Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incentives of Privacy Enhancing Technologies Copenhagen, Denmark – 10 September 2010 2010 PRIVAT TEK Oluf Nielsen Scientific Officer Trust & Security Unit.

Published byElla Lang Modified over 9 years ago

Similar presentations

Presentation on theme: "Incentives of Privacy Enhancing Technologies Copenhagen, Denmark – 10 September 2010 2010 PRIVAT TEK Oluf Nielsen Scientific Officer Trust & Security Unit."— Presentation transcript:

1 Incentives of Privacy Enhancing Technologies Copenhagen, Denmark – 10 September 2010 2010 PRIVAT TEK Oluf Nielsen Scientific Officer Trust & Security Unit Information Society and Media Directorate-General European Commission The views expressed in this presentation are purely those of the speaker and may not in any circumstances be regarded as stating an official position of the European Commission.

2 “TRUSTWORTHY ICT” Cloud computing lets Feds read your email Phorm to use BT customers to test precision advertising system on net La colère associative monte contre Edvige, le fichier policier de données personnelles Web giants spark privacy concerns Big Brother tightens his grip on the web YouTube case opens can of worms on online privacy Grosse faille du web, et solution en chemin Revealed: 8 million victims in the world's biggest cyber heist Phishing attacks soar in the UK Cyberwar and real war collide in Georgia Internet security Code red The Evolution of Cyber Espionage Lessons from SocGen: Internal Threats need to become a security priority Six more data discs 'are missing' Big Brother Spying on Americans' Internet Data? UK's Revenue and Customs loses 25 million customer records Identity theft, pornography, corporate blackmail in the web's underworld, business is booming Defenseless on the Net Internet wiretapping Bugging the cloud Privacy Trust Security

3 “TRUSTWORTHY ICT”  Technology – Cyber-threats, cyber-crime – The Future of the Internet – Complex ICT Systems and Services underpinning Critical Infrastructures  Users – Trust, accountability, transparency – Identity, privacy and empowerment, – Creativity, Usability – Economics of Security – Human values and acceptance

4 COST/BENEFITS  What Security Economic research is needed to better understand the economic impact of data breaches for stock market valuations highlighting security vulnerabilities?  How can Security Economics be used to analyze how effective cost sharing of liability is possible in order to achieve more societal optimal investments in ICT trust and security applications?  What market conditions and economic incentives has to be in place for firms to invest in ICT security to minimise their long-term costs and respond better to market forces by integrating ICT security into their products and services? TRUSTWORTHY ICT: Security Economy Open Research Questions? What does the rising trend in identity theft and potential cost of data breach imply for companies security strategy for their networks, computers and access?

5 TRUSTWORTHY ICT: Security Economy Open Research Questions? Could vulnerability markets help buyers and sellers to establish the actual cost of finding ICT systems and software flaw?  Would Market-based approaches increase the number of identified vulnerabilities by motivating more people to search flaws?  Why is Cyber insurance markets not taken up more widely?  Would Reputation systems deter free-riding and cheating in peer-to-peer networks?

6 How to create?  Better knowledge when it pays off for companies investing in more ICT security applications by linking closely to corporate values in their assets?  More incentives for better company reporting e.g. how they manage their assets and security breaches for both their internal and external stakeholders?  More trust worthy financial reporting that includes: controls of information; security policy; security standards access; authentication; network security? TRUSTWORTHY ICT: Security Economy Open Research Questions? Personalised Services

7  How to identify and manage vulnerabilities in cyber space?  What does it take for a competitor to reproduce your company assets?  What does it take for a competitor to reproduce your company assets?  How to focus your IT security investment on the core assets?  How to focus your IT security investment on the core assets?  How to apply the appropriate control measures?  How to apply the appropriate control measures? TRUSTWORTHY ICT: Security Economic ICT Applications? – How to Value your Core Assets?

8 Is there a need for developing user friendly and cost effective ICT tools which enable organisations to better assess and value their high value assets? To be used for collecting information on incidents, losses, and spending ICT applications which integrates economic incentive trust mechanism ICT systems which ensures informed and automated management decision creating transparency and accountability for key stakeholders There is a need for user friendly automated tools which can perform those controls on organisations most critical assets to cope with rapid evolving ICT security challenges

9 TRUSTWORTHY ICT: Security Economic ICT Applications? – How to Value Your Core Assets? TOTAL VALUE ASSETS [TANGIBLE PLUS INTANGIBLES] Data Application Host Network TOTAL IT EXPENDITURE CYBER VULNERABILITIES MATRIX Core Assets Core Assets Data Application Network Host TOTAL IT SECURITY EXPENDITURE

10 Embedding Privacy by Design in Technology Technological data protection should be taken into account already at the planning stage. Privacy by design should be technological neutral. From the creation of standards and the design of architecture to their implementation by the data controller. The European Digital Agenda endorses the principles of privacy by design to ensure citizens and trust in ICT and for online services. Privacy and Trust goes hand in hand and Privacy by Design should be guiding principle for the development of new trustworthy ICT. Source: Opinion of the European Data Protection Supervisor on Promoting Trust in the Information Society by Fostering Data Protection and Privacy, Brussels 18 March 2010

11 Embedding Privacy by Design in Technology The Lisbon Treaty has reinforced protection by recognizing the respect for private life and protection of personal data as separate fundamental rights in articles 7 and 8 of the EU Charter of Fundamental Rights. Whereas the protection of the rights and freedom of data subjects with regard to the processing of personal data that requires appropriate technical and organizational measures to be taken; both at the time of design of the processing system, and the time of the processing itself particularly in order to maintain security and thereby to prevent any unauthorized processing.

