Your_ReadyPre-PostBreach_Are_Your_Ready
Pre-PostBreach_Are_Your_ReadyPete Pouridis
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskSarah Clarke
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
Matt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptxMatt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptxNakhoudah
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"OCTF Industry Engagement
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 

Similar to Managing privacy (20)

Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-final
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card Data
 
Defensive information warfare
Defensive information warfareDefensive information warfare
Defensive information warfare
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Data Security for Nonprofits
Data Security for NonprofitsData Security for Nonprofits
Data Security for Nonprofits
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Pre-PostBreach_Are_Your_Ready
Pre-PostBreach_Are_Your_ReadyPre-PostBreach_Are_Your_Ready
Pre-PostBreach_Are_Your_Ready
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Vendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the riskVendor Cybersecurity Governance: Scaling the risk
Vendor Cybersecurity Governance: Scaling the risk
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Matt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptxMatt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptx
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 

More from Juan Carlos Carrillo

La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017Juan Carlos Carrillo
 
Ciberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers MéxicoCiberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers MéxicoJuan Carlos Carrillo
 
Webinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio ElectrónicoWebinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio ElectrónicoJuan Carlos Carrillo
 
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoSeguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoJuan Carlos Carrillo
 
260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...Juan Carlos Carrillo
 
Privacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b securePrivacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b secureJuan Carlos Carrillo
 
La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2Juan Carlos Carrillo
 
Regulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBVRegulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBVJuan Carlos Carrillo
 
Más respuestas a la protección de datos
Más respuestas a la protección de datosMás respuestas a la protección de datos
Más respuestas a la protección de datosJuan Carlos Carrillo
 
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...Juan Carlos Carrillo
 
Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?Juan Carlos Carrillo
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP? ¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP? Juan Carlos Carrillo
 
Datos personales y riesgos digitales
Datos personales y riesgos digitalesDatos personales y riesgos digitales
Datos personales y riesgos digitalesJuan Carlos Carrillo
 
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...Juan Carlos Carrillo
 
Ley federal de proteccion de datos personales
Ley federal de proteccion de datos personalesLey federal de proteccion de datos personales
Ley federal de proteccion de datos personalesJuan Carlos Carrillo
 

More from Juan Carlos Carrillo (20)

La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017
 
Ciberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers MéxicoCiberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers México
 
Webinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio ElectrónicoWebinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio Electrónico
 
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoSeguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
 
260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...
 
Privacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b securePrivacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b secure
 
La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2
 
Proteja los Datos más Sensibles
Proteja los Datos más SensiblesProteja los Datos más Sensibles
Proteja los Datos más Sensibles
 
Regulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBVRegulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBV
 
Privacidad y seguridad
Privacidad y seguridadPrivacidad y seguridad
Privacidad y seguridad
 
The personal hedgehog
The personal hedgehogThe personal hedgehog
The personal hedgehog
 
How managers become leaders v2
How managers become leaders v2How managers become leaders v2
How managers become leaders v2
 
Más respuestas a la protección de datos
Más respuestas a la protección de datosMás respuestas a la protección de datos
Más respuestas a la protección de datos
 
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
 
Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personales
 
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP? ¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
 
Datos personales y riesgos digitales
Datos personales y riesgos digitalesDatos personales y riesgos digitales
Datos personales y riesgos digitales
 
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
 
Ley federal de proteccion de datos personales
Ley federal de proteccion de datos personalesLey federal de proteccion de datos personales
Ley federal de proteccion de datos personales
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Managing privacy

