I. Introduction to Privacy: Common Principles and Approaches

Similar documents
IAPP Privacy Certification

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Cloud Security Trust Cisco to Protect Your Data

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

IT Privacy Certification

External Supplier Control Requirements

IBX Business Network Platform Information Security Controls Document Classification [Public]

PRIVACY MANAGEMENT ACTIVITIES

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

Maximum Global Business Online Privacy Statement

Office 365 Data Processing Agreement with Model Clauses

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Critical Controls for Cyber Security.

ISO 27002:2013 Version Change Summary

Privacy + Security + Integrity

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Passing PCI Compliance How to Address the Application Security Mandates

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

Website Privacy Policy Statement York Rd Lutherville, MD We may be reached via at

ISO/IEC 27002:2013 WHITEPAPER. When Recognition Matters

Website Privacy Policy Statement

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

INCIDENT RESPONSE CHECKLIST

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Citrix Solutions for Complying with PCI-DSS ENSURING PROTECTION OF WEB APPLICATIONS AND PRIVACY OF CARDHOLDER INFORMATION

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

05.0 Application Development

Information security controls. Briefing for clients on Experian information security controls

Chapter 1 The Principles of Auditing 1

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

RAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER

Building Reference Security Architecture

DentalTek Privacy Statement

Information Security Basic Concepts

Security Controls What Works. Southside Virginia Community College: Security Awareness

Data Processing Agreement for Oracle Cloud Services

M&T BANK CANADIAN PRIVACY POLICY

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

How To Protect A Web Application From Attack From A Trusted Environment

The Information Security Problem

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

RezScore SM Privacy Policy

(Instructor-led; 3 Days)

Security Considerations

Accountability in Cloud Computing An Introduction to the Issues, Approaches, and Tools

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

External Supplier Control Requirements

tell you about products and services and provide information to our third party marketing partners, subject to this policy;

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Security Information & Policies

Environment. Attacks against physical integrity that can modify or destroy the information, Unauthorized use of information.

SERENA SOFTWARE Serena Service Manager Security

FINRA Publishes its 2015 Report on Cybersecurity Practices

The Education Fellowship Finance Centralisation IT Security Strategy

ESTRO PRIVACY AND DATA SECURITY NOTICE

Online Lead Generation: Data Security Best Practices

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

CTS2134 Introduction to Networking. Module Network Security

Intel Enhanced Data Security Assessment Form

Protecting Your Organisation from Targeted Cyber Intrusion

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

OrgChart Now Information Security Overview. OfficeWork Software LLC

Fortinet Solutions for Compliance Requirements

CONTENTS. PCI DSS Compliance Guide

Copyright Telerad Tech RADSpa. HIPAA Compliance

THE BLUENOSE SECURITY FRAMEWORK

Critical Privacy Questions to Ask an HCM/CRM SaaS Provider

Privacy Statement. What Personal Information We Collect. Australia

Privacy Impact Assessment. For Person Authentication Service (PAS) Date: January 9, 2015

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

The Anti-Corruption Compliance Platform

Certified Information Systems Auditor (CISA)

74% 96 Action Items. Compliance

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

The Protection Mission a constant endeavor

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery

What is Web Security? Motivation

Information Security Policy

Joseph Migga Kizza. A Guide to Computer Network Security. 4) Springer

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

DISTRIBUTED SYSTEMS SECURITY

BCS Certificate in Information Security Management Principles Syllabus

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister

Introduction PriorFX LTD Right to Privacy Information

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

The following chart provides the breakdown of exam as to the weight of each section of the exam.

Fundamentals of Network Security - Theory and Practice-

Transcription:

I. Introduction to Privacy: Common Principles and Approaches A. A Modern History of Privacy a. Descriptions and definitions b. Historical and social origins c. Information types i. Personal and non-personal ii. General and organizational 1. Financial 2. Human resources 3. Operational 4. Intellectual property (IP) 5. Information products and services d. Elements of personal information i. Data subjects ii. Personal data (EU) iii. Personally identifiable information (U.S.) iv. Sensitive personal information e. Processing of personal data i. Data controller ii. Data processor iii. Data protection authority (DPA) f. Privacy policy and notice i. Consent and choice B. Information Risk Management a. Privacy s impact on organizational risk i. Main drivers and challenges ii. Common processes iii. Potential outcomes b. Information lifecycle principles i. Collection ii. Use and retention iii. Disclosure iv. Management and administration v. Monitoring and enforcement c. Privacy impact assessments (PIA) 1

