Privacy, Security, and trust in cloud computing BY: SIANI PEARSON PRESENTED BY: KIA MANOOCHEHRI.

Slides:



Advertisements
Similar presentations
Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
Advertisements

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Auditing Concepts.
Confidentiality and Privacy Controls
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Lecture 1: Overview modified from slides of Lawrie Brown.
Strand 1 Social and ethical significance. Reliability and Integrity Reliability ◦Refers the operation of hardware, the design of software, the accuracy.
The Ecommerce Security Environment For most law-abiding citizens, the internet holds the promise of a global marketplace, providing access to people and.
Security Controls – What Works
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Business Plug-In B7 Ethics.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,
Applied Cryptography for Network Security
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cloud Usability Framework
Information Systems Controls for System Reliability -Information Security-
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Introduction to Cloud Computing
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
SEC835 Database and Web application security Information Security Architecture.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
HPCC 2015, August , New York, USA Wei Chang c Joint work with Qin Liu a, Guojun Wang b, and Jie Wu c a. Hunan University, P. R. China b. Central.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.
Content, Trust and Security What has knowledge representation to do with security? Graham Klyne Head of Strategic Research, MIMEsweper Group and Nine by.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
McGraw-Hill/Irwin © 2006 The McGraw-Hill Companies, Inc. All rights reserved. 2-1 BUSINESS DRIVEN TECHNOLOGY Business Plug-In B2 Ethics.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Information Security IBK3IBV01 College 2 Paul J. Cornelisse.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
Understanding Privacy An Overview of our Responsibilities.
Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.
Cloud Computing: Legislative and Regulatory Frameworks Presentation to AREGNET Ria M. Thomas 29 April 2014 Occid-OrientStrategies.
Understanding Privacy An Overview of our Responsibilities.
Benefits of BigPrivacy® by Data Use
CS457 Introduction to Information Security Systems
Privacy and Public Policy Implications of IoT
Auditing Concepts.
Brussels Privacy Symposium on Identifiability
Benefits of BigPrivacy by Data Use
Security Standard: “reasonable security”
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
Cloud Computing Kelley Raines.
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
State of the privacy union
INFORMATION SYSTEMS SECURITY and CONTROL
A New Technology for Video Surveillance Cameron Serles
General Data Protection regulation (GDPR)
Howard Rosenbaum "Your Vulnerability in CyberSpace - FBI and IU perspectives on Internet security, intellectual property,
ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions
Presentation transcript:

Privacy, Security, and trust in cloud computing BY: SIANI PEARSON PRESENTED BY: KIA MANOOCHEHRI

Contents  Introduction  Privacy Issues  Security Issues  Trust Issues  Addressing these issues

Introduction  What is cloud computing?  “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”  Keep in mind hardware or software resources and also internet applications are included in this explanation

Privacy, Security, and Trust  Privacy and Trust have no standard universally accepted definition  This is an intrinsic problem that we will discuss  We defined security last time as the following:  “the ability of a system to protect information and system resources with respect to confidentiality and integrity”  Expand the definition this time to: “Preservation of confidentiality, integrity and availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved.”

Privacy, Security, and Trust  Personal Information and Personal Data are used by European and Asian vendors but the USA uses “Personally Identifiable Information”  Name, Address, SS#, CC#s, address, passwords, DOB.  “ personal data shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.”

Privacy, Security, and Trust  Important Terms:  Data controller: An entity (whether a natural or legal person, public authority, agency or other body) which alone, jointly or in common with others determines the purposes for which and the manner in which any item of personal information is processed  Data processor: An entity (whether a natural or legal person, public authority, agency or any other body) which processes personal information on behalf and upon instructions of the Data Controller  Data subject: An identified or identifiable individual to whom personal information relates, whether such identification is direct or indirect (for example, by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity)

Privacy  According to the United Nations, privacy is “a fundamental human right”  European Convention on Human Rights also affirms this (1948)  UK Human Rights act of 1998 also affirms this

Privacy  The United States of America disagrees with their NSA…  We know they keep records of the following:  All calls made in the US  Content of some of these calls  , Facebook, and instant messages  Raw Internet Traffic

Privacy  Generally speaking, privacy concerns deal with:  Personal information  Particularly concerned with keeping it out of the hands of the government  “The right to be left alone”  “control information about ourselves”

Privacy  Additional concerns:  “the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personally identifiable information”  “focus on the harms that arise from privacy violations”

Privacy Issues  Lack of User Control  Fundamentally counter-intuitive to the cloud concept  Leads to potential theft, misuse, and unauthorized resale by the vendors

Privacy Issues  Unauthorized Secondary Usage  CSP may gain revenue from authorized secondary uses of users’ data, most commonly the targeting of advertisements  Risk of vendor demise; what happens if CPS goes bankrupt???

Privacy Issues  Data Proliferation and Transborder Data Flow  Difficult to ascertain privacy compliance requirements in the cloud  Difficult to ascertain WHERE our data actually is…

Privacy Issues  Dynamic Provisioning  Unclear what rights in the data will be acquired by data processors and their sub-contractors  Unclear WHO is actually responsible for the data…

Trust  No universally accepted scholarly definition… yay!  “Trust is a psychological state comprising the intention to accept vulnerability based upon positive expectations of the intentions or behavior of another”

Trust  Previous definition is poor and doesn’t cover the following concerns  Letting the trustees take care of something the trustor cares about  The subjective probability with which the trustor assesses that the trustee will perform a particular action  The expectation that the trustee will not engage in opportunistic behavior  A belief, attitude, or expectation concerning the likelihood that the actions or outcomes of the trustee will be acceptable or will serve the trustor’s interests

Trust Issues  Fundamentally, trust is a difficult concept for users to grasp  “trust is hard to build and easy to lose: a single violation of trust can destroy years of slowly accumulated credibility”  Need to consider both social and technological aspects

Trust Issues  Barriers to cloud adoption

Addressing these issues  Need consistent and coordinated development in three major categories  Innovative regulatory frameworks  Responsible company governance  Supporting technologies

Addressing these issues  Innovative regulatory frameworks  Accountability which can allow global business and provide redress within cloud environments

Addressing these issues  Responsible company governance  Organizations act as a responsible steward of the data which is entrusted to them within the cloud, ensuring responsible behavior via accountability mechanisms and balancing innovation with individuals’ expectations  Privacy by Design being a way of achieving this.

Addressing these issues  Privacy by Design – 7 Key Concepts  Proactive not Reactive; Preventative not Remedial  Privacy as the Default Setting  Privacy Embedded into Design  Full Functionality – Positive-Sum, not Zero-Sum  End-to-End Security – Full Lifecycle Protection  Visibility and Transparency – Keep it Open  Respect for User Privacy – Keep it User-Centric

Addressing these issues  Supporting technologies  these include privacy enhancing technologies, security mechanisms, encryption, anonymization

Privacy, Security, and trust in cloud computing BY: SIANI PEARSON PRESENTED BY: KIA MANOOCHEHRI

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.