SlideShare a Scribd company logo

Managing privacy by Victor Chapela

Juan Carlos Carrillo
Juan Carlos Carrillo

Managing Privacy

Technology
1 of 156
ManagingPrivacy Managing Risk? Víctor Chapelavictor@sm4rt.com
Privacy Origin Human Rights The right to a dignified life Legal order independence Universal Declaration of Rights (1942) Right to intimacy Information self-determination / Privacy
What do we understand by Privacy? Having control over my personal information The ability to limit: Who keeps it What can be done with it Purposes of use
Privacy in the World
Privacy Regulatory Overview EU USA EU“light” Hábeas Data Four Main Groups
Universally Accepted Privacy DirectivesMadrid Conference: Privacy and Data Protection Authorities of the 5 continents
Principles Lawfulness and fairness Purpose specification Openness (Information) Proportionality Data quality Accountability
Legitimacy of Processing Consent Sensitive Data Provision of processing services International transfers
Rights Access Rectify Delete Opposition
Monitoring and Liability
Proactive Measures
Chief Privacy Officer What is a Chief Privacy Officer? Which is his place in the organization? Solid knowledge and ample experience Certified Data Privacy Professional
Risk Management 13
Risk Management Audit Independence Qualified expert
Privacy Impact Analysis
Mexico’s Privacy Law ü ü ü ü ü
Link between Privacy and Security
Perceived Risk is Reduced
Why isPrivacy agrowing concern?
How can we understand Digital Risk?
3 Types ofDigital Risk Accidental Opportunistic Intentional 3. Intentional
Intentional Digital Risk = Threat x Vulnerability
Threat hasincreasedgeometrically!
Vulnerabilities areincreasing exponentially!!
Digital Risk = Threat x Vulnerability Threat
We all feel anonymous!This is true for criminals as well…
Without risk we all become lawbreakers!
By reducing the risk of breaking the law, everyone’s risk has grown
Profitability = Return / Risk
We are arriving at a new balance Profit Risk
Much more illegal money to be made!
Threathasincreasedgeometrically
Digital Risk = Threat x Vulnerability Vulnerability
Wehavelost Control
Computers used to be deterministic
Our digitalWorld hasbecome Undeterministic
Computers have become so complex they are not predictable any more
We rebootas a way to return to a known state
In chaotic systems we can only predict the first fewiterations
Networks increase complexity
36 Nodes 630 Connections 2,783,137,628,160 Sockets
Moredevices = even moreconnections
Connections Grow Exponentially
Network connection growth creates Value
Butitalso increases Complexity
Complexity andUnpredictability increaseFrustration
Risk As well as
How doesDigital Risk affectPrivacy?
Reduced Privacy risk perception
TheNature of Privacy Risk isnot new
Privacy Risk hasincreased because of4 aspects
1. Speed
It use to take days or weeks for information to be shared
Now it is instantaneous!
2. Dispersion
The same people that would keep our secrets…
… are now becoming digital information broadcasters
Every single tweet is received in average by over 487 people The most retweeted message was received by more than 24 million accounts
3. Persistence
We used to easily control, restrict access and destroy physical copies of our personal data
Source: http://www.civic.moveon.org/facebook/chart/
4. Clustering
Our files used to be difficult toaccess
Now it is all clusteredandavailable worldwide
Therefore, if you were caught at an inconvenient state…
…your girlfriend would have immediate access…
… as well as all her friends…
…probably, forever!
So yes, privacy is a growing concern And not only at a reputational level
Privacy is always a risk for INDIVIDUALS An organization’s risk always translates to individual stakeholder risks Employees get fired Users or customers are damaged Shareholders lose money
Two types of Privacy Intimacy Identity
Intimacy Ethnic origin or race Health Religious, philosophical and moral beliefs Syndicate affiliation Political views Sexual preference
Identity Name and address e-Mail Location Biometrical readings Payment card number User and password Behavioral information
Two types of Privacy Intimacy Perception <- Trust Regulation Compliance Identity Perception <- Trust Information Value
The most valuable piece of our personal information is our Identity
Most valuable, for others!
2009 Data Breach Investigations Report Verizon Business RISK Team
98% Payment Card Data
1.5% Other Personal Information
Information posted for Sale Rank % Information 23% CVV2 Numbers 18% Credit Card Numbers 15% Credit card expiration dates 12% Addresses 11% Phone numbers 6% Email addresses 5% PIN for credit or debit cards 4% Social Security numbers 4% Full names 2% Dates of birth http://www.symantec.com/business/theme.jsp?themeid=threatreport
How was this data stolen?
2/3 Hacking
1/3 Malware
Malware
Hacking
79% SQL Injection
Credit or Debit Cards
and OnlineBanking
Personal Information
Are both part of IdentityTheft
Over100billion per year in losses
300% yearly growth rate
Two types of Privacy Intimacy Privacy Regulation Risk Management Identity Value Based Risk Management
They are divided into two groups: Redundancy Availability? Business Impact BIA Filters andAuthentication Confidentiality and Integrity? Market Value IVA
Information Value Analysis Information Risk= Impact x Probability Impact is determined by estimatingEconomic Value Probabilityismeasured by calculating Potential Connections
How tocalculateinformation value?
Intentionality Information Assets Information User Profiles Potential Losses Possible Attacks High Risk Nodes EconomicValue Access to High Risk Nodes Attacker Profit Known Attacks
We need to accept Risk Potential moves are infinite
Highly Dynamic Environment
Theboard changes daily
ThePieceschange daily
Therules change daily
Players change daily
TheEnd justifies theMeans In preventing Intentional Risk nothing less than securing allvectors is enough
Defense must be Optimized
Optimize Speed
Optimize Resources
Value Management Method Possible Incidents Real Incidents Applicable Incidents Recurring Incidents Measurement of Added Value Prioritized Incidents
This is how we estimate threatandImpact
How are probability andVulnerabilitycalculated?
Assets& Account Profiles
Assets & Account Profiles
