2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,

Slides:



Advertisements
Similar presentations
‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
Advertisements

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Ilias Chantzos Senior Director, Government Affairs - EMEA Symantec Cyber-security & cyber-resilience: Policy implications in smart cities.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security Controls – What Works
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
(Geneva, Switzerland, September 2014)
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
General Awareness Training
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Internet Security Threat Report Volume 9. 2 Internet Security Threat Report Volume 9 – Spokesperson Training Internet Security Threat Report VI What the.
C4- Social, Legal, and Ethical Issues in the Digital Firm
1 Brett Roberts Director of Innovation | Microsoft NZ | 28 Aug 07 Technology and Privacy.
Staying Safe Online Keep your Information Secure.
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Instant Messaging – Turning Toys Into Tools Presented by: Marla K. Brock – Bilzin Sumberg Kajetan Koci – Loeb & Loeb Kevin Sullivan – Cohen & Grigsby.
1.Too many users 2.Technical factors 3.Organizational factors 4.Environmental factors 5.Poor management decisions Which of the following is not a source.
Copyright 2006 IDC Reproduction is forbidden unless authorized. All rights reserved. Information Security Trends.
Chapter 12 by Lisa Reeves Bertin Securing Information in a Network.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Bots Used to Facilitate Spam Matt Ziemniak. Discuss Snort lab improvements Spam as a vehicle behind cyber threats Bots and botnets What can be done.
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.
Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.
1 Managed Premises Firewall. 2 Typical Business IT Security Challenges How do I protect all my locations from malicious intruders and malware? How can.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
GSHRM Conference Cyber Security Education Shri Cockroft, CISO Piedmont Healthcare, Inc. September 21, 2015.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
Future ICT Landscapes – Security and Privacy Challenges & Requirements Simone Fischer-Hübner IVA Workshop, Stockholm 24th May 2012.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
2002 Symantec Corporation, All Rights Reserved The EU Regulations and IT security An industry perspective Ilias Chantzos, Government Relations EMEA Terena.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Scott Charney Cybercrime and Risk Management PwC.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
IT Security Policy: Case Study March 2008 Copyright , All Rights Reserved.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Safe’n’Sec IT security solutions for enterprises of any size.
Privacy and Data Protection in e-Communications Sector Legislation, Codes of Practice and Standards Privacy and Data Protection in e-Communications Sector.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.
Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!
Securing Information Systems
Secure Software Confidentiality Integrity Data Security Authentication
Hot Topics:Mobility in the Cloud
Securing Information Systems
The activity of Art. 29. Working Party György Halmos
Cyber security and Computer Misuse
Security in mobile technologies
Presentation transcript:

2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference, May 2006

2 – 2002 Symantec Corporation, All Rights Reserved I.Managing risk and the threat landscape II.Regulation III.Conclusions A G E N D A

3 – 2002 Symantec Corporation, All Rights Reserved Managing the risk is a daily challenge NetworkApplicationDatabaseServerStorage CostCost RiskRisk Security Availability Performance Clients Complexity Security Threats Business Continuity Compliance Key Issues: Cost Complexity Compliance

4 – 2002 Symantec Corporation, All Rights Reserved Business Risk Management Business Corporate Governance Competition Infrastructure IT Risk Management InternetStaff CustomersPartners Information Assurance Information assurance is about managing risk

5 – 2002 Symantec Corporation, All Rights Reserved A key element is regulatory compliance Business Risk Management Regulation and Compliance IT Risk Management Information Assurance

6 – 2002 Symantec Corporation, All Rights Reserved Today’s Threat Landscape  Cybercrimes such as online fraud and the theft of confidential information are dominating the public’s consciousness.  Bots, bot networks and customizable or ‘modular’ malicious code are the preferred methods of attack.  Web applications and web browsers increasingly becoming the focal point of attacks.  Continued decline in noisy Category 3 & 4 threats and a corresponding increase in quieter, stealthier Category 1 and 2 threats.  You have to go looking for the threats………

7 – 2002 Symantec Corporation, All Rights Reserved Attack Trends – Top Targeted Industries As predicted, the rise in online fraud and the shift towards financial motivation has moved Financial services to the top of targeted industries in the last half of 2005.

