Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

Published byGerald Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution."— Presentation transcript:

1 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.

2 2 Current models of the relationship between privacy and security are misleading or are altogether inaccurate. “You can have security without privacy, but you can’t have privacy without security.” Fair Information Principles: Notice Access Choice Redress Security

3 3 A better view of the relationship between privacy and security acknowledges that there are a large number of topics that are both privacy and security issues. Individual Notice Access Redress Choice PRIVACY Safeguarding a individual’s personally identifiable information SECURITY Intellectual Property National Security Physical Assets and Resources Trade Secrets Ways of Doing Business Institution

4 4 Risk Management is fundamental to information privacy and security. The six steps in the Risk Management Framework FIGURE 2-2: RISK MANAGEMENT FRAMEWORK Step 1 CATEGORIZE Information System Step 2 SELECT Security Controls Step 3 IMPLEMENT Security Controls Step 6 MONITOR Security Controls Step 5 AUTHORIZE Information System Step 4 ASSESS Security Controls RISK MANAGEMENT FRAMEWORK PROCESS OVERVIEW Starting point ARCHITECTURE DESCRIPTION Architecture Reference Models Segment and Solution Architectures Mission and Business Processes Information System Boundaries ORGANIZATIONAL INPUTS Laws, Directives, Policy Guidance Strategic Goals and Objectives Priorities and Resource Availability Supply Chain Considerations Adapted from NIST Special Publication 800-37, Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems.

5 5 Some, but not all, components of a robust security program:  Risk Analysis  Policies and Procedures  Training and Awareness  Information Access Management  Identity Management  Privacy Controls  Incident Procedures  Contingency Planning  Physical Controls  Transmission Security  Integrity Controls  Disposal Controls  Evaluation

6 6 Dan Steinberg Lead Associate JD, CIPP/G, PMP Booz | Allen | Hamilton Tel (301) 838-3856 steinberg_daniel@bah.com

Download ppt "1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution."

Similar presentations

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

Security, Privacy, and the Protection of Personally Identifiable Information Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
Security Controls – What Works

Security Controls – What Works
Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.

Author(s): Don M. Blumenthal, 2010 License: Unless otherwise noted, this material is made available under the terms of the Attribution – Non-commercial.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer

Information Systems Security Officer
Risk Management Framework

Risk Management Framework
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
Federal IT Security Professional - Manager FITSP-M Module 1.

Federal IT Security Professional - Manager FITSP-M Module 1.
Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.

Information Security Governance in Higher Education Policy2004 The EDUCAUSE Policy Conference Gordon Wishon EDUCAUSE/Internet 2 Security Task Force This.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
1 New Emergency Transportation Operations Resources Nancy Houston Booz Allen Hamilton.

1 New Emergency Transportation Operations Resources Nancy Houston Booz Allen Hamilton.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google