Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1.

Published byRonald Gerard Gregory Modified over 8 years ago

Similar presentations

Presentation on theme: "Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1."— Presentation transcript:

1 Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1

2 Agenda What to expect Impact ‘Preparation’ versus ‘Vigilance’ - will you be prepared for the changes or will you wait for the changes to occur and then deal with them? Resources 2

3 What to expect 2014 fallout Payment Card Industry Healthcare Student Data 2015 Trends to Come 3

4 2014 fallout 2014 was a landmark year for data security issues Massive (quantity and scope) security breaches - Retailers, White House, Sony (direct impact on use of technology, decision-making related to entertainment, financial impact to P&L, consumer disengagement continues)Massive (quantity and scope) security breaches 4

5 Payment card industry Move to EMV (Europay Mastercard Visa) a.k.a. ‘Chip & PIN’ Liability shift Faster adoption of mobile based transaction terminals - Apple Pay Point to Point Encryption (P2PE) 5

6 Healthcare Use of mobile health apps and devices Privacy versus convenience - convenience appears to be winning Healthcare costs bubble burst - (or close to) Push for research and innovation - more data to protect Customized care management and marketing strategies 6

7 Student Data – Laws & Regulations FERPA ( Federal Education Records Privacy Act) prohibits federal funding of an educational agency or institution that has a policy or practice of disclosing a student’s “education record” without the consent of the parent or eligible student. 7

8 Student Data – Laws & Regulations State breach notification laws Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information. 8

9 Student Data – Laws & Regulations PPRA (Protection of Pupil Rights) affords certain rights to parents of minor students with regard to surveys that ask questions of a personal nature. 9

10 Student Data : New & proposed laws Sep 2014 California : Student Online Personal Information Protection Act (SOPIPA): aggressively protects the use of student educational data by third-party vendors. Jan 2015 : Proposed Student Digital Privacy Act 10

11 National look at Student Privacy Legislations GW Information Security Policy Information Security Policy Guidance – Data Storage and Custodial PracticesInformation Security Policy Guidance – Data Storage and Custodial Practices Security Breaches Involving Non-Public Personal InformationSecurity Breaches Involving Non-Public Personal Information 11 Reference and Resources

12 Expected Trends in 2015 Changes to terms and conditions of contracts related to online accounts Concept of sharing/unsharing data rather than emailing Embedded file protection; expect that endpoints are not to be trusted Disposable endpoints Emphasis on data archival and disposition - if a file is not accessed or used for ‘x’ years, it should be encrypted and then archived (if not disposed). 12

13 Expected Trends in 2015 (continued) Social media - continues to be an influencer, avenue of communication and threat to privacy Federal data - more strict rules to access data Two-factor authentication - increasing use More state sponsored and political motivated hacks 13

14 Privacy – know your options 14

15 Privacy As of today is largely unprotected Regulations are weak and less proactive Rules are not standardized across geopolitical boundaries Your information translates to money Nothing is free. So, apply conscious subscriptions 15

16 Privacy - How to fix things Stronger legislations Standardized rules Privacy incorporated into software engineering and services You’d be millionaire right now, if you could bill anytime a company used your information to sell you something 16

17 Interesting Resources http://www.submarinecablemap.com/#/ http://map.ipviking.com/ https://www.fireeye.com/cyber-map/threat-map.html http://www.digitalattackmap.com http://www.trendmicro.com/us/security-intelligence/current-threat-activity/global- botnet-map/ http://en.wikipedia.org/wiki/Carna_botnet http://www.informationisbeautiful.net/visualizations/worlds-biggest-data- breaches-hacks/ http://toolbar.netcraft.com/stats/map 17

18 Contact : infosec@gwu.edu Questions? 18

Download ppt "Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1."

Similar presentations

October 28, 2013. Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.

October 28, Who? What? When? Why? Comply with PCI compliance policies set forth by industry Create internal policies and procedures to protect.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking – Slide 1 Funded by a grant from Take Charge America,
Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.

Safeguarding Data to Ensure Effective Data Use Paige Kowalski |Director| State Policy & Advocacy July 2014.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
Data Security Laws and the Rising Cybersecurity Debate

Data Security Laws and the Rising Cybersecurity Debate
© 2004 Property Casualty Insurers Association of America The Alphabet of Federal Legislation Kathleen Jensen Property and Casualty Insurers Association.

© 2004 Property Casualty Insurers Association of America The Alphabet of Federal Legislation Kathleen Jensen Property and Casualty Insurers Association.
Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.

Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.
Visa Confidential1 Card Regulation; Pricing and Security Paul Russinoff State Government Relations.

Visa Confidential1 Card Regulation; Pricing and Security Paul Russinoff State Government Relations.
1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.

1.7.6.G1 © Family Economics & Financial Education –March 2008 – Financial Institutions – Online Banking Funded by a grant from Take Charge America, Inc.
Dino Tsibouris (614) 360-1160 Information Security – What’s New In the Law?

Dino Tsibouris (614) Information Security – What’s New In the Law?
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
EMV’s Impact on U.S. Retailers – It’s Coming! Presented by: Chris Francis VP, Market Development February 21, 2014.

EMV’s Impact on U.S. Retailers – It’s Coming! Presented by: Chris Francis VP, Market Development February 21, 2014.
Emerging Technologies

Emerging Technologies
Travillon Consultants

Travillon Consultants
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
De Nederlandsche Bank Eurosysteem Card Payments and Internet Banking Thijs Kettenis 2nd Conference of the Macedonian Financial Sector on Payments and Securities.

De Nederlandsche Bank Eurosysteem Card Payments and Internet Banking Thijs Kettenis 2nd Conference of the Macedonian Financial Sector on Payments and Securities.
Electronic Payment Systems

Electronic Payment Systems
Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.

Compliance and Regulation for Mobile Solutions Amanda J. Smith Messick & Lauer, P.C. May 16, 2013.
Write True or False for the following questions #1-20

Write True or False for the following questions #1-20

Similar presentations

Ads by Google