Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

Similar presentations


Presentation on theme: "1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution."— Presentation transcript:

1 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

2 2 Current models of the relationship between privacy and security are misleading or are altogether inaccurate. “You can have security without privacy, but you can’t have privacy without security.” Fair Information Principles: Notice Access Choice Redress Security

3 3 A better view of the relationship between privacy and security acknowledges that there are a large number of topics that are both privacy and security issues. Individual Notice Access Redress Choice PRIVACY Safeguarding a individual’s personally identifiable information SECURITY Intellectual Property National Security Physical Assets and Resources Trade Secrets Ways of Doing Business Institution

4 4 Risk Management is fundamental to information privacy and security. The six steps in the Risk Management Framework FIGURE 2-2: RISK MANAGEMENT FRAMEWORK Step 1 CATEGORIZE Information System Step 2 SELECT Security Controls Step 3 IMPLEMENT Security Controls Step 6 MONITOR Security Controls Step 5 AUTHORIZE Information System Step 4 ASSESS Security Controls RISK MANAGEMENT FRAMEWORK PROCESS OVERVIEW Starting point ARCHITECTURE DESCRIPTION Architecture Reference Models Segment and Solution Architectures Mission and Business Processes Information System Boundaries ORGANIZATIONAL INPUTS Laws, Directives, Policy Guidance Strategic Goals and Objectives Priorities and Resource Availability Supply Chain Considerations Adapted from NIST Special Publication 800-37, Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems.

5 5 Some, but not all, components of a robust security program:  Risk Analysis  Policies and Procedures  Training and Awareness  Information Access Management  Identity Management  Privacy Controls  Incident Procedures  Contingency Planning  Physical Controls  Transmission Security  Integrity Controls  Disposal Controls  Evaluation

6 6 Dan Steinberg Lead Associate JD, CIPP/G, PMP Booz | Allen | Hamilton Tel (301) 838-3856 steinberg_daniel@bah.com


Download ppt "1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution."

Similar presentations


Ads by Google