Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012.

Published byNoelle Jameson Modified over 10 years ago

Similar presentations

Presentation on theme: "Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012."— Presentation transcript:

1 Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012 12:00 PM Scott Hall 216 go.ncsu.edu/csam2012go.ncsu.edu/csam2012.

2 Agenda Good and bad on the Internet Big data and Cloud maturity Sensitive data factors at NC State The Data Sensitivity Framework Some practical advice 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 2

3 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 3 licensed under a Creative Commons License.Creative Commons License

4 The Good Collaborative research Public information availability Access to experts Free speech information exchange Connected communications Banking and shopping convenience Entertainment Save energy Cure diseases Predict trends Promotes involved discussion rather than violence or apathy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 4

5 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 5 by Hamad Subani / Techtangerine.com licensed under aHamad Subani / Techtangerine.com Creative Commons Attribution-NoDerivs 3.0 Unported License

6 The Bad Pornography explosion Inappropriate access Fraud Piracy Personal data on mobile devices –Stolen – identity theft –Used real-time GPS – you cant hide Stalking Government No privacy – All you do is on Google Plagiarism Free speech excesses Data lacks verification Mis-information Hypochondria Security infections Cybernetic warfare 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 6

7 The good 53% –improve social, political, and economic intelligence nowcasting inferential software algorithms for advanced correlations move from measure twice, cut once to place small bets fast. –greater research, and world knowledge The bad 39% – data aggregation – loss of all privacy – false confidence in predictions - hurtful mistakes – manipulate findings - make selfish cases – abused by powerful people, government and/or organizations 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 7 Big Data Scenarios – by 2020? The Pew Research Centers Internet & American Life Project with Elon University surveyed 1,021 Internet experts and users recruited by email.

8 The Internet Cloud From Wikipedia, the free encyclopedia 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 8 Software-as-a-Service (SaaS)

9 CSA/ISACA 2012 Cloud Computing Market Maturity Study 252 participants representing cloud users, providers, consultants and integrators 85% self-identified cloud users Positions from C-level executives to staff 15 different industry segments 48 countries, most America or Europe 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 9

10 Overall findings on maturity Cloud needs to transition from technology solution to business resource Infrastructure and Platform offerings –Infancy –About 3 years to reach established growth Software as a Service (SaaS) offerings –Early growth –2+ years to reach established growth 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 10

11 Cloud infancy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 11

12 SaaS Black Box Simple interface Complexities o Hidden o Layers o Orders of magnitude more You have to be able to trust the implementation! 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 12

13 Positive Influence Factors 1.Agility 2.Time to market 3.Business unit demand 4.New technology 1. Cost management 2. Efficiency 3. Productivity 4. Resilience 10/29/2012Exploring the Good and Evil in the Internet Cloud Slide 13 CSA/ISACA 2012 Cloud Computing Market Maturity Study Survey Business Growth InfluenceProcess Enablement

14 Negative Influences on Cloud Adoption and Innovation 1.Information security 2.Data ownership/ custodian responsibilities 3.Regulatory compliance 4.Legal and contractual issues 5.Information assurance 6. Contract lock-in 7. Longevity of suppliers 8. Disaster recovery/ business continuity 9. Performance standards 10. Performance monitoring 11. Technology stability CSA/ISACA 2012 Cloud Computing Market Maturity Study Survey 10/29/2012Exploring the Good and Evil in the Internet Cloud14

15 Sensitive data factors at NC State Legislation Data Stewards assessment University revenues and expenses University image and reputation Confidentiality agreements / contracts Research (IP and Export Controls, etc.) Copyright and Intellectual Property Personal privacy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 15

16 Legislation 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 16 –Family Educational Rights and Privacy Act (FERPA)Family Educational Rights and Privacy Act (FERPA) –Health Insurance Portability and Accountability Act of 1996 (HIPAA)Health Insurance Portability and Accountability Act of 1996 (HIPAA) –Gramm Leach Bliley Act (GLBA)Gramm Leach Bliley Act (GLBA) –Payment Card Industry (PCI) Data Security StandardPayment Card Industry (PCI) Data Security Standard –Red Flag RuleRed Flag Rule –North Carolina Identity Theft Protection Act of 2005North Carolina Identity Theft Protection Act of 2005 –North Carolina Public Records ActNorth Carolina Public Records Act –North Carolina State Personnel ActNorth Carolina State Personnel Act

17 Lots of sensitive data - examples Personally Identifiable Information (PII) Credit card information Research data Public safety information Financial donor information Security controls such as: –System access passwords –Information file encryption keys –Information security records

18 A few really Red-hot items Social Security Numbers Credit Card Numbers Banking account info PINS and passwords 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 18

19 FERPA data is pervasive Any record, with certain exceptions, maintained by an institution that is directly related to a student or students. This record can contain a students name(s) or information from which an individual student can be personally (individually) identified. These records include: files, documents, and materials in whatever medium (handwriting, print, tapes, disks, film, microfilm, microfiche) which contain information directly related to students and from which students can be personally (individually) identified. 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 19

