Best Practices at Research Level

Similar documents
How To Protect Privacy In A Computer System

Privacy Management Standards: What They Are and Why They Are Needed Now

PRIPARE's New Vision on Engineering Privacy and Security by Design

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Cisco Cloud Assessments. Justin Tang

Dynamic Security for the Hybrid Cloud

Cloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

Cloud Courses Description

Cloud Courses Description

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Big Data, Big Risk, Big Rewards. Hussein Syed

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Consor;um (partners) ARES conference Toulouse, 24 August 2015

Case Studies: Protecting Sensitive Data in

Bellevue University Cybersecurity Programs & Courses

PTAC Toolkit for LEAs: Staff Policies and Teacher Access March 24, 2014

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Mobile devices risk management and data protection Fidel Santiago DPO meeting 8 May 2015

Security and Privacy in Cloud Computing

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

PCI Compliance for Cloud Applications

Security Issues in Cloud Computing

Cloud Security:Threats & Mitgations

Addressing Security for Hybrid Cloud

Library Systems Security: On Premises & Off Premises

Cloud Security Introduction and Overview

Securing the Cloud with IBM Security Systems. IBM Security Systems IBM Corporation IBM IBM Corporation Corporation

Top 10 Cloud Risks That Will Keep You Awake at Night

1. Understanding Big Data

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Top 10 Privacy Risks Project

Cloud Computing Governance & Security. Security Risks in the Cloud

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Addressing Cloud Computing Security Considerations

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Key Management Issues in the Cloud Infrastructure

Refresher on cloud computing

Privacy Impact Assessment for the. Standardized Tracking and Accounting Reporting System- Financial Management System (STARS-FMS)

How To Understand Cloud Computing

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

European Commission initiatives on e- and mhealth

SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks

What you need to know about Office 365

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

THE BLUENOSE SECURITY FRAMEWORK

Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

Privacy(and(Data( Protection( (Part(II(

Homeland Security Virtual Assistance Center

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Medical Technologies and Data Protection Issues - QUESTIONNAIRE

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Cloud-Security: Show-Stopper or Enabling Technology?

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

G-Cloud IV Services Service Definition Accenture Cloud Security Services

Click to edit Master title style

Secure & Unified Identity

Ragy Magdy Regional Channel Manager MEA IBM Security Systems

Cloud Computing Security Framework for Banking Industry

Developing the Corporate Security Architecture. Alex Woda July 22, 2009

Balancing Security Investment Against Today's Threat Environment

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Vendor Due-Diligence & Vendor Management

Information Technology: This Year s Hot Issue - Cloud Computing

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

CESG Certification of Cyber Security Training Courses

Cloud Security for Federal Agencies

The Bureau of the Fiscal Service. Privacy Impact Assessment

Unified Identity Management

Threat and Vulnerability Management (TVM) Protecting IT assets through a comprehensive program. Chicago IIA/ISACA

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach.

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Managing Cloud Computing Risk

Privacy Impact Assessment

Cloudy with Showers of Business Opportunities and a Good Chance of. Security. Transforming the government IT landscape through cloud technology

SECURE CLOUD COMPUTING

Security Threat Risk Assessment: the final key piece of the PIA puzzle

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen

Cloud Security Through Threat Modeling. Robert M. Zigweid Director of Services for IOActive

Privacy + Security + Integrity

How To Secure Cloud Computing

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security

Online Lead Generation: Data Security Best Practices

The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

U.S. Securities and Exchange Commission. Mailroom Package Tracking System (MPTS) PRIVACY IMPACT ASSESSMENT (PIA)

Security Information & Policies

Governance and Control in the Cloud. Infrastructure as a Service

Information Security

(a) the kind of data and the harm that could result if any of those things should occur;

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015

White Paper: Data Protection In The Cloud. Data Protection In The Cloud

New Risks in the New World of Emerging Technologies

Transcription:

