VeriSign data privacy semantic web

Information about VeriSign data privacy semantic web

Published on October 3, 2007

Author: BAWare

Source: authorstream.com

Content

Data Privacy for data in transit and The Semantic Web:  Data Privacy for data in transit and The Semantic Web Mike Davies Data privacy at rest vs in transit:  Data privacy at rest vs in transit Personal data at rest Stored within a company’s network Personal data in transit Moved either within a public or private network Industry and regulations has focused on the former Rather than the latter The Semantic Web:  The Semantic Web The Semantic web will make it easier to get data on any subject from the internet Data privacy will be impacted as the fog of information becomes clearer Fraudsters will use these tools to steal identities by looking at multiple sources ("Phoraging") Where security needs to be applied to protect privacy SSL – SSL Certificates used externally:  SSL – SSL Certificates used externally SSL – SSL Certificates:  SSL – SSL Certificates SSL – SSL Certificates used Internally MPKI for SSL How much value to a fraudster is there in data? :  How much value to a fraudster is there in data? Value of data Consumer interaction With site So who says where the security line should be? :  So who says where the security line should be? Privacy line position is very clear Name and Address (email or physical) is personal data Position of Security line depends on following 1) Regional or country Data protection laws i.e. UK data protection act of 1998 2) Best practice in standards i.e. BS 7799, ISO 27001 3) Potential or percieved threat Currently “Potential threat vs value of data vs cost of solution” Should be “Potential brand or equity damage vs cost of solution” 1) Regional or country based Data Protection laws :  1) Regional or country based Data Protection laws Current laws in Europe all based on EU Privacy Directive and then interpreted by the member states In UK became “Data Protection Act of 1998” Over 8 years old The “dummies guide to DP law” says… “Personal Data should be protected to an appropriate level of security dependant on the potential for and implications of misuse” In 1998 “the Security Line” was drawn the internet has changed a little since then! 1) EU Law based on “Physical world” (Postal Model):  1) EU Law based on “Physical world” (Postal Model) Online world Physical world DATA PROTECTION STARTS DATA PROTECTION STARTS 1) Regional or country based Data Protection laws :  1) Regional or country based Data Protection laws Decisions were made on the “postal model” but one major difference Consumer “feels” like they are “in the store” Not reliant on a trusted third party to deliver (i.e. Royal Mail) Even use the term “domain” At best creates a “duty of care” for Site Owner To ensure that customers are safe At least implies that the Site Owner should be worried Brand and equity issues if there is a compromise 2) Best Practice in standards :  2) Best Practice in standards British Standards BS7799 Dictates best practice for online security Standards only, no legal requirement However very influential in EMEA 2) Best Practice in standards:  2) Best Practice in standards EU Safe Harbour Standard EU initiative to ensure security when personal data leaves EU “Packets” of data could travel outside of EU On their route over the internet within EU EU Safe Harbour states “Organizations creating, maintaining, using or disseminating personal information must take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction” This could ALONE give us enough reason to say that best practice states that you should encrypt ANY personal data 3) Potential or perceived threat :  3) Potential or perceived threat Percieved threat to low value personal data is changing Cost of processing power very different to 1998 Potential to build illegal “database” of personal data real Use geo location software to correlate information? “Packet sniffing” Originally used for credit card data Searches all data going into a site for known characteristics No reason why it can’t be used for other data sets Looking for real life examples but could be used for Corporate espionage Spammers Fraud Press Blackmail Burglary 3) Potential or perceived threat - Privacy Policy :  3) Potential or perceived threat - Privacy Policy 3) Example Threat 1 – Burglary Database:  3) Example Threat 1 – Burglary Database To: [email protected] From: [email protected] Subject: Brochure request ------------------------------------------------------------------------------------------------------------------------------------------------- Please help!!!! We are looking for a holiday destination for our honeymoon from the 1st October 2006 to 15th October 2006. Can you suggest anywhere? We would also really like to see a printed copy of your brochure or at worse a .pdf we can print out here If .pdf please email to: [email protected] If Physical copy please send to the below address. 111 Main Street, Chiswick, London, W4 1AA, UK Alternatively if you have a representative who can call me to discuss you can get me on 0208 511 7856. Thanks! Mike Davies 3) Example Threat 1 – Similar example in US:  3) Example Threat 1 – Similar example in US 3) Example threat 2 – Spammers:  3) Example threat 2 – Spammers To: [email protected] From: [email protected] Subject: Brochure request ------------------------------------------------------------------------------------------------------------------------------------------------- Please help!!!! We are looking for a holiday destination for our honeymoon from the 1st October 2006 to 15th October 2006. Can you suggest anywhere? We would also really like to see a printed copy of your brochure or at worse a .pdf we can print out here If .pdf please email to: [email protected] If Physical copy please send to the below address. 111 Main Street, Chiswick, London, W4 1AA, UK Alternatively if you have a representative who can call me to discuss you can get me on 0208 511 7856. Thanks! Mike Davies Mike 3) Example threat 3 – Government :  3) Example threat 3 – Government 3) Example threat 4 – Entrepeneurs :  3) Example threat 4 – Entrepeneurs Some questions for the ICO:  Some questions for the ICO Do you feel that companies should protect consumer data in transit? If so, do you think the Data Protection law gives you adequate powers to enforce protecting data in transit? Data Privacy for data in transit and The Semantic Web:  Data Privacy for data in transit and The Semantic Web Mike Davies

