SlideShare a Scribd company logo

Dwyer ISSA Presentation

Download as PPTX, PDF
Cathy Dwyer
Cathy Dwyer

When Everyone (Including Your Mother) Is On Facebook: Implications for Information Privacy and Security Professionals

Technology
1 of 18
When Everyone (Including Your Mother) Is on Facebook:Implications for Information Security & Privacy Professionals Catherine Dwyer, PhD. Seidenberg School of Computer Science & Information Systems Pace University
What is a digital native? (everyone) How did we get here - two tales from the past decade – “MIS” and “Web 2.0” What challenges does “web 2.0” raise for security and privacy professionals? How can ISSA and other organizations tackle these issues? My talk today 2 NYMISSA 5/26/2011
NYMISSA 3 5/26/2011
Expect immediate access to all information sources relevant to task, available 24/7, from any location, from any “smart” device with an easy to use interface Always connected, unless they don’t want to be, so you better respect (and protect) their privacy Traders from investment bank want to be able to execute trades using their iPad 5/26/2011 NYMISSA 4 What is a digital native?
How did we get here? Two stories MIS Web 2.0 2000 - Nasdaq peaks at 5132 (2749 on 5/24) 2002 - SOX is passed 2003 – Carr HBR,“IT Doesn’t Matter” dot com bust Outsourcing Decreased MIS investment and employment 2001 – iPod & iTunes, WikiPedia 2004 – Facebook, GMail (beta) NYMISSA 5 5/26/2011 “The overinvestment in IT echoes the overinvestment in railroads …. Companies dazzled by the commercial possibilities threw large quantities of money away on half-baked businesses and products.”
Two Stories cont. MIS Web 2.0 2005 – YouTube, Google Maps 2006 – Twitter 2007 – iPhone 2009 – Android phone 2010 - iPad NYMISSA 6 5/26/2011 US CS Majors
2011 – digital natives & IT security professionals MIS Staff Digital natives Must manage Web 2.0 security and privacy leaks with strained infrastructure, little training and low staffing levels Few CS/IS majors graduating – and they are going to work for FB & Google! Digital natives equals everyone! Customers, employees, and corporate leadership (CEOs with blogs?) Facebook sets standard for usability and information access NYMISSA 7 5/26/2011
Scott M., VP at HP, updated LinkedIn profile described work developing ‘object storage,’ ‘networking,’ and ‘block storage’ for ‘an innovative and highly differentiated approach to cloud computing.’ The only problem was HP initiative was not public knowledge Post described user interface, including APIs and language binds for Java, Ruby, etc. NYMISSA 8 Oops! 5/26/2011
Lock down systems: Former national security advisor Richard Clarke reported that after the Pentagon had a security breach from a thumb drive, it ordered that all USB connections plugged with rubber cement Train people – “if you share information about yourself you could be the victim of identity theft” NYMISSA 9 What can we do about it? 5/26/2011
One example from student assignment exercise conducting security/privacy audit: E.V. has no anti-spyware or anti-virus software E.V.’s computer does not update its system automatically E.V. does not use strong passwords, has one password for all of her accounts NYMISSA 10 Are digital natives aware of data leakage and security issues? 5/26/2011
NYMISSA 11 201 Apps! 5/26/2011 Facebook Apps are third party applications that get access to profile data (even when FB user is not online)
NYMISSA 12 NYT – 5/12/2010 NYT – 5/12/2010 - To manage your privacy on Facebook, you must navigate through 50 settings with more than 170 options 5/26/2011
As a property of data, e.g. social security numbers are private Must re-conceptualize privacy as a process “Many argue protecting privacy means strictly limiting access to personal information or assuring people’s right to control information about themselves. I disagree. What people care most about is not simply restricting the flowofinformation but ensuring that it flowsappropriately.”- Helen Nissenbaum, Privacy in Context 5/26/2011 NYMISSA 13 How is privacy implemented?
Building in privacy from the outset achieves better results than “bolting it on” at the end 1) Incorporating four substantive privacy protections into a firm’s practices Security, collection limits, retention practices, accuracy 2) Maintaining comprehensive data management procedures throughout the life cycle of their products and services 5/26/2011 NYMISSA 14 Privacy by Design
“Control over privacy” is a data centric approach Must re-conceptualize privacy as a process, not a property of a distinct piece or category of data We can’t fix privacy by adding checkboxes to every data sharing decision point Need to apply BPM, UML and workflow analysis to identify context relevant to information privacy NYMISSA 15 Clear role for ISSA 5/26/2011
You are critical stakeholders in this process and need a stronger connection to decision makers Your expertise with COSO framework and COBIT are extremely relevant to these problems – “privacy controls” Who is your lobbyist? How can you join the current privacy/security regulatory debate? NYMISSA 16 Going forward 5/26/2011
Privacy Papers for Policy Makers (Future of Privacy Forum) Lessons from the Identity Trail - Lessons From the Identity Trail Carnegie Mellon - CyLabHarvard - Berkman Center Stanford - http://cyberlaw.stanford.edu/NYU - Privacy Research Group FTC staff report and FCC green paper Privacy by Design NYMISSA 17 Recommended resources 5/26/2011
Thank you! Contact information:Prof. Catherine Dwyer email: cdwyer[at]pace[dot]eduTwitter: ProfCDwyerDiigo bookmarks: profcad Seidenberg School of Computing Sciences & Information SystemsPace University163 William Street #225NY, NY 10038 NYMISSA 18 Questions? 5/26/2011