20 FERPA conclusions FERPA data is held by most, if not all, academic and administrative offices of our institution –Do we need to protect the security of Education Records and Student Privacy? Absolutely –Can we afford to protect them at the same level as social security numbers and credit card data? Certainly not –Too expensive –Too intrusive for access FERPA at NC State from OGCFERPA at NC State

21 A framework for the availability and security of your data. Data classification statement Data sensitivity framework List of controls 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 21

22 Data Classification Statement Matrix 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 22 LevelRiskRegulationFinancialReputationBusinessOther Red-HotTwo ofMultipleSignificantSerious Litigation HighTwo ofViolationSignificantSerious ModerateOne ofViolationSome Adverse NormalNo major Access control Not sensitive None

23 Data sensitivity framework Data Management Procedures Regulation REG 08.00.03 New draft includes: –Data Classification Statement –Links to: Data sensitivity framework List of controls 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 23

24 Controls for Securing Sensitive Information in University Applications Best Practices for: –Application owner (and developers) –Data steward Three types of IS controls: –Administrative and procedural design –Computer server technical controls and techniques –End-user devices technical controls and techniques. 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 24

25 Whos protecting your data & how? On your mobile device – you are Removable storage – you are On your desktop – you and your sys admin On University servers - OIT or college/ dept IT staff (or you!) In the cloud – the vendor 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 25

26 Google and sensitive information http://google.ncsu.edu/usinggoogleapp s/best-practices-data-security-google- apps-nc-statehttp://google.ncsu.edu/usinggoogleapp s/best-practices-data-security-google- apps-nc-state Google docs OK for FERPA data E-mail more of an issue 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 26

27 Precautions with cloud vendors From CSA/ISACA study either –Less than 100 staff or –Many thousands Be careful if you have sensitive data Look at Cloud Security Alliance STARSTAR Ask OIT S&C for security assessment of product and data being considered 10/29/2012ring the Good and Evil in the Internet CloudSlide 27

28 Where is it OK to store your data? LocationRed-hotRedYellowGreenUn-classified Removable storage NeverEncrypted…Yes… Yes Mobile device NeverNoYes Local PCNeverEncrypted…Yes…Yes University server Encrypted Restricted Yes…YesYes…Yes EmailNeverEncryptedSome…Yes PrintRestricted Yes CloudEncrypted Restricted Restricted… Yes…Yes GoogleNeverNoYes…Yes 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 28

29 Questions 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 29 The golink: http://GO.NCSU.EDU/CSAM2012Ehttp://GO.NCSU.EDU/CSAM2012E and the security code word Cloud for prizes that will be given away on Oct. 31 John_Baines@ncsu.edu

Download ppt "Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012."

Similar presentations

Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.

Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Terms. 1. Globalization 2. Financing 3. Inputs.

Terms. 1. Globalization 2. Financing 3. Inputs.
Slide 1 FastFacts Feature Presentation August 28, 2008 We are using audio during this session, so please dial in to our conference line… Phone number:

Slide 1 FastFacts Feature Presentation August 28, 2008 We are using audio during this session, so please dial in to our conference line… Phone number:
Slide 1 FastFacts Feature Presentation September 18, 2012 To dial in, use this phone number and participant code… Phone number: 888-651-5908 Participant.

Slide 1 FastFacts Feature Presentation September 18, 2012 To dial in, use this phone number and participant code… Phone number: Participant.
Setting the Course for the New Digital Economy. The Elements of the New Digital Economy Content and Services Growth of content and service consumption.

Setting the Course for the New Digital Economy. The Elements of the New Digital Economy Content and Services Growth of content and service consumption.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
University of Minnesota

University of Minnesota
IT Security Policy Framework

IT Security Policy Framework
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Banking Services AVAILABLE FOR A SMALL BUSINESS. BANKING SERVICES 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.

Banking Services AVAILABLE FOR A SMALL BUSINESS. BANKING SERVICES 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.
MOSS ADAMS LLP | 1 W HAT I S S ENSITIVE D ATA ? Whats the Risk and What Do We Do About It? Weston Nelson Steve Fineberg Steven Gin.

MOSS ADAMS LLP | 1 W HAT I S S ENSITIVE D ATA ? Whats the Risk and What Do We Do About It? Weston Nelson Steve Fineberg Steven Gin.
P-Card User Guide Standard Profile July 2012 1 RCNJ-BOA Purchasing Card User Guide – Standard Profile Ramapo College and Bank of America VISA Procurement.

P-Card User Guide Standard Profile July RCNJ-BOA Purchasing Card User Guide – Standard Profile Ramapo College and Bank of America VISA Procurement.
The ABCs of Credit Card Finance Essential Facts for Students 2012 Carol A. Carolan, Ph.D.

The ABCs of Credit Card Finance Essential Facts for Students 2012 Carol A. Carolan, Ph.D.
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, 2014 1IT Security, East Carolina University.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
CHAPTER 10 CREDIT You’re in Charge

CHAPTER 10 CREDIT You’re in Charge
The Office Procedures and Technology

The Office Procedures and Technology
Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,

Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.

November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Copyright Critical Software S.A. 1998-2008 All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.

Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.

Similar presentations

Ads by Google