COBIT Risks EfectividadEficienciaConfidencialidadIntegridadDisponibilidadCumplimientoConfiabilidad Business Requirements AplicacionesInfraestructuraInformaciónPersonas DOMINIOS PROCESOSACTIVIDADES IT Resources IT Processes Nodes Connections
Types ofNodes Information User Connection Information Node User Node Transfer Process Store Consult
NodeGrouping User Profiles
Graph Segmentation
Connection Measurement
Redundancy Availability? Business Impact Assets Filters andAuthentication Confidentiality and Integrity? Market Value Assets Accounts
Monitoring is also Required Availability? Business Impact Monitoring & Response Assets Confidentiality and Integrity? Market Value AssetsAccounts
Identity is the key to better risk management
Default Close Default Open Availability Confidentiality
Focus controls on main risks
Determinewhich nodes tomonitor
Redundancy Activos Monitoring Filtering &Authenticacion Risk Operation Center
RiskAnalysis
Always R1 Weak password storage protocol R5 R2 R2 Absence of robust password policy R3 Absence of data entry validation for web applications R3 R4 Possible Probability R1 R6 R4 Existing applications with vulnerable remote support R5 Weak wireless ciphered communication protocol R6 Absence of operating system security configuration Almost never Very high Insignificant Medium Impact Main Risks
Quick Hits High S1 S2 Password Policy S5 S4 S2 Migration of wireless communication protocol Strategic Quick Hits S6 S3 S1 Strategic S7 S3 Security configuration guidelines for applications Moderate Positive Impact of Implementation S4 Security configuration guidelines for operating systems Not Viable Nice To Have S5 Migration of passwords storage protocols S6 Secure application development process Minimum S7 Migration of remote support protocol Minor Medium Major Effort Action Plan
Procesos Gente Tecnología Policies and Configuration Guidelines S3 Security configuration guidelines for applications S4 Security configuration guidelines for operating systems Governance S1 Password policy Processes and Roles S1 Superior Technologies User controls S7 S8 S0 S9 Migration of remote support protocols Network controls S5 Migration of password storage protocols S2 Migration of wireless communication protocols S2 Host controls S4 S5 Recommendations for Sustainability Application controls S3 4 S7 S8 Secure change process administration Data level controls S9 Risk administration process S0 Vulnerability patches and updates process S6 Secure application development process Recommendations
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Risk Administration Implementation Secure application development implementation Vulnerability patches and updates process administration Secure change process administration Migration to robust remote support protocols Migration of wireless communication protocol Migration of password storage Password policy Security configuration guidelines for operating system Security configuration guidelines for applications 2010 2011 Mitigation Roadmap
Demystifying the Privacy Implementation Process Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Business Process Analysis Business Process Analysis Data Lifecycle Inventory Identification of applicable Law Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Business Process Analysis Stakeholder Information acquisition Types of data Internal and external data flows Purpose of treatment Information systems and security measures Retention policies Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Data Lifecycle Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Privacy Legal & Regulatory Requirements (PIA) 1. Legal & Regulatory Contracts Clauses Privacy notices Authorizations Jurisdictions Other regulations Money laundering Sectorial Etc. Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Privacy Legal & Regulatory Requirements (PIA) 2. Technical Authentication & authorization Access control Incident log Removable media and document management Security copies Recovery tests Physical Access Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Privacy Legal & Regulatory Requirements (PIA) 3. Organizational Data privacy officer Roles and responsibilities Policies, procedures and standards Notifications to authorities Audits Compliance and evidence Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Legal & Regulatory Data Categories High Risk Syndicate Affiliation Health Sexual life Beliefs Racial Origin Medium Risk Financial Profile Personal Fines Credit Scoring Tax Payment Information Basic Risk Personal Identifying Information Employment Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
External Economic Data Value (IVA) Black Market Value Sale price News Value Newspaper Magazines Television Competition Market Value Brand Value Political Value Authorities Fines Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Data Value Categories Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Asset Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Policy Generation How should this data be: generated? stored? transferred? processed? accessed? backed-up? destroyed? monitored? How should we react and escalate an incident or breach? How will we punish compliance? Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Controls are defined and mapped for each policy level Technical Standards Procedures Compensatory Controls Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Implementation & Audit Business Process Analysis Data Lifecycle Inventory BestPractices Laws and Regulations Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory PROCESSES Policy Generation APPLICATIONS PEOPLE Controls Controls, Standards, Procedures Evidence Implementation & Audit I.ACT D.SEG LOPD SOX LSSI ASSETS NETWORKS COMUNIC. CONTRACT
Implementation & Audit Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
Two types of Privacy Intimacy Privacy Regulation Compliance Identity Information Value Risk Management
3 Main Aspects of Privacy Legal Organizational Technical
Privacy is not only about Compliance! Through Privacy we guarantee individual rights. By doing so, we increase stakeholder trust and increase our competitiveness.
Privacy Risk Management: Stakeholders Trust Management “Trust is the belief that a person or group will be able or willing to act an adequate and predictable manner under certain situations.”
Thank you! Víctor Chapela victor@sm4rt.com