Recommended

My article about DLP Web Conference from RnD Express
My article about DLP Web Conference from RnD ExpressMy article about DLP Web Conference from RnD Express
My article about DLP Web Conference from RnD ExpressVera Trubacheva
 
Suny faculty senate
Suny faculty senateSuny faculty senate
Suny faculty senateSUNY Oneonta
 
The Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by DesignThe Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by DesignDr. Ann Cavoukian
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Technology specialist
Technology specialistTechnology specialist
Technology specialistHassanHamayun9
 
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Black Duck by Synopsys
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016Melissa Krasnow
 
Behaviour Change and Cyber-Security
Behaviour Change and Cyber-SecurityBehaviour Change and Cyber-Security
Behaviour Change and Cyber-Securityjoinson
 

Recommended

My article about DLP Web Conference from RnD Express
My article about DLP Web Conference from RnD ExpressMy article about DLP Web Conference from RnD Express
My article about DLP Web Conference from RnD ExpressVera Trubacheva
 
Suny faculty senate
Suny faculty senateSuny faculty senate
Suny faculty senateSUNY Oneonta
 
The Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by DesignThe Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by DesignDr. Ann Cavoukian
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Dr. Ann Cavoukian
 
Technology specialist
Technology specialistTechnology specialist
Technology specialistHassanHamayun9
 
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...
Open Source Insight: GDPR Best Practices, Struts RCE Vulns, SAST, DAST & Equ...Black Duck by Synopsys
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016Melissa Krasnow
 
Behaviour Change and Cyber-Security
Behaviour Change and Cyber-SecurityBehaviour Change and Cyber-Security
Behaviour Change and Cyber-Securityjoinson
 
NYLJ Social Media Webinar J. Shook
NYLJ Social Media Webinar J. ShookNYLJ Social Media Webinar J. Shook
NYLJ Social Media Webinar J. ShookJ. David Morris
 
Iid infoshare exec_summary final
Iid infoshare exec_summary finalIid infoshare exec_summary final
Iid infoshare exec_summary finalAndrew_Goss
 
Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Cathy Dwyer
 
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009Kari-Hans Kommonen
 
Cite conference intralinks_industrialization_or_consumerization_final
Cite conference intralinks_industrialization_or_consumerization_finalCite conference intralinks_industrialization_or_consumerization_final
Cite conference intralinks_industrialization_or_consumerization_finalIntralinks
 
Hello. My name is, Social Business Design.
Hello. My name is, Social Business Design.Hello. My name is, Social Business Design.
Hello. My name is, Social Business Design.James Dellow
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the CloudWindTalker Security
 