  • 1. Managing Privacy RiskManaging Trust? Víctor Chapela – Sm4rt Nathaly Rey – ISMS Forum Spain
  • 2. Privacy Origin Human Rights The right to a dignified life Legal order independence Universal Declaration of Rights (1942) Right to intimacy Information self-determination / Privacy
  • 3. What do we understand by Privacy? Having control over my personal information The ability to limit: Who keeps it What can be done with it Purposes of use
  • 5. Legal and Institutional Frameworks International: Standardization efforts European: Under revision US: Consumer Protection approach Canada: Sector based approach Latin America: European Model? Others
  • 6. Privacy Regulatory Overview EU USA EU“light” Hábeas Data Four Main Groups
  • 7. Universally Accepted Privacy DirectivesMadrid Conference: Privacy and Data Protection Authorities of the 5 continents
  • 8. Principles Lawfulness and fairness Purpose specification Openness (Information) Proportionality Data quality Accountability
  • 9. Legitimacy of Processing Consent Sensitive Data Provision of processing services International transfers
  • 10. Rights Access Rectify Delete Opposition
  • 13. Chief Privacy Officer What is a Chief Privacy Officer? Which is his place in the organization? Solid knowledge and ample experience Certified Data Privacy Professional
  • 15. Risk Management Audit Independence Qualified expert
  • 17. Mexico’s Privacy Law ü ü ü ü ü
  • 18. Specific Aspects and Challenges Specific Aspects Financial Data Auto-regulation Criminal charges Fines up to US $2.8M Challenges Privacy Notice: proof Strategy for compliance Privacy Awareness
  • 19. Link between Privacy and Security
  • 21. How can we understand Digital Risk?
  • 22. 3 Types ofDigital Risk Accidental Opportunistic Intentional 3. Intentional
  • 23. Intentional Digital Risk = Threat x Vulnerability
  • 26. Digital Risk = Threat x Vulnerability Threat
  • 27. Perceived Risk is Reduced
  • 28. We all feel anonymous!This is true for criminals as well…
  • 29. Without risk we all become lawbreakers!
  • 30. By reducing the risk of breaking the law, everyone’s risk has grown
  • 32. We are arriving at a new balance Profit Risk
  • 33. Much more illegal money to be made!
  • 35. Digital Risk = Threat x Vulnerability Vulnerability
  • 37. Computers used to be deterministic
  • 38. Our digitalWorld hasbecome Undeterministic
  • 39. Computers have become so complex they are not predictable any more
  • 40. We rebootas a way to return to a known state
  • 41. In chaotic systems we can only predict the first fewiterations
  • 43.
  • 44.
  • 45. 36 Nodes 630 Connections 2,783,137,628,160 Sockets
  • 46. Moredevices = even moreconnections
  • 48. Network connection growth creates Value
  • 52. How doesDigital Risk affectPrivacy?
  • 53. Reduced Privacy risk perception
  • 54. TheNature of Privacy Risk isnot new
  • 55. Privacy Risk hasincreased because of4 aspects
  • 57. It use to take days or weeks for information to be shared
  • 58. Now it is instantaneous!
  • 60. The same people that would keep our secrets…
  • 61. … are now becoming digital information broadcasters
  • 62. Every single tweet is received in average by over 487 people The most retweeted message was received by more than 24 million accounts
  • 64. We used to easily control, restrict access and destroy physical copies of our personal data
  • 67. Our files used to be difficult toaccess
  • 68. Now it is all clusteredandavailable worldwide
  • 69. Therefore, if you were caught at an inconvenient state…
  • 70. …your girlfriend would have immediate access…
  • 71. … as well as all her friends…
  • 73. So yes, privacy is a growing concern And not only at a reputational level
  • 74. Privacy is always a risk for INDIVIDUALS An organization’s risk always translates to individual stakeholder risks Employees get fired Users or customers are damaged Shareholders lose money
  • 75. Two types of Privacy Intimacy Identity
  • 76. Intimacy Ethnic origin or race Health Religious, philosophical and moral beliefs Syndicate affiliation Political views Sexual preference
  • 77. Identity Name and address e-Mail Location Biometrical readings Payment card number User and password Behavioral information
  • 78. Two types of Privacy Intimacy Perception <- Trust Regulation Compliance Identity Perception <- Trust Information Value
  • 79. The most valuable piece of our personal information is our Identity
  • 81. 2009 Data Breach Investigations Report Verizon Business RISK Team
  • 83. 1.5% Other Personal Information
