Presentation is loading. Please wait.

Presentation is loading. Please wait.

SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist.

Published byDominic Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist."— Presentation transcript:

1 SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist

2 Agenda Planning and assessing enterprise privacy Managing WMP & Office privacy settings Managing Internet-based Services in Windows Server 2003 Integrating P3P into your websites

3 Privacy Framework Push privacy features in PR & conferences Content on ms.com and MSDN privacy sites Interact with privacy leaders & analysts Privacy training for all teams Privacy analysis on features & components Privacy settings linked to group policy Turn off communications to the Internet Turn privacy settings off Protect access to data Privacy deployment guidelines Visible first-run experience Privacy response team creation PD 3 + Communications Privacy by Design Privacy by Default Privacy in Deployment Communications

4 Planning for Privacy Build a team of privacy professionals Provide privacy training for your entire company Create a corporate privacy policy Deploy the policy to each team in your company

5 Planning for Privacy Defining policy Define policy Ensure compliance Audit deployments Corporate Privacy Group MarketingHRSupport Define processes Deploy to all teams Data handling Application deployment Partner relationships

6 Document Data Usage Things to look for Is the data encrypted during collection, storage, and transfer Is there physical and programmatic security for the data Is a good auditing mechanism in place How do users access their data Is there a retention policy

7 Document Data Usage Collection Storage Sharing Onward transfer

8 Documenting Applications Office Online helpDisabled CEI ProgramDisabled IRMEnabled Inventory all applications Determine a policy for privacy settings Use group policy where possible to enforce your policy

9 Partner Relationships Make sure that partners understand your privacy policies Understand their privacy practices Always have a signed agreement in place before exchanging data

10 Office 2003 Internet/Privacy Based Features Internet Help Office Update Information Rights Management Document metadata Spotlight feature updates links from the Internet Document templates assist with protecting data

11 Office 2003 Word Privacy settings

12 Office 2003 Administrative Templates ADM fileApplication Office11.admShared Office11 components Access11.admMicrosoft Access11 Excel11.admMicrosoft Excel11 Gal11.admClip Organizer Instlr11.admWindows Installer 2.0 Outlk11.admMicrosoft Outlook11 Ppt11.admMicrosoft PowerPoint11 Pub11.admMicrosoft Publisher11

13 Office 2003 Information Rights Management Works with Windows Server 2003 Rights Management Server Protects documents from invalid access Controls read, write, printing, and forwarding of documents Can be used for legislation compliance GLBA, HIPAA, and Patriot Act Based on visible, embedded email address

14 Office 2003 Information Rights Management Author registers document Document goes to reviewer Reviewer gets document rights

15 Office 2003 - IRM Permissions Dialogs

16 Office 2003 - IRM Some things can’t be avoided

17 Controlling Office Privacy Settings demo demo

18 Windows Media Player 9 Overcoming Bad WMP 8 Practices Forgot to disclose new features in WMP 8 privacy statement Privacy expert announced, “MS can track the DVDs you watch.” Privacy settings were missing or vague Also, locally stored metadata lacked protection and access Responses to privacy issues were not coordinated

19 Windows Media Player 9 Install experience

20 Windows Media Player 9 Privacy settings

21 Controlling WMP9 Privacy Settings demo demo

22 Internet-Based Services Benefits Improve user experience Maintain high level of security and reliability Provide innovative features Reduce piracy

23 Internet-Based Services Misunderstandings No “backdoor” to obtain user data Microsoft does not sell, rent, or lease customer data to other companies

24 Internet-Based Services List for Windows Server 2003 Activation and registration Application Help Certificate Support Device Manager Driver Protection Dynamic Update Event Viewer File Association Help and Support Center HyperTerminal Internet Explorer 6.0 Internet Information Services Internet Protocol v6 NetMeeting Online Device Help Outlook Express 6.0 Plug and Play Program Compatibility Wizard Remote Assistance Search Companion Windows Error Reporting Windows Media Player Windows Time Service Windows Update

25 Windows Error Reporting Error Dialog

26 Windows Error Reporting Settings

27 Controlling Windows Error Reporting Privacy Settings demo demo

28 Windows Update Settings

29 Controlling Windows Update Privacy Settings demo demo

30 Using Group Policy to Control Privacy Settings demo demo

31 Internet Explorer 6.0 Privacy Features P3P based privacy functionality Permits cookie management Based on domain name Based on cookie type Based on level of desired privacy Integrating P3P improves trust

32 Internet Explorer 6.0 Privacy settings

33 Building P3P Content PolicyReferencePagePolicyReferencePage HTMLPolicyPageHTMLPolicyPageXMLPolicyPageXMLPolicyPage CompactPolicyDefinitionCompactPolicyDefinition