PReparing Industry to Privacy-by-design by supporting its Application in REsearch Best Practices at Research Level Hisain Elshaafi Telecommunications Software and Systems Group (TSSG) Waterford Institute of Technology, Ireland

Outline Aspects of Best Practices Research of Privacy Best Practices Best Practices for the Cloud Best Practices in Mobile Services Privacy Best Practices in Research Projects Conclusion 21/05/2014 PRIPARE 2

Aspects of Best Practices 1. Privacy best practices in research projects Part of research ethics E.g. health, education, market research 2. Privacy(-related) best practices Privacy Impact Assessment (PIA) Privacy and security patterns OASIS Privacy Management Reference Model (PMRM) Privacy & security best practices e.g. OWASP Privacy Protection Cheat Sheet, ISO/IEC 2700x National and International guidelines e.g. OECD privacy principles, CNIL privacy risk guidelines 21/05/2014 PRIPARE 3

Research of Privacy Best Practices General privacy and related best practices and guidelines Coding best practices Data minimisation and management in relation to limitation of data quantity, time, sensitivity Domain specific Mobile services Cloud Social media Smart grid RFID Healthcare systems 21/05/2014 PRIPARE 4

Policy Best Practices for the Cloud Defines privacy-related rules and states reasons Varies in scope between IaaS, PaaS and SaaS Risk management Guidelines on assessing, addressing and reducing risks Data encryption Key and certificate management Data storage Encrypted data and user data isolation Event auditing and reporting Levels of logging, confidentiality agreements, secure archiving, etc. 21/05/2014 PRIPARE 5

Best Practices for the Cloud Vulnerability scanning Vulnerability and penetration testing, compensation. Identity and access management Identity management, personnel access, least privilege principle, granularity, RBAC, Separation of Duties Configuration management and change control well-defined, govern changes, identify consequences, assurance Network security, Transparency, Monitoring and traceability,... 21/05/2014 PRIPARE 6

Best Practices for Cloud Consumers Selection based on CSPs Current security practices and controls Transparency into security and privacy practices Security needs inline with CSP security Data encryption (at rest/in motion) Monitoring CSP Infrastructure and policy changes 21/05/2014 PRIPARE 7

Best Practices in Mobile Services App developers E.g. policies, PII collection limitation App platform providers E.g. user education guidelines, reporting tools for privacy violations, app developer education OS developers E.g. global privacy settings, OS vulnerabilities Marketing and advertising networks E.g. ad access rights to user services, ad context Mobile operators E.g. customer and parent mobile privacy education 21/05/2014 PRIPARE 8

Ease of use Evaluation of Best Practices requires completeness of description e.g. context and problem not only techniques Sufficiency Distribution of types of best practices and patterns -> attack and misuse patterns, countermeasures, security specifications Lifecycle phases -> requirements, design, implementation Effectiveness measure using security or privacy metrics e.g. frequency of violations 21/05/2014 PRIPARE 9

Privacy Best Practices in Research Justification of data requirements In relation to research objectives and scope Defined purposes Minimisation of personal data collection, identifiability, sensitivity, anonymisation Consent For collection, use and disclosure practicality, forms of consent (opt-in, opt-out) documentation and management of consent Informing participants e.g. understandable language, enough time 21/05/2014 PRIPARE 10

Privacy Best Practices in Research Protection of personal data and access control Institutional, physical and technological measures Risk assessment Limit on data retention, use and disclosure As long as necessary Plan on publication of results Sharing for research purposes Accountability and transparency in data management Clearly defined roles and responsibilities of individuals Open policies and practices Dialogue with community 21/05/2014 PRIPARE 11

Conclusion Privacy related guidelines, policies, patterns, models and templates Custom best practices for cloud, mobile, etc Best practices for different stakeholders Ethics in research 21/05/2014 PRIPARE 12

PReparing Industry to Privacy-by-design by supporting its Application in REsearch Questions? Email: helshaafi@tssg.org

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information