COMP3357 Managing Cyber Risk

Slides:



Advertisements
Similar presentations
Information Security and Common Sense Richard Henson University of Worcester October 2008.
Advertisements

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
Data Protection Act. Lesson Objectives To understand the data protection act.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
Information Security and Common Sense Richard Henson University of Worcester November 2008.
Professional Values and Basic Business Legislation.
Data Protection Act AS Module Heathcote Ch. 12.
COMP3371 Cyber Security Richard Henson University of Worcester September 2015.
COMP3371 Cyber Security Richard Henson University of Worcester November 2015.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
COMP3371 Cyber Security Richard Henson University of Worcester November 2015.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
Data protection—training materials [Name and details of speaker]
COMP1321 Digital Infrastructure Richard Henson University of Worcester May 2016.
Computer Misuse Act 1990 Anti-hacking legislation.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
Legal and Compliance Workshop July 28, 2016 Presented by: Lucy Du-Jones, Founder and Managing Director, du-tian.
Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.
Protecting Data, Sharing Information Graham Wakerley: Director
General Data Protection Regulation (EU 2016/679)
Making the Connection ISO Master Class An Overview.
Data Protection GCSE ICT Mrs N Steventon-2005.
COMP3357 Managing Cyber Risk
PowerPoint presentation
COMP3357 Managing Cyber Risk
Richard Henson University of Worcester February 2017
Overview General Data Protection Regulation (GDPR)
COMP3357 Managing Cyber Risk
Data protection headaches: GDPR, brexit AND perimeter risk
Data Protection Session
Information Destruction; 2017 and beyond!
General Data Protection Regulations: what you really need to know
General Data Protection Regulation
Richard Henson University of Worcester September 2016
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Museums + Heritage webinar, 30 November 2017
Data Protection Legislation
GDPR Overview GDPR - General Data Protection Regulations
The European Union General Data Protection Regulation (GDPR)
INTRODUCTION TO GDPR 19/09/2018.
GDPR Security: How to do IT? IT reediness for competitive advantage
Data Protection & Freedom of Information- An Introduction
DP BILL: DIFFERENCES AND DEROGATIONS
GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR - New Data Protection Regulation
Introduction to GDPR 09/11/2018.
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
G.D.P.R General Data Protection Regulations
The new data protection rules
General Data Protection Regulation
Data Protection principles
Data Protection and You
Identify the laws and guidelines that affect day-to-day use of IT.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
GDPR How does it apply to me?.
General Data Protection Regulations 2018
Richard Henson University of Worcester September 2018
The title: The implementation of Data Protection
General Data Protection regulation (GDPR)
COMP3357 Managing Cyber Risk
Understanding Data Protection
Identify the laws and guidelines that affect day-to-day use of IT.
COMP3357 Managing Cyber Risk
GDPR: Understanding your obligations and the ongoing challenges
Richard Henson University of Worcester September 2019
GDPR what do we need to do?
Presentation transcript:

COMP3357 Managing Cyber Risk Richard Henson University of Worcester May 2018

Week 13: Internet Law, around the World Objectives: Look at differences in Data Protection & Computer Misuse Laws in different countries round the world Compare similarities between laws in different countries, and scope for an International agreement on e.g. good Data Protection legislation Look at GDPR and future developments. Is it enough?

Summary of UK IT Law Computer Misuse Data Protection Investigatory Powers

EU Law & Directives Directive EU Law produced by EU turned into law within sovereign state e.g. Data Protection Act (DPA) EU Law passed by EU and policed by EU has to be implemented by each country’s own Information Commissioner e.g. General Data Protection Regulation (GDPR)

The EEA (European Economic Area) NOT the same as the EU European “free” trading area Includes non-EU European countries Iceland Switzerland Norway Some non-European countries

US Laws on Privacy of Data Sarbanes-Oxley (SOX) HIPCA Data Breaches further evolution of SOX covers all customer data customers must be informed of the breach…

The new GDPR Catching up with US Data Breaches legislation Released in 2016… goes much further than DPA or US data breach legislation… https://staffweb.worc.ac.uk/hensonr/GDPAfactsopinions.pdf

Implementing GDPR 25th May 2018 (very soon…) Excellent resources… much confusion! 99 articles 175 recitals (advice sections) Excellent resources… ICO (see later) EU www.gdpr-info.eu GDPR in bite-sized chunks

Can the Digital Single Market (DSM) go further? DSM developing since 2012 (first draft of what became GDPR) Joint standard across all EU countries just EU? Rest of EEA? UK? many other countries showing an interest https://www.technomag.co.zw/2018/05/09/kagame-pushes-for-african-single-digital-market/

International Standards as a driver for International Law Known in all countries Understood by professionals in all countries Upholding good practice/standards through regulation is a long accepted principle…

Reasons to look after Data: 1. The Law All UK organisations that hold data on people must register with the Information Commissioner's Office (ICO) criminal offence not to do so... Personal and sensitive data must be kept in accordance with eight principles of the Data Protection Act (1984, updated 1998) not to do so can result in hefty fines or even imprisonment

Reasons to look after Data: 1. The Law - continued Financial data also covered under the law, through the Financial Services Authority (FSA)… rebadged to becomeFCA in 2013 much more severe penalties than the ICO… e.g. Nationwide fined in 2007 approx £1million e.g. HSBC fined in 2009 £ several MILLION e.g. Zurich Insurance fined 2010 £ >1 million

2. Data losses do not look good for the business! Depending on which data a business loses… it may not be able to trade efficiently, or even at all! Worst case scenario: 10 days maximum to recover, or out of business! If business data is stolen, they may ALSO lose trade secrets, customer image, supplier information, market share…

Data Losses & not-for-profit organisations Personal data often not regarded as so important, other than in legal terms hence the catastrophic sequence of errors that led to 25 million records being lost by HMRC HOWEVER… customers do expect their personal data to be safeguarded increasing concern about privacy in recent years source of great embarrassment if data lost

Differences between Public & Private Sectors? Is there a difference regarding data? if strategic business data is lost, with no back up cannot do new business cannot fulfil existing business the business will fold If public organisation data similarly lost service level drops or becomes zero people get angry, write to media public sector body gets lots of bad publicity system gets patched up and limps on enquiry suggests deficiencies & changes to be made…

Economics of Information Security Academic research area seeks to produce economic models for organisations to attribute value to data Back to basics of Information Security: Confidentiality – relationship between confidentiality & intrinsic value? Integrity – very difficult to quantify Availability – if loss of particular data: causes system failure puts the business temporarily out of business must have intrinsic value

Moving forward… Or catching up (!) EU legislation comes into effect 2018. requires organisations to take a risk-based approach to privacy (DPIA)

Further Research Business-oriented recent white papers: http://www.findwhitepapers.com/security/security What SHOULD have happened as the 1998 DPA was implemented…: http://management.silicon.com/government/0,39024677,11015799,00.htm Information Commissioner’s current website – huge collection of documents: http://www.ico.gov.uk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.