IoT and Privacy by Design
|
|
- Joel Newman
- 5 years ago
- Views:
Transcription
1 IoT and Privacy by Design Consumer privacy = security plus privacy control Consumer products legal and practical It s engineering you need engineering practices Addressing key policy issues use of standards Pete Eisenegger p.eisenegger@btinternet.com BSI Consumer Coordinator Digital Standards ANEC IoT and Privacy expert ISO Consumer Policy Committee Key Person Privacy BCS IoT Workshop 13 th June 2017
2 The law and practical product design 84 % 52 % 46 % % of the UK public who speed at any one time Laws that are used in clear cases of overstepping the mark 3 key practical challenges for Privacy by Design standards Consumers tick the box in 6 seconds Consumers can t remember lots of high strength passwords We don t keep our security up to date
3 The National / International Privacy Standards world UK = The National Standards Body BSI with it s Consumer and Public Interest Network Security and Privacy Technical Committee (IST 33) Europe = CEN, CENELEC and ETSI plus ANEC for consumer representation Mandate for RFID Privacy 2 key CEN standards (TC 225) Joint BSI-CPIN and ANEC Consumer Representatives Privacy Guides New CEN Cyber Security Technical Committee and ESTI commitees Consumer Representatives Privacy Guides Global = International Standards Organization and its Consumer Policy Committee (ISO/COPOLCO) Security and Privacy Technical Sub-Committee (JTC1/SC27) COPOLCO New Work Item Proposal Based on 7 years of groundwork Privacy by Design of Consumer Goods and Services
4 Security in depth Privacy Standards - the industry perspective Protect the data center from the outside world We, the consumers, are on the outside Once consumer data has been collected Data Protection law ISO/IEC Good practice standards series series Increasing risk Currently there isn t the privacy equivalent of product safety law that consumer products should protect our privacy
5 Privacy Standards the consumer perspective Domestic Privacy strategic standards gap Privacy in depth* Protect the individual from the outside world The organisations are on the outside e.g. Wearables and real time data ISO Privacy by Design of consumer goods and services Increasing risk Ref: ISO Focus article Are we safe with the Internet of Things? * Privacy in depth model created for EN 16571
6 So what is this Privacy by Design? Defining the product and setting it s context Key inputs: Understanding consumers needs and consumer context Product technology and security Establish requirements, design product and produce prototypes ISO Safety by Design Guide Product testing and design validation (inc. Privacy Impact Assessment) Prepare for product release Privacy by Design handbook Monitor the market and take remedial action when needed Product end of life Privacy Guides COPOLCO NWIP Privacy by Design of Consumer Goods and Services
7 Privacy needs input to standards Addressing key issues 1. The awareness dilemma people want routine operations to be automated, yet still in accordance with their wishes. 2. How much choice? people need to retain autonomy but not be overwhelmed by options. Defaults will play a vital role. 3. Who has control? consumers (and which consumers?), their machines, or the firms behind the machines? 4. How do people know that vendor claims are true? Lifting the bonnet will mean little to most of us. 5. Social and private interests may well diverge my freedom to drive unsurveilled puts you at risk of a traffic accident. Consumer need for contextual control ( 6 seconds to tick the box plus legal get outs ). Associated requirements for design of digitally connected devices to provide real time privacy controls supplemented by consent notices: - What the personal data items are that can be accessed by others - Who can access who's personal data - When personal data can be accessed - Where personal data can be processed - Purpose of personal data processing - Consumer primacy re: control of appliances A Privacy by Design Specification that product providers can be assessed against by 3 rd parties to raise consumer confidence An example of iphone real time privacy controls Consumers need for good governance Requirement: Governance to protect an individual s privacy should be transparent, proportional and fair while also including the public interest. Requirements for engaging stakeholders - lifted from BS 8900 Sustainable Development Management
8 The Security issue The consumer privacy need for security of their devices round the home, the intelligent connected car and wearables Privacy by Design requirements for : 1. Network connectivity and system security 2. Consumer digital devices inherent security 3. Keeping consumer protection up to date 4. Sourcing trustworthy apps and applications 5. Loss of digital devices 6. Security over a product lifecycle 7. Loss of corporate data 8. Consumer security information and notifications Identify technology vulnerabilities and exploits and design to minimize risks assessed through a Privacy Impact Assessment
9 and finally but most importantly Consumer Centricity Understanding consumers and consumer context Types of consumers: their capabilities and vulnerabilities Use cases definition and specification, i.e. scenarios for intended use, unintended use, misuse and malicious use 3 rd party consumer equipment required for product to function (smartphones, routers etc.) Consumer privacy needs derived from use cases leading to associated product design requirements What good looks like
