Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM 2012 - U R Cyber Security Monday, October 29, 2012.

Slides:



Advertisements
Similar presentations
Chapter 14 Intranets & Extranets. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES Introduction Technical Infrastructure Planning an Intranet.
Advertisements

Terms. 1. Globalization 2. Financing 3. Inputs.
Slide 1 FastFacts Feature Presentation August 28, 2008 We are using audio during this session, so please dial in to our conference line… Phone number:
Slide 1 FastFacts Feature Presentation September 18, 2012 To dial in, use this phone number and participant code… Phone number: Participant.
Setting the Course for the New Digital Economy. The Elements of the New Digital Economy Content and Services Growth of content and service consumption.
HIPAA AWARENESS TRAINING
University of Minnesota
IT Security Policy Framework
The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Banking Services AVAILABLE FOR A SMALL BUSINESS. BANKING SERVICES 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.
MOSS ADAMS LLP | 1 W HAT I S S ENSITIVE D ATA ? Whats the Risk and What Do We Do About It? Weston Nelson Steve Fineberg Steven Gin.
P-Card User Guide Standard Profile July RCNJ-BOA Purchasing Card User Guide – Standard Profile Ramapo College and Bank of America VISA Procurement.
The ABCs of Credit Card Finance Essential Facts for Students 2012 Carol A. Carolan, Ph.D.
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
CHAPTER 10 CREDIT You’re in Charge
The Office Procedures and Technology
Evolution of Data Use and Stewardship Recent University-wide Data Stewardship Enhancements Integrated System Data Stewardship Shirley C. Payne, CISSP,
November 14, 2012 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Detroit.
Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.
Copyright Critical Software S.A All Rights Reserved. COTS based approach for the Multilevel Security Problem Bernardo Patrão.
Customer Service.
© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Taiwan ITQ.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Record Keeping F OR A S MALL B USINESS. RECORD KEEPING 2 Welcome 1. Agenda 2. Ground Rules 3. Introductions.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,
Copyright 2001 Advanced Strategies, Inc. 1 Data Bridging An Overview Prepared for DIGIT By Advanced Strategies, Inc.
Security Is Everyone’s Responsibility October 22, 2014.
CANHEIT | On the EDGE | June 15-18, 2008 | University of Calgary Collaborative Computing on an Institutional Level Steve Breeck, Harold Esche, Bill Richardson.
Introduction to ikhlas ikhlas is an affordable and effective Online Accounting Solution that is currently available in Brunei.
CTS Strategic Roadmap Walkthrough, v1.2 Dan Mercer.
Which server is right for you? Get in Contact with us
Division of Information Resources Collaborating with Office 365 Storage Options and Classifications.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
What Data is Sensitive and How Do We Keep it Private? John L. Baines, AD IT Policy & Compliance, OIT Data Privacy Month 2013 Tuesday, January 28, 2013.
Information & Communication Technologies NMSU All About Discovery! Risk-Based Information Security Program at NMSU presented by Norma Grijalva.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
Information Security Policies Larry Conrad September 29, 2009.
Security Controls – What Works
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Securing Information in the Higher Education Office.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Electronic Records Management: What Management Needs to Know May 2009.
Xiaoyue Jiu, Fola Oyediran, Eboni Strawder | Group 10
Computer Science and Engineering 1 Cloud ComputingSecurity.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
Cloud Computing Presented by Alicia Wallis and Kerri Warf.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES 1 The Technical Services Stuff in IT Services A brief tour of the technical and service offering plethora.
STANFORD UNIVERSITY RESEARCH COMPUTING Are we outliers? Institutional minimum security requirements RUTH MARINSHAW OCTOBER 14, 2015.
Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Chapter 4: Laws, Regulations, and Compliance
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Draft - Enterprise Risk Management Risk Universe
Strategies in the Game of
Information Security Program
Data Security Policies
Auditing Cloud Services
BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT
Compliance….GlobalSearch……WHAT?!?!
Computer Science and Engineering
About EverydayComply A Solution designed to:
Presentation transcript:

Exploring the Good and Evil in the Internet Cloud! John L. Baines, AD IT Policy & Compliance, OIT CSAM U R Cyber Security Monday, October 29, :00 PM Scott Hall 216 go.ncsu.edu/csam2012go.ncsu.edu/csam2012.

Agenda Good and bad on the Internet Big data and Cloud maturity Sensitive data factors at NC State The Data Sensitivity Framework Some practical advice 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 2

10/29/2012Exploring the Good and Evil in the Internet CloudSlide 3 licensed under a Creative Commons License.Creative Commons License

The Good Collaborative research Public information availability Access to experts Free speech information exchange Connected communications Banking and shopping convenience Entertainment Save energy Cure diseases Predict trends Promotes involved discussion rather than violence or apathy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 4

10/29/2012Exploring the Good and Evil in the Internet CloudSlide 5 by Hamad Subani / Techtangerine.com licensed under aHamad Subani / Techtangerine.com Creative Commons Attribution-NoDerivs 3.0 Unported License

The Bad Pornography explosion Inappropriate access Fraud Piracy Personal data on mobile devices –Stolen – identity theft –Used real-time GPS – you cant hide Stalking Government No privacy – All you do is on Google Plagiarism Free speech excesses Data lacks verification Mis-information Hypochondria Security infections Cybernetic warfare 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 6

The good 53% –improve social, political, and economic intelligence nowcasting inferential software algorithms for advanced correlations move from measure twice, cut once to place small bets fast. –greater research, and world knowledge The bad 39% – data aggregation – loss of all privacy – false confidence in predictions - hurtful mistakes – manipulate findings - make selfish cases – abused by powerful people, government and/or organizations 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 7 Big Data Scenarios – by 2020? The Pew Research Centers Internet & American Life Project with Elon University surveyed 1,021 Internet experts and users recruited by .

