Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat

Published byBarry Snow Modified over 6 years ago

Similar presentations

Presentation on theme: "DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat"— Presentation transcript:

1 DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat

2 INC MAGAZINE FASTEST JOB CREATION CHART

3 WHY SECURITY? JP MORGAN CHASE TARGET HOME DEPOT SNAPCHAT CSU Healthcare.gov LAST MONTH MEDICAL DATA BREACHES – DATA STOLEN BY INSIDERS Memorial Hermann Hospital AltaMed Health Services Beachwood-Lakewood Plastic Surgery

4 THREAT CLASSIFICATIONS: WHO
EXTERNAL THREAT: STOLEN LAPTPS > THE HACKER ( insurance study) malicious outsider (s)

5 THREAT CLASSIFICATIONS: WHO part2
INTERNAL THREAT: THE THIEF malicious outsider (s) Insider’s trade Selling PII on the “black market” Rare Selling PII, sabotage CxO Production user DBA Developer

6 THREAT CLASSIFICATIONS: WHO part3
INTERNAL / EXTERNAL COMBINATION THREAT: THE NAÏVE The unintentional insider un-suspecting employees victims to fishing ; reckless abusers

7 THE COSTS LIABILITY : Target puts the costs at $148 million in the second quarter REPUTATION : PUTTING ONESELF INTO VICTIM SHOES NOTIFICATION LAWS LESSER –KNOWN COSTS: FINES FTC ( minimum 10,000 fine for non-compliance in GLBA) MONEY GRAMM experienced $100, 000 FINE CA Supreme Court ruled Zip Codes are PII; $1000 per violation for retailers who ask for Zip code at point of sale Auditing and insurance Regaining good will (e.g. target credit monitoring)

8 TRADITIONAL SOLUTIONS: EXTERNAL THREAT
TRADITIONAL SOLUTIONS FOR OUTSIDER THREAT Operations: Firewalls • Network Monitoring Against DDOS • Anti Viruses Development: Encryption on different levels: at Rest (symm, asymm) in transit (ssl,tls) Architectural decisions, or so called Privacy by Design: use of stored procedures and proper use of encapsulation in code Identity Access Management More technical solutions plus LEGAL: PRIVACY LAWS

9 INTERNAL THREAT SOLUTIONS
ENCRIPTION DATA MASKING IDENTITY MANAGEMENT AUDITS Method Media Protects against Role SDM Disk –at rest Developer, outsourcers DDM Application –in real time Business Roles, third parties

10 EMERGING TECHNOLOGIES AND ARCHITECTURES
ANTI VIRUSES Adaptive technologies As the malware adapts so do the antivirus makers Virtualizing: traffic or a page itself AirGap. Virtualization of the page. It acts as a barrier against malware designed to get employees to click on an affected link

11 EMERGING TECHNOLOGIES AND ARCHITECTURES
SEPARATION OF CONCERNS: Mask Me – separating the data from the entity PEER-To-PEER GOOGLE’s Two Steps Verification two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. Messenger and Notary server Data masking : de-coupled algorithms, centralized audit reporting

12 Appendix: FRAMEWORK FOR DATABASE SECURITY
Establish legal base Implement Identity and Access Management Data discovery: discover the databases and other storage identify sensitive data identify encryption method ( at-rest, in-transit, in-use) identify roles-based masking requirements Find out vulnerabilities Fix privileges Establish protection methods Audit access, data, and transactions characteristics in real time Establish notification and response systems Do the drills REACT!!! Report the breaches

13 APPENDIX FRAUD CLASSIFICATION Wire and access device fraud:
unauthorized access to the bank accounts of customers Identity theft: steal identities, facilitate the cash-out operations, including transferring money making purchases, file fraudulent tax returns with the IRS seeking refunds. Other threats: DDoS, Trojans TECHNICAL KNOW-HOW: stealing logins/passwords, reading of the networks traffic, Trojans, SQL injection, firewall penetration

Download ppt "DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat"

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Considerations in an Outsourced / Cloud World ARMA Information Management Symposium Bill Wilson, Chief Privacy Technologist.

Considerations in an Outsourced / Cloud World ARMA Information Management Symposium Bill Wilson, Chief Privacy Technologist.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.

© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.

McGraw-Hill © 2008 The McGraw-Hill Companies, Inc. All rights reserved. Chapter 8 Threats and Safeguards Chapter 8 PROTECTING PEOPLE AND INFORMATION Threats.
Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.

Copyright © 2002 Pearson Education, Inc. Slide 5-1 PERTEMUAN 8.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Similar presentations

Ads by Google