10 Thank you Pete Eisenegger BCS IoT Workshop 13 th June 2017
IoT and Privacy by Design
IoT and Privacy by Design A recap on previous presentation More recent work on GDPR, NIS Cyber Security, and the Human Right to Privacy The design process for consumer goods and services 2 current examples
More informationIn Accountable IoT We Trust
In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design
More informationEC Mandate: Adaptation to climate change use of standards to make key infrastructures more resilient. Ab de Buck/ Caroline van Hoek
EC Mandate: Adaptation to climate change use of standards to make key infrastructures more resilient Ab de Buck/ Caroline van Hoek January 2018 1 Contents NEN Infrastructures in a changing climate EC Mandate
More informationCyber risk resilience
Cyber risk resilience A consistent approach for a consistently major risk Sara Walton Standards Market Development (Risk, Resilience, Governance) 12 Sept 2017 Copyright 2017 BSI. All rights reserved 1
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationCEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
CEN Identification number in the EC register: 63623305522-13 CENELEC Identification number in the EC register: 58258552517-56 CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationSG-CG/SGIS SG-CG/SGIS. ETSI Cyber Security Workshop Sophia Antipolis, France, January the 16th, 2013 Jean-Pierre Mennella, Alstom Grid
SG-CG/SGIS ETSI Cyber Security Workshop Sophia Antipolis, France, January the 16th, 2013 Jean-Pierre Mennella, Alstom Grid Page 1 CEN/CENELEC/ETSI Smart Grid Co-ordination Group CEN-CENELEC-ETSI 2011 European
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593
COUNCIL OF THE EUROPEAN UNION Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject : Council Resolution on a European approach towards a
More informationEconomic and Social Council
United Nations Economic and Social Council ECE/TRANS/WP.29/2017/46 Distr.: General 23 December 2016 Original: English Economic Commission for Europe Inland Transport Committee World Forum for Harmonization
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationStandardization mandate addressed to CEN, CENELEC and ETSI in the field of Information Society Standardization
Mandate/ 290 EN Standardization mandate addressed to CEN, CENELEC and ETSI in the field of Information Society Standardization 1 Title Mandate addressed to CEN, CENELEC and ETSI in support of the European
More informationNIS Platform Working Group 3 Individuals Digital Rights and Capabilities. Dr. Gisela Meister April
NIS Platform Working Group 3 Individuals Digital Rights and Capabilities Dr. Gisela Meister April 08-2014 AoI 1: Individuals Digital Rights and Capabilities AoI 1 s vision is that individuals needs and
More informationFuture-Proof Security & Privacy in IoT
All rights reserved, Arthur s Legal B.V. Future-Proof Security & Privacy in IoT From State of Play, To State of The Art Arthur van der Wees, LLM Managing Director Arthur s Legal, the global tech-by-design
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More informationEIT Health UK-Ireland Privacy Policy
EIT Health UK-Ireland Privacy Policy This policy describes how EIT Health UK-Ireland uses your personal information, how we protect your privacy, and your rights regarding your information. We promise
More informationDIGITIZING INDUSTRY, ICT STANDARDS TO
DIGITIZING INDUSTRY, ICT STANDARDS TO DELIVER ON DIGITAL SINGLE MARKET OBJECTIVES ETSI When Standards Support Policy 14 November 2016 Emilio Davila Gonzalez Unit Start ups & Innovation, EC DG Connect 72%
More informationTRULY INDEPENDENT CYBER SECURITY SPECIALISTS. Cyber Major
TRULY INDEPENDENT CYBER SECURITY SPECIALISTS Cyber Major 1 WHO WE ARE Cyber Major is a world class, independent and cutting-edge cyber security consultancy. We specialise in conducting full end-to-end
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationM&A Cyber Security Due Diligence
M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security
More informationThe European System of Standardization in the Globalized Economy. AFSEC General Assembly Johannesburg, 10 August 2010
The European System of Standardization in the Globalized Economy AFSEC General Assembly Johannesburg, 10 August 2010 How far should standardization go? 200 9 CEN all right 2s Who s doing what? standardization
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationCybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus
Cybersecurity governance in Europe Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus ska@unipi.gr Elements of a national cybersecurity strategy Set the vision,
More informationIoT Week Workshop on Globally Interoperable IoT Identification and Data Processing Identifiers in IoT
IoT Week 2017 - Workshop on Globally Interoperable IoT Identification and Data Processing Identifiers in IoT Juergen Heiles, Siemens AG AIOTI WG3 IoT Identifier Task Force Co-Chair 1 Introduction In any
More informationLegal Issues Surrounding the Internet of Things and Other Emerging Technology
Legal Issues Surrounding the Internet of Things and Other Emerging Technology ACC Houston Chapter Meeting September 12, 2017 Jonathan Ishee Vorys Sater Seymour and Pease, LLP Dean Fisher RigNet Overview
More informationGeneral Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant
General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationOutreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness
2011/EPWG/WKSP/020 Session 4 Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness Submitted by: Australia Workshop on Private Sector Emergency Preparedness Sendai,
More informationRaising standards for consumers
ANEC comments on European Commission Rolling Plan for ICT standardisation (review) Introduction ANEC is a member of the European multi-stakeholder platform on ICT standardisation, which collaborated in
More informationCommonwealth Cyber Declaration
Commonwealth Cyber Declaration Recognising that the development of cyberspace has made a powerful contribution to the economic, social, cultural and political life of the Commonwealth; Underlining that
More informationAn Introduction to the ISO Security Standards
An Introduction to the ISO Security Standards Agenda Security vs Privacy Who or What is the ISO? ISO 27001:2013 ISO 27001/27002 domains Building Blocks of Security AVAILABILITY INTEGRITY CONFIDENTIALITY
More informationIntroduction to Standards Development
Introduction to Standards Development David Fatscher, Head of Market Development 10 th July 2013 Copyright 2012 BSI. All rights reserved. 7/11/2013 BSI Standards the UK s National Standards Body 2 Total
More informationSecurity and Privacy in Car2Car Adhoc Networks
Security and Privacy in Car2Car Adhoc Networks Antonio Kung Trialog www.trialog.com 15/06/2016 1 Introduction French SME Involved since 2002 in security and privacy for connected vehicles 15/06/2016 2
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationETSI TC ITS WORKSHOP February 2011 Venice Italy. ETSI All rights reserved
ETSI TC ITS WORKSHOP 09-11 February 2011 Venice Italy ETSI 2011. All rights reserved WG1 STANDARDIZATION ACTIVITIES Lan LIN, Hitachi, ETSI TC ITS WG1 Vice-Chairman ETSI 2011. All rights reserved Transportation
More informationLTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security
LTI Security Intelligent & integrated Approach to Cyber & Digital Security Overview As businesses are expanding globally into new territories, propelled and steered by digital disruption and technological
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationIndustry 4.0 and the importance of norms and standards within collaborative, digitized process networks
ProStep ivip Symposium 2017 Industry 4.0 and the importance of norms and standards within collaborative, digitized process networks DIN e. V., Dr. Michael Stephan, Dr. Stefan Weisgerber Essen, 2017-05-17,
More informationInternet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin
Internet of Things Internet of Everything Presented By: Louis McNeil Tom Costin Agenda Session Topics What is the IoT (Internet of Things) Key characteristics & components of the IoT Top 10 IoT Risks OWASP
More informationResults. Survey Quick statistics Survey 'DC 2016 Issue Survey - Internet of Things'
Results Survey 561839 Number of records in this query: 11 Total records in survey: 11 Percentage of total: 100.00% page 1 / 34 Field summary for A Defining ethical in IoT requires a multistakeholder dialogue:
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationCyber security for digital substations. IEC Europe Conference 2017
Cyber security for digital substations IEC 61850 Europe Conference 2017 Unrestricted Siemens 2017 siemens.com/gridsecurity Substation Digitalization process From security via simplicity 1st generation:
More informationUK-led international standards for BIM
UK-led international standards for BIM Kieran Parkinson Digital Transformation Standards Manager Built Environment Copyright 2018 BSI. All rights reserved 27/11/2018 1 BSI Group structure Policy, Engagement
More informationENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June
ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June European Union Agency for Network and Information Security Summary 01 What's ENISA? 02 Some challenges
More informationfalanx Cyber ISO 27001: How and why your organisation should get certified
falanx Cyber ISO 27001: How and why your organisation should get certified Contents What is ISO 27001? 3 What does it cover? 3 Why should your organisation get certified? 4 Cost-effective security management
More informationEuropean Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards
European Standards- preparation, approval and role of CEN Deputy Director - Standards 1 European Standarization why?, 2010-10-14 CEN-CENELEC 2010 2 What standards do enhance the safety of products allow
More informationThe role of Standardization in support of harmonization
The role of Standardization in support of harmonization II International Session on PRTR 2013-07-04, Madrid Tania MARCOS Jefe de Calidad y Medio Ambiente Dirección de Normalización Some history about AENOR
More informationIoT & SCADA Cyber Security Services
RIOT SOLUTIONS PTY LTD P.O. Box 10087 Adelaide St Brisbane QLD 4000 BRISBANE HEAD OFFICE Level 22, 144 Edward St Brisbane, QLD 4000 T: 1300 744 028 Email: sales@riotsolutions.com.au www.riotsolutions.com.au
More informationCybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce
Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce 5-8 September 2017 Yogyakarta, Indonesia Sameer Sharma Senior Advisor ITU Digital Infrastructure for Connectivity SDGs Evolution
More informationCyber Risk and Networked Medical Devices
Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationDeployment is underway!
