Presentation is loading. Please wait.

Presentation is loading. Please wait.

Marco Casassa Mont Siani Pearson Robert Thyne Hewlett-Packard Labs

Published byRichard Melsbach Modified over 5 years ago

Similar presentations

Presentation on theme: "Marco Casassa Mont Siani Pearson Robert Thyne Hewlett-Packard Labs"— Presentation transcript:

1 Marco Casassa Mont Siani Pearson Robert Thyne Hewlett-Packard Labs
A Systematic Approach to Privacy Enforcement and Policy Compliance Checking in Enterprises Marco Casassa Mont Siani Pearson Robert Thyne Hewlett-Packard Labs

2 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

3 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

4 Enterprise Privacy Management
Privacy Legislation (EU Laws, HIPAA, COPPA,SOX, GLB, Safe Harbour, …) Customers’ Expectations Internal Guidelines Impact on Enterprises and Opportunities Personal Data Applications & Services PEOPLE ENTERPRISE Regulatory Compliance Customers’ Satisfaction Positive Impact on Reputation, Brand, Customer Retention Regulations, Standards, Best Practices Enterprise IT Infrastructure IT Alignment Policy Enforcement Development Transparency Monitoring Reporting Effective Enterprise Privacy depends on Good Governance Practices 28 May, 2019

5 Current Approach GAP POLICY People & Processes Slow Expensive
Example: Personal data should be used only for the purposes for which it was collected. GAP People & Processes Slow Expensive Error-prone Best-effort compliance APPLICATION SOFTWARE SYSTEM SOFTWARE & MIDDLEWARE PROCESSORS, NETWORKS & DATA STORES 28 May, 2019

6 Our Vision: Model-based, Policy-driven IT
Seamless, rigorous alignment Transparent, verifiable compliance Models & Automation Deployment Enforcement/Execution Data management Monitoring/Audit APPLICATION SOFTWARE SYSTEM SOFTWARE & MIDDLEWARE PROCESSORS, NETWORKS & DATA STORES 28 May, 2019

7 Privacy For Personal Data: Core Principles
Limited Retention Limited Disclosure Limited Use Limited Collection Consent Purpose Specification Privacy Rights Permissions Obligations Privacy Policies 28 May, 2019

8 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

9 Addressed Problems How to Automate Privacy Management within Enterprises: How to Automate Privacy-Aware Access Control How to Automate Privacy Obligation Mgmt/Enforcement How to Automate Compliance Checking How to Do this in a Systematic Way How to Leverage Current Identity Management Solutions 28 May, 2019

10 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

11 Making Privacy Management Easy
Our Viewpoint: - Use a model-based, policy-driven approach to allow access to personal data to be controlled and personal data lifecycle management system actions to be performed in an automated and verifiable manner Our Solution: - Use privacy policy enforcement technologies to deliver compliance to privacy principles and goals - Use system monitoring technologies to continuously assess their actual performance and ability to deliver Policy enforcement technologies …. …. System monitoring technologies 28 May, 2019

12 Privacy Automation for Identity Management: Systematic Approach
Access Request To Apps Applications/ Services Web Portal Privacy-aware Queries Users Third Parties Self- Registration: Personal Data & Privacy Preferences Data Settings Employees Privacy Obligations Consent & Other Prefs. Privacy Admins Policies User Provisioning & Account Management Policy Compliance Checking System Privacy-aware Information Lifecycle Management Obligation Management System Privacy-aware Access Control Access Control System Identity Management Middleware Events Enterprise Systems Data Repositories ENTERPRISE 28 May, 2019

13 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

14 Privacy-aware Access Control in Enterprises
How to Enforce Privacy Policies within Enterprises when Accessing and Manipulating Personal Data? How to Enforce User Preferences, e.g. Consent? How to Integrate with Identity Management Solutions? HP Labs R&D Work Privacy-Aware Access Control System for Personal Data Prototype Integrated with HP Select Access To Be Productised in 2007 Regulations, Standards, Best Practices IT Alignment Policy Enforcement Policy Development Enterprise IT Infrastructure Privacy Policy Enforcement 28 May, 2019