C. Modern Privacy Principles a. Foundational principles i. U.S. fair information practices ii. The Organization of Economic Cooperation and Development (OECD) Guidelines Governing the Protection of Privacy and Trans-border Data Flows of Personal Data (1980) iii. The Asia Pacific Economic Cooperation (APEC) privacy principles b. Historical timeline of principles frameworks c. Common themes among principles frameworks D. Privacy and Data Protection Regulation a. Global perspectives i. Countries with national data protection laws in force ii. Countries with emerging privacy or data protection laws iii. Sector-based and contextual privacy laws iv. Contrast in regulatory approaches: EU and U.S. b. United States i. Federal privacy laws ii. State privacy laws c. Europe i. The European Union (EU) Data Protection Directive (95/46/EC) 1. Applicability 2. Core principles 3. Data processing 4. Data transfers a. Adequacy b. Binding corporate rules (BCRs) c. Model contracts ii. The EU eprivacy Directive (2002/58/EC) iii. The Article 29 Working Party iv. Employment data v. EU-U.S. safe harbor agreement 1. Program components 2. Privacy principles 3. Compliance and enforcement d. Other national data protection regimes i. Canada 1. The Privacy Act of 1983 2. The Personal Information Protection and Electronic Documents Act of 2000 (PIPEDA) ii. Asia Pacific region 1. Japan a. Law Concerning the Protection of Personal Information (2003) b. Data transfer requirements 2. Australia a. The Privacy Act of 2001 iii. Latin America 1. Habeas data 2

II. Information Security: Safeguarding Personal Information A. Introduction to Information Security a. Privacy and information security in context i. Definitions ii. Confidentiality, integrity and availability iii. Common issues and challenges b. Information security needs and principles i. Segregation of duties ii. Access privileges c. Information security standards i. ISO 27001 ii. ISO 27002 1. Security clauses d. Information security threats and vulnerabilities i. Threat agents and origins ii. SysAdmin Audit and Network Security (SANS) Top 20 Security Risks iii. Malware iv. Phishing v. Social engineering B. Information Security Management a. Building an infosecurity framework i. Process components ii. Industry standards iii. Organizational policy b. Infosecurity compliance i. Legal requirements c. Common information security controls i. Access control policy and responsibility ii. Access control types 1. Preventative 2. Detective 3. Corrective iii. Access control placement 1. Network 2. Operating system 3. Application layer 4. Mobile computing and teleworking iv. Cryptography 1. General concepts of shared and public key cryptography a. Public key infrastructure (PKI) 2. Encryption 3. Decryption 4. Non-repudiation 5. Other uses a. Digital signatures b. Certifications v. Identity and access management (IAM) 1. Authentication 2. Authorization 3

vi. Other controls 1. Networks a. Firewalls b. Intrusion detection systems (IDS) c. Intrusion prevention systems (IPS) d. Data loss and data leakage protection 2. Financial transactions a. Payment Card Industry (PCI) Data Security Standard (DSS) d. Information security governance i. Internal to organization ii. External parties iii. Asset management 1. Inventory of assets 2. Information classification iv. Human resources security 1. Pre-employment 2. Change of employment v. Physical and environmental security 1. Securing facilities 2. Equipment safety vi. Communications and operations management 1. Management of third party service delivery 2. System monitoring a. System and end user 3. Back up media a. Handling b. Transfer of information 4. Online security and monitoring vii. Incident management 1. Reporting events and weaknesses 2. Managing incidents and improvements 3. Business continuity viii. The information security program 1. The information security management system (ISMS) 2. Program improvement 3. Management review 4. Program assessments a. Internal audits b. External/third-party audits ix. Vendor management 1. Due diligence and qualification 2. Contract management 4

III. Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies A. The Web as a Platform a. Standard Web protocols i. Internet Protocol (IP) ii. Hypertext Transfer Protocol (HTTP) and secure-http iii. Hypertext Transfer Protocol-Secure (HTTPS) iv. Internet proxies and caches v. Web server logs vi. Transport layer security (TLS) vii. Secure Sockets Layer (SSL) B. Privacy Considerations for Sensitive Online Information a. Threats to online privacy i. Cross-site scripting (XSS) b. Online privacy notices and methods for communication i. Website privacy statement 1. Location at /link from all points of data collection 2. Sample language 3. Machine-readable policy formats a. Platform for Privacy Preferences Project (P3P) c. Data subject access and redress d. Online security e. Website user authentication f. Children s online privacy g. Active versus passive data collection i. Web forms h. Online identification mechanisms i. Cookies 1. First party and third party 2. Common use cases 3. Industry best practices ii. Web beacons i. Privacy and electronic mail i. Commercial e-mail 1. Best practices and standards for privacy protection 2. Unsolicited commercial e-mail ( spam ) j. Online marketing and advertising i. Search engine marketing (SEM) ii. Online behavioral marketing (OBM) k. Online social media i. Social networking services ii. Instant messaging l. Online assurance i. Trust seal and dispute resolution programs ii. Self-regulatory frameworks 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information