Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust Relationships Meeting Notes September 26, 2003 Dartmouth College.

Published byRatna Kurnia Modified over 5 years ago

Similar presentations

Presentation on theme: "Trust Relationships Meeting Notes September 26, 2003 Dartmouth College."— Presentation transcript:

1 Trust Relationships Meeting Notes September 26, 2003 Dartmouth College

2 Concepts Trust Risk Liability
I am going to draw a bit from experience from having been in charge of Info Security at Barclays Capital.

3 Explicit Trust (contractual relationship) Defined agreement
Known bounds Understood ramifications if broken or abrogated Verifiable Example (financial) Terms on wire transaction (higher-ed) Network usage policy Very different motivations

4 Trust Implicit Trust Reputation based Unclear bounds Degree can change over time Difficult to verify Example (financial) FX, bonds (higher-ed) Most interactions

5 Trust in Computing is Getting Scarce...
Hypothesis: Users feel they can’t trust their hosts with IT services and the service providers can’t trust the users’ hosts. Mail: Viruses, Spam, Scams Operating Systems: Vulnerabilities and Exploits Ephemeral Vendor Relationships The Source of Programs Quality of Applications/Coding P2P ... but Risk is still plentiful. Trust: Firm reliance on the integrity, ability, or character of a person or thing.

6 Risk Investment Banks and Risk Regular program of risk assessment and management. Defining assurance: information security practice, technology and audit was needed to mitigate risk sufficiently. Higher-Education and Information Risk Typically “defined” by IT organizations Generally no risk analysis is performed Not usually categorized by asset type Q. Can higher education get its head around Information Risk Management? Let me start by saying that I didn’t get into applied computing to sell insurance. IT shouldn’t be in the business of advising a company or a University how much they should buy or what to insure. That’s a Risk Management issue. Let’s make them do their job.

7 Liability Regulatory Compliance Civil Judgments

8 Why Work on Information Risk Management?
Unknown and un-quantified risks don’t go away IT Professionals aren’t actuaries for digital assets Rise in the Complexity of Required Controls HIPAA TEACH Tracking DRM and IP Forensics Challenges coming to network authentication schemes and practices

9 Middleware Architecture
Must be flexible to adapt to institutional policies that don’t exist yet. Powerful broker of institutional trust and interoperability. Should be applied in response to risk and audit requirements. The broader the adoption, the greater the risk.

10 Roles: Risk, Info. Security and Internal Audit
Risk Management Quantifies risk Underwrites institution Information Security Responds to risk assessment with technology and practice Provides Audit Trail Real-Time Trust Broker Internal Audit Assesses information security response to risk and policy Verifies basis of trust Fosters confidence

11 Actions: Security Analyst Watch
Engage Risk Management in Dialogue on Assessment Contribute to the Creation of Clear Policies Help Risk and Audit Understand Technology A word about identity “Ownership” of Institutional Identity and Root CA’s User, Service, Host Identity (end part I)

12 Trust and Authorization
Audit’s Shaping of the Authority Registry Institutional identity has an owner thanks to HIPAA Risk Management and assessment at Stanford RBAC will need a representation of academic roles

Download ppt "Trust Relationships Meeting Notes September 26, 2003 Dartmouth College."

Similar presentations

The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.

The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.

Audit Issues regarding Passwords on Elevated Privilege Accounts Gene Scheckel Global Internal Audit.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Learning Objectives LO1 Describe the finance and investment process: risk assessment, typical transactions, source documents, controls, and account balances.

Learning Objectives LO1 Describe the finance and investment process: risk assessment, typical transactions, source documents, controls, and account balances.
Information Security Policies and Standards

Information Security Policies and Standards
Introduction to Audit & Other Assurance Services By David N. Ricchiute

Introduction to Audit & Other Assurance Services By David N. Ricchiute
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 9-1 Chapter (1) An Overview Of Financial Management.

Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 9-1 Chapter (1) An Overview Of Financial Management.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Copyright 2004 Prentice Hall

Copyright 2004 Prentice Hall
Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 9-1 Chapter (1) An Overview Of Financial Management.

Copyright © 2006 Pearson Addison-Wesley. All rights reserved. 9-1 Chapter (1) An Overview Of Financial Management.
Libraries and Institutional Content Management Systems

Libraries and Institutional Content Management Systems
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Chapter 3: Information Security Framework

Chapter 3: Information Security Framework
Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.

Tan Jenny 23 September 2009 SESSION 4: Understanding Your IT Control Environment & Its Readiness.
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Copyright Copyright Ian Taylor 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Copyright Ian Taylor This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Career Tracks and Opportunities in Finance. Different Finance Career Tracks  Corporate Finance  Investments  Banking and Financial Services  Insurance.

Career Tracks and Opportunities in Finance. Different Finance Career Tracks  Corporate Finance  Investments  Banking and Financial Services  Insurance.
MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.

MIGRATING INTO A CLOUD P. Sai Kiran. 2 Cloud Computing Definition “It is a techno-business disruptive model of using distributed large-scale data centers.

Similar presentations

Ads by Google