Related presentations


Other presentations created by BAWare

Integration into the SDLC
30. 08. 2007
0 views

Integration into the SDLC

hot topic
28. 09. 2007
0 views

hot topic

hispanics
01. 10. 2007
0 views

hispanics

zhang
10. 10. 2007
0 views

zhang

schwa
30. 08. 2007
0 views

schwa

aocc
30. 08. 2007
0 views

aocc

Pedersen
30. 08. 2007
0 views

Pedersen

Mining Sciences
30. 08. 2007
0 views

Mining Sciences

Intelligence Gathering mallorca
30. 08. 2007
0 views

Intelligence Gathering mallorca

ppt00021
30. 08. 2007
0 views

ppt00021

hoe wat over adsl
30. 11. 2007
0 views

hoe wat over adsl

The Healthy Potato
04. 12. 2007
0 views

The Healthy Potato

KINDS OF NOUNS
05. 11. 2007
0 views

KINDS OF NOUNS

CUPA 2007 Adv HW part 3
07. 11. 2007
0 views

CUPA 2007 Adv HW part 3

p Javier Carrillo
14. 11. 2007
0 views

p Javier Carrillo

High Intensity Interval Training
13. 12. 2007
0 views

High Intensity Interval Training

measurement
17. 12. 2007
0 views

measurement

OWASP AppSecEU2006 AJAX Security
30. 08. 2007
0 views

OWASP AppSecEU2006 AJAX Security

Feb05Sepracor
29. 11. 2007
0 views

Feb05Sepracor

aula17
28. 12. 2007
0 views

aula17

lab 04
11. 12. 2007
0 views

lab 04

cattle2000
31. 12. 2007
0 views

cattle2000

Mechanized Logging
02. 01. 2008
0 views

Mechanized Logging

Lightning Safety
03. 01. 2008
0 views

Lightning Safety

water problems
21. 11. 2007
0 views

water problems

mideastmaps
07. 01. 2008
0 views

mideastmaps

schulze
12. 10. 2007
0 views

schulze

Sept 17 03B
19. 11. 2007
0 views

Sept 17 03B

Empowerment2
29. 10. 2007
0 views

Empowerment2

LIU MIT 2006
28. 11. 2007
0 views

LIU MIT 2006

USFS Tourism
22. 11. 2007
0 views

USFS Tourism

omni partner guide pps
02. 10. 2007
0 views

omni partner guide pps

convergence
28. 12. 2007
0 views

convergence

sal mauro 061128
28. 02. 2008
0 views

sal mauro 061128

lec05
29. 02. 2008
0 views

lec05

nypss nsta nov 2003
26. 06. 2007
0 views

nypss nsta nov 2003

Movies MC 061129 3
26. 06. 2007
0 views

Movies MC 061129 3

MOUG 08 2002
26. 06. 2007
0 views

MOUG 08 2002

mold
26. 06. 2007
0 views

mold

moilanen movies
26. 06. 2007
0 views

moilanen movies

MMC Bonato
26. 06. 2007
0 views

MMC Bonato

mm class 8
26. 06. 2007
0 views

mm class 8

Oceans 2005
26. 06. 2007
0 views

Oceans 2005

C3A6
04. 01. 2008
0 views

C3A6

Session8Massimiliano Claps
21. 03. 2008
0 views

Session8Massimiliano Claps

paper Columbia pipelines
30. 08. 2007
0 views

paper Columbia pipelines

CDW Ches99 Talk
05. 01. 2008
0 views

CDW Ches99 Talk

Marketing Mix IPG Presentation
26. 03. 2008
0 views

Marketing Mix IPG Presentation

Moab Marketing
27. 03. 2008
0 views

Moab Marketing

0Kim
30. 08. 2007
0 views

0Kim

Coglx to cultlx
22. 11. 2007
