Embed Size (px)
DESCRIPTION
“Data protection, privacy and the IT department – how to manage the proliferation of data in your organisation” Hosted by Brian Glick, Editor-in-Chief Computer Weekly. Speaker lineup Mark Skilton, Professor of Practice Information Systems and Management at Warwick Business School Mike Cope, IT Director at University College London Keith Bucknall, Head of Strategy, Architecture & Infrastructure at Equity Insurance Group The CW500 Club from Computer Weekly is a private members’ club for senior IT professionals and leading industry figures. Membership is by invitation only and allows access to premium content for IT leaders and a monthly networking event held at the Waldorf Hilton Aldwych, London, WC2B 4DD
Citation preview
Prof. Mark Skilton
Professor of Practice, Information Systems Management
Warwick Business School, UK
The rise of data - Digital economy
� Growing 30% of business is shifting online to
search and engage with consumers, markets and
transactions taking account of retail , mobile
and impact on supply channels (1)
� 80% of transport, real estate and hotelier
activity is processed through websites (2)
� over 70% of companies and consumers are
experiencing cyber-privacy challenges (3), (4)
2Prof Mark Skilton Copy right 2014
The Digital Ecosystem
� the digital media in social, networks, mobile
devices, sensors and the explosion of big data
and cloud computing networks is
interconnecting potentially everything
everywhere – amounting to a new digital
“ecosystem”
3Prof Mark Skilton Copy right 2014
Cyber Privacy
4Prof Mark Skilton Copy right 2014
A recent
Example..
Cyber Security
5Prof Mark Skilton Copy right 2014
A recent
Example..
Things may not be what they appear..
6Prof Mark Skilton Copy right 2014
In Cyber Security,..
Personas, impersonators,
Sales versus technical skills,
Service qualities ,….
What are you buying, using , who
from ?
Cyber rights
� Rights are no longer
national
� Erosion of Privacy
� Instrumentality of key data
of the workspace
� Globalization weakens
everyone’s privacy
7Prof Mark Skilton Copy right 2014
Example viewpoints
Age of the Information Panopticon
8Prof Mark Skilton Copy right 2014
Elevation, section and plan of
Jeremy Bentham's
Panopticon penitentiary,
drawn by Willey Reveley,
1791
Presidio Modelo prison,
Cuba, 2005Internet and social
Networks 2014..
PCST - Digital Security Strategy
9Prof Mark Skilton Copy right 2014
Privacy
TrustConfidentiality
Security
Mechanisms
Tools
Standards
Optionality in / out
(privacy, cookies, ..)
Zone Boundary
and Domain
Policies
Encryption &
Access
Monitoring
Policies
Assurance
(Surveillance)
Employment law
Commercial
Intellectual Property
False dichotomies
10Prof Mark Skilton Copy right 2014
Privacy ≠ Security Zero sum
game
Positive sumPrivacy and Security
Privacy by Design
Privacy is “built in”
1. Proactive not Reactive; Preventative not Remedial
2. Privacy as the Default Setting
3. Privacy Embedded into Design
4. Full Functionality — Positive-Sum, not Zero-Sum
5. End-to-End Security — Full Lifecycle Protection
6. Visibility and Transparency — Keep it Open
7. Respect for User Privacy — Keep it User-Centric
The debate is over what is Fair information practices (EU
Commission , FTC Federal Trade Commission, FCC ….)11Prof Mark Skilton Copy right 2014
(1) (2) (3) NYC School of Law,
Berkley Technology Law
Review 2013 , I&P
Commissioner Ontario 2011
Redefinition of Data in the Internet
of things
The Quantified Self & Quantified Life
13Prof Mark Skilton Copy right 2014
The rise of Digital Ecosystems
14Prof Mark Skilton Copy right 2014
The “Smart Hotel”
The rise of Digital Ecosystems
15Prof Mark Skilton Copy right 2014
The rise of Digital Ecosystems
16Prof Mark Skilton Copy right 2014
Role of IT Departments
17Prof Mark Skilton Copy right 2014
Digital
Non-Digital
Physical
Context
DataClassification
Individuals
Communities Associations
Access
Authentication
Authorization
Boundaries / Domains Audit / Compliance
Quality of Context Assurance
Legal, Contractual, Political, Rights, Assertions, Privileges
Commercial, IP , Copyright , Brand, Image , Reputation
Privacy
Trust
Confidentiality
Security
Digital Cyber
Strategy
Technical
Assurance
SLA - GuaranteesNon-Functional
Functional Qualities DR + BC + Resilience
Digital Cyber Strategy
All actors, components, relationships
Objects
change
Digital Risk
Severe
loss
steady Recovery
Role of the IT Department
18Prof Mark Skilton Copy right 2014
Privacy
Trust
Confidentiality
Security
Digital Cyber
Strategy
Level and control of data disclosureto unauthorized individuals, entities or processes
Level and control of data isolation
Level and control of individual or organization overaccess and use of personal data by a 3rd party
Level and control of authorizationand restriction provided to a individual or 3rd party to use of personal data
Level and control of integrity and persistence of data –property of accuracy and completeness
Level of non-repudiation- ability to prove a claimed event or action and its originating entities
Level of conformity –fulfilment of a requirement
Level of IP – Intellectual Propertycontainment and Identity Management
Level of monitoring and responseaction to planned or unplannedsecurity incident – (e.g. DDOS)- A process to determine thestatus of a system
Level of perimeterization
Level and control of authentication –provision of assurance that a claimed characteristic of an entity is correct
Level and control of authenticity –property that an entity is what it claims to be
Data protection, privacy and the IT
department – how to manage the
proliferation of data in your
organisation
� Measuring cyber risk
� Managing data security
� Enabling innovation
19Prof Mark Skilton Copy right 2014