15 Moving Towards a “Privacy-Aware” Access Control …
Privacy Enforcement on Data: Access Control + “Intent, Purpose, Consent, …” Access Control Privacy Extension Personal Data Purpose Requestor’s Intent Constraints Requestor Actions Rights Owner’s Consent Privacy-Aware Access Control Other… Personal Data Requestor Actions Rights Access Control Traditional Access Control It is not just a matter of traditional access control: need to include data purpose, intent and user’s consent Moving Towards a “Privacy-Aware” Access Control … 28 May, 2019

16 Enterprise Privacy Policies &
Example: Privacy-aware Access Control Consent, Purpose and Intent Mgmt Table T1 with PII Data and Customers’ Consent Enterprise Privacy Policies & Customers’ Consent T1 HIV Drug Addicted Rob 2 Hepatitis Contagious Illness Julie 3 Cirrhosis Alcoholic Alice 1 Diagnosis Condition Name uid If role==“empl.” and intent == “Marketing” Then Allow Access (T1.Condition,T1.Diagnosis) & Enforce (Consent) Else If intent == “Research” Then Allow Access (T1.Diagnosis) Else Deny Access T2 2 3 1 Research Marketing Consent x Access Table T1 (SELECT * FROM T1) Intent = “Marketing” Privacy Policy Enforcement Enforcement: Filter data SELECT “-”,Condition, Diagnosis FROM T1, T2 WHERE T1.uid=T2.Consent AND T2.Marketing=“YES” Hepatitis Contagious Illness - 3 2 Cirrhosis Alcoholism 1 Diagnosis Condition Name uid Filtered data 28 May, 2019

17 Definition and Enforcement
Implicit Approach to Enforce Privacy Policies: No Flexibility Implicit Privacy Policy Definition and Enforcement Embed privacy policies within applications, queries, services/ad-hoc solutions Simple Approach It does not scale in terms of policy management It is not flexible and adaptive to changes Applications & Services Business logic Privacy policies Personal Data 28 May, 2019

18 Definition and Enforcement
Explicit Approach to Enforce Privacy Policies: Vertical and Invasive Explicit Privacy Policy Definition and Enforcement Current Approaches Fully deployed Privacy Management Frameworks Explicit Management of Privacy Policies Might require major changes to IT and data infrastructure Usage of Vertical Solutions/Focus on RDBMS IBM/Tivoli Privacy Manager Privacy-aware Hippocratic Databases 28 May, 2019

19 Definition and Enforcement
HP Approach: Adaptive, Integrated and Flexible Enforcement of Privacy Policies Privacy Policy Definition and Enforcement Implicit Explicit HP Approach Single solution for explicit management of Privacy Policies on Heterogeneous Data Repositories Privacy Enforcement by Leveraging and Extending Security/ Access Control Framework and easy to use management UI Does not require major changes to Applications/Services or Data Repositories 28 May, 2019

20 Key Requirements Modeling of Personal data
Explicit Definition, Authoring and Management of Privacy Policies Extensible Privacy Policies Explicit Deployment and Enforcement of Privacy Policies Integration with traditional Access Control Systems Simplicity of Usage Support for Audit 28 May, 2019

21 Our Model of Privacy-Aware Access Control
Requestor’s Intent + Request to Access Data 1 Privacy Policy Decision Point Requestors, Applications, Services, Access Request 2 Access Control + Privacy Policies (intent, purpose, consent, constraints…) Privacy-aware Decision 3 Accessed Data (it could be a subset of the Requested Data) 5 Data Enforcer Privacy Policy Enforcement Point Privacy-aware Access to Data 4 Privacy Policy & Data Authoring Tools Personal Data + Data Subjects’ Consent 28 May, 2019 Data Repositories

22 HP OpenView Select Access
Access Control System: Definition, Enforcement and Auditing of Access Control Policies 28 May, 2019

