Patriot Act Impact on Canadian Organizations Using Cloud Services
|
|
- Andrea Craig
- 8 years ago
- Views:
Transcription
1 Patriot Act Impact on Canadian Organizations Using Cloud Services November 8, 2013 By Scott Wright The Streetwise Security Coach 1 PRESENTATION TITLE
2 Why do nation-states do surveillance? To Fight Terrorism 2
3 Why do nation-states do surveillance? To protect their citizens, of course Also: Economic advantage Military advantage Idealogy, persecution and other reasons Why does this matter to businesses in Canada? Shareholders Clients Stakeholders 3
4 What is the Patriot Act? Provide Appropriate Tools Required to Intercept and Obstruct Terrorism (PATRIOT) Act of 2001 Foreign Intelligence Surveillance Act (1978) 4
5 Risks to business from surveillance Risk = Assets X Vulnerabilities X Threats 5
6 Provisions affecting Canadian organizations? Removed the requirement that government prove a surveillance target under FISA is a non-u.s. citizen and agent of a foreign power USA PATRIOT Act (U.S. H.R. 3162, Public Law ), Title II, Sec Gave authorities the ability to share information gathered before a federal grand jury with other agencies.[34] USA PATRIOT Act (U.S. H.R. 3162, Public Law ), Title II, Sec Relaxed requirements can allow collection from any US controlled organization Even if data centres are not on US soil 6
7 Does it matter where the data is? For nations that don t abide by international laws and agreements NO. It doesn t matter 7
8 Does it matter where the data is? Legally, not really Mutual Legal Asssistance agreements basically exempt requests for legal investigations from data protection laws Subsidiaries can be compelled to export data 8
9 Why worry about data in the cloud? Represents a one-stop shop for attackers Businesses have less control Security can be complicated Terms and conditions are often one size fits all to suit the provider Often the Weakest Link 9
10 Who does surveillance of cloud data affect? Depends on your assumptions Do authorities follow the publicized laws? Worry about legal liabilities to your clients Or do they overstep? Looks more like a malicious attack Worst case?: Any entity that uses the Internet 10
11 European concerns in
12 European concerns in
13 Protecting Public Bodies from PATRIOT Act BC Freedom of Information and Protection of Privacy Act (FOIPPA) requires service providers to public bodies: 1. to make reasonable security arrangements to protect from unauthorized collection, use or disclosure the personal information disclosed to them by their public body clients; 2. to ensure their storage of and all access to such personal information is restricted to locations within Canada; 3. to report to the B.C. Government any foreign demands for disclosure of such personal information made to that service provider; and 4. not to disclose any of such personal information inside or outside Canada in a manner that contravenes FOIPPA. 13
14 Which Canadian organizations does it affect? Assume nation-states are crossing the line, to some extent What could they want with your data or systems? Intellectual property Operations Critical infrastructure High profile clients Vocal Strategic Or your partners systems or data? 14
15 Types of cloud services and risks Range of exposures Free and impulsive Google Search, Maps Membership sites Social media Youtube, G+, Facebook, Linkedin Storage sites Drive, Dropbox, Box.net Value-added services Android, Salesforce, PayPal Metadata 15 Rich Data
16 Why you should care about privacy Attacker s focus on real vulnerabilities Their remote admin access is single factor! Service Providers claims of security shape Clients perceptions We use SSL! Your clients care about their information Not just personal information No excuse for allowing misconceptions 16
17 When is there risk to corporate data? When you don t have total control Cloud use by apparently self-contained products Hard to migrate Hard to audit When should you avoid? Risk averse Business operations could be compromised Competitive risks Sensitive information assets Potentially targeted clients or partners 17
18 How did Snowden change the perceived risks? PRISM BULLRUN and other unencrypted transmissions Potentially weak or weakened security products or features What can be decrypted? How? Insiders are a different aspect of the same problem 18
19 How should we view the risks? Risk = Assets X Vulnerabilities X Threats 19
20 Options for Canadian organizations? Don t use cloud for sensitive data Use end-to-end or persistent encryption What about Cloud services with value added services and specialized functionality Don t assume they are encrypted What about encryption of data in use? Open source security products E.g. Dark Mail, TrueCrypt 20
21 Practical internal options? When using cloud our any outsourced services Negotiate agreements that closely match your security policies Explicit provisions in case of lawful access requests Cloud providers should follow developments Try to implement security to reduce likelihood of data exposure Plausible deniability when asked for lawful access Try to encrypt and wipe when not processing Implement private clouds, virtualized remote access Defence in diversity; layers of open source and proprietary safeguards 21
22 What about policies? Assume lawful access requests will happen Assume nation states will attempt to access your data, or use your infrastructure as a stepping stone Be clear on policies for protecting operational data Understand legal positioning around lawful access Formulate policies to support legal position Educate staff on workflow security Should be no need for ing work home Efficient control Your clients and partners put trust in your policies 22
