Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1
Agenda What to expect Impact ‘Preparation’ versus ‘Vigilance’ - will you be prepared for the changes or will you wait for the changes to occur and then deal with them? Resources 2
What to expect 2014 fallout Payment Card Industry Healthcare Student Data 2015 Trends to Come 3
2014 fallout 2014 was a landmark year for data security issues Massive (quantity and scope) security breaches - Retailers, White House, Sony (direct impact on use of technology, decision-making related to entertainment, financial impact to P&L, consumer disengagement continues)Massive (quantity and scope) security breaches 4
Payment card industry Move to EMV (Europay Mastercard Visa) a.k.a. ‘Chip & PIN’ Liability shift Faster adoption of mobile based transaction terminals - Apple Pay Point to Point Encryption (P2PE) 5
Healthcare Use of mobile health apps and devices Privacy versus convenience - convenience appears to be winning Healthcare costs bubble burst - (or close to) Push for research and innovation - more data to protect Customized care management and marketing strategies 6
Student Data – Laws & Regulations FERPA ( Federal Education Records Privacy Act) prohibits federal funding of an educational agency or institution that has a policy or practice of disclosing a student’s “education record” without the consent of the parent or eligible student. 7
Student Data – Laws & Regulations State breach notification laws Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information. 8
Student Data – Laws & Regulations PPRA (Protection of Pupil Rights) affords certain rights to parents of minor students with regard to surveys that ask questions of a personal nature. 9
Student Data : New & proposed laws Sep 2014 California : Student Online Personal Information Protection Act (SOPIPA): aggressively protects the use of student educational data by third-party vendors. Jan 2015 : Proposed Student Digital Privacy Act 10
National look at Student Privacy Legislations GW Information Security Policy Information Security Policy Guidance – Data Storage and Custodial PracticesInformation Security Policy Guidance – Data Storage and Custodial Practices Security Breaches Involving Non-Public Personal InformationSecurity Breaches Involving Non-Public Personal Information 11 Reference and Resources
Expected Trends in 2015 Changes to terms and conditions of contracts related to online accounts Concept of sharing/unsharing data rather than ing Embedded file protection; expect that endpoints are not to be trusted Disposable endpoints Emphasis on data archival and disposition - if a file is not accessed or used for ‘x’ years, it should be encrypted and then archived (if not disposed). 12
Expected Trends in 2015 (continued) Social media - continues to be an influencer, avenue of communication and threat to privacy Federal data - more strict rules to access data Two-factor authentication - increasing use More state sponsored and political motivated hacks 13
Privacy – know your options 14
Privacy As of today is largely unprotected Regulations are weak and less proactive Rules are not standardized across geopolitical boundaries Your information translates to money Nothing is free. So, apply conscious subscriptions 15
Privacy - How to fix things Stronger legislations Standardized rules Privacy incorporated into software engineering and services You’d be millionaire right now, if you could bill anytime a company used your information to sell you something 16
Interesting Resources botnet-map/ breaches-hacks/ 17
Contact : Questions? 18