Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Trust Professor Richard Walton CB. Exam Question The importance of Trust in Data Protection (This essay should discuss the relationship between.

Published byNicholas Preston Modified over 8 years ago

Similar presentations

Presentation on theme: "Managing Trust Professor Richard Walton CB. Exam Question The importance of Trust in Data Protection (This essay should discuss the relationship between."— Presentation transcript:

1 Managing Trust Professor Richard Walton CB

2 Exam Question The importance of Trust in Data Protection (This essay should discuss the relationship between trust and assurance, the different nature of Confidentiality and Privacy in relation to trust, along with the importance of data Protection – and associated legislation – in contributing to Assurance to facilitate Trust. Also discuss how these issues are addressed through Information Security Management Processes)

3 The Nature of Trust  Difficult to define  Nebulous and Subjective  Pervasive in interpersonal dealings  Two concerns – Bona fides – Competence  Integrity

4 I can trust you, can't I?

5 Mutual Exposure

6 Trust and Assurance Assurance builds confidence that machine processes are doing the right thing with no unlooked-for side effects and that people/organisations behind the process are also doing the right thing. Assurance addresses both bona fides and competence.

7 Organisations Trusting  Classic Infosec  Security Policy  Regulations  Personnel Vetting  Least Privilege  Access Control  Audit & Monitoring

8 Trust and Organisations You can trust most of the people most of the time

9 Trusting Organisations  Imbalance of Power  Conflict of Interest  Reputation  Legal Framework  Financial guarantees  Third Party Intermediaries  Transparency

10 Trust and Machines You can trust a machine to do what it is told to do. But what has it been told to do...?

11 Trust and Machines  Reputation of Organisations  Qualifications of Staff  Functional Testing  Penetration Testing  Evaluation & Certification  Audit, Monitoring and Checking  Authentication of Machine and of Users

12 Data Protection  Confidentiality –Keep secrets secret –Prevent unauthorised disclosure –Information owner control  Privacy –Personal information –Control usage –Prevent abuse of personal information

13 Privacy Privacy is not the same as Confidentiality The most challenging issues are less to do with keeping information secret than with controlling use and abuse of private information

14 Trust and Data Protection  Serious Breaches have caused loss of public trust – Reduces business benefit – Limits effectiveness of e-commerce and e- government  Vital to restore trust through confidence building assurance measures – The law is only part of the solution

15 Trust and Data Protection  Law and Regulation –Data Protection Act –Official Secrets Act –Copywrite and Patent laws –Digital Rights Protection  Policy assertions  Use of encryption  Authentication mechanisms  Tick box permissions

16 Conclusions 1  Trust is central to achieving business benefits  Trust is built from Assurance measures  Historic trust between individuals serves as a starting point  Trust by and in organisations is complex  Trusting machines is technically challenging  Trust must be managed – And is an essential ingredient in information security

17 Conclusions 2  Data Protection (DP) is an exemplar of the need for trust – Trust lost through serious inadequacies  DP concerns both Confidentiality and Privacy – These are not the same  Privacy poses the more challenging trust questions

Download ppt "Managing Trust Professor Richard Walton CB. Exam Question The importance of Trust in Data Protection (This essay should discuss the relationship between."

Similar presentations

Code of Ethics for Professional Accountants

Code of Ethics for Professional Accountants
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
The Challenges for Ensuring Transparency and Accountability in specific Areas of Public Financial Management presented by Mr.Abdluaziz Yousef Al-Adsani.

The Challenges for Ensuring Transparency and Accountability in specific Areas of Public Financial Management presented by Mr.Abdluaziz Yousef Al-Adsani.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Professional Behaviour

Professional Behaviour
Chapter 20 Additional Assurance Services: Other Information

Chapter 20 Additional Assurance Services: Other Information
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
Security Controls – What Works

Security Controls – What Works
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Code of Ethics – Discussion Question

Code of Ethics – Discussion Question
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Training on Data Protection Roles of the Data Protection Office.

Training on Data Protection Roles of the Data Protection Office.
ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,

Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Similar presentations

Ads by Google