User privacy and data trustworthiness in mobile crowd sensing
User privacy and data trustworthiness in mobile crowd sensingUser privacy and data trustworthiness in mobile crowd sensing
User privacy and data trustworthiness in mobile crowd sensingLeMeniz Infotech
 
Esecurity e202
Esecurity e202Esecurity e202
Esecurity e202Carl Frappaolo
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity| paul young cpa, cga
 
Week 4 pp presentation
Week 4 pp presentationWeek 4 pp presentation
Week 4 pp presentationJonica Bowne
 
Burling d cloudcomputing
Burling d cloudcomputingBurling d cloudcomputing
Burling d cloudcomputingDiane Burling
 
Five Trends that will Impact IT
Five Trends that will Impact ITFive Trends that will Impact IT
Five Trends that will Impact ITHolly Ross
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threatmilliemill
 
Storgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperStorgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperToshio Spoor
 
Peer to-peer-networking
Peer to-peer-networkingPeer to-peer-networking
Peer to-peer-networkingJDTechSolutions
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsProf. Othman Alsalloum
 
MIT ILP STEX Cybersecurity Workshop 5.28.15
MIT ILP STEX Cybersecurity Workshop 5.28.15MIT ILP STEX Cybersecurity Workshop 5.28.15
MIT ILP STEX Cybersecurity Workshop 5.28.15MIT Startup Exchange
 
Data security in practice
Data security in practiceData security in practice
Data security in practiceAndres Kütt
 
Qstn 27
Qstn 27Qstn 27
Qstn 27Nashe Muja Mujah
 
Big data privacy issues in public social media
Big data privacy issues in public social mediaBig data privacy issues in public social media
Big data privacy issues in public social mediaSupriya Radhakrishna
 
Data trawling and security strategies
Data trawling and security strategiesData trawling and security strategies
Data trawling and security strategiesVenkata Karthik Gullapalli
 

More Related Content

What's hot

NYLJ Social Media Webinar J. Shook
NYLJ Social Media Webinar J. ShookNYLJ Social Media Webinar J. Shook
NYLJ Social Media Webinar J. ShookJ. David Morris
 
Iid infoshare exec_summary final
Iid infoshare exec_summary finalIid infoshare exec_summary final
Iid infoshare exec_summary finalAndrew_Goss
 
Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Cathy Dwyer
 
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009Kari-Hans Kommonen
 
Cite conference intralinks_industrialization_or_consumerization_final
Cite conference intralinks_industrialization_or_consumerization_finalCite conference intralinks_industrialization_or_consumerization_final
Cite conference intralinks_industrialization_or_consumerization_finalIntralinks
 
Hello. My name is, Social Business Design.
Hello. My name is, Social Business Design.Hello. My name is, Social Business Design.
Hello. My name is, Social Business Design.James Dellow
 
User privacy and data trustworthiness in mobile crowd sensing
User privacy and data trustworthiness in mobile crowd sensingUser privacy and data trustworthiness in mobile crowd sensing
User privacy and data trustworthiness in mobile crowd sensingLeMeniz Infotech
 
Week 4 pp presentation
Week 4 pp presentationWeek 4 pp presentation
Week 4 pp presentationJonica Bowne
 
Burling d cloudcomputing
Burling d cloudcomputingBurling d cloudcomputing
Burling d cloudcomputingDiane Burling
 
Five Trends that will Impact IT
Five Trends that will Impact ITFive Trends that will Impact IT
Five Trends that will Impact ITHolly Ross
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threatmilliemill
 
Storgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperStorgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperToshio Spoor
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systemsProf. Othman Alsalloum
 
MIT ILP STEX Cybersecurity Workshop 5.28.15
MIT ILP STEX Cybersecurity Workshop 5.28.15MIT ILP STEX Cybersecurity Workshop 5.28.15
MIT ILP STEX Cybersecurity Workshop 5.28.15MIT Startup Exchange
 
Data security in practice
Data security in practiceData security in practice
Data security in practiceAndres Kütt
 

What's hot (20)

NYLJ Social Media Webinar J. Shook
NYLJ Social Media Webinar J. ShookNYLJ Social Media Webinar J. Shook
NYLJ Social Media Webinar J. Shook
 
