2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 1 ©2011, Cognizant Northwestern McCormick MSIT- 2013 October 20 th, 2012 Information Security.

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

The Data Protection (Jersey) Law 2005.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

Protecting Personal Information Guidance for Business.

Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Sara Juster, JD Vice President/Corporate Compliance Officer Nebraska.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

The Information Commissioner’s Office David Evans.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Joseph Kummer Terri Berry Brad White.  1. Specific instances of employee hacking and the consequences which resulted therefrom.  2. How employees utilize.

The Data Protection Act 1998 The Eight Principles.

Professional Values and Basic Business Legislation.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Data Protection Act AS Module Heathcote Ch. 12.

The Data Protection Act [1998]

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.

Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

C HAPTER 34 Code Blue Health Sciences Edition 4. Confidentiality of sensitive information is an important issue in healthcare. Breaches of confidentiality.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. BUSINESS PLUG-IN B19 Global Information Systems.

E-Business Project - Strategy Carl Arrowsmith

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Data protection and compliance in context 19 November 2007 Stewart Room Partner.

Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.

BUSINESS CLARITY ™ PCI – The Pathway to Compliance.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.

Copyright, Intellectual Property, and Privacy 1 Lesson Plan: BMM A9-4.

Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Data protection—training materials [Name and details of speaker]

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Data Protection Officer’s Overview of the GDPR

Protection of CONSUMER information

Privacy principles Individual written policies

General Data Protection Regulation

Data Protection Act.

MIS 5121: Real World Control Failure - TJX

Data Protection Legislation

Protecting Personal Information Guidance for Business.

Cyber Trends and Market Update

Disability Services Agencies Briefing On HIPAA

Identify the laws and guidelines that affect day-to-day use of IT.

Presentation transcript:

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 1 ©2011, Cognizant Northwestern McCormick MSIT October 20 th, 2012 Information Security in Real Business (Part 2) Team Tiger

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 2 Agenda  Objective  Security and Business Issue  Principles of Data Protection and Business Requirements  Why it is important?  Industry Research  Q & A / Feedback  Vote of Thanks Information Security in Real Business

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 3 Objective To complete and present Part 2 of Project “Information Security in Real Business: From Part 1 the (at least) four issues, pick the most interesting one to your group and the one which should not been very well solved (or the one being solved, i.e., an ongoing project) in your corporate/organizations. Formulate a security problem and do some research on the related work. Please show why this problem is a general one that comes across multiple industry/education/government sectors. Each group is expected to give a presentation (5-10 minutes) to seek synergy and early feedback from other students and the instructor in week 5.

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 4 Security (Issue)

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 5 Business Issue Cornerstone: Availability Business Issue: Confidential Information / Data Protection Issues, involving loss of Confidential Customer data in a “Outsourced Environment” Our computer networks, computers and software, if left unsecured, can pose a substantial risk to our confidential information. As Company Associates, we must do everything possible to protect Company information systems from unauthorized access.

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 6 Principles of Data Protection  Identify the type of information you need to store and why  Consider data protection principles into account when storing customer data. There are eight principles of data protection. These state that data must be: Fairly and lawfully processed Used for limited purposes Adequate, relevant, not excessive Accurate Not kept longer than necessary Processed in accordance with the data subject's (i.e., the customer) rights Secure Not transferred to countries without adequate protection A more comprehensive definition of these principles is on website of the Information Commissioner's Office.Information Commissioner's Office

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 7 Business Requirements Managing Sensitive Data initiative Complying with law, regulations, contracts, policies, guidelines and procedures in protecting data and its appropriate use Protecting individual privacy and reducing the potential for identity theft Education and awareness Data Stewardship and Data Governance Privacy and Confidentiality Policy for Institutional Data Access principles, guidelines and procedures Guidelines for managing research data We have legal and ethical responsibilities to protect the privacy and confidentiality of institutional data.

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 8 Why it is Important As Company Associates, we sometimes have access to client and/or Company information that is not generally known to the public and provides the Company or our clients with a business advantage. This confidential information includes, but is not limited to: Strategic and business plans, Financial, sales or pricing information, Customer lists and data, Vendor terms with suppliers, System code or designs, tools, Methodologies and promotional plans, Proprietary computer systems, and Copyrights or trademarks on certain brand names. Our stockholders and clients rely on us to protect this important business information from unlawful or inadvertent disclosure. Our ability to protect the confidentiality of this information is critical to our ability to obtain and retain customers. Unauthorized or premature disclosure could have a serious financial impact on the Company and our clients and may subject the Company and our Associates to liability, including penalties for insider trading.

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 9 Industry Research A data breach occurs when there is a loss or theft of, or other unauthorized access to, data containing sensitive personal information that results in the potential compromise of the confidentiality or integrity of data. The first state data security breach notification law was enacted in California in In response to state security breach notification laws enacted thereafter in numerous jurisdictions, over 2,676 data breaches and computer intrusions involving 535 million records containing sensitive personal information have been disclosed by the nation’s largest data brokers, businesses, retailers, educational institutions, government and military agencies, healthcare providers, financial institutions, nonprofit organizations, utility companies, and Internet businesses. Source: Federal Information Security and Security Breach Notification Laws Data Security Breach Notification Laws by Gina Stevens, Legislative Attorney (April 10, 2012)

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 10 According to the Federal Trade Commission (FTC), identity theft is the most common complaint from consumers in all 50 states. Between January and December 2010, the Consumer Sentinel Network (CSN ), a database of consumer complaints, received more than 1.3 million consumer complaints. Identity theft tops the list accounting for 19% of the complaints. Federal Trade Commission, “Consumer Sentinel Network Data Book for January—December 2010,” March 2011, at cy2010.pdf cy2010.pdf Industry Data on data breaches YearWhatHowOrganization 2005personal information of 163,000 personsSecurity breachChoicePoint 2006 the personal data of 26.5 million veterans was breached employee’s hard drive was stolen from his home VA State million credit and debit cards breach of its computer network by unauthorized individuals TJX Companies million debit and credit card numbers computer systems were illegally accessed while the cards were being authorized for purchase the Hannaford supermarket chain million records from credit card processorsecurity breach Heartland Payment Systems Inc. of Princeton, N.J 2011patient data 20,000 emergency room patientssecurity breach Stanford Hospital in California 2011Data BreachesUnsecured Cloud Computing Epsilon, Sony, and Amazon data breaches compromising customer names and addresses Database Hacked marketing company Epsilon 2011 certain PlayStation Network and Qriocity service user account information was compromised an illegal and unauthorized intrusion into its network Sony

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 11

2012, Team-Tiger- Northwestern McCormick MSIT 2013 Confidential 12 ©2011, Cognizant Northwestern McCormick MSIT Q & A Feedback - Manu Arora - Syed Ashfaq