Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing.

Slides:



Advertisements
Similar presentations
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Advertisements

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
(Geneva, Switzerland, September 2014)
1. 2 Technology in Action Technology in Focus: Information Technology Ethics Information Technology Ethics Copyright © 2012 Pearson Education, Inc. Publishing.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.
FSCPC1 Privacy in the workplace Chris Connolly Director Financial Services Consumer Policy Centre.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
IT-Partners Limited © 2011 IT Partners Limited Y OUR IT SOLUTION P ARTNERS Managing Director Confidential Data Loss Prevention Sunny Ho 1.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
SEC835 Database and Web application security Information Security Architecture.
Marketing of Information Security Products. The business case for Information Security Management.
Steve Bennett President & Chief Executive Officer NASDAQ OMX International Investor Program December 4, 2013.
Social Media Jeevan Kaur, Michael Mai, Jing Jiang.
Information Security Issues at Casinos and eGaming
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.
“Mitigating Offshoring Risks in a Global Business Environment“
Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.
PAR CONFERENCE Homeland Defense A Provider’s Perspective Lessons from TMI Dennis Felty November 15, 2001.
Security and Privacy Strategic Global Partners, LLC.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
European Standards on Confidentiality and Privacy in Healthcare Dr Colin M Harper Division of Psychiatry & Neuroscience Queen’s University.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Data Protection Privacy in the Digital Age: the UN General Assembly Resolution Sophie Kwasny, 16 October th International Conference, Mauritius.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Information Systems Ethics (Cyberethics) Dr. Robert Chi Department of Information Systems California State University, Long Beach.
Marilyn Prosch, Ph.D., CIPP Arizona State University.
1 (ISC) 2 Conference Oct, 2008 Presented by Shin, Soojung Dr. Soojung shin, CISSP, Executive Vice President, Infosec, Korea.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Designing Services for Security: Information Security Management throughout the Service Lifecycle Sarah Irwin & Craig Haynal 2015 Penn State Security Conference,
Understanding Business Ethics 2 nd Edition © 2014 SAGE Publications, Inc. Chapter 9 Ethics and Information Technology Understanding Business Ethics Stanwick.
111 © 2005 EMC Corporation. All rights reserved. Achieving Business Resilience 2005 Business Continuity and Corporate Security Show & Conference Stephen.
Internal Control Systems
Cloud security
Risk Management for Small & Medium Sized Enterprises
Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC
August 31, The Etowah County School District’s electronic network is available to all students and employees. The goal is to foster learning environments.
Chapter 6 Ethics and Privacy © Ilin Sergey/Age Fotostock America, Inc.
© 2011 IBM Corporation IBM Security Services Smarter Security Enabling Growth and Innovation Obbe Knoop – Security Services Leader Pacific.
CLOSE THE SECURITY GAP WITH IT SOLUTIONS FROM COMPUTACENTER AND CISCO AUGUST 2014.
or M Alan Cameron Records Management Consultant JiscinfoNet.
Practical IT Research that Drives Measurable Results Build Security Architecture & Roadmap Implementation 1Info-Tech Research Group.
What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.
Privacy and Security in the Employment Relationship
I have many checklists: how do I get started with cyber security?
The European Anti-Corruption Report
Managing IT Risk in a digital Transformation AGE
FUNDAMENTAL SOCIAL RIGHTS IN EU
© 2016 Global Market Insights, Inc. USA. All Rights Reserved Fuel Cell Market size worth $25.5bn by 2024 Low Power Wide Area Network.
Presentation transcript:

Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing Employee's Personal Use of the Internet at Work

Conference – 7-8 August, 2013 Presented by David Melnick | pg 2 Balancing Security and Individual Privacy: An ongoing public global debate  US: National Security Agency (NSA) operated PRISM (surveillance program)  EU: Data Protection Directive - employee privacy and electronic surveillance in the workplace  Asia-Pacific: China, Singapore’s PDPA, Japan, Hong Kong and the Philippines

Conference – 7-8 August, 2013 Presented by David Melnick | pg 3 In the US, Security trumps Privacy for now: Snowden/PRISM triggers a national debate  Security and privacy viewed as competing  To achieve security and address liability, Employer policies often assert no-employee-right-to-privacy › Security: Malware and other Cyber Threats › Liability: Employer responsibility for employee actions Global Companies must address EU obligations