Recommended

Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015eFax Corporate®
 
Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017PaladionNetworks01
 
Why Organisations Need_Barac
Why Organisations Need_BaracWhy Organisations Need_Barac
Why Organisations Need_BaracBarac
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 
Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Panda Security
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 

Recommended

Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Fintech Cyber Security Survey Hong Knog 2018
Fintech Cyber Security Survey Hong Knog 2018Entersoft Security
 
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015
Cyber Hacking in Healthcare & The Best Practices for Securing ePHI in 2015eFax Corporate®
 
Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017Strategies to Combat New, Innovative Cyber Threats - 2017
Strategies to Combat New, Innovative Cyber Threats - 2017PaladionNetworks01
 
Why Organisations Need_Barac
Why Organisations Need_BaracWhy Organisations Need_Barac
Why Organisations Need_BaracBarac
 
Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Cyber Risk Management in the New Digitalisation Age - eSentinel™
Cyber Risk Management in the New Digitalisation Age - eSentinel™ Netpluz Asia Pte Ltd
 
Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Why cyber-criminals target Healthcare - Panda Security
Why cyber-criminals target Healthcare - Panda Security Panda Security
 
Digital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows and the NIST Cyber Security Framework
Digital Shadows and the NIST Cyber Security FrameworkDigital Shadows
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLERCyber 51 LLC
 
Distribution Industry: What is Ransomware and How Does it Work?
Distribution Industry: What is Ransomware and How Does it Work?Distribution Industry: What is Ransomware and How Does it Work?
Distribution Industry: What is Ransomware and How Does it Work?The TNS Group
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss DetectionDigital Shadows
 
State of Cybersecurity: 2016 Findings and Implications
State of Cybersecurity: 2016 Findings and ImplicationsState of Cybersecurity: 2016 Findings and Implications
State of Cybersecurity: 2016 Findings and ImplicationsPriyanka Aash
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021insightscare
 
Grc f42
Grc f42Grc f42
Grc f42SelectedPresentations
 
E comm jatin
E comm jatinE comm jatin
E comm jatinJatin Mandhyan
 
Information security trends and steps for (OSAC) Middle East divsion
Information security trends and steps for (OSAC) Middle East divsion Information security trends and steps for (OSAC) Middle East divsion
Information security trends and steps for (OSAC) Middle East divsion Ernest Staats
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020Fahad Al-Hasan
 
Contractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive DataContractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive DataDigital Shadows
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachUlf Mattsson
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Ankit Dua
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0James Perry, Jr.
 