Iid infoshare exec_summary final
Iid infoshare exec_summary finalIid infoshare exec_summary final
Iid infoshare exec_summary final
 
Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"
 
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009
Personal Sphere - Information management in everyday life / EC Infoday 11.5.2009
 
Cite conference intralinks_industrialization_or_consumerization_final
Cite conference intralinks_industrialization_or_consumerization_finalCite conference intralinks_industrialization_or_consumerization_final
Cite conference intralinks_industrialization_or_consumerization_final
 
Hello. My name is, Social Business Design.
Hello. My name is, Social Business Design.Hello. My name is, Social Business Design.
Hello. My name is, Social Business Design.
 
Security in the Cloud
Security in the CloudSecurity in the Cloud
Security in the Cloud
 
User privacy and data trustworthiness in mobile crowd sensing
User privacy and data trustworthiness in mobile crowd sensingUser privacy and data trustworthiness in mobile crowd sensing
User privacy and data trustworthiness in mobile crowd sensing
 
Esecurity e202
Esecurity e202Esecurity e202
Esecurity e202
 
Global Threats| Cybersecurity|
Global Threats| Cybersecurity| Global Threats| Cybersecurity|
Global Threats| Cybersecurity|
 
Week 4 pp presentation
Week 4 pp presentationWeek 4 pp presentation
Week 4 pp presentation
 
Burling d cloudcomputing
Burling d cloudcomputingBurling d cloudcomputing
Burling d cloudcomputing
 
Five Trends that will Impact IT
Five Trends that will Impact ITFive Trends that will Impact IT
Five Trends that will Impact IT
 
Managing insider threat
Managing insider threatManaging insider threat
Managing insider threat
 
Storgrid-Encryption-White-Paper
Storgrid-Encryption-White-PaperStorgrid-Encryption-White-Paper
Storgrid-Encryption-White-Paper
 
Peer to-peer-networking
Peer to-peer-networkingPeer to-peer-networking
Peer to-peer-networking
 
Ethical and social issues in information systems
Ethical and social issues in information systemsEthical and social issues in information systems
Ethical and social issues in information systems
 
MIT ILP STEX Cybersecurity Workshop 5.28.15
MIT ILP STEX Cybersecurity Workshop 5.28.15MIT ILP STEX Cybersecurity Workshop 5.28.15
MIT ILP STEX Cybersecurity Workshop 5.28.15
 
Data security in practice
Data security in practiceData security in practice
Data security in practice
 
Qstn 27
Qstn 27Qstn 27
Qstn 27
 

Similar to Dwyer ISSA Presentation

Big data privacy issues in public social media
Big data privacy issues in public social mediaBig data privacy issues in public social media
Big data privacy issues in public social mediaSupriya Radhakrishna
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11DaliaCulbertson719
 
Spe security and privacy enhancement framework for mobile devices
Spe security and privacy enhancement framework for mobile devicesSpe security and privacy enhancement framework for mobile devices
Spe security and privacy enhancement framework for mobile devicesLeMeniz Infotech
 
Global Data Management: Governance, Security and Usefulness in a Hybrid World
Global Data Management: Governance, Security and Usefulness in a Hybrid WorldGlobal Data Management: Governance, Security and Usefulness in a Hybrid World
Global Data Management: Governance, Security and Usefulness in a Hybrid WorldNeil Raden
 
Business_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanBusiness_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanLuke Caratan
 
®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docxLynellBull52
 
The challenges of building a strong data infrastructure
The challenges of building a strong data infrastructureThe challenges of building a strong data infrastructure
The challenges of building a strong data infrastructureJeni Tennison
 
Running Head DATA BREACH .docx
Running Head DATA BREACH .docxRunning Head DATA BREACH .docx
Running Head DATA BREACH .docxtodd271
 
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSSECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSZac Darcy
 
White Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsWhite Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsNewton Day Uploads
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...mkeane
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security BattlegroundWatchful Software
 
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxRunning head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxjeanettehully
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked inJonathan Spindel
 