The Internet Cloud From Wikipedia, the free encyclopedia 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 8 Software-as-a-Service (SaaS)

CSA/ISACA 2012 Cloud Computing Market Maturity Study 252 participants representing cloud users, providers, consultants and integrators 85% self-identified cloud users Positions from C-level executives to staff 15 different industry segments 48 countries, most America or Europe 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 9

Overall findings on maturity Cloud needs to transition from technology solution to business resource Infrastructure and Platform offerings –Infancy –About 3 years to reach established growth Software as a Service (SaaS) offerings –Early growth –2+ years to reach established growth 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 10

Cloud infancy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 11

SaaS Black Box Simple interface Complexities o Hidden o Layers o Orders of magnitude more You have to be able to trust the implementation! 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 12

Positive Influence Factors 1.Agility 2.Time to market 3.Business unit demand 4.New technology 1. Cost management 2. Efficiency 3. Productivity 4. Resilience 10/29/2012Exploring the Good and Evil in the Internet Cloud Slide 13 CSA/ISACA 2012 Cloud Computing Market Maturity Study Survey Business Growth InfluenceProcess Enablement

Negative Influences on Cloud Adoption and Innovation 1.Information security 2.Data ownership/ custodian responsibilities 3.Regulatory compliance 4.Legal and contractual issues 5.Information assurance 6. Contract lock-in 7. Longevity of suppliers 8. Disaster recovery/ business continuity 9. Performance standards 10. Performance monitoring 11. Technology stability CSA/ISACA 2012 Cloud Computing Market Maturity Study Survey 10/29/2012Exploring the Good and Evil in the Internet Cloud14

Sensitive data factors at NC State Legislation Data Stewards assessment University revenues and expenses University image and reputation Confidentiality agreements / contracts Research (IP and Export Controls, etc.) Copyright and Intellectual Property Personal privacy 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 15

Legislation 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 16 –Family Educational Rights and Privacy Act (FERPA)Family Educational Rights and Privacy Act (FERPA) –Health Insurance Portability and Accountability Act of 1996 (HIPAA)Health Insurance Portability and Accountability Act of 1996 (HIPAA) –Gramm Leach Bliley Act (GLBA)Gramm Leach Bliley Act (GLBA) –Payment Card Industry (PCI) Data Security StandardPayment Card Industry (PCI) Data Security Standard –Red Flag RuleRed Flag Rule –North Carolina Identity Theft Protection Act of 2005North Carolina Identity Theft Protection Act of 2005 –North Carolina Public Records ActNorth Carolina Public Records Act –North Carolina State Personnel ActNorth Carolina State Personnel Act

Lots of sensitive data - examples Personally Identifiable Information (PII) Credit card information Research data Public safety information Financial donor information Security controls such as: –System access passwords –Information file encryption keys –Information security records

A few really Red-hot items Social Security Numbers Credit Card Numbers Banking account info PINS and passwords 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 18

FERPA data is pervasive Any record, with certain exceptions, maintained by an institution that is directly related to a student or students. This record can contain a students name(s) or information from which an individual student can be personally (individually) identified. These records include: files, documents, and materials in whatever medium (handwriting, print, tapes, disks, film, microfilm, microfiche) which contain information directly related to students and from which students can be personally (individually) identified. 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 19

FERPA conclusions FERPA data is held by most, if not all, academic and administrative offices of our institution –Do we need to protect the security of Education Records and Student Privacy? Absolutely –Can we afford to protect them at the same level as social security numbers and credit card data? Certainly not –Too expensive –Too intrusive for access FERPA at NC State from OGCFERPA at NC State

A framework for the availability and security of your data. Data classification statement Data sensitivity framework List of controls 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 21

Data Classification Statement Matrix 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 22 LevelRiskRegulationFinancialReputationBusinessOther Red-HotTwo ofMultipleSignificantSerious Litigation HighTwo ofViolationSignificantSerious ModerateOne ofViolationSome Adverse NormalNo major Access control Not sensitive None

Data sensitivity framework Data Management Procedures Regulation REG New draft includes: –Data Classification Statement –Links to: Data sensitivity framework List of controls 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 23

Controls for Securing Sensitive Information in University Applications Best Practices for: –Application owner (and developers) –Data steward Three types of IS controls: –Administrative and procedural design –Computer server technical controls and techniques –End-user devices technical controls and techniques. 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 24

Whos protecting your data & how? On your mobile device – you are Removable storage – you are On your desktop – you and your sys admin On University servers - OIT or college/ dept IT staff (or you!) In the cloud – the vendor 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 25

Google and sensitive information s/best-practices-data-security-google- apps-nc-statehttp://google.ncsu.edu/usinggoogleapp s/best-practices-data-security-google- apps-nc-state Google docs OK for FERPA data more of an issue 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 26

Precautions with cloud vendors From CSA/ISACA study either –Less than 100 staff or –Many thousands Be careful if you have sensitive data Look at Cloud Security Alliance STARSTAR Ask OIT S&C for security assessment of product and data being considered 10/29/2012ring the Good and Evil in the Internet CloudSlide 27

Where is it OK to store your data? LocationRed-hotRedYellowGreenUn-classified Removable storage NeverEncrypted…Yes… Yes Mobile device NeverNoYes Local PCNeverEncrypted…Yes…Yes University server Encrypted Restricted Yes…YesYes…Yes NeverEncryptedSome…Yes PrintRestricted Yes CloudEncrypted Restricted Restricted… Yes…Yes GoogleNeverNoYes…Yes 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 28

Questions 10/29/2012Exploring the Good and Evil in the Internet CloudSlide 29 The golink: and the security code word Cloud for prizes that will be given away on Oct. 31

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.