Presentation is loading. Please wait.

Presentation is loading. Please wait.

2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,

Published byGriffin Hubbard Modified over 8 years ago

Similar presentations

Presentation on theme: "2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,"— Presentation transcript:

1 2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference, May 2006

2 2 – 2002 Symantec Corporation, All Rights Reserved I.Managing risk and the threat landscape II.Regulation III.Conclusions A G E N D A

3 3 – 2002 Symantec Corporation, All Rights Reserved Managing the risk is a daily challenge NetworkApplicationDatabaseServerStorage CostCost RiskRisk Security Availability Performance Clients Complexity Security Threats Business Continuity Compliance Key Issues: Cost Complexity Compliance

4 4 – 2002 Symantec Corporation, All Rights Reserved Business Risk Management Business Corporate Governance Competition Infrastructure IT Risk Management InternetStaff CustomersPartners Information Assurance Information assurance is about managing risk

5 5 – 2002 Symantec Corporation, All Rights Reserved A key element is regulatory compliance Business Risk Management Regulation and Compliance IT Risk Management Information Assurance

6 6 – 2002 Symantec Corporation, All Rights Reserved Today’s Threat Landscape  Cybercrimes such as online fraud and the theft of confidential information are dominating the public’s consciousness.  Bots, bot networks and customizable or ‘modular’ malicious code are the preferred methods of attack.  Web applications and web browsers increasingly becoming the focal point of attacks.  Continued decline in noisy Category 3 & 4 threats and a corresponding increase in quieter, stealthier Category 1 and 2 threats.  You have to go looking for the threats………

7 7 – 2002 Symantec Corporation, All Rights Reserved Attack Trends – Top Targeted Industries As predicted, the rise in online fraud and the shift towards financial motivation has moved Financial services to the top of targeted industries in the last half of 2005.

8 8 – 2002 Symantec Corporation, All Rights Reserved Vulnerability Trends – Volume - 2001 - 2005 Between July 1 - December 31, 2005, the total number of vulnerabilities grew by 1% over the previous reporting period and 34% over the same period last year. The total number of vulnerabilities reported this period is the highest ever recorded.

9 9 – 2002 Symantec Corporation, All Rights Reserved Malicious Code Trends – Threats to Confidential Information Threats to confidential information continue to increase over the past three reporting periods with 80% of the Top 50 reported malicious code in this period, having the potential to expose confidential information.

10 10 – 2002 Symantec Corporation, All Rights Reserved Malicious Code Trends – Modular Malicious Code Modular malicious code is malicious code that initially possesses limited functionality, but that, once installed on a target host can download other pieces (or modules) of code with different, usually malicious, functionalities. 88% of all malware code had this functionality

11 11 – 2002 Symantec Corporation, All Rights Reserved Attack Trends – Time To Compromise - Servers Server operating systems in a web sever role

12 12 – 2002 Symantec Corporation, All Rights Reserved Attack Trends – Time To Compromise - Desktops Desktop systems NOT behind a firewall.

13 2002 Symantec Corporation, All Rights Reserved The Regulatory Challenges

14 14 – 2002 Symantec Corporation, All Rights Reserved Examples of European Regulation  Protecting YOUR data –95/46/EC Generic Data Protection –2002/58/EC Specific Data Protection –Data Retention  Protecting against damaging data –Framework Decision on attacks against info-systems –Council of Europe Convention on Cybercrime  Protecting the data of specific industries –Basel II –Use of public sector information

15 15 – 2002 Symantec Corporation, All Rights Reserved Data protection  Directives 95/46/EC (generic) and 2002/58/EC (specific)  Generic Directive covers all activities related to processing of personal data  Specific Directive covers only electronic communications  Create independent authorities responsible for supervision and enforcement  Very interesting from a security standpoint

16 16 – 2002 Symantec Corporation, All Rights Reserved The Generic Directive  Defines data categories  Requires information collection fairly and lawfully subject to consent  Requires information security and availability for the storage of data  Requires access to data subject and rectification of the data  Forbids cross-border transfer of personal data  Determines jurisdiction

17 17 – 2002 Symantec Corporation, All Rights Reserved Specific Directive  Defines traffic data  Requires network security  Obliges eCommunication providers to notify users of the services for eminent threats  Obliges the destruction of traffic data if no excluded specific business is applicable  Forbids spam distribution  Leaves the door open for data retention

18 18 – 2002 Symantec Corporation, All Rights Reserved Data retention  Routinely retaining traffic data by eCommunication service providers for law enforcement purposes –What data? –How much? –How long?  Not preservation  Not interception

19 19 – 2002 Symantec Corporation, All Rights Reserved The data……  Personal Data –My name –My ID number –Anything that identifies me  Sensitive Data –Race –Religious beliefs –Etc  Traffic data –IP addresses –URLs  Data –Any data covered by the Data Retention Directive

20 20 – 2002 Symantec Corporation, All Rights Reserved Some challenges with current privacy rules Looking at 2002/58/EC  What is personal data in eCommunications environment?  IP addresses are personal data? –How do we log them –Do we ask permission  Staying ahead of the threats –Spam is covered by the Directive but what about?  Spyware  Addware  Phishing  How we collect the data and how do we use them? –No obligation to notify in case of breach  What is the role of the service provide? –To provide an appropriate level of security

21 21 – 2002 Symantec Corporation, All Rights Reserved So does Internet kill regulation?  Internet is probably one of the most regulated environments in the world –Everybody’s laws seem to apply  The issue is better/smarter regulation as opposed to no regulation  Do not become a hostage of fortune  Do not over-protect  Technology and self-regulation  Finding the right balance…..

22 22 – 2002 Symantec Corporation, All Rights Reserved Security vs Privacy vs Regulation  Technology does not mean less privacy –Privacy enhancing technologies everywhere around us  Security is not against privacy –Security is a privacy pre-condition  Regulation is not against technology –Needs to be regularly updated/reviewed –Needs to be technology neutral –Needs to set framework conditions –Should not be over-extended –Should be prepared in consultation –Current review of 2002/58/EC

23 2002 Symantec Corporation, All Rights Reserved Thank You! Ilias_chantzos@symantec.com +3225311161

Download ppt "2002 Symantec Corporation, All Rights Reserved The dilemma European Security Policy and Privacy Ilias Chantzos Government Relations EMEA Terena Conference,"

Similar presentations

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, 2012 1 Industry and the fight against cybercrime.

‘Changing environment – changing security’ - Cyber-threat challenges today – Budapest, September 17-18, Industry and the fight against cybercrime.
UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.

UNCLASSIFIED Cybercrime: The Australian Experience Australian Cybercrime Online Reporting Network (ACORN) Conference Assistant Commissioner Tim Morris.
Ilias Chantzos Senior Director, Government Affairs - EMEA Symantec Cyber-security & cyber-resilience: Policy implications in smart cities.

Ilias Chantzos Senior Director, Government Affairs - EMEA Symantec Cyber-security & cyber-resilience: Policy implications in smart cities.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Security for Today’s Threat Landscape Kat Pelak 1.

Security for Today’s Threat Landscape Kat Pelak 1.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.

Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Security Controls – What Works

Security Controls – What Works
The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.

The Changing Face of Endpoint Security K Varadarajan Regional Manager, Enterprise Sales, Symantec Security Conference 2010_Bangalore.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!

Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Similar presentations

Ads by Google