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsMalcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsIrish Future Internet Forum
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security PolicyRobot Mode
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
New Communication Paradigm and Security
New Communication Paradigm and SecurityNew Communication Paradigm and Security
New Communication Paradigm and SecurityMarco Raposo
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 

Similar to Dwyer ISSA Presentation (20)

Big data privacy issues in public social media
Big data privacy issues in public social mediaBig data privacy issues in public social media
Big data privacy issues in public social media
 
Data trawling and security strategies
Data trawling and security strategiesData trawling and security strategies
Data trawling and security strategies
 
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
Proceedings on Privacy Enhancing Technologies ; 2016 (3)96–11
 
Spe security and privacy enhancement framework for mobile devices
Spe security and privacy enhancement framework for mobile devicesSpe security and privacy enhancement framework for mobile devices
Spe security and privacy enhancement framework for mobile devices
 
Global Data Management: Governance, Security and Usefulness in a Hybrid World
Global Data Management: Governance, Security and Usefulness in a Hybrid WorldGlobal Data Management: Governance, Security and Usefulness in a Hybrid World
Global Data Management: Governance, Security and Usefulness in a Hybrid World
 
Business_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_CaratanBusiness_Analytics_Presentation_Luke_Caratan
Business_Analytics_Presentation_Luke_Caratan
 
®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx®Three Undocumented Layers of the OSI Model  and The.docx
®Three Undocumented Layers of the OSI Model  and The.docx
 
The challenges of building a strong data infrastructure
The challenges of building a strong data infrastructureThe challenges of building a strong data infrastructure
The challenges of building a strong data infrastructure
 
Running Head DATA BREACH .docx
Running Head DATA BREACH .docxRunning Head DATA BREACH .docx
Running Head DATA BREACH .docx
 
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKSSECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
SECUREWALL-A FRAMEWORK FOR FINEGRAINED PRIVACY CONTROL IN ONLINE SOCIAL NETWORKS
 
White Paper - Killing the Shadow Systems
White Paper - Killing the Shadow SystemsWhite Paper - Killing the Shadow Systems
White Paper - Killing the Shadow Systems
 
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
When Worlds Collide: Tracking the Trends at the Intersection of Social, Mobil...
 
The BYOD Security Battleground
The BYOD Security BattlegroundThe BYOD Security Battleground
The BYOD Security Battleground
 
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docxRunning head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
Running head SECURITY RISKS IN DATABASE MIGRATION1SECURITY RIS.docx
 
What is the future of cloud security linked in
What is the future of cloud security linked inWhat is the future of cloud security linked in
What is the future of cloud security linked in
 
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsMalcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
 
The Role of Information Security Policy
The Role of Information Security PolicyThe Role of Information Security Policy
The Role of Information Security Policy
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
New Communication Paradigm and Security
New Communication Paradigm and SecurityNew Communication Paradigm and Security
New Communication Paradigm and Security
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

