Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Published byAngelina Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the."— Presentation transcript:

1 WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the New OASIS Privacy Management Reference Model Technical Committee John Sabo, Director Global Government Relations, CA Technologies

2 Fair Information Principles/Practices — Accountability — Notice — Consent — Collection Limitation — Use Limitation — Disclosure — Access & Correction — Security/Safeguards — Data Quality — Enforcement — Openness − Anonymity − Data Flow − Sensitivity 2

3 Global Privacy Principles/Practices - similarities…but no standardization CSA Model Code for Protection of Personal Information – 1996 − Accountability − Identifying Purposes − Consent − Limiting Collection − Limiting Use, Disclosure and Retention − Accuracy − Safeguards − Openness − Individual Access − Challenging Compliance APEC Privacy Framework – 2005 n Preventing Harm n Notice n Collection Limitation n Uses of Personal Information n Choice n Integrity of Personal Information n Security Safeguard n Access and Correction n Accountability Analysis of Privacy Principles: An Operational Study” - 2007 International Security Trust and Privacy Alliance (ISTPA) OECD Guidelines – 1980 l Collection Limitation l Data Quality l Purpose Specification l Use Limitation l Security Safeguards l Openness l Individual Participation l Accountability Used with Permission, International Security Trust and Privacy Alliance (ISTPA) 3

4 Many Identity-Related Security Mechanisms Support Privacy… — Identity Lifecycle Management and Compliance − critical to privacy – authorized people and systems should have policy-based access to the correct information in a well defined identity system — Web access management, federation, SOA security − Trust among multiple entities to facilitate controlled sharing of information – strengthens security in complex infrastructures — Resource Protection − Privileged users are high risk and must be controlled and monitored — Data Protection − Data (at rest, in motion) must be monitored for access policy compliance — Log management − provides the ability to watch what is happening -monitoring is key to maintaining privacy 4

5 IdentityLifecycleManagementAccess Managemen t Information Protection & ControlAuditing/Reporting Help Desk HR System Information Content Repositories Files Data in transit Platform Application s Common roles, policies, reporting, workflow Enterprise Infrastructure Event Logs Directory Systems System Services Mainframes System files Web ERP CRM Custom PrivilegedUserManagement …with Support from Compliance Infrastructure Models Multiple and distinct resources controlled and managed, providing common model of roles and policies 5

6 Privacy Management Challenges: Networked Health IT 6

7 Health Information Exchange Functional and Roles Diagram Business Intelligence 7

8 Emerging, Complex Privacy Management Challenges: Smart Grid 8

9 9 Source: 27 NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 1.0 NIST Smart Grid Conceptual Model

10 Volumes 2 -3 – NISTIR 7628 — NIST Smart Grid Report – Smart Grid Interoperability Panel – Cybersecurity Working Group — Volume 2 – Privacy and the Smart Grid Chapter 5 – Privacy and the Smart Grid includes a privacy impact assessment for the Smart Grid with a discussion of mitigating factors. potential privacy issues that may occur as new capabilities are included in the Smart Grid. − Appendix C – State Laws – Smart Grid and Electricity Delivery − Appendix D – Privacy Use Cases − Appendix E – Privacy Related Definitions

11 30. Elias Leake Quinn, Smart Metering & Privacy: Existing Law and Competing Policies, Spring 2009, at page 3 Novel Smart Grid Risk Exposures

12 Smart Grid Privacy Risk Areas

13 A Reference Model Is Needed Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA) 13

14 Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA) 14

15 Privacy Management Reference Model Services — Core Policy Services − Agreement- agreements, options, permissions − Control- policy instantiation, data management — Presentation and Lifecycle Services − Interaction- manages data/preferences/notice − Agent- software that carries out processes − Usage- lifecycle data use, aggregation, anonymity − Access- individual review/updates to PI — Privacy Assurance Services − Certification- credentials, trusted processes − Audit- verifiable lifecycle accountability − Validation- quality and suitability of PI − Enforcement- including redress for violations Copyright © 1999-2010 International Security Trust and Privacy Alliance (ISTPA)

16 — OASIS PMRM TC formally announced June 27 – first meeting September 8 – Face to Face Informal Meeting September 29 — Open to OASIS members — ISTPA contributed its PMRM v2.0 to the TC — Deliverables include − the Reference Model − one or more use cases utilizing the PMRM − one or more formal methodologies for expressing use cases − profiles of the PMRM applied to selected specific environments (such as Cloud Computing, Health IT, e-Gov, and/or the Smart Grid) — Actively seeking more participation by current and new OASIS members New OASIS PMRM Technical Committee 16

17 John Sabo, Co-Chair, OASIS PMRM Technical Committee Contact: John.t.sabo@ca.com 17

Download ppt "WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Information Security Policies and Standards

Information Security Policies and Standards
1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev. 12-16-11)

1 DCS860A Emerging Technology Physical layer transparency in Cloud Computing (rev )
Understanding Active Directory

Understanding Active Directory
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.

May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
IOT5_20110013GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Privacy Requirements of User Data in Smart Grids Jaydip Sen Tata Consultancy Services Ltd.

IOT5_ GISFI # 05, June 20 – 22, 2011, Hyderabad, India 1 Privacy Requirements of User Data in Smart Grids Jaydip Sen Tata Consultancy Services Ltd.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Privacy and Trust In Europe Mike Small Principal Consultant Security Management CA EMEA.

Privacy and Trust In Europe Mike Small Principal Consultant Security Management CA EMEA.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, 12-13 June 2012 John Sabo, CA Technologies Co-Chair, OASIS.

OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.

Similar presentations

Ads by Google