23 What if your cloud provider is breached Know your commitments to your: Employees Clients Partners Shareholders/Stakeholders Reporting Remediation Compensation/Liabilities Your clients and partners put trust in your policies 23
24 Preparing for a lawful access request Should be specific How does it affect your SLAs and agreements? 24
25 Rethinking Open Source solutions Momentum is swinging Occasional signs of tampering with open source software TrueCrypt Value in peer review must be realized Hosting Open Source software internally Outsourcing open source software operation to a hosting provider? 25
26 Wrap up 1. The USA PATRIOT Act and FISA have always been concerns for Canada and European countries 2. Recent revelations show worst fears realized 3. Businesses should be seriously concerned Not just their own data Not just against normal hackers 4. Due diligence and risk management can help internally 5. Well-governed Open Source solutions can help externally 26
27 Consider risks in both technical and legal contexts plus VISA, Walmart, Future Shop, Yahoo, frequent flyer and bonus programs Risk = Assets X Vulnerabilities X Threats 27
28 Don t forget to fill out a feedback form Scott Wright The Streetwise Security Coach swright@securityperspectives.com Website: LinkedIn: Twitter: Podcast:
29 Don t forget to fill out a feedback form Scott Wright The Streetwise Security Coach swright@securityperspectives.com Website: LinkedIn: Twitter: Podcast:
INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationThe USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004
The USA Patriot Act Government Briefing Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004 Agenda Background Overview of Government Responses and Approach Mitigation
More informationEmail Data Security. The dominant business communication tool
Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools
More informationMICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT. Western Student E-Communications Outsourcing
MICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT Western Student E-Communications Outsourcing Paul Eluchok - University Privacy Officer David Ghantous - Associate Director of Technical Services Dated: August
More informationDevelop your Legal Practice using Cloud applications, but
Develop your Legal Practice using Cloud applications, but Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton, Inpractice UK www.inpractice.co.uk Management Solutions
More informationJust Net Coalition statement on Internet governance
Just Net Coalition statement on Internet governance (Just Net Coalition is a global coalition of civil society actors working on Internet governance issues) All states should work together to provide a
More informationCLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?
CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com
More informationSecurity and Control of Data in the Cloud with BitTitan Data Encryption
Security and Control of Data in the Cloud with BitTitan Data Encryption Contents Ownership and Control of Data in the Cloud... 3 Unstructured Sensitive Information in Email/Calendars... 3 How Can Email
More informationProtecting Saskatchewan data the USA Patriot Act
Protecting Saskatchewan data the USA Patriot Act Main points... 404 Introduction... 405 Standing Committee on Public Accounts motion... 405 Our response to the motion... 405 ITO, its service provider,
More informationSRG Security Services Technology Report Cloud Computing and Drop Box April 2013
SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing
More informationCommittee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on
Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on US Legal Instruments for Access and Electronic Surveillance of EU Citizens Introduction This note presents
More informationThe cloud thing: Privacy and cloud computing
The cloud thing: Privacy and cloud computing David T.S. Fraser (david.fraser@mcinnescooper.com / @privacylawyer) University of New Brunswick July 2011 Disclaimer What follows are the views of the author
More informationCloud Computing: Trust But Verify
Cloud Computing: Trust But Verify 14th Annual Privacy and Security Conference February 8, 2013, Victoria Martin P.J. Kratz, QC Bennett Jones LLP Cloud Computing Provision of services available on the Internet
More informationPresented by Evan Sylvester, CISSP
Presented by Evan Sylvester, CISSP Who Am I? Evan Sylvester FAST Information Security Officer MBA, Texas State University BBA in Management Information Systems at the University of Texas Certified Information
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 1 September 2, 2015 CPSC 467, Lecture 1 1/13 Protecting Information Information security Security principles Crypto as a security
More informationCANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper
CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section
More informationImplications for Cloud Computing & Data Privacy
Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato Founded 1997 2 million developers, 97% of Fortune
More informationInsights and Commentary from Dentons
dentons.com Insights and Commentary from Dentons On March 31, 2013, three pre-eminent law firms Salans, Fraser Milner Casgrain, and SNR Denton combined to form Dentons, a Top 10 global law firm with more
More informationIntroduction to Encryption What it s all about
Introduction to Encryption What it s all about At MOA Project, we believe privacy and the ability to communicate without government or corporate eavesdropping is a basic right of all people. Some groups,
More informationCloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1
Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...