0 views

Coglx to cultlx

12 Igra 4pm
06. 12. 2007
0 views

12 Igra 4pm

Rao
28. 03. 2008
0 views

Rao

Goorevich Richard
30. 03. 2008
0 views

Goorevich Richard

06MYMRes2
09. 04. 2008
0 views

06MYMRes2

quickreview
10. 04. 2008
0 views

quickreview

MontanaDDpresentatio n060105a
13. 04. 2008
0 views

MontanaDDpresentatio n060105a

The Happy Monkey
29. 11. 2007
0 views

The Happy Monkey

cnea 376
20. 11. 2007
0 views

cnea 376

e know GV Presentation
17. 04. 2008
0 views

e know GV Presentation

SustainabilityCaseSt udies
22. 04. 2008
0 views

SustainabilityCaseSt udies

mark
30. 08. 2007
0 views

mark

Dialectal Differentiation
24. 11. 2007
0 views

Dialectal Differentiation

Chapter01
30. 08. 2007
0 views

Chapter01

n0102 SPIE1
26. 06. 2007
0 views

n0102 SPIE1

tues RMI cloonan
07. 12. 2007
0 views

tues RMI cloonan

Modi
26. 06. 2007
0 views

Modi

mne tools scripts kskassam
26. 06. 2007
0 views

mne tools scripts kskassam

hausmesse vortrag meyer
16. 11. 2007
0 views

hausmesse vortrag meyer

sjw
21. 12. 2007
0 views

sjw

stew cartons
17. 06. 2007
0 views

stew cartons

stellmach tim
17. 06. 2007
0 views

stellmach tim

Twelfth Night 2
17. 06. 2007
0 views

Twelfth Night 2

tuebingen seminar nov 04
17. 06. 2007
0 views

tuebingen seminar nov 04

TNG Presentation1
17. 06. 2007
0 views

TNG Presentation1

THE SCIENCE OF LOVE
17. 06. 2007
0 views

THE SCIENCE OF LOVE

t06B Functions Examples
17. 06. 2007
0 views

t06B Functions Examples

Sunny
17. 06. 2007
0 views

Sunny

28 1330 HARP rohacs hideg
18. 03. 2008
0 views

28 1330 HARP rohacs hideg

Water way Awareness
17. 06. 2007
0 views

Water way Awareness

Watergate Political Cartoons
17. 06. 2007
0 views

Watergate Political Cartoons

Valentine s PPT
17. 06. 2007
0 views

Valentine s PPT

USB FunctionDrv
17. 06. 2007
0 views

USB FunctionDrv

urban legends
17. 06. 2007
0 views

urban legends

unti 17Le 1 Funny stories
17. 06. 2007
0 views

unti 17Le 1 Funny stories

Understanding Political Cartoons
17. 06. 2007
0 views

Understanding Political Cartoons

Week2 Augustineandhisera
17. 06. 2007
0 views

Week2 Augustineandhisera

Tee
09. 10. 2007
0 views

Tee

seshun
13. 11. 2007
0 views

seshun

Locke 1 07
30. 08. 2007
0 views

Locke 1 07

ames tornado
05. 10. 2007
0 views

ames tornado

TEAM 9
08. 11. 2007
0 views

TEAM 9

Ferragina
23. 11. 2007
0 views

Ferragina

robo wk 4 controls
07. 01. 2008
0 views

robo wk 4 controls

ScottStroup
02. 11. 2007
0 views

ScottStroup

dyer w ref
04. 03. 2008
0 views

dyer w ref

act31sld
30. 08. 2007
0 views

act31sld

WA Final
17. 06. 2007
0 views

WA Final

EnB presentatie Fischbacher
30. 08. 2007
0 views

EnB presentatie Fischbacher

What to do in Harrisonburg
17. 06. 2007
0 views

What to do in Harrisonburg