8 – 2002 Symantec Corporation, All Rights Reserved Vulnerability Trends – Volume Between July 1 - December 31, 2005, the total number of vulnerabilities grew by 1% over the previous reporting period and 34% over the same period last year. The total number of vulnerabilities reported this period is the highest ever recorded.

9 – 2002 Symantec Corporation, All Rights Reserved Malicious Code Trends – Threats to Confidential Information Threats to confidential information continue to increase over the past three reporting periods with 80% of the Top 50 reported malicious code in this period, having the potential to expose confidential information.

10 – 2002 Symantec Corporation, All Rights Reserved Malicious Code Trends – Modular Malicious Code Modular malicious code is malicious code that initially possesses limited functionality, but that, once installed on a target host can download other pieces (or modules) of code with different, usually malicious, functionalities. 88% of all malware code had this functionality

11 – 2002 Symantec Corporation, All Rights Reserved Attack Trends – Time To Compromise - Servers Server operating systems in a web sever role

12 – 2002 Symantec Corporation, All Rights Reserved Attack Trends – Time To Compromise - Desktops Desktop systems NOT behind a firewall.

2002 Symantec Corporation, All Rights Reserved The Regulatory Challenges

14 – 2002 Symantec Corporation, All Rights Reserved Examples of European Regulation  Protecting YOUR data –95/46/EC Generic Data Protection –2002/58/EC Specific Data Protection –Data Retention  Protecting against damaging data –Framework Decision on attacks against info-systems –Council of Europe Convention on Cybercrime  Protecting the data of specific industries –Basel II –Use of public sector information

15 – 2002 Symantec Corporation, All Rights Reserved Data protection  Directives 95/46/EC (generic) and 2002/58/EC (specific)  Generic Directive covers all activities related to processing of personal data  Specific Directive covers only electronic communications  Create independent authorities responsible for supervision and enforcement  Very interesting from a security standpoint

16 – 2002 Symantec Corporation, All Rights Reserved The Generic Directive  Defines data categories  Requires information collection fairly and lawfully subject to consent  Requires information security and availability for the storage of data  Requires access to data subject and rectification of the data  Forbids cross-border transfer of personal data  Determines jurisdiction

17 – 2002 Symantec Corporation, All Rights Reserved Specific Directive  Defines traffic data  Requires network security  Obliges eCommunication providers to notify users of the services for eminent threats  Obliges the destruction of traffic data if no excluded specific business is applicable  Forbids spam distribution  Leaves the door open for data retention

18 – 2002 Symantec Corporation, All Rights Reserved Data retention  Routinely retaining traffic data by eCommunication service providers for law enforcement purposes –What data? –How much? –How long?  Not preservation  Not interception

19 – 2002 Symantec Corporation, All Rights Reserved The data……  Personal Data –My name –My ID number –Anything that identifies me  Sensitive Data –Race –Religious beliefs –Etc  Traffic data –IP addresses –URLs  Data –Any data covered by the Data Retention Directive

20 – 2002 Symantec Corporation, All Rights Reserved Some challenges with current privacy rules Looking at 2002/58/EC  What is personal data in eCommunications environment?  IP addresses are personal data? –How do we log them –Do we ask permission  Staying ahead of the threats –Spam is covered by the Directive but what about?  Spyware  Addware  Phishing  How we collect the data and how do we use them? –No obligation to notify in case of breach  What is the role of the service provide? –To provide an appropriate level of security

21 – 2002 Symantec Corporation, All Rights Reserved So does Internet kill regulation?  Internet is probably one of the most regulated environments in the world –Everybody’s laws seem to apply  The issue is better/smarter regulation as opposed to no regulation  Do not become a hostage of fortune  Do not over-protect  Technology and self-regulation  Finding the right balance…..

22 – 2002 Symantec Corporation, All Rights Reserved Security vs Privacy vs Regulation  Technology does not mean less privacy –Privacy enhancing technologies everywhere around us  Security is not against privacy –Security is a privacy pre-condition  Regulation is not against technology –Needs to be regularly updated/reviewed –Needs to be technology neutral –Needs to set framework conditions –Should not be over-extended –Should be prepared in consultation –Current review of 2002/58/EC

2002 Symantec Corporation, All Rights Reserved Thank You!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.