Information Security and Common Sense Richard Henson University of Worcester October 2008.

Slides:

Advertisements

Similar presentations

Help, yes or no ?. Traffic accidents, as one of the important social problems, have always been paid great concern. In most of the big cities, every day,

Advertisements

George Yannis European Transport Safety Council, Learning from each other Road accident data in the enlarged European Union.

© Les Kelly Complete Training UK 2012 Driver Certificate of Professional Competence Course 7 Operational Procedures.

How to stay safe on the road

Freedom of Information Act 2000 and the PCT Audit Procedure Background: The Act was passed in November The Act will be fully in force by January.

Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.

Enforcement A Safe Streets for London Priority

POLICING THE UK ROADS Meredydd Hughes QPM ACPO Head of Roads Policing.

A practical tool for driving customer-focused change.

The Minnesota State Colleges and Universities system is an Equal Opportunity employer and educator. Vehicle Use Safety Procedures Presentation to MSCSA.

Wheelchair and Passenger Restraints Your Logo Here A straightforward presentation to be viewed at your leisure, but not to be ignored. Working with equipment.

District 1220 Assembly 2006 Health and Safety HEALTH AND SAFETY For Rotary District 1220 and its Member Clubs.

The Health and safety Act, is an act to make further provision for securing the health and safety and welfare of persons at work.For protecting others.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

Digital Ditch: Creating political support for digital roads 1 Digital Ditch: Creating political support for digital roads Jesper Sølund Head of Press and.

CASH HANDLING Training Presentation

Managing Risk Minimising Insurance Risks –Legal requirements –Premises –Equipment –Employees –Theft and fraud –Transport –Insuring the risks Risk Management.

Module 6: The impact of national policy and legislation

Graduated Licensing. Developing Novice Driver Skills Highway Traffic Safety is a serious social & economical problem...

Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users SAFETEA-LU Key Safety Provisions Federal Highway Administration.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Guidelines 4-6 Developing a file plan for government agencies Tuvalu Government Filing Manual Funafuti, Tuvalu June 2013 There are three guidelines in.

Safe Working Practices - Contents

ACCIDENT PREVENTION. Accident Prevention Information obtained from an accident investigation is used to help prevent future accidents from happening.

Title: Rail Safety Survey Presenter’s Name: DAISY P. JACOBO Economy: Philippines 33rd APEC Transportation Working Group Tokyo, Japan October

Disability Income…. The Forgotten Need. DI Statistics Leaving It All To Chance.

Information Security and Common Sense Richard Henson University of Worcester November 2008.

Professional Values and Basic Business Legislation.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Information Assurance Market Research June Executive Summary Small response rate (n=43) General low awareness of information security controls and.

Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.

Governance: Challenges & Possible Solutions Audit and Risk Indaba 28 October 2011.

The Global Road Safety Partnership is hosted by Work Related Road Safety Ken Shaw – Global Road Safety Partnership Department of Disaster Prevention and.

Red Flag Training IDENTITY THEFT PREVENTION PROGRAM OVERVIEW AUTOMOTIVE.

DIRECT WORKS FORUM 10 June 2008 Andy Ballard. COMMON LAW MANSLAUGHTER Effectively – Death by gross negligence Test – (a) was a (common law) duty of care.

The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.

The Role of the Parliament in Strengthening Road Safety Birutė VĖSAITĖ Chairperson of the Committee on Economics of the Seimas of the Republic of Lithuania.

Drill 2012 Adelaide “Drilling into the Future” CHAIN OF RESPONSIBILITY & FATIGUE REGULATIONS PRESENTER: PAUL QUILLIGAN.

COMP1321 Digital Infrastructure Richard Henson University of Worcester December 2012.

Presented by Simon Protano FinstSMM DSA ADI National Business Manager 3 rd April 2007 IOSH Merseyside Branch Presentation to Driving on Company Business.

Introduction to the NFSTP

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,

Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users Advancing Safety through SAFETEA-LU Michael Halladay FHWA Office of.

Prevent the risk of road accidents among employees Reducing the frequency of road accidents.

OSHA Guidelines for Employers to Reduce Motor Vehicle Crashes

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

The Unit Safety Statement November 2014 Dr Emer Bell Integrated Risk Solutions.

V9 Vehicle Manoeuvering. Fleet Operator Recognition Scheme (FORS) FORS is important to our company because.

D5 Health and safety. Fleet Operator Recognition Scheme (FORS) FORS is important to our company because.

Adding value through health and safety. Introduction to Portakabin Part of the Shepherd Group - a family company with family values Cares for employees;

BizSmart Lunch & Learn Webinar Information Security and Protecting your business With the increased risk of some sort of cyber- attack over the past few.