Deployment is underway! 15 September 2015 Scandic Hotel Roskilde, Denmark CODECS has received funding from the European Union s Horizon 2020 research and innovation programme under Grant Agreement No 653339.
More informationAUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS
AUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS May 2018 BSI Standards 020 8996 7261 Alex.Price@BSIgroup.com Copyright 2012 BSI. All rights reserved.
More informationData Warehouse Risk Assessment (GDPR)
Data Warehouse Risk Assessment (GDPR) The new data protection law is effective from 25.05.2018. Individuals will have more control of their personal data and organisations will have to implement a risk
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationInternational Organization for Standardization (ISO) on Climate Change Adaptation
Für Mensch & Umwelt Short Update for EEA International Organization for Standardization (ISO) on Climate Change Adaptation Clemens Hasse, Federal Environment Agency, Germany What is ISO - ISO is an independent,
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationREAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY
SEPTEMBER 11 13, 2017 BOSTON, MA REAL-WORLD STRATEGIES FOR MEDICAL DEVICE SECURITY HealthcareSecurityForum.com/Boston/2017 #HITsecurity Brian Selfridge Partner, Meditology Services https://www.meditologyservices.com/
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationGDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,
GDPR Impacts SEV GDPR Workshop Athens Giles Watkins, UK Country Leader Wednesday 7th February, 2018 Agenda What is the Privacy Opportunity? What is different under GDPR? Where organisations are focusing?
More informationThe ISO/TMB Smart Cities Strategic Advisory Group (S_Cities SAG)
The ISO/TMB Smart Cities Strategic Advisory Group (S_Cities SAG) Chairman: Graham Colclough Secretary: Francesco Dadaglio ITU Forum: Sustainable smart cities: from vision to reality 13 October 2014 Quick
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationITU Kaleidoscope 2015 Trust in the Information Society
ITU Kaleidoscope 2015 Trust in the Information Society Raising Trust in Security Products and Systems through Standardisation and Certification: the CRISP approach Irene Kamara Vrije Universiteit Brussel
More informationBuilding Trust in the Cloud Era - Protect, Respect Personal Data
Cloud Expo Asia 18 May 2016 Building Trust in the Cloud Era - Protect, Respect Personal Data Stephen Kai-yi Wong Privacy Commissioner for Personal Data, Hong Kong The Hong Kong Data Protection Law The
More informationMedical Device Usability
Medical Device Usability David Adams Global Head, Active Medical Devices Add logo on slide 4 here Topics What is usability? Why usability is so important The regulatory requirements EN 62366 Usability
More informationMandate to CEN, CENELEC and ETSI for Standardisation in the field of electric motors
Ref. Ares(2010)367759-25/06/2010 EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR ENERGY Directorate C - New and renewable sources of energy, Energy efficiency & Innovation C.3 - Energy efficiency of products
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationBSI Group supporting digital transformation in the Built Environment
BSI Group supporting digital transformation in the Built Environment Rob Hine 1 08/02/2018 BSI Group structure Policy, Engagement National Standards Body Assessment and Certification Compliance support
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationISO 27001:2013 certification
www.pwc.ch/cybersecurity ISO 27001:2013 certification Building confidence in your digital future Our approach to certification PwC offers a four-phase approach to help with your ISO 27001 project, using
More informationEnhancing the cyber security &
Enhancing the cyber security & resilience of transport infrastructure in Europe European Union Agency for Network and Information Security Securing Europe s Information society 2 Positioning ENISA activities
More informationEUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL
EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL New Approach Industries, Tourism and CSR Construction, Pressure Equipment, Metrology Brussels, 21 st December 2009 M/457 EN Standardisation
More informationGlobal cybersecurity and international standards
World Class Standards Global cybersecurity and international standards Professor Solange Ghernaouti-Hélie sgh@unil.ch Faculty of Business and Economics, University of Lausanne Member of the Hight Level
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More informationISO/IEC JTC 1 N 13145
ISO/IEC JTC 1 N 13145 ISO/IEC JTC 1 Information technology Secretariat: ANSI (United States) Document type: Title: Status: Business Plan BUSINESS PLAN FOR ISO/IEC JTC 1/SC 40, IT SERVICE MANAGEMENT AND
More informationThis report was prepared by the Information Commissioner s Office, United Kingdom (hereafter UK ICO ).