23 AccessControl Policies
Privacy Enforcement in HP Select Access HPL Plug-ins Privacy Policy Deployment & Decisions Validator (Policy Decision) Policy Builder AccessControl Policies Audit Repository Enforcer Plug - in Access Request Grant/Deny Web Services Personal Data + Owners’ Consent Applications, Services, Privacy-aware Access to Data HPL Data Enforcer Requestor’s Intent + Request to Access Data Privacy- aware Decision Data Access Privacy- aware Access Request Privacy Policy Enforcement On Personal Data HPL Plug-ins + Privacy Policies (intent, purpose, consent, constraints…) Data Modelling & Privacy Policy Authoring 28 May, 2019

24 Modelling Data Resources
Data Resources Added to Policy Builder 28 May, 2019

25 Privacy Policy Authoring [1/2]
28 May, 2019

26 Privacy Policy Authoring [2/2]
Checking Intent against Purpose Define Data Filtering Criteria 28 May, 2019 Define How to Handle Consent

27 Data Enforcer: Privacy-aware Policy Enforcement Point
located nearby the Data Repository (performance …) knows how to access/handle Data and “Queries” know how to enforce Privacy Constraints can support “Query rewriting” (i.e. filtering, etc.) “Data Enforcer” is designed to have: A General Purpose Engine (to interact with SA Validator) Ad-hoc plug-ins for different Data Sources to interpret and enforce privacy decisions (e.g. RDBMS, LDAP servers, virtual directories, meta-directories, …) Data allowed to access Access Request + Intent Enforcer API SA Data Enforcer (Data Proxy) Logic Validator Plug-in Constraint Enforcement Engine Constraint Enforcement Engine Constraint Enforcement Engine LDAP Server Meta Directory RDBMS 28 May, 2019

28 Data Enforcer: JDBC Proxy Details
28 May, 2019

29 Data Enforcer: SQL Query Transformation
Original SQL Query: SELECT * FROM PatientRecords; SQL Query Transformed by Data Enforcer (Pre-Processing): SELECT PatientRecords.NAME,PatientRecords.DoB,PatientRecords.GENDER,'-‘ AS SSN,PatientRecords.ADDRESS,PatientRecords.LOCATION,PatientRecords. , PatientRecords.COMM,PatientRecords.LIFESTYLE,'-' AS GP,'-' AS HEALTH,'-' AS CONSULTATIONS,'-' AS HOSPITALISATIONS,'-' AS FAMILY,'-' AS Username FROM PatientRecords,PrivacyPreferences WHERE PatientRecords.Name=PrivacyPreferences.Name AND PrivacyPreferences.Marketing='Yes'; 28 May, 2019

30 Performance Based on Type of Queries
Data Enforcer: Performance Based on Type of Queries 28 May, 2019

31 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

32 Privacy Obligation Management
Privacy Obligations dictate Duties and Expectations to Enterprises on How to Handle Personal Data. It is about Privacy-aware Information Lifecycle Mgmt: Which Privacy Obligations to Manage? How to Represent them? How to Schedule, Enforce and Monitor Privacy Obligations? How to Integrate with Identity Management Solutions? HP Labs R&D Work Privacy Obligation Management System Prototype Integrated with HP Select Identity Explore its Productisation Research in EU PRIME Project Regulations, Standards, Best Practices IT Alignment Policy Enforcement Policy Development Enterprise IT Infrastructure Enforcement Obligation Privacy Monitoring Reporting Transparency 28 May, 2019

33 the security and confidentiality of customer information”
Privacy Obligation Refinement: Abstract vs. Refined Obligations can be very abstract: “Every financial institution has an affirmative and continuing obligation to respect customer privacy and protect the security and confidentiality of customer information” Gramm-Leach-Bliley Act More refined Privacy Obligations dictate Duties, Expectations and Responsibilities on How to Handle Personal Data: Notice Requirements Enforcement of opt-in/opt-out options Limits on reuse of Information and Information Sharing Data Retention limitations … 28 May, 2019

34 Technical Work in this Space
- P3P (W3C): - Definition of User’s Privacy Expectations - Explicit Declaration of Enterprise Promises - No Definition of Mechanisms for their Enforcement Data Retention Solutions, Document Management Systems, Ad-hoc Solutions for Vertical Markets - Limited in terms of expressiveness and functionalities. - Focusing more on documents/files not personal data - IBM Enterprise Privacy Architecture, EPAL, XACML … - No Refined Model of Privacy Obligations - Privacy Obligations Subordinated to AC. Incorrect … 28 May, 2019