  • 84. Information posted for Sale Rank % Information 23% CVV2 Numbers 18% Credit Card Numbers 15% Credit card expiration dates 12% Addresses 11% Phone numbers 6% Email addresses 5% PIN for credit or debit cards 4% Social Security numbers 4% Full names 2% Dates of birth http://www.symantec.com/business/theme.jsp?themeid=threatreport
  • 85.
  • 86. How was this data stolen?
  • 92.
  • 93.
  • 94.
  • 98. Are both part of IdentityTheft
  • 101. Two types of Privacy Intimacy Privacy Regulation Risk Management Identity Value Based Risk Management
  • 102. They are divided into two groups: Redundancy Availability? Business Impact BIA Filters andAuthentication Confidentiality and Integrity? Market Value IVA
  • 103. Information Value Analysis Information Risk= Impact x Probability Impact is determined by estimatingEconomic Value Probabilityismeasured by calculating Potential Connections
  • 105. Intentionality Information Assets Information User Profiles Potential Losses Possible Attacks High Risk Nodes EconomicValue Access to High Risk Nodes Attacker Profit Known Attacks
  • 106.
  • 107. We need to accept Risk Potential moves are infinite
  • 113. TheEnd justifies theMeans In preventing Intentional Risk nothing less than securing allvectors is enough
  • 114. Defense must be Optimized
  • 117. Value Management Method Possible Incidents Real Incidents Applicable Incidents Recurring Incidents Measurement of Added Value Prioritized Incidents
  • 118. This is how we estimate threatandImpact
  • 119. How are probability andVulnerabilitycalculated?
  • 120. Assets& Account Profiles
  • 121. Assets & Account Profiles
  • 122. COBIT Risks EfectividadEficienciaConfidencialidadIntegridadDisponibilidadCumplimientoConfiabilidad Business Requirements AplicacionesInfraestructuraInformaciónPersonas DOMINIOS PROCESOSACTIVIDADES IT Resources IT Processes Nodes Connections
  • 123. Types ofNodes Information User Connection Information Node User Node Transfer Process Store Consult
  • 127. Redundancy Availability? Business Impact Assets Filters andAuthentication Confidentiality and Integrity? Market Value Assets Accounts
  • 128. Monitoring is also Required Availability? Business Impact Monitoring & Response Assets Confidentiality and Integrity? Market Value AssetsProfiles
  • 129. Identity is the key to better risk management
  • 130. Default Close Default Open Availability Confidentiality
  • 131. Focus controls on main risks
  • 132. Determinewhich nodes tomonitor
  • 133. Redundancy Activos Monitoring Filtering &Authenticacion Risk Operation Center
  • 135. Always R1 Weak password storage protocol R5 R2 R2 Absence of robust password policy R3 Absence of data entry validation for web applications R3 R4 Possible Probability R1 R6 R4 Existing applications with vulnerable remote support R5 Weak wireless ciphered communication protocol R6 Absence of operating system security configuration Almost never Very high Insignificant Medium Impact Main Risks
  • 136. Quick Hits High S1 S2 Password Policy S5 S4 S2 Migration of wireless communication protocol Strategic Quick Hits S6 S3 S1 Strategic S7 S3 Security configuration guidelines for applications Moderate Positive Impact of Implementation S4 Security configuration guidelines for operating systems Not Viable Nice To Have S5 Migration of passwords storage protocols S6 Secure application development process Minimum S7 Migration of remote support protocol Minor Medium Major Effort Action Plan
  • 137. Procesos Gente Tecnología Policies and Configuration Guidelines S3 Security configuration guidelines for applications S4 Security configuration guidelines for operating systems Governance S1 Password policy Processes and Roles S1 Superior Technologies User controls S7 S8 S0 S9 Migration of remote support protocols Network controls S5 Migration of password storage protocols S2 Migration of wireless communication protocols S2 Host controls S4 S5 Recommendations for Sustainability Application controls S3 4 S7 S8 Secure change process administration Data level controls S9 Risk administration process S0 Vulnerability patches and updates process S6 Secure application development process Recommendations
  • 138. Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Risk Administration Implementation Secure application development implementation Vulnerability patches and updates process administration Secure change process administration Migration to robust remote support protocols Migration of wireless communication protocol Migration of password storage Password policy Security configuration guidelines for operating system Security configuration guidelines for applications 2010 2011 Mitigation Roadmap
