View
214
Download
0
Category
Preview:
Citation preview
SEC303
Assessing and Managing Privacy in the Enterprise
JC CannonPrivacy Strategist
Agenda
Planning and assessing enterprise privacy
Managing WMP & Office privacy settings
Managing Internet-based Services in Windows Server 2003
Integrating P3P into your websites
Privacy Framework
Push privacy features in PR & Push privacy features in PR & conferencesconferencesContent on ms.com and MSDN privacy Content on ms.com and MSDN privacy sitessitesInteract with privacy leaders & Interact with privacy leaders & analystsanalysts
Privacy training for all teamsPrivacy training for all teamsPrivacy analysis on features & Privacy analysis on features & componentscomponentsPrivacy settings linked to group policyPrivacy settings linked to group policyTurn off communications to the Turn off communications to the InternetInternetTurn privacy settings offTurn privacy settings offProtect access to dataProtect access to dataPrivacy deployment guidelinesVisible first-run experiencePrivacy response team creation
PDPD33 + Communications + Communications
Privacy Privacy by Designby Design
PrivacyPrivacy by Defaultby Default
PrivacyPrivacy in in DeploymentDeployment
CommunicationsCommunications
Planning for Privacy
Build a team of privacy professionals
Provide privacy training for your entire company
Create a corporate privacy policy
Deploy the policy to each team in your company
Planning for PrivacyDefining policy
Define policyDefine policyEnsure complianceEnsure complianceAudit deploymentsAudit deployments
CorporatePrivacyGroup
Marketing HR SupportDefine processesDefine processesDeploy to all teamsDeploy to all teams
Data handling
Application deployment
Partner relationships
Document Data UsageThings to look for
Is the data encrypted during collection, storage, and transfer
Is there physical and programmatic security for the data
Is a good auditing mechanism in place
How do users access their data
Is there a retention policy
Document Data Usage
Consumers
Customerdatabase
Marketingteam
PartnersWeb
ServerWeb
Server
CollectionCollection StorageStorage
SharingSharing
Onward Onward transfertransfer
Legend
- Included in privacy statement
- Has a deletion policy
- Has security/ACLs
- Is encrypted
Documenting Applications
OfficeOnline help Disabled
CEI Program Disabled
IRM Enabled
Inventory all applications
Determine a policy for privacy settings
Use group policy where possible to enforce your policy
Partner Relationships
Make sure that partners understand your privacy policies
Understand their privacy practices
Always have a signed agreement in place before exchanging data
Office 2003Internet/Privacy Based Features
Internet Help
Office Update
Information Rights Management
Document metadata
Spotlight feature updates links from the Internet
Document templates assist with protecting data
Office 2003Word Privacy settings
Office 2003Administrative Templates
ADM file Application
Office11.adm Shared Office11 components
Access11.adm Microsoft Access11
Excel11.adm Microsoft Excel11
Gal11.adm Clip Organizer
Instlr11.adm Windows Installer 2.0
Outlk11.adm Microsoft Outlook11
Ppt11.adm Microsoft PowerPoint11
Pub11.adm Microsoft Publisher11
Office 2003Information Rights Management
Works with Windows Server 2003 Rights Management ServerProtects documents from invalid accessControls read, write, printing, and forwarding of documentsCan be used for legislation compliance
GLBA, HIPAA, and Patriot ActBased on visible, embedded email address
Office 2003Information Rights Management
Reviewer
Author
Author registers documentAuthor registers document
Document goesDocument goesto reviewerto reviewer Reviewer getsReviewer gets
document rightsdocument rights
RightsManagement
Server
Office 2003 - IRMPermissionsDialogs
Office 2003 - IRMSome things can’t be avoided
Controlling Office Controlling Office Privacy SettingsPrivacy Settings
demodemo
Windows Media Player 9 Overcoming Bad WMP 8 Practices
Forgot to disclose new features in WMP 8 privacy statement
Privacy expert announced, “MS can track the DVDs you watch.”