REPORT TO THE 38 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS - MOROCCO, OCTOBER 2016 ON THE 5 th ANNUAL INTERNATIONAL ENFORCEMENT COOPERATION MEETING HELD IN MANCHESTER, UK,
More informationData Privacy in Your Own Backyard
White paper Data Privacy in Your Own Backyard Staying Secure Under New GDPR Employee Internet Monitoring Rules www.proofpoint.com TABLE OF CONTENTS INTRODUCTION... 3 KEY GDPR PROVISIONS... 4 GDPR AND EMPLOYEE
More informationeidas Regulation eid and assurance levels Outcome of eias study
eidas Regulation eid and assurance levels Outcome of eias study Dr. Marijke De Soete Security4Biz (Belgium) ETSI eidas Workshop 24 June 2015 Sophia Antipolis eidas Regulation Regulation on electronic identification
More informationSecurity Awareness Training Courses
Security Awareness Training Courses Trusted Advisor for All Your Information Security Needs ZERODAYLAB Security Awareness Training Courses 75% of large organisations were subject to a staff-related security
More informationOTA & IoT A Shared & Collaborative Responsibility. 24 October 2017
OTA & IoT A Shared & Collaborative Responsibility 24 October 2017 Online Trust Alliance Founded as Industry Trade Organisation in 2007 65 members (e.g. DigiCert, Symantec, Verisign, Microsoft, Twitter,
More informationStatus of activities Joint Working Group on standards for Smart Grids in Europe
Status of activities Joint Working Group on standards for Smart Grids in Europe Ralph Sporer Chairman JWG on standards for Smart Grids ETSI - Smart Grids Workshop 5-6 April 2011 Sophia-Antipolis Page 1
More informationHow the Board Should Take Care of Cyber Security. ICS Conference 2012, October 31 Denmark
How the Board Should Take Care of Cyber Security ICS Conference 2012, October 31 Denmark Cyber Security is not just a technological issue Situation Our digital society provides lots of new business opportunities,
More informationCEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.
CEF e-invoicing Presentation to the European Multi- Stakeholder Forum on e-invoicing 20 October 2014 DIGIT Directorate-General for Informatics Connecting Europe Facility (CEF) Common financing instrument
More informationCyber Security Guidelines for Securing Home and Small Office Routers
Cyber Security Guidelines for Securing Home and Small Office Routers Author: CS Risk Management Section Document Published Date: March 2018 Document History: Version Description Date 1.0 Published V1.0
More informationEY s data privacy service offering
EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world Introduction Data privacy encompasses the rights and obligations
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationCybersecurity Protecting your crown jewels
Cybersecurity Protecting your crown jewels Our cyber security services We view cybersecurity through a series of interconnected lenses. This rounded approach is designed to provide you with confidence:
More informationCYBER SECURITY AND MITIGATING RISKS
CYBER SECURITY AND MITIGATING RISKS 01 WHO Tom Stewart Associate Director Technology Consulting Chicago Technical Security Leader Protiviti Slides PRESENTATION AGENDA 3 START HACKING DEFINITION BRIEF HISTORY
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationRegulation and the Internet of Things
Regulation and the Internet of Things 15 th Global Symposium for Regulators (GSR15) Prof. Ian Brown The views expressed in this presentation are those of the author and do not necessarily reflect the opinions
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationEUROPEAN COMMISSION DIRECTORATE GENERAL FOR INTERPRETATION
EUROPEAN COMMISSION DIRECTORATE GENERAL FOR INTERPRETATION RESOURCES AND SUPPORT DIRECTORATE Management of Technical Infrastructure Brussels, 23 January 2013 M/516 EN Ref. Ares(2013)136537-04/02/2013 REQUEST
More informationEffective Strategies for Managing Cybersecurity Risks
October 6, 2015 Effective Strategies for Managing Cybersecurity Risks Larry Hessney, CISA, PCI QSA, CIA 1 Everybody s Doing It! 2 Top 10 Cybersecurity Risks Storing, Processing or Transmitting Sensitive
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationGeneral Framework for Secure IoT Systems
General Framework for Secure IoT Systems National center of Incident readiness and Strategy for Cybersecurity (NISC) Government of Japan August 26, 2016 1. General Framework Objective Internet of Things
More information