34 Ask The Experts Get Your Questions Answered I will be available at the Windows Server 2003 until 2 July

35 Community Resources http://www.microsoft.com/communities/default.mspx Most Valuable Professional (MVP) http://www.mvp.support.microsoft.com/ Newsgroups Converse online with Microsoft Newsgroups, including Worldwide http://www.microsoft.com/communities/newsgroups/default.mspx User Groups Meet and learn with your peers http://www.microsoft.com/communities/usergroups/default.mspx

36 Suggested Reading And Resources The tools you need to put technology to work! TITLE Available Microsoft® Windows® Security Resource Kit:0-7356-1868-2 Today Microsoft® Windows® Server 2003 Administrator's Companion: 0-7356- 1367-2 Today Microsoft Press books are 20% off at the TechEd Bookstore Also buy any TWO Microsoft Press books and get a FREE T-Shirt Writing Secure Code second edition Today

37 Using Windows in a Managed Environment Location of White Papers Windows XP SP1 http://www.microsoft.com/technet/prodtechnol/winxppro/mai ntain/xpmanaged/00_abstr.asp Windows 2000 SP3 http://www.microsoft.com/technet/prodtechnol/windows200 0pro/maintain/w2kmngd/00_abstr.asp Windows Server 2003 http://www.microsoft.com/technet/prodtechnol/windowsserv er2003/maintain/security/ws03mngd/00_abstr.asp

38 Other Resources Internet Explorer Administration Kit http://www.microsoft.com/technet/prodtechnol/winxppro/m aintain/xpmanaged/00_abstr.asp Deploying P3P on your website http://msdn.microsoft.com/workshop/security/privacy/overv iew/createprivacypolicy.asp Office 2003 Resource Kit http://www.microsoft.com/office/ork/xp/journ/orkbeta.htm

39 evaluations evaluations

40 © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Download ppt "SEC303 Assessing and Managing Privacy in the Enterprise JC Cannon Privacy Strategist."

Similar presentations

Welcome to the Minnesota SharePoint User Group. Agenda Quick Intro Announcements and News Document Management Content Types Records Management Q&A.

Welcome to the Minnesota SharePoint User Group. Agenda Quick Intro Announcements and News Document Management Content Types Records Management Q&A.
Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.

Power BI Sites and Mobile BI. What You Will Learn Sharing and Collaboration Introducing Power BI Exploring Power BI Features and Services Partner Opportunities.
 Troy Hopwood Program Manager Microsoft Corporation BB53.

 Troy Hopwood Program Manager Microsoft Corporation BB53.
Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.

Microsoft Confidential Solution Overview: Foxit Software Corporation’s PDF Security Suite.
WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.

WEB401 Security Practices for Web Services (Part 2) Keith Ballinger Program Manager XML Messaging Microsoft Corporation.
PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.

PETs and ID Management Privacy & Security Workshop JC Cannon Privacy Strategist Corporate Privacy Group Microsoft Corporation.
DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.

DEV392: Extending SharePoint Products And Technologies Through Web Parts And ASP.NET Clint Covington, Program Manager Data And Developer Services - Office.
Understanding Active Directory

Understanding Active Directory
Overview of Office 2003 Corinne Hoisington Central Virginia Community College.

Overview of Office 2003 Corinne Hoisington Central Virginia Community College.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.

Live Meeting APIs Robert Devine Program Manager Microsoft Corporation.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks www.sambrooks.com.

OFC324 Microsoft Project Server: Putting Enterprise Project Management (EPM) To Work Sam Brooks
Understanding Active Directory

Understanding Active Directory
Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.

Rob Hwacinski Sr. Program Manager Lead Microsoft Corporation WEM206 Ashwin Kulkarni Sr. Product Manager Microsoft Corporation.
1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.

1 Developing Rules Driven Workflows in Windows Workflow Foundation Jurgen Willis COM318 Program Manager Microsoft Corporation.
OFC302 Building Smart Document Solutions in Word & Excel Martin Sawicki Lead Program Manager.

OFC302 Building Smart Document Solutions in Word & Excel Martin Sawicki Lead Program Manager.
OFC 322 Building Office Research Web Services: Exposing Corporate Data Through Office Brian Jones Program Manager Authoring Services Martin Sawicki Lead.

OFC 322 Building Office Research Web Services: Exposing Corporate Data Through Office Brian Jones Program Manager Authoring Services Martin Sawicki Lead.
Office SharePoint Server 2007 Mark Dunkel US Education TSP - SharePoint Microsoft Corporation.

Office SharePoint Server 2007 Mark Dunkel US Education TSP - SharePoint Microsoft Corporation.
DEV334 Creating Application Starting Points & Sharing Best Practices with Enterprise Templates Marc Gusmano Director of Emerging Technologies The Information.

DEV334 Creating Application Starting Points & Sharing Best Practices with Enterprise Templates Marc Gusmano Director of Emerging Technologies The Information.

Similar presentations

Ads by Google