Helping You To Manage Your Security And Privacy On Linked In
Helping You To Manage Your Security And Privacy On Linked InHelping You To Manage Your Security And Privacy On Linked In
Helping You To Manage Your Security And Privacy On Linked InMindful life Training Melbourne
 
Privacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b securePrivacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b secureJuan Carlos Carrillo
 

More Related Content

What's hot

Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Distribution Industry: What is Ransomware and How Does it Work?
Distribution Industry: What is Ransomware and How Does it Work?Distribution Industry: What is Ransomware and How Does it Work?
Distribution Industry: What is Ransomware and How Does it Work?The TNS Group
 
State of Cybersecurity: 2016 Findings and Implications
State of Cybersecurity: 2016 Findings and ImplicationsState of Cybersecurity: 2016 Findings and Implications
State of Cybersecurity: 2016 Findings and ImplicationsPriyanka Aash
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRIZivaro Inc
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021insightscare
 
Information security trends and steps for (OSAC) Middle East divsion
Information security trends and steps for (OSAC) Middle East divsion Information security trends and steps for (OSAC) Middle East divsion
Information security trends and steps for (OSAC) Middle East divsion Ernest Staats
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows
 
Contractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive DataContractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive DataDigital Shadows
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatMike Saunders
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachUlf Mattsson
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?Ankit Dua
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0James Perry, Jr.
 

What's hot (20)

Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
CYBER51-FYLER
CYBER51-FYLERCYBER51-FYLER
CYBER51-FYLER
 
Distribution Industry: What is Ransomware and How Does it Work?
Distribution Industry: What is Ransomware and How Does it Work?Distribution Industry: What is Ransomware and How Does it Work?
Distribution Industry: What is Ransomware and How Does it Work?
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
 
State of Cybersecurity: 2016 Findings and Implications
State of Cybersecurity: 2016 Findings and ImplicationsState of Cybersecurity: 2016 Findings and Implications
State of Cybersecurity: 2016 Findings and Implications
 
Insider Threat Solution from GTRI
Insider Threat Solution from GTRIInsider Threat Solution from GTRI
Insider Threat Solution from GTRI
 
10 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 202110 best cybersecurity companies in healthcare for 2021
10 best cybersecurity companies in healthcare for 2021
 
Grc f42
Grc f42Grc f42
Grc f42
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
 
Information security trends and steps for (OSAC) Middle East divsion
Information security trends and steps for (OSAC) Middle East divsion Information security trends and steps for (OSAC) Middle East divsion
Information security trends and steps for (OSAC) Middle East divsion
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data Breach
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
 
CyberDen 2020
CyberDen 2020CyberDen 2020
CyberDen 2020
 
Contractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive DataContractor Exposed Manufacturer's Sensitive Data
Contractor Exposed Manufacturer's Sensitive Data
 
Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018 Proofpoint Understanding Email Fraud in 2018
Proofpoint Understanding Email Fraud in 2018
 
Detecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-ThreatDetecting-Preventing-Insider-Threat
Detecting-Preventing-Insider-Threat
 
The good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breachThe good, the bad and the ugly of the target data breach
The good, the bad and the ugly of the target data breach
 
GDPR - are you ready?
GDPR - are you ready?GDPR - are you ready?
GDPR - are you ready?
 
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
NetSecurity_ThreatResponder(r)_Capability_Brief_021116_Rev0
 

Viewers also liked

Helping You To Manage Your Security And Privacy On Linked In
Helping You To Manage Your Security And Privacy On Linked InHelping You To Manage Your Security And Privacy On Linked In
Helping You To Manage Your Security And Privacy On Linked InMindful life Training Melbourne
 
Privacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b securePrivacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b secureJuan Carlos Carrillo
 
Employee Privacy vs. Patient Safety
Employee Privacy vs. Patient SafetyEmployee Privacy vs. Patient Safety
Employee Privacy vs. Patient SafetyTeresa Long
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoSeguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoJuan Carlos Carrillo
 

Viewers also liked (6)

Helping You To Manage Your Security And Privacy On Linked In
Helping You To Manage Your Security And Privacy On Linked InHelping You To Manage Your Security And Privacy On Linked In
Helping You To Manage Your Security And Privacy On Linked In
 
Privacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b securePrivacloudacy or risecurityk for b secure
Privacloudacy or risecurityk for b secure
 
