Presentation is loading. Please wait.

Presentation is loading. Please wait.

Session 5 – Data safety / security

Published byShawn Golden Modified over 6 years ago

Similar presentations

Presentation on theme: "Session 5 – Data safety / security"— Presentation transcript:

1 Session 5 – Data safety / security

2 Agenda Data safety / security EC + TUV 15:30 – 16:30
Presentation of data safety and security mechanisms (e.g. Memorandum of Understanding) Contractor TÜV Rheinland Ms. Lehmann and Mr. Hafner Questions and Answers on the Memorandum of Understanding EC, DG CNECT, Unit R4 „Compliance“ Mr. Schauer, Deputy Head of Unit, and Mr. Chirila Survey and discussion All

3 Presentation of data safety and security instruments and mechanisms
Outlined in Memorandum of Understanding Data safety Security of European Commission architecture And server within this architecture Security of Mapping application Data security

4 MoU: Transparency about data suppliers’ specific collection approach
Data collection / processing Submission: Agreement on data storage and aggregation for the purpose of the development of the platform No delivery of personal data containing IP addresses etc. Aggregation, integration into platform: Project methodology and standards for data aggregation are approved by project initiator EC (Steering Committee) Project owner recognizes validation procedure applied by data supplier in each initiative Transparency: Disclaimer / pop-up on website displays meta data to provide full picture on each initiative’s approach to avoid misinterpretation

5 MoU: Data privacy and confidentiality
Personal data: Confidentiality: Privacy / confidentiality of information and its use only for statistical purposes ensured No collection of raw data sets containing IP addresses Personal data processed pursuant to Regulation (EC) 45/2001 of the European Parliament and of the Council Data suppliers have right to access and rectify personal data Confidentiality is ensured by both project owner and data suppliers especially with regard to data related to ISPs – no disclosure to not authorized third parties Binding confidentiality during lifetime of project and five years after

6 MoU: Degree of publication is decided by data supplier
Data visualisation / publication (i) All data categories (QoS 1, QoS 2, QoS 3) Names of Internet Service Providers Public Restricted NUTS 3 1km INSPIRE grid 500m INSPIRE grid 250m INSPIRE grid 50m INSPIRE grid Address level Other level [to be explicitly named] Selection of options for data publication:

7 MoU: Degree of publication is decided by data supplier
Data visualisation / publication (ii) Displayed spatial resolution: Data is visualised on public portal on NUTS 3 level (current EUROSTAT version 2013). In expert portal, higher level of resolution is possible (but only on address or grid level), if agreed between project owner and data supplier Open access: Publication in line with European Commission‘s open data policy of public sector information National open access regulation is respected Many data sets already accessible – platform as „directory“ to each open data set

8 MoU: Data suppliers have control of delivered data
Right of access and rectification Limited access: Project owner has access to data collected Data suppliers have access to their own data sets and partial access to other data suppliers’ data sets according to explicit approval in each respective MoU Access differentiates between public version and expert version of the mapping application Other institutions of the EU and of the EEA will have partial access to aggregated, anonymous data sets Rectification: Right to review / rectify all data, if outdated or incorrect Explanatory note outlining reasons for update of data needs to be provided to contractor by data supplier

9 MoU: Withdraw consent to use their information at any time
Right of withdrawal Withdrawal: Data suppliers are entitled to withdraw consent to use their information Deletion: Explanatory note outlining reasons needs to be provided to contractor by data supplier Deletion only in justified cases for aggregated data that is published on the mapping application

10 Measures related to server architecture and application configuration assure data security
Standards: European and other international standards, guidelines and good practices are respected Measures: Limited group of administrators / web designers authorised to access database and mapping platform Configuration, installation of programs, tools and services to prevent unauthorised access Storage: Data sets coded and stored in a system independent from application server Public version: all users Expert version: authorised persons (scope to be agreed) Access:

11 Main platform security measures
European Commission IT infrastructure Reverse Proxy Hardware Firewall SSL/TLS for encryption Application container / Server Only encrypted Server communication allowed (SSL/TLS, SSH) Operating System Measurements (eg. SELinux, IDS, IPS, … ) Role based Access Control System Monitoring

12 Summary of application security measurements
Communication between application and server continuously encrypted (SSL/TLS) Data validation through Input validation, filtering Session management Best security practice software configuration Role based management Avoidance of privilege escalation Password policies Application monitoring

Download ppt "Session 5 – Data safety / security"

Similar presentations

Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.

Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.
Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.

Lecture Outline 10 INFORMATION SYSTEMS SECURITY. Two types of auditors External auditor: The primary mission of the external auditors is to provide an.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Farm Business and Farm Household Survey Data Customized Data Summaries from ARMS for Statistical Analysis Philip Friend USDA ‘s Economic Research Service.

Farm Business and Farm Household Survey Data Customized Data Summaries from ARMS for Statistical Analysis Philip Friend USDA ‘s Economic Research Service.
EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.

EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, 29.10.2001 Peter Gietz

1 Privacy issues on pan-European White Pages service 4rd TF-LSD Meeting Amsterdam, Peter Gietz
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter.
European Statistical Law – in preparation Kirsten Wismer & Lars Thygesen.

European Statistical Law – in preparation Kirsten Wismer & Lars Thygesen.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Top 10 Privacy Risks in Web Applications Method, results and some countermeasures 29 May 2015 Florian Stahl (Project Leader) Sponsored by.

Top 10 Privacy Risks in Web Applications Method, results and some countermeasures 29 May 2015 Florian Stahl (Project Leader) Sponsored by.
Database Administration COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.

Database Administration COMSATS INSTITUTE OF INFORMATION TECHNOLOGY, VEHARI.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Monitoring public satisfaction through user satisfaction surveys Committee for the Coordination of Statistical Activities Helsinki 6-7 May 2010 Steve.

Monitoring public satisfaction through user satisfaction surveys Committee for the Coordination of Statistical Activities Helsinki 6-7 May 2010 Steve.
Eurostat ESTP course on International Trade in Goods Statistics 22-26 April 2013 Point 2 of the agenda Legal framework for EU trade statistics.

Eurostat ESTP course on International Trade in Goods Statistics April 2013 Point 2 of the agenda Legal framework for EU trade statistics.
State of e-Authentication in Higher Education August 20, 2004.

State of e-Authentication in Higher Education August 20, 2004.
E-Authentication in Higher Education April 23, 2007.

E-Authentication in Higher Education April 23, 2007.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Similar presentations

Ads by Google