GATE SAFETY WEEK TH OCTOBER GUIDANCE FOR HOMEOWNERS AND THE PUBLIC KEEPING THE NATION SAFE A guide to keeping you safe around powered gates.

Welcome to the ICT Department Unit 3_5 Security Policies.

8 – Protecting Data and Security

Unit 3 Providing safe environments for children

Welcome to Complaints and Code of Conduct

COMP3357 Managing Cyber Risk

Learning objective Understand how to safeguard children in relation to legislation, frameworks, policies and procedures. Identify current.

Cyber Crime and its implications for citizens and businesses in the Information Society Richard Henson Senior Lecturer in Computing University of Worcester.

GDPR Awareness and Training Workshop

ATV and Motorcycle Safety

Move this to online module slides 11-56

COMP1321 Digital Infrastructure

COMP3357 Managing Cyber Risk

General Data Protection Regulations 2018

What’s the campaign about?

It’s not just business as usual

Presentation transcript:

Information Security and Common Sense Richard Henson University of Worcester October 2008

Why has Data Security become such a problem? n End User Computing n Advances in Technology n Confusion about the Data Protection Act n Lack of policy or inconsistent implementation of policy n Data handling training issues

The Rise of End User Computing n In the 1980s, organisational data was kept either in: –centralised computers –secure filing cabinets n The PC offered the possibility of organisational data in the hands of non professionals… –network administrators predicted there would be big problems… –few people listened… THEY SHOULD HAVE!

Where are we now with Information Technology? n Days of mainframe or centralised computing… comparable to mass transport systems (e.g. stage coach, railways, bus) –professional drivers –people driven about

Another e.g. of Technological Change bringing about Cultural Change… n Coming of the motor car…

The Coming of the Personal Computer… –In technology/society terms, the equivalent of the motor car…

Result of the motor car cultural change… n Transport became personalised –those handling motor vehicles were often a menace to other road users –many accidents, injuries, lives lost n Only controlled through the use of legislation (e.g. Highway Code) –and then more legislation (e.g. Driving Test)… »and yet more legislation!!! (e.g. National Speed Limit)

Are roads safe today? n UK Road deaths been falling consistently for many years n So a cultural problem CAN be brought under control… n What about the perils of end user computing…

Digital Data and the Law n What do we have for keeping computer users in order? –the Data Protection Act n Problem… dates back to 1984 –BEFORE end user computing n Update in 1998 –did not address the problems associated with putting the end user in control »e.g. digital data can be easily carried around

The New Law n Finally (2008) legislation is being updated to acknowledge the problem –New offence of Data Recklessness –Information Commissioners Office (ICO) has increased powers.. »further changes expected during the Parliamentary Session Information Commissioner Richard Thomas

Why such a long wait? n Again… back to the motor car n Highways Act? –became law in 1835 –only substantially updated in… 1959 –Why then? had become »a matter of public concern n Equally, Data Protection is now A MATTER OF PUBLIC CONCERN –latest surveys; people now as concerned about their privacy as they are about terrorism!

What are the consequences for Organisations? They need to get serious about data protection, or risk the wrath of the Information Commissioners OfficeThey need to get serious about data protection, or risk the wrath of the Information Commissioners Office first to suffer was…first to suffer was… Richard Branston, Virgin Media (3383 customer records went missing)Richard Branston, Virgin Media (3383 customer records went missing) Would you want to be next???Would you want to be next???

What to do? n Apply common sense! –establish, or update the organisations Information Security Policy –key role: Data Controller - make sure all employees are aware of the law… »make sure systems are in place to make sure that policy works at operational (end user) level »make sure the systems are auditable, and regularly audited

Dont Know where to start? n There is now an International Standard: –ISO –based on British Standard BS7799 »UK leading the world in design… »but not implementation! –any organisation achieving this quality standard gains in two crucial ways: »unlikely to lose data through recklessness »can use the ISO kitemark to show potential customers that their personal data is being properly looked after

Is getting ISO cost-effective? n BIG question –even before… »credit crunch arrived »data recklessness became law n Cost overhead of ISO quantifiable –intensive, highly focussed courses –paperwork deliberately customisable to meet the needs of large and small organisations n If data is lost, what of the cost overhead of: –bad press? –disgruntled customers? –hefty fines?

Is good Information Security Common Sense? n YES… –just as driving safely is common sense n BUT… n What would the roads be like today if: –1835 Highways Act was still in force unchanged? –no-one had to pass a driving test? n QUESTIONS???