More informationSecureCom Mobile s mission is to help people keep their private communication private.
About SecureCom Mobile SecureCom Mobile s mission is to help people keep their private communication private. We believe people have a right to share ideas with each other, confident that only the intended
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationEmail Compliance in 5 Steps
Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationGmail Security - Concerns About Privacy
Office of Risk Management and Access to Information MEMORANDUM Tel.: (807) 343-8518; 343-8267 Fax: (807) 346-7735 Email: mshaw1@lakeheadu.ca TO: FROM: Inquirers about Lakehead University s Adoption of
More informationAddressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications
Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications Varun Badhwar Co-Founder; VP of Products & Solution Engineering 1 2013 CipherCloud All rights reserved. Agenda Introduction
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationThe Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations
The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors
More informationSecure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC
C NNECTED Circles of Trust Secure Cross Border File Protection & Sharing for Enterprise Product Brief www.cryptomill.com product overview OVERVIEW Connected Circles of Trust is an endpoint data security
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationCloud Computing: Privacy and Other Risks
December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to
More informationHTTPS Inspection with Cisco CWS
White Paper HTTPS Inspection with Cisco CWS What is HTTPS? Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (HTTP). It is a combination of HTTP and a
More informationITAR Compliance Best Practices Guide
ITAR Compliance Best Practices Guide 1 Table of Contents Executive Summary & Overview 3 Data Security Best Practices 4 About Aurora 10 2 Executive Summary & Overview: International Traffic in Arms Regulations
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCSA Survey Results Government Access to Information July 2013
CSA Survey Results Government Access to Information July 2013 EXECUTIVE OVERVIEW During June and July of 2013, news of a whistleblower, US government contractor Edward Snowden, dominated global headlines.
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationThe Symantec Smartphone Honey Stick Project
The Symantec Smartphone Honey Stick Project CONTENTS Executive Summary... 3 Introduction... 4 Objectives... 6 Methodology... 8 Key Findings... 11 Expanded Findings and Conclusions... 12 Recommendations...
More informationTaking a Data-Centric Approach to Security in the Cloud
Taking a Data-Centric Approach to Security in the Cloud Bob West Chief Trust Officer CipherCloud 2014 CipherCloud All rights reserved 1 Taking a Data-Centric Approach to Cloud Data Protection Bob West
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationManagement and Storage of Sensitive Information UH Information Security Team (InfoSec)
Management and Storage of Sensitive Information UH Information Security Team (InfoSec) Who Are We? UH Information Security Team Jodi Ito - Information Security Officer Deanna Pasternak & Taylor Summers
More informationImplementing Multi-factor Authentication for Clinical Applications
Implementing Multi-factor Authentication for Clinical Applications Presented by: Todd Greene (Carolinas Healthcare System) Jon Sternstein (Stern Security) Introduction Jon Sternstein, Founder & Principal
More informationData-centric Security
Data-centric Security Rui Melo Biscaia rui.biscaia@watchfulsoftware.com Watchful Software Director, Product Management Dead Horse Wisdom Graham, Texas Beat the horse faster, in an attempt to make it go
More informationAnnual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance
Annual Continuing Education (ACE) (Print version) Information Privacy and I.T. Security and Compliance Information Privacy and IT Security & Compliance The information in this module in addition to the
More informationA Guide to MAM and Planning for BYOD Security in the Enterprise
A Guide to MAM and Planning for BYOD Bring your own device (BYOD) can pose a couple different challenges, not only the issue of dealing with security threats, but also how to handle mobile applications.
More informationNine Network Considerations in the New HIPAA Landscape
Guide Nine Network Considerations in the New HIPAA Landscape The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Omnibus Final Rule, released January 2013, introduced some significant
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationCyber Security. An Executive Imperative for Business Owners. 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799
Cyber Security An Executive Imperative for Business Owners SSE Network Services www.ssenetwork.com 77 Westport Plaza, St. Louis, MO 63416 p 314.439.4700 f 314.439.4799 Pretecht SM by SSE predicts and remedies
More informationMyths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
More informationPenetration Testing Service. By Comsec Information Security Consulting
Penetration Testing Service By Consulting February, 2007 Background The number of hacking and intrusion incidents is increasing year by year as technology rolls out. Equally, there is no hiding place your
More informationCase Study: Hiring a licensed Security Provider
Case Study: Hiring a licensed Security Provider Company Profile McCann Investigations is a full service private investigation firm providing complete case solutions by employing cutting-edge computer forensics
More informationThe Ethical Implications of NSA Surveillance for Lawyers. David G. Ries Clark Hill Thorp Reed
The Ethical Implications of NSA Surveillance for Lawyers David G. Ries Clark Hill Thorp Reed 2 3 The June 2013 Headlines: NSA collecting phone records of millions of Verizon customers daily The Guardian,
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationNetwork Security Policy
Network Security Policy I. PURPOSE Attacks and security incidents constitute a risk to the University's academic mission. The loss or corruption of data or unauthorized disclosure of information on campus
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationWho Controls Your Information in the Cloud?
Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information
More informationHIPAA Reality Check: The Gap Between Execs and IT March 1, 2016
HIPAA Reality Check: The Gap Between Execs and IT March 1, 2016 Brand Barney, Security Assessor Conflict of Interest Has no real or apparent conflicts of interest to report. Agenda Healthcare status HIPAA
More informationThe Business Benefits of Logging
WHITEPAPER The Business Benefits of Logging Copyright 2000-2011 BalaBit IT Security All rights reserved. www.balabit.com 1 Table of Content Introduction 3 The Business Benefits of Logging 4 Security as
More informationLOOKING AT CLOUDS FROM BOTH SIDES NOW
ANALYSIS, ADVANCED KEY POINTS OF THE ARTICLE: LOOKING AT CLOUDS FROM BOTH SIDES NOW WRITTEN BY W. KUAN HON, CHRISTOPHER MILLARD & IAN WALDEN 1/12 SUMMARY 1. Analysis history...3 2. Context...4 3. The evolution
More informationComparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills
April 4, 2012 Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills The chart below compares on civil liberties grounds four bills that seek to promote
More informationGovernment Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015
Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015 1 Network and cybersecurity vs. access Fundamental tension exists between:
More informationSecure in Transition and Secure behind the Network Page 1
Secure in Transmission and Secure behind the Network A Review of Email Encryption Methods and How They Can Meet Your Company s Needs By ZixCorp www.zixcorp.com Secure in Transition and Secure behind the
More informationChapter 6: Fundamental Cloud Security
Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,
More informationCloud storage buyer s guide
Cloud storage buyer s guide for small business sponsored by 1 Table of contents Why should you read this guide? 3 Step 1: Decide how much security you need 4 Step 2: Consider what you need cloud storage
More informationCybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST
Cybersecurity: Learn Critical Strategies to Protecting Your Enterprise November 6, 2013 1:00PM EST November 6, 2013 Copyright 2013 Trusted Computing Group 1 November 6, 2013 Copyright 2013 Trusted Computing
More informationDon t Spill Your Candy in the Lobby
Don t Spill Your Candy in the Lobby Managing the Corporate Infosec Risks From Open Source Intelligence (OSINT) For Countermeasure 2014 Scott Wright Chief Security Researcher & Security Coach Security Perspectives
More informationPresentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J.
Presentation to ACC Charlotte Data Security & Privacy Presented by: November 2, 2011 William J. Cook C. Andrew Konia Mark J. Maier www.mcguirewoods.com Agenda Identifying the Issues/Concerns Current State/Impact
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationHow To Protect Yourself From Cyber Threats
Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit
More informationSecuring Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper
Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones
More informationISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 2, Issue 5, May 2014 International Journal of Advance Research in Computer Science and Management Studies Research Paper Available online at: www.ijarcsms.com Analogous
More informationCKAHU Symposium Cyber-Security
CKAHU Symposium Cyber-Security Scott Logan Technical Director of Security Position: Technical Director of Security Employment: NetGain Technologies (6+ years) NetGain is a Regional partner with 7 locations
More informationWelcome! What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business. Historical PC Business Network
More informationSelecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns
Selecting a Law Firm Cloud Provider: Questions to Ask and Ethical/Security Concerns by Sharon D. Nelson, Esq. and John W. Simek 2013 Sensei Enterprises, Inc. It seems like everybody is talking about the
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationPrivacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.
Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud
More informationB. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.