12 ICT FP7 WORK PROGRAMME 2011-2012 Objective ICT-2011.1.4 Trustworthy ICT a)Heterogeneous networked, services and computing environments b)Trust, eIdentity and Privacy management infrastructures c)Data policy, governance and socio- economic ecosystems d)Networking and coordinating activities

13 ICT FP7 WORK PROGRAMME 2011-2012 Objective ICT-2011.1.4 Trustworthy ICT b) Trust, eIdentity and Privacy management infrastructures Development of trusted architectures, protocols and models for trust assurance Protocols for privacy infrastructures Interoperability or federated management of identity claims  Flexible use of centric privacy  Accountability  Non-repudiation  Traceability  Right to oblivion at the design level

14 ICT FP7 WORK PROGRAMME 2011-2012 Objective ICT-2011.1.4 Trustworthy ICT c) Data policy, governance and socio-economic ecosystems Management and governance frameworks Technology supported social economics frameworks for risk analysis, liability assignment, assurance and certification Tools for trust management based on cost benefit analysis

15 ICT FP7 WORK PROGRAMME 2011-2012 Objective ICT-2011.1.4 Trustworthy ICT Expected Impact Improved European industrial competitiveness in markets of trustworthy ICT Adequate support to users to make informed decisions on the trustworthiness of ICT Demonstrable usability and societal acceptance of proposed handling of information and privacy

16 Further information  On ICT-FP7 Security: http://cordis.europa.eu/fp7/ict/security/home_en.html  ICT-FP7 Project Synopsis: http://cordis.europa.eu/fp7/ict/security/projects_en.html http://cordis.europa.eu/fp7/ict/security/projects_en.html  Objective 1.4 Call Details: –Opening expected 26 July 2011 - Ending 17 January 2012  More information: oluf.nielsen@ec.europa.eu Research Programme Officer Trust and Securityoluf.nielsen@ec.europa.eu

Download ppt "Incentives of Privacy Enhancing Technologies Copenhagen, Denmark – 10 September 2010 2010 PRIVAT TEK Oluf Nielsen Scientific Officer Trust & Security Unit."

Similar presentations

A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
Toward an EU strategy to defend our technological assets Second panel interview. Focus on defense against misappropriation of technogical assets Guillaume.

Toward an EU strategy to defend our technological assets Second panel interview. Focus on defense against misappropriation of technogical assets Guillaume.
FIA Prague Preparation February 6, 2008. Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
European Policy challenges on eAccessibility Paris 31 January 2005 Per BLIXT (HoU) -- Unit eInclusion.

European Policy challenges on eAccessibility Paris 31 January 2005 Per BLIXT (HoU) -- Unit eInclusion.
Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.

Jacques Bus, Head of Unit DG Information Society and Media EU-US Cooperation in Network and Information Security 17 Mar, 2008 – Yale, US.
Dr. Detlef Eckert DG Information Society and Media European Commission Information Security 23 September 2008 SecureComm 2008, Istanbul.

Dr. Detlef Eckert DG Information Society and Media European Commission Information Security 23 September 2008 SecureComm 2008, Istanbul.
Www.QinetiQ-NA.com © QinetiQ North America, Inc. 2010 QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.

© QinetiQ North America, Inc QinetiQ North America, Inc. 1 Implementing an Enterprise Security Framework – Safeguarding Your Most.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Digital public services and innovation

Digital public services and innovation
SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.

SECURITATEA SISTEMELOR INFORMATICE ŞI DE COMUNICAŢII Bucharest, September, 21, 2004 ATHENEE PALACE HILTON, Sala Le Diplomate Quo Vadis Information Security.
Dirk van Rooy, Ph.D. DG Information Society and Media European Commission Perspectives for Trust and Security in the future Digital Society Scope for actions.

Dirk van Rooy, Ph.D. DG Information Society and Media European Commission Perspectives for Trust and Security in the future Digital Society Scope for actions.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
Security Controls – What Works

Security Controls – What Works
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 1 Horwath InternationalCopyright 2006 Crowe Chizek and Company LLC 1 IT Audits – Understanding the Standards Illinois Digital Government Summit September.

1 1 Horwath InternationalCopyright 2006 Crowe Chizek and Company LLC 1 IT Audits – Understanding the Standards Illinois Digital Government Summit September.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.

IT Governance: Simultaneously Empowers and Controls Source: IT Governance, Chapter 1.
Proposed action: European SME Digital Capability Framework Objectives: o Deliver a competency-based assessment system that enables companies to measure.

Proposed action: European SME Digital Capability Framework Objectives: o Deliver a competency-based assessment system that enables companies to measure.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

Similar presentations

Ads by Google