Managing privacy
Managing privacyManaging privacy
Managing privacy
 
Employee Privacy vs. Patient Safety
Employee Privacy vs. Patient SafetyEmployee Privacy vs. Patient Safety
Employee Privacy vs. Patient Safety
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
 
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y CumplimientoSeguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
Seguridad, una visión desde el Riesgo, Gobierno y Cumplimiento
 

Similar to Managing privacy by Victor Chapela

Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalVivek Ahuja
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz Abdeen
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commercem8817
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Stan Stahl, PhD
 
Defensive information warfare
Defensive information warfareDefensive information warfare
Defensive information warfarestuimrozsm
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerceMohsin Ahmad
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604ISSA LA
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010joevest
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10ismaelhaider
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05BookStoreLib
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05BookStoreLib
 
Matt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptxMatt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptxNakhoudah
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security STS
 
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05BookStoreLib
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 

Similar to Managing privacy by Victor Chapela (20)

Cybersecurity pres 05-19-final
Cybersecurity pres 05-19-finalCybersecurity pres 05-19-final
Cybersecurity pres 05-19-final
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
Security in E-commerce
Security in E-commerceSecurity in E-commerce
Security in E-commerce
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511Cal cpa meeting infosec challenge - 160511
Cal cpa meeting infosec challenge - 160511
 
Defensive information warfare
Defensive information warfareDefensive information warfare
Defensive information warfare
 
Security for e commerce
Security for e commerceSecurity for e commerce
Security for e commerce
 
Issala exec-forum-opening-150604
Issala exec-forum-opening-150604Issala exec-forum-opening-150604
Issala exec-forum-opening-150604
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
 
Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05Laudon traver ec10-im_ch05
Laudon traver ec10-im_ch05
 
Matt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptxMatt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptx
 
Types of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security ThreatsTypes of Cyber Crimes and Security Threats
Types of Cyber Crimes and Security Threats
 
Technical seminar on Security
Technical seminar on Security Technical seminar on Security
Technical seminar on Security
 
Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05Laudon traver ec11-im_ch05
Laudon traver ec11-im_ch05
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
Cyber security
Cyber securityCyber security
Cyber security
 

More from Juan Carlos Carrillo

La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017Juan Carlos Carrillo
 
Ciberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers MéxicoCiberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers MéxicoJuan Carlos Carrillo
 
Webinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio ElectrónicoWebinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio ElectrónicoJuan Carlos Carrillo
 
260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...Juan Carlos Carrillo
 
La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2Juan Carlos Carrillo
 
Regulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBVRegulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBVJuan Carlos Carrillo
 
Más respuestas a la protección de datos
Más respuestas a la protección de datosMás respuestas a la protección de datos
Más respuestas a la protección de datosJuan Carlos Carrillo
 
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...Juan Carlos Carrillo
 
Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?Juan Carlos Carrillo
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP? ¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP? Juan Carlos Carrillo
 
Datos personales y riesgos digitales
Datos personales y riesgos digitalesDatos personales y riesgos digitales
Datos personales y riesgos digitalesJuan Carlos Carrillo
 
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...Juan Carlos Carrillo
 
Ley federal de proteccion de datos personales
Ley federal de proteccion de datos personalesLey federal de proteccion de datos personales
Ley federal de proteccion de datos personalesJuan Carlos Carrillo
 
Ley y ofrecimiento de privacidad de datos v2
Ley y ofrecimiento de privacidad de datos v2Ley y ofrecimiento de privacidad de datos v2
Ley y ofrecimiento de privacidad de datos v2Juan Carlos Carrillo
 
Presentación Lfpdppp Lina Ornelas
Presentación Lfpdppp Lina OrnelasPresentación Lfpdppp Lina Ornelas
Presentación Lfpdppp Lina OrnelasJuan Carlos Carrillo
 

More from Juan Carlos Carrillo (20)

La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017La falta de talento en ciberseguridad 2017
La falta de talento en ciberseguridad 2017
 
Ciberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers MéxicoCiberseguridad después del COVID-19 - Speakers México
Ciberseguridad después del COVID-19 - Speakers México
 
Webinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio ElectrónicoWebinar: Privacidad y Comercio Electrónico
Webinar: Privacidad y Comercio Electrónico
 
260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...260215 ley federal de proteccion de datos personales en posesión de particul...
260215 ley federal de proteccion de datos personales en posesión de particul...
 