Chicago Public Schools Policy Manual Title: ACCEPTABLE USE OF THE CPS NETWORK AND COMPUTER RESOURCES Section: 604.1 Board Report: 09-0722-PO3 Date Adopted: July 22, 2009 Policy: THE CHIEF EXECUTIVE OFFICER
More informationKEEPING UNSTRUCTURED DATA SECURE IN AN UNSTRUCTURED WORLD
KEEPING UNSTRUCTURED DATA SECURE IN AN UNSTRUCTURED WORLD 2 The most recent study by the Ponemon Institute shows that 90% of CIOs and their staffs interviewed admitted that they have had a leak/loss of
More informationHot Topics and Trends in Cyber Security and Privacy
Hot Topics and Trends in Cyber Security and Privacy M. Darren Traub March 13, 2015 Cyber Attacks Ranked Top 5 Most Likely Risks in 2015 - The World Economic Forum Recent Global Headlines Include: 1 Where
More informationSecure Email Inside the Corporate Network: INDEX 1 INTRODUCTION 2. Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR DESKTOP ENCRYPTION 3
A Tumbleweed Whitepaper Secure Email Inside the Corporate Network: Providing Encryption at the Internal Desktop INDEX INDEX 1 INTRODUCTION 2 Encryption at the Internal Desktop 2 CURRENT TECHNIQUES FOR
More informationThird-Party Risk Management for Life Sciences Companies
April 2016 Third-Party Risk Management for Life Sciences Companies Five Leading Practices for Data Protection By Mindy Herman, PMP, and Michael Lucas, CISSP Audit Tax Advisory Risk Performance Crowe Horwath
More informationLitigating in the Cloud - Security Issues for the Trial Practice
Litigating in the Cloud - Security Issues for the Trial Practice J. Walter Sinclair Stoel Rives LLP 101 S. Capitol Blvd, Suite 1900 Boise, Idaho 83702-7705 (208) 389-9000 jwsinclair@stoel.com Mr. Sinclair
More information9/14/2015. Before we begin. Learning Objectives. Kevin Secrest IT Audit Manager, University of Pennsylvania
Evaluating and Managing Third Party IT Service Providers Are You Really Getting The Assurance You Need To Mitigate Information Security and Privacy Risks? Kevin Secrest IT Audit Manager, University of
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationSecurity Features of SellerDeck Web Sites
Security Features of SellerDeck Web Sites Introduction This paper describes the security techniques used by SellerDeck and the possible attacks that might be made. It compares SellerDeck products with
More informationCONSIDERATIONS BEFORE MOVING TO THE CLOUD
CONSIDERATIONS BEFORE MOVING TO THE CLOUD What Management Needs to Know Part II By Debbie C. Sasso Principal In part I, we discussed organizational compliance related to information technology and what
More informationStudent Email Service Improvements Executive Background Brief
Student Email Service Improvements Executive Background Brief Executive Summary Despite the ubiquity of consumer email services and the fact that virtually all students coming to York have been using electronic
More informationCloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication
Cloud Computing Secured Thomas Mitchell CISSP A Technical Communication Abstract With the migration to Cloud Computing underway in many organizations IT infrastructure, this will cause a paradigm shift
More informationCLOUD ADOPTION & RISK IN HEALTHCARE REPORT
CLOUD ADOPTION & RISK IN HEALTHCARE REPORT Q2 2015 Published Q3 2015 Cloud Adoption and Risk in Healthcare Report - Q2 2015 03 TABLE OF CONTENTS INTRODUCTION OVERVIEW OF CLOUD ADOPTION INSIDER THREATS
More informationPCI DSS COMPLIANCE DATA
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
More informationNSA Surveillance, National Security and Privacy
NSA Surveillance, National Security and Privacy Ir Roy Ko Former HKCERT Manager 20 August 2014 HKIE Veneree Club 1 Agenda Background Edward Snowden National Security Agency (NSA) What NSA has done PRISM
More informationLongmai Mobile PKI Solution
Longmai Mobile PKI Solution A quick Solution to External and Internal fraud in Insurance Industry Putting the client at the center of modernization Contents 1. INTRODUCTION... 3 1.1 Challenges... 3 1.2
More informationCreating a Culture of Cyber Security at Work
Creating a Culture of Cyber Security at Work Webinar Why is this important? Cybersecurity is a people problem. Cybersecurity is no longer just the IT department s responsibility. It is everyone s responsibility.
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationWhite Paper. Keeping Your Private Data Secure
WHITE PAPER: Keeping Your Private Data Secure White Paper Keeping Your Private Data Secure Keeping Your Private Data Secure Contents Keeping Your Private Data Secure............................ 3 Why Encryption?......................................
More informationThe Complete Guide to Email Encryption for Google Apps Administrators
The Complete Guide to Email Encryption for Google Apps Administrators virtru.com The Complete Guide to Email Encryption for Google Apps Administrators Alarming increases in security breaches and data leaks,
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationIBM Managed Security Services (Cloud Computing) hosted mobile device security management
IBM Managed Security Services (Cloud Computing) hosted mobile device security management Z125-8855-00 11-2011 Page 1 of 15 Table of Contents 1. Scope of Services... 3 2. Definitions... 3 3. Services...
More information