Privacy settings were missing or vague
Also, locally stored metadata lacked protection and access
Responses to privacy issues were not coordinated
Windows Media Player 9Install experience
Windows Media Player 9Privacy settings
Controlling WMP9 Controlling WMP9 Privacy SettingsPrivacy Settings
demodemo
Internet-Based ServicesBenefits
Improve user experience
Maintain high level of security and reliability
Provide innovative features
Reduce piracy
Internet-Based ServicesMisunderstandings
No “backdoor” to obtain user data
Microsoft does not sell, rent, or lease customer data to other companies
Internet-Based ServicesList for Windows Server 2003
Activation and registrationApplication HelpCertificate SupportDevice ManagerDriver ProtectionDynamic UpdateEvent ViewerFile AssociationHelp and Support CenterHyperTerminalInternet Explorer 6.0Internet Information Services
Internet Protocol v6NetMeetingOnline Device HelpOutlook Express 6.0Plug and PlayProgram Compatibility WizardRemote AssistanceSearch CompanionWindows Error ReportingWindows Media PlayerWindows Time ServiceWindows Update
Windows Error Reporting Error Dialog
Windows Error Reporting Settings
Controlling Windows Error Controlling Windows Error Reporting Privacy SettingsReporting Privacy Settings
demodemo
Windows Update Settings
Controlling Windows Controlling Windows Update Privacy SettingsUpdate Privacy Settings
demodemo
Using Group Policy to Using Group Policy to Control Privacy SettingsControl Privacy Settings
demodemo
Internet Explorer 6.0Privacy Features
P3P based privacy functionality
Permits cookie managementBased on domain name
Based on cookie type
Based on level of desired privacy
Integrating P3P improves trust
Internet Explorer 6.0Privacy settings
Building P3P Content
Policy Policy ReferenceReference
PagePage
Policy Policy ReferenceReference
PagePage
HTMLHTMLPolicy Policy PagePage
HTMLHTMLPolicy Policy PagePage
XMLXMLPolicy Policy PagePage
XMLXMLPolicy Policy PagePage
CompactCompactPolicyPolicy
DefinitionDefinition
CompactCompactPolicyPolicy
DefinitionDefinition
Ask The ExpertsGet Your Questions Answered
I will be available at the Windows Server 2003 until 2 July
Community Resources
Community Resourceshttp://www.microsoft.com/communities/default.mspx
Most Valuable Professional (MVP)http://www.mvp.support.microsoft.com/
NewsgroupsConverse online with Microsoft Newsgroups, including Worldwidehttp://www.microsoft.com/communities/newsgroups/default.mspx
User GroupsMeet and learn with your peershttp://www.microsoft.com/communities/usergroups/default.mspx
Suggested Reading And Resources
The tools you need to put technology to work!The tools you need to put technology to work!
TITLETITLE AvailableAvailable
Microsoft® Windows® Security Microsoft® Windows® Security Resource Kit:0-7356-1868-2Resource Kit:0-7356-1868-2 TodayToday
Microsoft® Windows® Server 2003 Microsoft® Windows® Server 2003 Administrator's Companion: 0-7356-Administrator's Companion: 0-7356-1367-21367-2 TodayToday
Microsoft Press books are 20% off at the TechEd Bookstore
Also buy any TWO Microsoft Press books and get a FREE T-Shirt
Writing Secure Code second editionWriting Secure Code second edition TodayToday
Using Windows in a Managed EnvironmentLocation of White Papers
Windows XP SP1http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/00_abstr.asp
Windows 2000 SP3http://www.microsoft.com/technet/prodtechnol/windows2000pro/maintain/w2kmngd/00_abstr.asp
Windows Server 2003http://www.microsoft.com/technet/prodtechnol/windowsserver2003/maintain/security/ws03mngd/00_abstr.asp
Other Resources
Internet Explorer Administration Kithttp://www.microsoft.com/technet/prodtechnol/winxppro/maintain/xpmanaged/00_abstr.asp
Deploying P3P on your websitehttp://msdn.microsoft.com/workshop/security/privacy/overview/createprivacypolicy.asp
Office 2003 Resource Kithttp://www.microsoft.com/office/ork/xp/journ/orkbeta.htm
evaluationsevaluations
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Recommended