La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2La seguridad informática en la toma de decisiones v2
La seguridad informática en la toma de decisiones v2
 
Proteja los Datos más Sensibles
Proteja los Datos más SensiblesProteja los Datos más Sensibles
Proteja los Datos más Sensibles
 
Regulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBVRegulación Bancaria en México - Capitulo X CNBV
Regulación Bancaria en México - Capitulo X CNBV
 
Privacidad y seguridad
Privacidad y seguridadPrivacidad y seguridad
Privacidad y seguridad
 
The personal hedgehog
The personal hedgehogThe personal hedgehog
The personal hedgehog
 
How managers become leaders v2
How managers become leaders v2How managers become leaders v2
How managers become leaders v2
 
Más respuestas a la protección de datos
Más respuestas a la protección de datosMás respuestas a la protección de datos
Más respuestas a la protección de datos
 
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
Parámetros para el correcto desarrollo de los esquemas de autorregulación vin...
 
Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?Quien tiene el mono? - Who's Got the Monkey?
Quien tiene el mono? - Who's Got the Monkey?
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personales
 
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP? ¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
¿Cómo atender las implicaciones del Reglamento de la LFPDPPP?
 
Datos personales y riesgos digitales
Datos personales y riesgos digitalesDatos personales y riesgos digitales
Datos personales y riesgos digitales
 
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
Resumen del Anteproyecto del Reglamento de la Ley Federal de Protección de Da...
 
Ley federal de proteccion de datos personales
Ley federal de proteccion de datos personalesLey federal de proteccion de datos personales
Ley federal de proteccion de datos personales
 
Ley y ofrecimiento de privacidad de datos v2
Ley y ofrecimiento de privacidad de datos v2Ley y ofrecimiento de privacidad de datos v2
Ley y ofrecimiento de privacidad de datos v2
 
Presentación Lfpdppp Lina Ornelas
Presentación Lfpdppp Lina OrnelasPresentación Lfpdppp Lina Ornelas
Presentación Lfpdppp Lina Ornelas
 

Recently uploaded

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Managing privacy by Victor Chapela

