Managing Trust Professor Richard Walton CB. Exam Question The importance of Trust in Data Protection (This essay should discuss the relationship between.

Slides:



Advertisements
Similar presentations
Code of Ethics for Professional Accountants
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
The Challenges for Ensuring Transparency and Accountability in specific Areas of Public Financial Management presented by Mr.Abdluaziz Yousef Al-Adsani.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Professional Behaviour
Chapter 20 Additional Assurance Services: Other Information
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Security Controls – What Works
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Code of Ethics – Discussion Question
Implementing and Auditing Ethics Programs
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Training on Data Protection Roles of the Data Protection Office.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
Privacy and Security Risks in Higher Education
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Information Security Technological Security Implementation and Privacy Protection.
11 – E-Commerce 1. What is Electronic Commerce? 2. What is a contract? 3. Elements of an enforceable contract 4. Standard terms of a contract 5. Form and.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Information Security has Failed What Next? Professor Richard Walton CB Royal Holloway 6 September 2014.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
Data Protection Act AS Module Heathcote Ch. 12.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Information Warfare Midterm Overview. Lectures Covered Everything until (including) March 2 nd Reading: – All lecture slides – Denning book: Chapters.
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
The Audit as a Management Tool Vermont State Auditor’s Office – April 2009.
Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.
SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,
Glasgow, 17 May 2012 Mike Coles Developments in the validation of learning in the EU.
Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Current risk and compliance priorities for law firms PETER SCOTT CONSULTING.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Update on Liberia’s ICT Regulations and E-commerce Services at the Harmonization of ECOWAS Region Cyber Legislation, Accra March 2014 By Cllr. Roosevelt.
-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.
Threat Modeling for Cloud Computing
Information Security, Theory and Practice.
What Does GDPR mean for you
6th Asian Roundtable on Corporate Governance Theme II, Session 2 Ensuring Capacity, Integrity and Accountability of Regulators and Supervisors Jaweria.
Current ‘Hot Topics’ in Information Security Governance Auditing
Explorative Analysis of the Implications and Compliance of the Protection of Personal Information (POPI) Act in a Open and Distance Learning (ODL) Institution:
Service Organization Control (SOC)
Data Protection Legislation
GDPR Security: How to do IT? IT reediness for competitive advantage
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Data protection in the Education Sector - understanding the impact of GDPR Tuesday 23rd January 2018.
Computer Security CIS326 Dr Rachel Shipsey.
EPAL and Management of Privacy Obligations
e-Security Solutions Penki Kontinentai Vladas Lapinskas
Computer Security CIS326 Dr Rachel Shipsey.
Session 1 – Introduction to Information Security
Chapter 5 Computer Security
Presentation transcript:

Managing Trust Professor Richard Walton CB

Exam Question The importance of Trust in Data Protection (This essay should discuss the relationship between trust and assurance, the different nature of Confidentiality and Privacy in relation to trust, along with the importance of data Protection – and associated legislation – in contributing to Assurance to facilitate Trust. Also discuss how these issues are addressed through Information Security Management Processes)

The Nature of Trust  Difficult to define  Nebulous and Subjective  Pervasive in interpersonal dealings  Two concerns – Bona fides – Competence  Integrity

I can trust you, can't I?

Mutual Exposure

Trust and Assurance Assurance builds confidence that machine processes are doing the right thing with no unlooked-for side effects and that people/organisations behind the process are also doing the right thing. Assurance addresses both bona fides and competence.

Organisations Trusting  Classic Infosec  Security Policy  Regulations  Personnel Vetting  Least Privilege  Access Control  Audit & Monitoring

Trust and Organisations You can trust most of the people most of the time

Trusting Organisations  Imbalance of Power  Conflict of Interest  Reputation  Legal Framework  Financial guarantees  Third Party Intermediaries  Transparency

Trust and Machines You can trust a machine to do what it is told to do. But what has it been told to do...?

Trust and Machines  Reputation of Organisations  Qualifications of Staff  Functional Testing  Penetration Testing  Evaluation & Certification  Audit, Monitoring and Checking  Authentication of Machine and of Users

Data Protection  Confidentiality –Keep secrets secret –Prevent unauthorised disclosure –Information owner control  Privacy –Personal information –Control usage –Prevent abuse of personal information

Privacy Privacy is not the same as Confidentiality The most challenging issues are less to do with keeping information secret than with controlling use and abuse of private information

Trust and Data Protection  Serious Breaches have caused loss of public trust – Reduces business benefit – Limits effectiveness of e-commerce and e- government  Vital to restore trust through confidence building assurance measures – The law is only part of the solution

Trust and Data Protection  Law and Regulation –Data Protection Act –Official Secrets Act –Copywrite and Patent laws –Digital Rights Protection  Policy assertions  Use of encryption  Authentication mechanisms  Tick box permissions

Conclusions 1  Trust is central to achieving business benefits  Trust is built from Assurance measures  Historic trust between individuals serves as a starting point  Trust by and in organisations is complex  Trusting machines is technically challenging  Trust must be managed – And is an essential ingredient in information security

Conclusions 2  Data Protection (DP) is an exemplar of the need for trust – Trust lost through serious inadequacies  DP concerns both Confidentiality and Privacy – These are not the same  Privacy poses the more challenging trust questions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.