Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy and Information Governance Challenges in the Age of Big Data Montréal, Québec October 21, 2014 Jerrard B. Gaertner CPA, CA, CISSP, CISA, CGEIT,

Published byWillis Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy and Information Governance Challenges in the Age of Big Data Montréal, Québec October 21, 2014 Jerrard B. Gaertner CPA, CA, CISSP, CISA, CGEIT,"— Presentation transcript:

1 Privacy and Information Governance Challenges in the Age of Big Data Montréal, Québec October 21, 2014 Jerrard B. Gaertner CPA, CA, CISSP, CISA, CGEIT, CIPP/IT, CFI, CIA, I.S.P., ITCP © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 1

2 Disclaimer This presentation does not constitute legal or professional advice. The opinions expressed are those of the presenter and do not represent those of the Canadian Information Processing Society or Managed Analytic Services Inc. American, Canadian and European Union laws and regulations differ from each other in substantive ways. Although every effort has been made to ensure the accuracy of this material, the author assumes no responsibility for its accuracy, completeness, applicability or currency. Consult your legal, security and/or privacy practitioner(s) for more detailed information on these topics. © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 2

3 Your Presenter © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 3

4 How Did We Get Here? © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 4

5 Business Imperative! © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 5

6 6 Deriving Value Often Requires Process Change and Inter-Departmental Cooperation © 2014 Jerrard Gaertner and Managed Analytic Services Inc.

7 May I Have This Dance? © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 7

8 8 Do Not Relay on Strictly Technology Solutions They WILL fail!

9 All Eggs in One Basket © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 9

10 Big Data has Special Risks 1.Concentration creates high value targets 2.Where did each element come from, is it accurate, unique, current? Data quality issues are significant 3.Lower established reliability and less familiarity, greater inherent complexity, increase risk of error 4.Logical analysis, process re-performance not always possible. Untestable processing leaves residual risk 5.ETL process can be complex & time consuming 6.On line and off line processes pose different risks 7.Big Data sometimes falls between the cracks in the application of security and privacy policies © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 10

11 Big Data has Big Business Risks That Can Lead to Security, Privacy and Compliance Failures 1.Very few certified vendors or 3 rd party certified installations which can be relied upon from a due diligence perspective 2.Lack of experience leads to unrealistic expectations, under-resourcing, pressure to produce 3.Outside expertise can be costly – in house bootstrapping problematical 4.Deriving value is not the same thing as finding an answer or a pattern © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 11

12 Concentration, Conversion (ETL) and Data Quality Risks Few Security and Privacy Tools Staff Lack Familiarity and Training Architectural Complexity Lack of Proven Reliability and 3 rd Party Certification Unrealistic Expectations and Pressure to Produce Difficult to Test in Conventional Ways 12 Big Data Risks © 2014 Jerrard Gaertner and Managed Analytic Services Inc.

13 The Basics Governance and IT governance Framework and standards applied Security and privacy standard adapted Risk based approach Innovative application of standard control technologies Human and organizational components are critical Enforcement and 3 rd party oversight © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 13

14 Some Hints from Experience 1.Training and awareness are critical 2.Strong organizational and administrative controls can compensate for many deficiencies 3.It is rarely as simple or as effective as Vendors would like you to believe – always do your own due diligence 4.People will try to circumvent controls if they feel they are hampering efficiency 5.It is often most difficult to deliver intangible deliverables – security, privacy control, processes and procedures, documentation – and these are most often sacrificed on the alter of budget and schedule © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 14

15 Some More Hints 6.Apply limited resources where they will have the greatest impact – always consider risk 7.Segregating, sandboxing, limiting, logging, exception reporting, validating are tried and true techniques that still work 8.Never use default security passwords 9.Open source is a double edged sword to be treated always with respect 10.A little encryption is better than none – as long as you know what you’re doing 11.Automated ETL tools can save a LOT of time 12.IT staff are custodians of the data – not its owners © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 15

16 Baby & the Bathwater? © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 16

17 Retention, Preservation & Destruction – Or Not? © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 17

18 Predictive Analytics – A Very Special Case © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 18

19 The Road Ahead Its easy to see… © 2014 Jerrard Gaertner and Managed Analytic Services Inc. 19

20 20 Thank you! © 2014 Jerrard Gaertner and Managed Analytic Services Inc.

21 21

Download ppt "Privacy and Information Governance Challenges in the Age of Big Data Montréal, Québec October 21, 2014 Jerrard B. Gaertner CPA, CA, CISSP, CISA, CGEIT,"

Similar presentations

New IA IA Clinic March 30, 2013. Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.

New IA IA Clinic March 30, Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed.
Could mandatory Privacy Impact Assessment be a solution to enhance Personal Privacy and Data Protection? Chester Soong.

Could mandatory Privacy Impact Assessment be a solution to enhance Personal Privacy and Data Protection? Chester Soong.
Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.

Confidential & Proprietary to Cooper Compliance Corporation Revised September 8, 2014 AUDiT-READY TM.
© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United.

© Clearwater Compliance LLC | All Rights Reserved Copyright Notice 1 Copyright Notice. All materials contained within this document are protected by United.
1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.

1 The critical challenge facing banks and regulators under Basel II: improving risk management through implementation of Pillar 2 Simon Topping Hong Kong.
September 5, 2013 Southern Region Break-Out NAAA Annual Convention.

September 5, 2013 Southern Region Break-Out NAAA Annual Convention.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
ProCognis SOX 404 & COSO Implementation Presentation

ProCognis SOX 404 & COSO Implementation Presentation
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.

6-1 McGraw-Hill/Irwin ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 6 Internal Control Evaluation: Assessing Control Risk.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
The Information Systems Audit Process

The Information Systems Audit Process
2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

2 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.

SMART GRID: Privacy Awareness and Training – A Starting Point for Utilities October 2011 SGIP-CSWG Privacy Group 1.
Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.

Beyond HIPAA, Protecting Data Key Points from the HIPAA Security Rule.
SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.
Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.

Effort Reporting: A Departmental Approach to Meeting Audit Requirements Dianne Valdez, MBA, CIA, CISA, CCSA Enrique Valdez Jr., MBA.

Similar presentations

Ads by Google