  • 1. ManagingPrivacy Managing Risk? Víctor Chapelavictor@sm4rt.com
  • 2. Privacy Origin Human Rights The right to a dignified life Legal order independence Universal Declaration of Rights (1942) Right to intimacy Information self-determination / Privacy
  • 3. What do we understand by Privacy? Having control over my personal information The ability to limit: Who keeps it What can be done with it Purposes of use
  • 5. Privacy Regulatory Overview EU USA EU“light” Hábeas Data Four Main Groups
  • 6. Universally Accepted Privacy DirectivesMadrid Conference: Privacy and Data Protection Authorities of the 5 continents
  • 7. Principles Lawfulness and fairness Purpose specification Openness (Information) Proportionality Data quality Accountability
  • 8. Legitimacy of Processing Consent Sensitive Data Provision of processing services International transfers
  • 9. Rights Access Rectify Delete Opposition
  • 12. Chief Privacy Officer What is a Chief Privacy Officer? Which is his place in the organization? Solid knowledge and ample experience Certified Data Privacy Professional
  • 14. Risk Management Audit Independence Qualified expert
  • 16. Mexico’s Privacy Law ü ü ü ü ü
  • 17. Link between Privacy and Security
  • 18. Perceived Risk is Reduced
  • 20. How can we understand Digital Risk?
  • 21. 3 Types ofDigital Risk Accidental Opportunistic Intentional 3. Intentional
  • 22. Intentional Digital Risk = Threat x Vulnerability
  • 25. Digital Risk = Threat x Vulnerability Threat
  • 26. We all feel anonymous!This is true for criminals as well…
  • 27. Without risk we all become lawbreakers!
  • 28. By reducing the risk of breaking the law, everyone’s risk has grown
  • 30. We are arriving at a new balance Profit Risk
  • 31. Much more illegal money to be made!
  • 33. Digital Risk = Threat x Vulnerability Vulnerability
  • 35. Computers used to be deterministic
  • 36. Our digitalWorld hasbecome Undeterministic
  • 37. Computers have become so complex they are not predictable any more
  • 38. We rebootas a way to return to a known state
  • 39. In chaotic systems we can only predict the first fewiterations
  • 41.
  • 42.
  • 43. 36 Nodes 630 Connections 2,783,137,628,160 Sockets
  • 44. Moredevices = even moreconnections
  • 46. Network connection growth creates Value
  • 50. How doesDigital Risk affectPrivacy?
  • 51. Reduced Privacy risk perception
  • 52. TheNature of Privacy Risk isnot new
  • 53. Privacy Risk hasincreased because of4 aspects
  • 55. It use to take days or weeks for information to be shared
  • 56. Now it is instantaneous!
  • 58. The same people that would keep our secrets…
  • 59. … are now becoming digital information broadcasters
  • 60. Every single tweet is received in average by over 487 people The most retweeted message was received by more than 24 million accounts
  • 62. We used to easily control, restrict access and destroy physical copies of our personal data
  • 65. Our files used to be difficult toaccess
  • 66. Now it is all clusteredandavailable worldwide
  • 67. Therefore, if you were caught at an inconvenient state…
  • 68. …your girlfriend would have immediate access…
  • 69. … as well as all her friends…
  • 71. So yes, privacy is a growing concern And not only at a reputational level
  • 72. Privacy is always a risk for INDIVIDUALS An organization’s risk always translates to individual stakeholder risks Employees get fired Users or customers are damaged Shareholders lose money
  • 73. Two types of Privacy Intimacy Identity
  • 74. Intimacy Ethnic origin or race Health Religious, philosophical and moral beliefs Syndicate affiliation Political views Sexual preference
  • 75. Identity Name and address e-Mail Location Biometrical readings Payment card number User and password Behavioral information
  • 76. Two types of Privacy Intimacy Perception <- Trust Regulation Compliance Identity Perception <- Trust Information Value
  • 77. The most valuable piece of our personal information is our Identity
  • 79. 2009 Data Breach Investigations Report Verizon Business RISK Team
  • 81. 1.5% Other Personal Information
  • 82. Information posted for Sale Rank % Information 23% CVV2 Numbers 18% Credit Card Numbers 15% Credit card expiration dates 12% Addresses 11% Phone numbers 6% Email addresses 5% PIN for credit or debit cards 4% Social Security numbers 4% Full names 2% Dates of birth http://www.symantec.com/business/theme.jsp?themeid=threatreport
  • 83.
  • 84. How was this data stolen?
  • 90.
  • 91.
  • 92.
  • 96. Are both part of IdentityTheft
  • 99. Two types of Privacy Intimacy Privacy Regulation Risk Management Identity Value Based Risk Management
  • 100. They are divided into two groups: Redundancy Availability? Business Impact BIA Filters andAuthentication Confidentiality and Integrity? Market Value IVA
  • 101. Information Value Analysis Information Risk= Impact x Probability Impact is determined by estimatingEconomic Value Probabilityismeasured by calculating Potential Connections
  • 103. Intentionality Information Assets Information User Profiles Potential Losses Possible Attacks High Risk Nodes EconomicValue Access to High Risk Nodes Attacker Profit Known Attacks
  • 104. We need to accept Risk Potential moves are infinite
  • 110. TheEnd justifies theMeans In preventing Intentional Risk nothing less than securing allvectors is enough
  • 111. Defense must be Optimized
  • 114. Value Management Method Possible Incidents Real Incidents Applicable Incidents Recurring Incidents Measurement of Added Value Prioritized Incidents
  • 115. This is how we estimate threatandImpact
  • 116. How are probability andVulnerabilitycalculated?
  • 117. Assets& Account Profiles
  • 118. Assets & Account Profiles
  • 119. COBIT Risks EfectividadEficienciaConfidencialidadIntegridadDisponibilidadCumplimientoConfiabilidad Business Requirements AplicacionesInfraestructuraInformaciónPersonas DOMINIOS PROCESOSACTIVIDADES IT Resources IT Processes Nodes Connections
  • 120. Types ofNodes Information User Connection Information Node User Node Transfer Process Store Consult
  • 124. Redundancy Availability? Business Impact Assets Filters andAuthentication Confidentiality and Integrity? Market Value Assets Accounts
  • 125. Monitoring is also Required Availability? Business Impact Monitoring & Response Assets Confidentiality and Integrity? Market Value AssetsAccounts
  • 126. Identity is the key to better risk management
  • 127. Default Close Default Open Availability Confidentiality
  • 128. Focus controls on main risks