Dwyer ISSA Presentation

  • 1. When Everyone (Including Your Mother) Is on Facebook:Implications for Information Security & Privacy Professionals Catherine Dwyer, PhD. Seidenberg School of Computer Science & Information Systems Pace University
  • 2. What is a digital native? (everyone) How did we get here - two tales from the past decade – “MIS” and “Web 2.0” What challenges does “web 2.0” raise for security and privacy professionals? How can ISSA and other organizations tackle these issues? My talk today 2 NYMISSA 5/26/2011
  • 4. Expect immediate access to all information sources relevant to task, available 24/7, from any location, from any “smart” device with an easy to use interface Always connected, unless they don’t want to be, so you better respect (and protect) their privacy Traders from investment bank want to be able to execute trades using their iPad 5/26/2011 NYMISSA 4 What is a digital native?
  • 5. How did we get here? Two stories MIS Web 2.0 2000 - Nasdaq peaks at 5132 (2749 on 5/24) 2002 - SOX is passed 2003 – Carr HBR,“IT Doesn’t Matter” dot com bust Outsourcing Decreased MIS investment and employment 2001 – iPod & iTunes, WikiPedia 2004 – Facebook, GMail (beta) NYMISSA 5 5/26/2011 “The overinvestment in IT echoes the overinvestment in railroads …. Companies dazzled by the commercial possibilities threw large quantities of money away on half-baked businesses and products.”
  • 6. Two Stories cont. MIS Web 2.0 2005 – YouTube, Google Maps 2006 – Twitter 2007 – iPhone 2009 – Android phone 2010 - iPad NYMISSA 6 5/26/2011 US CS Majors
  • 7. 2011 – digital natives & IT security professionals MIS Staff Digital natives Must manage Web 2.0 security and privacy leaks with strained infrastructure, little training and low staffing levels Few CS/IS majors graduating – and they are going to work for FB & Google! Digital natives equals everyone! Customers, employees, and corporate leadership (CEOs with blogs?) Facebook sets standard for usability and information access NYMISSA 7 5/26/2011
  • 8. Scott M., VP at HP, updated LinkedIn profile described work developing ‘object storage,’ ‘networking,’ and ‘block storage’ for ‘an innovative and highly differentiated approach to cloud computing.’ The only problem was HP initiative was not public knowledge Post described user interface, including APIs and language binds for Java, Ruby, etc. NYMISSA 8 Oops! 5/26/2011
  • 9. Lock down systems: Former national security advisor Richard Clarke reported that after the Pentagon had a security breach from a thumb drive, it ordered that all USB connections plugged with rubber cement Train people – “if you share information about yourself you could be the victim of identity theft” NYMISSA 9 What can we do about it? 5/26/2011
  • 10. One example from student assignment exercise conducting security/privacy audit: E.V. has no anti-spyware or anti-virus software E.V.’s computer does not update its system automatically E.V. does not use strong passwords, has one password for all of her accounts NYMISSA 10 Are digital natives aware of data leakage and security issues? 5/26/2011
  • 11. NYMISSA 11 201 Apps! 5/26/2011 Facebook Apps are third party applications that get access to profile data (even when FB user is not online)
  • 12. NYMISSA 12 NYT – 5/12/2010 NYT – 5/12/2010 - To manage your privacy on Facebook, you must navigate through 50 settings with more than 170 options 5/26/2011
  • 13. As a property of data, e.g. social security numbers are private Must re-conceptualize privacy as a process “Many argue protecting privacy means strictly limiting access to personal information or assuring people’s right to control information about themselves. I disagree. What people care most about is not simply restricting the flowofinformation but ensuring that it flowsappropriately.”- Helen Nissenbaum, Privacy in Context 5/26/2011 NYMISSA 13 How is privacy implemented?
  • 14. Building in privacy from the outset achieves better results than “bolting it on” at the end 1) Incorporating four substantive privacy protections into a firm’s practices Security, collection limits, retention practices, accuracy 2) Maintaining comprehensive data management procedures throughout the life cycle of their products and services 5/26/2011 NYMISSA 14 Privacy by Design
  • 15. “Control over privacy” is a data centric approach Must re-conceptualize privacy as a process, not a property of a distinct piece or category of data We can’t fix privacy by adding checkboxes to every data sharing decision point Need to apply BPM, UML and workflow analysis to identify context relevant to information privacy NYMISSA 15 Clear role for ISSA 5/26/2011
  • 16. You are critical stakeholders in this process and need a stronger connection to decision makers Your expertise with COSO framework and COBIT are extremely relevant to these problems – “privacy controls” Who is your lobbyist? How can you join the current privacy/security regulatory debate? NYMISSA 16 Going forward 5/26/2011
  • 17. Privacy Papers for Policy Makers (Future of Privacy Forum) Lessons from the Identity Trail - Lessons From the Identity Trail Carnegie Mellon - CyLabHarvard - Berkman Center Stanford - http://cyberlaw.stanford.edu/NYU - Privacy Research Group FTC staff report and FCC green paper Privacy by Design NYMISSA 17 Recommended resources 5/26/2011
  • 18. Thank you! Contact information:Prof. Catherine Dwyer email: cdwyer[at]pace[dot]eduTwitter: ProfCDwyerDiigo bookmarks: profcad Seidenberg School of Computing Sciences & Information SystemsPace University163 William Street #225NY, NY 10038 NYMISSA 18 Questions? 5/26/2011