Conference – 7-8 August, 2013 Presented by David Melnick | pg 4 The European Union’s right to privacy, directly impacts employer monitoring  “Everyone has the right to respect for his private and family life, his home and correspondence.” 1  “Court has made it clear that the protection of private life enshrined in Article 8 does not exclude the professional life as a worker…” 2 Requirements freeze DLP implementations 1.European Convention for the Protection of Human Rights… Article Article 29 Working Party working document on surveillance of electronic communications in the workplace

Conference – 7-8 August, 2013 Presented by David Melnick | pg 5 Asia-Pacific region reflects multiple views on security and privacy debate  Elevating consideration of privacy with new laws and guidenlines 1  Security remains driving consideration 2 1.Singapore's recent PDPA requires notice; Hong Kong Privacy Commissioner sets non-binding guidelines on employer monitoring 2.Chinese govt./employers have authority to monitor; Japan law requires notice, but limited expectation of employee privacy at work; and Philippines, like the US, enables surveillance and focuses on security/anti-terrorism (Human Security Act of 2007) Baker & McKenzie, 51st issue of The Global Employer entitled “The Social Media Issue”, September 2012 Philippines Human Security Act of 2007 ( )

Conference – 7-8 August, 2013 Presented by David Melnick | pg 6 Prevailing approach to employee personal web use: Prevent, Detect, & Respond Prevent employees from personal web browsing  Establish acceptable use-policies (AUP)  Implement secure web-filtering to limit access Detect employee personal activity  Extend employee monitoring solutions Respond to enforce policies  Enforce discipline and termination policies

Conference – 7-8 August, 2013 Presented by David Melnick | pg 7 Despite attempts to limit personal Internet use at work employees continue to browse Acceptable Use Policy Employee Monitoring Website Blocking Enforcement Actions Corporate Response

Conference – 7-8 August, 2013 Presented by David Melnick | pg 8 Human Resources Employee lost productivity Sensitive information handling IT / Security Cyber threat management Information protection programs Legal / Compliance / Privacy Limit global privacy obligations Mitigate liability for employee actions Organization’s security focus has developed to address a range of issues Employee

Conference – 7-8 August, 2013 Presented by David Melnick | pg 9 The Early Days 20 th Century Present Day Web Security Tools MatureBig Brother Employee Internet Management (EIM) Web/Content Filtering Secure Web Gateways (SWG) Managed Security Services (MSS) Employee Internet Management has matured over the past 15 years * Selecting and Deploying Secure Web Gateway, Gartner December 10, 2012 Per Gartner*, the market addresses Web-use liability, malware and data loss to cyber attacks through: Acceptable-use protection (AUP), i.e. URL filtering Anti-malware Data loss prevention (DLP) on the Web channel

Conference – 7-8 August, 2013 Presented by David Melnick | pg 10 Current strategies for controlling the risks of employee web-use are not sufficient  Personal activity remains a cyber threat vector  Personal web-use continues to expand  Privacy obligations limit security deployments  Web-use restrictions impact employee morale

Conference – 7-8 August, 2013 Presented by David Melnick | pg 11 Organizational Security  Organizational monitoring (DLP, Spyware)  Individual activity control (Anti-Malware, AUP) Striking a new balance between security and employee privacy Individual Privacy  Global right-to-privacy laws (EU Data Protection Directive)  Increased reliance on the Internet for personal use Reductions in Individual Access & Privacy Growing Outcry for Internet Freedom & Privacy

Conference – 7-8 August, 2013 Presented by David Melnick | pg 12 Social Media Personal Shopping/Research Information gathering Personal Web-Use Customer research Corporate Professional Web-Use Separate personal & professional web-use  Not security vs. privacy  Not employee vs. employer Strengthen security and reduce risk by providing employee privacy

Conference – 7-8 August, 2013 Presented by David Melnick | pg 13 Human Resources - Compliance - - Legal - Privacy - - IT - Security - Reduce employee liability risk Limit malware infection Reduce vulnerability to Phishing Extend monitoring capabilities Internet as recruiting & retention tool Enhance Privacy Compliance Benefits of secure separation of personal and professional activity

Conference – 7-8 August, 2013 Presented by David Melnick | pg 14 Questions and Answers David Melnick CISSP, CIPP, CISA Board Member, (ISC)2 Los Angeles, CA USA A managed web portal protecting employee privacy & organizational asset

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.