  • 129. Determinewhich nodes tomonitor
  • 130. Redundancy Activos Monitoring Filtering &Authenticacion Risk Operation Center
  • 132. Always R1 Weak password storage protocol R5 R2 R2 Absence of robust password policy R3 Absence of data entry validation for web applications R3 R4 Possible Probability R1 R6 R4 Existing applications with vulnerable remote support R5 Weak wireless ciphered communication protocol R6 Absence of operating system security configuration Almost never Very high Insignificant Medium Impact Main Risks
  • 133. Quick Hits High S1 S2 Password Policy S5 S4 S2 Migration of wireless communication protocol Strategic Quick Hits S6 S3 S1 Strategic S7 S3 Security configuration guidelines for applications Moderate Positive Impact of Implementation S4 Security configuration guidelines for operating systems Not Viable Nice To Have S5 Migration of passwords storage protocols S6 Secure application development process Minimum S7 Migration of remote support protocol Minor Medium Major Effort Action Plan
  • 134. Procesos Gente Tecnología Policies and Configuration Guidelines S3 Security configuration guidelines for applications S4 Security configuration guidelines for operating systems Governance S1 Password policy Processes and Roles S1 Superior Technologies User controls S7 S8 S0 S9 Migration of remote support protocols Network controls S5 Migration of password storage protocols S2 Migration of wireless communication protocols S2 Host controls S4 S5 Recommendations for Sustainability Application controls S3 4 S7 S8 Secure change process administration Data level controls S9 Risk administration process S0 Vulnerability patches and updates process S6 Secure application development process Recommendations
  • 135. Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Risk Administration Implementation Secure application development implementation Vulnerability patches and updates process administration Secure change process administration Migration to robust remote support protocols Migration of wireless communication protocol Migration of password storage Password policy Security configuration guidelines for operating system Security configuration guidelines for applications 2010 2011 Mitigation Roadmap
  • 136. Demystifying the Privacy Implementation Process Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 137. Business Process Analysis Business Process Analysis Data Lifecycle Inventory Identification of applicable Law Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 138. Business Process Analysis Stakeholder Information acquisition Types of data Internal and external data flows Purpose of treatment Information systems and security measures Retention policies Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 139. Data Lifecycle Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 140. Privacy Legal & Regulatory Requirements (PIA) 1. Legal & Regulatory Contracts Clauses Privacy notices Authorizations Jurisdictions Other regulations Money laundering Sectorial Etc. Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 141. Privacy Legal & Regulatory Requirements (PIA) 2. Technical Authentication & authorization Access control Incident log Removable media and document management Security copies Recovery tests Physical Access Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 142. Privacy Legal & Regulatory Requirements (PIA) 3. Organizational Data privacy officer Roles and responsibilities Policies, procedures and standards Notifications to authorities Audits Compliance and evidence Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 143. Legal & Regulatory Data Categories High Risk Syndicate Affiliation Health Sexual life Beliefs Racial Origin Medium Risk Financial Profile Personal Fines Credit Scoring Tax Payment Information Basic Risk Personal Identifying Information Employment Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 144. External Economic Data Value (IVA) Black Market Value Sale price News Value Newspaper Magazines Television Competition Market Value Brand Value Political Value Authorities Fines Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 145. Data Value Categories Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 146. Asset Inventory Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 147. Policy Generation How should this data be: generated? stored? transferred? processed? accessed? backed-up? destroyed? monitored? How should we react and escalate an incident or breach? How will we punish compliance? Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 148. Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Controls are defined and mapped for each policy level Technical Standards Procedures Compensatory Controls Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 149. Controls, Standards & Procedures Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 150. Implementation & Audit Business Process Analysis Data Lifecycle Inventory BestPractices Laws and Regulations Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory PROCESSES Policy Generation APPLICATIONS PEOPLE Controls Controls, Standards, Procedures Evidence Implementation & Audit I.ACT D.SEG LOPD SOX LSSI ASSETS NETWORKS COMUNIC. CONTRACT
  • 151. Implementation & Audit Business Process Analysis Data Lifecycle Inventory Data Value (IVA) Legal & Regulatory Requirements (PIA) Data Categories Data Categories Asset Inventory Policy Generation Controls, Standards, Procedures Implementation & Audit
  • 152. Two types of Privacy Intimacy Privacy Regulation Compliance Identity Information Value Risk Management
  • 153. 3 Main Aspects of Privacy Legal Organizational Technical
  • 154. Privacy is not only about Compliance! Through Privacy we guarantee individual rights. By doing so, we increase stakeholder trust and increase our competitiveness.
  • 155. Privacy Risk Management: Stakeholders Trust Management “Trust is the belief that a person or group will be able or willing to act an adequate and predictable manner under certain situations.”
  • 156. Thank you! Víctor Chapela victor@sm4rt.com

Editor's Notes

  1. Determinism is a system in which no randomness is involved since causes are directly linked to consequences and, therefore, results are predictable..
  2. To calculate the probability of an attack we use Graph Theory. It shows us the best route (least obstacles) by which an attacker may obtain the criminal objective be it by way of one or various nodes.
  3. Graphic analysis of risks using probability versus impact.