Presentation is loading. Please wait.

Presentation is loading. Please wait.

Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing.

Published byTheresa Carmel Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing."— Presentation transcript:

1 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing Employee's Personal Use of the Internet at Work

2 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 2 Balancing Security and Individual Privacy: An ongoing public global debate  US: National Security Agency (NSA) operated PRISM (surveillance program)  EU: Data Protection Directive - employee privacy and electronic surveillance in the workplace  Asia-Pacific: China, Singapore’s PDPA, Japan, Hong Kong and the Philippines

3 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 3 In the US, Security trumps Privacy for now: Snowden/PRISM triggers a national debate  Security and privacy viewed as competing  To achieve security and address liability, Employer policies often assert no-employee-right-to-privacy › Security: Malware and other Cyber Threats › Liability: Employer responsibility for employee actions Global Companies must address EU obligations

4 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 4 The European Union’s right to privacy, directly impacts employer monitoring  “Everyone has the right to respect for his private and family life, his home and correspondence.” 1  “Court has made it clear that the protection of private life enshrined in Article 8 does not exclude the professional life as a worker…” 2 Requirements freeze DLP implementations 1.European Convention for the Protection of Human Rights… Article 8.1 2.Article 29 Working Party working document on surveillance of electronic communications in the workplace

5 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 5 Asia-Pacific region reflects multiple views on security and privacy debate  Elevating consideration of privacy with new laws and guidenlines 1  Security remains driving consideration 2 1.Singapore's recent PDPA requires notice; Hong Kong Privacy Commissioner sets non-binding guidelines on employer monitoring 2.Chinese govt./employers have authority to monitor; Japan law requires notice, but limited expectation of employee privacy at work; and Philippines, like the US, enables surveillance and focuses on security/anti-terrorism (Human Security Act of 2007) Baker & McKenzie, 51st issue of The Global Employer entitled “The Social Media Issue”, September 2012 Philippines Human Security Act of 2007 (http://www.congress.gov.ph/download/ra_13/RA09372.pdf )http://www.congress.gov.ph/download/ra_13/RA09372.pdf

6 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 6 Prevailing approach to employee personal web use: Prevent, Detect, & Respond Prevent employees from personal web browsing  Establish acceptable use-policies (AUP)  Implement secure web-filtering to limit access Detect employee personal activity  Extend employee monitoring solutions Respond to enforce policies  Enforce discipline and termination policies

7 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 7 Despite attempts to limit personal Internet use at work employees continue to browse Acceptable Use Policy Employee Monitoring Website Blocking Enforcement Actions Corporate Response

8 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 8 Human Resources Employee lost productivity Sensitive information handling IT / Security Cyber threat management Information protection programs Legal / Compliance / Privacy Limit global privacy obligations Mitigate liability for employee actions Organization’s security focus has developed to address a range of issues Employee

9 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 9 The Early Days 20 th Century Present Day Web Security Tools MatureBig Brother Employee Internet Management (EIM) Web/Content Filtering Secure Web Gateways (SWG) Managed Security Services (MSS) Employee Internet Management has matured over the past 15 years * Selecting and Deploying Secure Web Gateway, Gartner December 10, 2012 Per Gartner*, the market addresses Web-use liability, malware and data loss to cyber attacks through: Acceptable-use protection (AUP), i.e. URL filtering Anti-malware Data loss prevention (DLP) on the Web channel

10 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 10 Current strategies for controlling the risks of employee web-use are not sufficient  Personal activity remains a cyber threat vector  Personal web-use continues to expand  Privacy obligations limit security deployments  Web-use restrictions impact employee morale

11 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 11 Organizational Security  Organizational monitoring (DLP, Spyware)  Individual activity control (Anti-Malware, AUP) Striking a new balance between security and employee privacy Individual Privacy  Global right-to-privacy laws (EU Data Protection Directive)  Increased reliance on the Internet for personal use Reductions in Individual Access & Privacy Growing Outcry for Internet Freedom & Privacy

12 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 12 Social Media Personal email Shopping/Research Information gathering Personal Web-Use Customer research Corporate email Professional Web-Use Separate personal & professional web-use  Not security vs. privacy  Not employee vs. employer Strengthen security and reduce risk by providing employee privacy

13 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 13 Human Resources - Compliance - - Legal - Privacy - - IT - Security - Reduce employee liability risk Limit malware infection Reduce vulnerability to Phishing Extend monitoring capabilities Internet as recruiting & retention tool Enhance Privacy Compliance Benefits of secure separation of personal and professional activity

14 SecureAsia@Manila Conference – 7-8 August, 2013 Presented by David Melnick | pg 14 Questions and Answers David Melnick CISSP, CIPP, CISA Board Member, (ISC)2 dave@melnick.com Los Angeles, CA USA A managed web portal protecting employee privacy & organizational asset info@weblifebalance.com

Download ppt "Conference – 7-8 August, 2013 Presented by David Melnick | pg 1 Employee Privacy and Organizational Security: August 8th, 2013 Addressing."

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.

Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin CHAPTER FOUR ETHICS AND INFORMATION SECURITY: MIS BUSINESS CONCERNS.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Security Controls – What Works

Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.

Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.

Copyright 2011 Trend Micro Inc. Trend Micro Web Security- Overview.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
1. 2 Technology in Action Technology in Focus: Information Technology Ethics Information Technology Ethics Copyright © 2012 Pearson Education, Inc. Publishing.

1. 2 Technology in Action Technology in Focus: Information Technology Ethics Information Technology Ethics Copyright © 2012 Pearson Education, Inc. Publishing.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
1 ZIXCORP The Criticality of Email Security Dena Bauckman Director Product Management April 2015.

1 ZIXCORP The Criticality of Security Dena Bauckman Director Product Management April 2015.
FSCPC1 Privacy in the workplace Chris Connolly Director Financial Services Consumer Policy Centre.

FSCPC1 Privacy in the workplace Chris Connolly Director Financial Services Consumer Policy Centre.
Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Security Information Management Firewall Management, Intrusion Detection, and Intrusion Prevention Intrusion Detection Busters Katherine Jackowski Elizabeth.

Similar presentations

Ads by Google