35 Our Approach in PRIME Privacy Obligations are “First-Class entities”:
No Subordination to Access Control/Authorization View  Explicit Representation, Management and Enforcement of Privacy Obligations Allow Data Subjects to Express their Privacy Preferences that are Mapped into Enterprises’ Obligations Provide a Solution to Enterprises to Automate the Management 28 May, 2019

36 Obligation Management System (OMS): Model
Framework Obligations Scheduling Enforcement Monitoring Privacy Obligations Privacy Preferences Data Subjects Administrators Personal Data (PII) ENTERPRISE 28 May, 2019

37 Setting Privacy Obligations
OMS: High Level System Architecture Enforcing Privacy Obligations Applications and Services Data Subjects Privacy-enabled Portal Admins Monitoring Privacy Obligations Setting Privacy Obligations On Personal Data Obligation Monitoring Service Events Handler Monitoring Task Handler Admins Obligation Server Workflows Obligation Scheduler Obligation Enforcer Information Tracker Action Adaptors ENTERPRISE Audit Server Data Ref. Obligation Obligation Store & Versioning Confidential Data 28 May, 2019

38 HP OpenView Select Identity: User Provisioning and Account Management
Administrators JCA Connectors Data Repositories Personal Data HP Select Identity Admin GUI Accounts on Systems Users Legacy Applications and Services Web Service Feedback/Updates Agents Services, Roles, Entitlements Descr. Provisioning Workflows Centralised Management of Identities in an Organisation Support for Self Registration and User Provisioning Account Management and Provisioning across Platforms, Applications and Corporate Boundaries 28 May, 2019

39 OMS Integration with HP Select Identity
Explicit Management, Enforcement and Monitoring of Privacy Preferences and Constraints associated to Personal Data and Digital Identities: Turning privacy preferences into Privacy Obligations Personal Data + Privacy Preferences Self Registration And User Account Management HP Select Identity Obligation Management System Connectors Audit Logs Data Subject Privacy Obligation Enforcement & Monitoring Web Service API User Provisioning Enterprise Data Repositories 28 May, 2019

40 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

41 IT System Policy Compliance Checker (SPCC)
How to Verify that the Data Processing System (Platforms, Comms, Services, Applications) is Strong Enough to Automatically Execute the Privacy Policies Reliably? SPCC Regulations, Standards, Best Practices IT Alignment Policy Enforcement Policy Development Transparency Monitoring Reporting Enterprise IT Infrastructure HP Labs R&D Work System Policy Compliance Checker Initial Prototype Available Research in EU PRIME Project On LHS, checking compliance to processes: Refining, (cascading) and transforming policies from high level statements to something that can be executed automatically a a lower level. In this presentation, focus on RHS 28 May, 2019

42 SPCC: Automation of Compliance
Vision: Audit Process Purpose spec The diagram shows relationships Neither SAPE nor OMS provide benefits for security safeguards nor collection limitation In addition, we can do additional cross-checking Purpose specification: SAPE (strong justification) defines a clear interface and enforcement of purpose specification Consent: (aspects) Both provide participation from the user (in the different areas of access and obligations) Use limitation: SAPE (strong justification) allows the user to specify constraints on the usage of data by different roles; OMS (weaker justification) can impose data retention restrictions on the organisation Openness: (contribution) both provide provisional point for policy collection + support review and modification of these policies Accountability: SAPE allows audit of the restrictions imposed by the data enforcer + supports logging of changes to policies Data quality: OMS (some support) notification to user of data updates + active monitoring of obligation policies HP Select Access Privacy Manager Using SPCC to: Assess Privacy Enforcement Technologies wrt Providing Compliance + Assess Audit Logs Cross Check Audit Logs Against Expected Enforcement Consent Use limitation Obligation Management Service Openness …. Accountability Privacy Principles Privacy Enhancing Technologies 28 May, 2019