  • 139. Demystifying the Privacy Implementation Process Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 140. Business Process Analysis Business Process Analysis Data Lifecycle Inventory Identification of applicable Law Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 141. Business Process Analysis Stakeholder Information acquisition Types of data Internal and external data flows Purpose of treatment Information systems and security measures Retention policies Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 142. Data Lifecycle Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 143. Privacy Legal & Regulatory Requirements (PIA) 1. Legal & Regulatory Contracts Clauses Privacy notices Authorizations Jurisdictions Other regulations Money laundering Sectorial Etc. Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 144. Privacy Legal & Regulatory Requirements (PIA) 2. Technical Authentication & authorization Access control Incident log Removable media and document management Security copies Recovery tests Physical Access Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 145. Privacy Legal & Regulatory Requirements (PIA) 3. Organizational Data privacy officer Roles and responsibilities Policies, procedures and standards Notifications to authorities Audits Compliance and evidence Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 146. Legal & Regulatory Data Categories High Risk Syndicate Affiliation Health Sexual life Beliefs Racial Origin Medium Risk Financial Profile Personal Fines Credit Scoring Tax Payment Information Basic Risk Personal Identifying Information Employment Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 147. External Economic Data Value (IVA) Black Market Value Sale price News Value Newspaper Magazines Television Competition Market Value Brand Value Political Value Authorities Fines Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 148. Data Value Categories Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 149. Asset Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 150. Policy Generation How should this data be: generated? stored? transferred? processed? accessed? backed-up? destroyed? monitored? How should we react and escalate an incident or breach? How will we punish compliance? Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 151. Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Controls are defined and mapped for each policy level Technical Standards Procedures Compensatory Controls Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 152. Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 153. Implementation & Audit Business Process Analysis Data Lifecycle Inventory BestPractices Laws and Regulations Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory PROCESSES Policy Generation APPLICATIONS PEOPLE Controls Controls, Standards, Procedures Evidence Implementation & Audit I.ACT D.SEG LOPD SOX LSSI ASSETS NETWORKS COMUNIC. CONTRACT
  • 154. Implementation & Audit Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 155. RegulatoryRisk Management Types Impact Fines Reputation Image Good Corporative Governance Laws and norms Indemnities Client Forfeits Internal Operative Improvement Contracts Risk Management Competitive Difference Business Continuity Guarantee Standards and Codes Stockholder trust Corporative Culture Fight Internalfraud Internalpolicies 155
  • 156. How can Privacy Risks be classified? Economic Operational Reputational Competition
  • 157. Quick tips Doing International Business What to watch out for? Localization Local regulations Due diligence Audit Monitoring Contact with authorities Jurisdiction
  • 158. Non compliance TOP 5 Employee awareness Lack of transparency Third parties Intercompany data flows Collection of unnecessary information
  • 159. Two types of Privacy Intimacy Privacy Regulation Compliance Identity Information Value Risk Management
  • 160. 3 Main Aspects of Privacy Legal Organizational Technical
  • 161. Privacy is not only about Compliance! Through Privacy we guarantee individual rights. By doing so, we increase stakeholder trust and increase our competitiveness.
  • 162. Privacy Risk Management: Stakeholders Trust Management “Trust is the belief that a person or group will be able or willing to act an adequate and predictable manner under certain situations.”
  • 163. Thank you! Víctor Chapela Nathaly Reyvictor@sm4rt.com nrey@ismsforum.es

Editor's Notes

  1. Determinism is a system in which no randomness is involved since causes are directly linked to consequences and, therefore, results are predictable..
  2. To calculate the probability of an attack we use Graph Theory. It shows us the best route (least obstacles) by which an attacker may obtain the criminal objective be it by way of one or various nodes.
  3. Graphic analysis of risks using probability versus impact.