Sector2015: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
No edit summary
 
Line 7: Line 7:
Oct 19th CSA Cloud Security Alliance
Oct 19th CSA Cloud Security Alliance


---
'''Cavoukian'''


1 single pane of glass
twitter: ‏@AnnCavoukian
 
#spog
 
 
‏@AnnCavoukian
Cavoukian


privacy bigger than security
privacy bigger than security
Line 135: Line 129:
* understand the tradecraft of adversaries
* understand the tradecraft of adversaries
** how can one "know" your adversaries. resesarch, reports, forensice reports.
** how can one "know" your adversaries. resesarch, reports, forensice reports.
* reimaging does not keep them out.
* if you don't have the staff then get people who can.
Questions:
Q: honeypots ?
A: a server is a door a jar but it's not
Q: tell me about tools you use to characterize your uniqueness
A: Dark trace machine learning,

Latest revision as of 15:16, 20 October 2015


http://www.sector.ca/Program/Sessions/Schedule

oct 19 CSA pre conf conf

Oct 19th CSA Cloud Security Alliance

Cavoukian

twitter: ‏@AnnCavoukian

privacy bigger than security

basic sec safegaurds

presentation.
micheal chairtoff - sec of dept home land security - huffing ton post.

privacy is not the same secrecy

if nothing to hide then worry.

"duty of care" "If you break the law then you forfeit your privacy." - Cavoukian ( ack! I don't hink so )

PHIPPA

hipppa I was talking to the stake holders: "institutions, doctors, health-care providers"... um what about patients?

informationalselfdetermination

Long German Words @longgermanwords

informationelle Selbstbestimmung

privacy by design 7 fundamentals.

questions / Critique 1. some on in the business decideds to do this, they do it after deciding it's the right hting. Cost / benifit. 2. what is the cost compared to before? 3. what you get out of "gratitude and loyalty" 4. post snowden days. - most people don't know about snoden , why not assange / wikileaks?

are you promoting being open, or are you saying you need to be more secure ... don't be snodened.

5. collection , use , destruction

how to prove all that?

6. transparency - being open with 7. tell me about 23 and me. 8. duty of care - to protect the data. 9. it is uncumbant onyou to tell people about how you use the data. incumbant? 10. how long have you got their data.

PbD - rivacy by design - survalence - biometrics - eg with olg - smart meteres on smart grid

There is a cetification ( ryerson ) Privacy by design ryerson.ca/PBD/Certification

Using privacy by design to achieve big data innovation without compromising privacy.

De-idenification

nymi band cardiace rhythm

oiasis - co chair technical commitee - pbd- for software engineers - playbook.

case studies about cost.

question: risk harm , how to you fold riks problems into risk management.

OPM office of personelle management - break.

preso:


Microsoft guy john weigelt @thumbstackhead

train 3254

microsoft "lockbox"

scoped , temp admin access.

customer gated access

---

panel: future

brian higgins - entrust

then with third brigade

three things: 1. IT will influence all the old sckool inductries ( imagine 3d printer electrical / plumbing ) 2. IT isn't one big thing. it's lots of little htrings nad some IT will go away.

 some stuff will be an commodity, foil this with what the pumlbing industry looks like.

3. two citizens wrt standarded : the influenceser s and the followers.

neila cruz - european

_______


track plan

oct 20:



oct 20

plan:

  • 14:40 15:40 - 701A - Automation is your Friend: Embracing SkyNet to Scale Cloud Security - Mike Rothman
  • 15:55 16:55 - 803 - Run Faster, