Presentation is loading. Please wait.

Presentation is loading. Please wait.

COMP3357 Managing Cyber Risk

Published byStephany Bridges Modified over 6 years ago

Similar presentations

Presentation on theme: "COMP3357 Managing Cyber Risk"— Presentation transcript:

1 COMP3357 Managing Cyber Risk
Richard Henson University of Worcester May 2017

2 Week 12: Internet Law, around the World
Objectives: Look at differences in Data Protection & Computer Misuse Laws in different countries round the world Compare similarities between laws in different countries, and scope for an International agreement on e.g. good Data Protection legislation

3 Summary of UK IT Law Computer Misuse Data Protection
Investigatory Powers

4 EU Law & Directives Directive EU Law produced by EU
turned into law within sovereign state e.g. Data Protection Act (DPA) EU Law passed by EU and policed by EU has to be implemented by each country’s own Information Commissioner e.g. General Data Protection Regulation (GDPR)

5 The EEA (European Economic Area)
NOT the same as the EU European “free” trading area Includes non-EU European countries Iceland Switzerland Norway Some non-European countries

6 US Laws on Privacy of Data
Sarbanes-Oxley (SOX) HIPCA Data Breaches further evolution of SOX covers all customer data customers must be informed of the breach…

7 The new GDPR Catching up with US Data Breaches legislation
Goes much further…

8 International Standards as a driver for International Law
Known in all countries Understood by professionals in all countries Upholding good practice/standards through regulation is a long accepted principle…

9 Can the Digital Single Market go further?
Just EU? Many other countries showing an interest UK?

10 Reasons to look after Data: 1. The Law
All UK organisations that hold data on people must register with the Information Commissioner's Office (ICO) criminal offence not to do so... Personal and sensitive data must be kept in accordance with eight principles of the Data Protection Act (1984, updated 1998) not to do so can result in hefty fines or even imprisonment

11 Reasons to look after Data: 1. The Law - continued
Financial data also covered under the law, through the Financial Services Authority (FSA)… rebadged to becomeFCA in 2013 much more severe penalties than the ICO… e.g. Nationwide fined in 2007 approx £1million e.g. HSBC fined in 2009 £ several MILLION e.g. Zurich Insurance fined 2010 £ >1 million

12 2. Data losses do not look good for the business!
Depending on which data a business loses… it may not be able to trade efficiently, or even at all! Worst case scenario: 10 days maximum to recover, or out of business! If business data is stolen, they may ALSO lose trade secrets, customer image, supplier information, market share…

13 Data Losses & not-for-profit organisations
Personal data often not regarded as so important, other than in legal terms hence the catastrophic sequence of errors that led to 25 million records being lost by HMRC HOWEVER… customers do expect their personal data to be safeguarded increasing concern about privacy in recent years source of great embarrassment if data lost

14 Differences between Public & Private Sectors?
Is there a difference regarding data? if strategic business data is lost, with no back up cannot do new business cannot fulfil existing business the business will fold If public organisation data similarly lost service level drops or becomes zero people get angry, write to media public sector body gets lots of bad publicity system gets patched up and limps on enquiry suggests deficiencies & changes to be made…

15 Economics of Information Security
Academic research area seeks to produce economic models for organisations to attribute value to data Back to basics of Information Security: Confidentiality – relationship between confidentiality & intrinsic value? Integrity – very difficult to quantify Availability – if loss of particular data: causes system failure puts the business temporarily out of business must have intrinsic value

16 Moving forward… Or catching up (!)
EU legislation comes into effect 2018. requires organisations to take a risk-based approach to privacy a

17 Further Research Business-oriented recent white papers:
What SHOULD have happened as the 1998 DPA was implemented…: Information Commissioner’s current website – huge collection of documents:

Download ppt "COMP3357 Managing Cyber Risk"

Similar presentations

Information Security and Common Sense Richard Henson University of Worcester October 2008.

Information Security and Common Sense Richard Henson University of Worcester October 2008.
Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.

Unit 1 Understanding computer systems: How legal, ethical, safety and security issues affect how computers should be used OCR Cambridge Nationals in ICT.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.

Elma Graham. To understand what data protection is To reflect on how data protection affects you To consider how you would safeguard the data of others.
Information Security and Common Sense Richard Henson University of Worcester November 2008.

Information Security and Common Sense Richard Henson University of Worcester November 2008.
Professional Values and Basic Business Legislation.

Professional Values and Basic Business Legislation.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
COMP3371 Cyber Security Richard Henson University of Worcester September 2015.

COMP3371 Cyber Security Richard Henson University of Worcester September 2015.
COMP3371 Cyber Security Richard Henson University of Worcester November 2015.

COMP3371 Cyber Security Richard Henson University of Worcester November 2015.
THE DATA PROTECTION ACT 1998. Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.

THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
COMP3371 Cyber Security Richard Henson University of Worcester November 2015.

COMP3371 Cyber Security Richard Henson University of Worcester November 2015.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

Similar presentations

Ads by Google