43 Model Based Assurance Framework [1/2]
How much is my company compliant? Expert CIO/IT Auditor Business Process and IT Controls interdependencies Are Captured in a Model Describe the flow. The model is generic – as a specific case we did this for privacy. The problem with audit and reporting or management systems is that they have a tendency of having too much information that quickly becomes meaningless to any but the most diligent expert. Certainly not something a high-level exec would have time to search through. Hence we take an approach of model based reporting using a model of how we believe the data centre should be run to help interpret data about events happening to the system and its environment. The model allows the concerns of the customer to be captured. For example, in a film rendering example this may include concerns about the confidentiality of the film data. This is dependent on a number of factors including the system configuration but probably more importantly that the data centre is being run correctly. Including aspects of physical security, staffing by ‘fit and proper’ people, patch and incident management procedures etc, -- It is often these environmental aspects that are at the heart of security and therefore maintaining a trustable system. The model allows these various aspects to be represented with the reporting system correlating raw events against raw events to derive a high level report reflecting the mix of priorities into a traffic light like report that can be presented to an exec. As well as the transparency engendered by this type of system it is critical to maintain a form of accountability so that the provider must stand by the view given in the report and cannot subsequently change the data. Drive Analysis Drive Instrumentation Systems/ Infrastructure Models Generated Audit Data Analysis Engine Dashboard-style assurance report 28 May, 2019

44 (SAPE = HP Select Access Privacy Extensions; OMS = Obligation Management System)
28 May, 2019

45 Model Based Assurance Framework [2/2]
Policy Store Key Goal Definition Interface UI Extensions Analysis Engine Model Analysis Report Generator Information IT Resource Model E Platform OS Services IT Resources A . . . Agent Deployment Framework Agents Model Information Entities Representing Resources Deployed to Resource Model Based Assurance Framework Expert Predefined Policies Predefined sub trees for top level goals and resources. 28 May, 2019

46 Example Privacy Model: HP Select Access Privacy Manager/Enforcer
Here is a subpart of the model as it has been implemented. It is possible to cascade and refine top-level properties down to specific requirements that technologies can analyse, enforce and report on. Now the demo will show you how to do it. OECD principles Information Analysis Technological Input 28 May, 2019

47 Presentation Outline Privacy: Core Concepts and Our Vision
Addressed Problems Our Approach to Privacy Enforcement and Compliance Our R&D Work: - Privacy-Aware Access Control - Obligation Management and Enforcement - Policy Compliance Checking Conclusions

48 Conclusions Privacy Management is Important for Enterprises. Need to Satisfy Regulatory Compliance Requirements and Users’ Expectations and Needs. Important Aspects for Enterprises: - Automation - Systemic Approach that leverages IdM Solutions Our R&D Focus on: - Privacy-aware Access Control - Privacy Obligation Management - System Policy Compliance Checking Work still in progress … HP keen in Collaborations for Technology Trials and getting further Requirements 28 May, 2019

49

Download ppt "Marco Casassa Mont Siani Pearson Robert Thyne Hewlett-Packard Labs"

Similar presentations

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Policy Enforcement in Enterprises.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Policy Management: An Overview Marco.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Policy Management: An Overview Marco.
02/12/00 E-Business Architecture

02/12/00 E-Business Architecture
Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.

Business Intelligence Dr. Mahdi Esmaeili 1. Technical Infrastructure Evaluation Hardware Network Middleware Database Management Systems Tools and Standards.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Process-oriented System Automation Executable Process Modeling & Process Automation.

Process-oriented System Automation Executable Process Modeling & Process Automation.
MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:

MDC Open Information Model West Virginia University CS486 Presentation Feb 18, 2000 Lijian Liu (OIM:
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.

© Copyright 2011 Hewlett-Packard Development Company, L.P. 1 Sundara Nagarajan (“SN”) CLOUD SYSTEMS AUTOMATION.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Roles and Responsibilities

Roles and Responsibilities
Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.

Case Study: DirXML Implementation at Waste Management Rick Wagner Systems Engineer Novell, Inc.
Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.

Policy Review (Top-Down Methodology) Lesson 7. Policies From the Peltier Text, p. 81 “The cornerstones of effective information security programs are.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Similar presentations

Ads by Google