“Data protection, privacy and the IT department – how to manage the proliferation of data in your organisation”
Hosted by Brian Glick, Editor-in-Chief Computer Weekly.
Speaker lineup
Mark Skilton, Professor of Practice Information Systems and Management at Warwick Business School
Mike Cope, IT Director at University College London
Keith Bucknall, Head of Strategy, Architecture & Infrastructure at Equity Insurance Group
The CW500 Club from Computer Weekly is a private members’ club for senior IT professionals and leading industry figures. Membership is by invitation only and allows access to premium content for IT leaders and a monthly networking event held at the Waldorf Hilton
Aldwych, London, WC2B 4DD
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Digital security and the IT Department cw500 M Skilton May 22 2014 London v1
1. Prof. Mark Skilton
Professor of Practice, Information Systems Management
Warwick Business School, UK
m.r.skilton@warwick.ac.uk
2. The rise of data - Digital economy
Growing 30% of business is shifting online to
search and engage with consumers, markets and
transactions taking account of retail , mobile
and impact on supply channels (1)
80% of transport, real estate and hotelier
activity is processed through websites (2)
over 70% of companies and consumers are
experiencing cyber-privacy challenges (3), (4)
2Prof Mark Skilton Copy right 2014
3. The Digital Ecosystem
the digital media in social, networks, mobile
devices, sensors and the explosion of big data
and cloud computing networks is
interconnecting potentially everything
everywhere – amounting to a new digital
“ecosystem”
3Prof Mark Skilton Copy right 2014
6. Things may not be what they appear..
6Prof Mark Skilton Copy right 2014
In Cyber Security,..
Personas, impersonators,
Sales versus technical skills,
Service qualities ,….
What are you buying, using , who
from ?
7. Cyber rights
Rights are no longer
national
Erosion of Privacy
Instrumentality of key data
of the workspace
Globalization weakens
everyone’s privacy
7Prof Mark Skilton Copy right 2014
Example viewpoints
8. Age of the Information Panopticon
8Prof Mark Skilton Copy right 2014
Elevation, section and plan of
Jeremy Bentham's
Panopticon penitentiary,
drawn by Willey Reveley,
1791
Presidio Modelo prison,
Cuba, 2005
Internet and social
Networks 2014..
9. PCST - Digital Security Strategy
9Prof Mark Skilton Copy right 2014
Privacy
TrustConfidentiality
Security
Mechanisms
Tools
Standards
Optionality in / out
(privacy, cookies, ..)
Zone Boundary
and Domain
Policies
Encryption &
Access
Monitoring
Policies
Assurance
(Surveillance)
Employment law
Commercial
Intellectual Property
10. False dichotomies
10Prof Mark Skilton Copy right 2014
Privacy ≠ Security Zero sum
game
Positive sumPrivacy and Security
11. Privacy by Design
Privacy is “built in”
1. Proactive not Reactive; Preventative not Remedial
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality — Positive-Sum, not Zero-Sum
5. End-to-End Security — Full Lifecycle Protection
6. Visibility and Transparency — Keep it Open
7. Respect for User Privacy — Keep it User-Centric
The debate is over what is Fair information practices (EU
Commission , FTC Federal Trade Commission, FCC ….)
11Prof Mark Skilton Copy right 2014
(1) (2) (3) NYC School of Law,
Berkley Technology Law
Review 2013 , I&P
Commissioner Ontario 2011
14. The rise of Digital Ecosystems
14Prof Mark Skilton Copy right 2014
The “Smart Hotel”
15. The rise of Digital Ecosystems
15Prof Mark Skilton Copy right 2014
16. The rise of Digital Ecosystems
16Prof Mark Skilton Copy right 2014
17. Role of IT Departments
17Prof Mark Skilton Copy right 2014
Digital
Non-Digital
Physical
Context
Data
Classification
Individuals
Communities
Associations
Access
Authentication
Authorization
Boundaries / Domains Audit / Compliance
Quality of Context Assurance
Legal, Contractual, Political,
Rights, Assertions, Privileges
Commercial, IP , Copyright ,
Brand, Image , Reputation
Privacy
Trust
Confidentiality
Security
Digital
Cyber
Strategy
Technical
Assurance
SLA - GuaranteesNon-Functional
Functional Qualities DR + BC + Resilience
Digital Cyber Strategy
All actors, components, relationships
Objects
change
Digital Risk
Severe
loss
steady Recovery
18. Role of the IT Department
18Prof Mark Skilton Copy right 2014
Privacy
Trust
Confidentiality
Security
Digital
Cyber
Strategy
Level and control of data disclosure
to unauthorized individuals, entities or processes
Level and control of data isolation
Level and control of individual or organization over
access and use of personal data by a 3rd party
Level and control of authorization
and restriction provided to a
individual or 3rd party to use of
personal data
Level and control of integrity
and persistence of data –
property of accuracy and
completeness
Level of non-repudiation
- ability to prove a claimed
event or action and its
originating entities
Level of conformity –
fulfilment of a requirement
Level of IP – Intellectual Property
containment and Identity Management
Level of monitoring and response
action to planned or unplanned
security incident – (e.g. DDOS)
- A process to determine the
status of a system
Level of perimeterization
Level and control of
authentication –
provision of assurance that a
claimed characteristic of an
entity is correct
Level and control of
authenticity –
property that an entity is what
it claims to be
19. Data protection, privacy and the IT
department – how to manage the
proliferation of data in your
organisation
Measuring cyber risk
Managing data security
Enabling innovation
19Prof Mark Skilton Copy right 2014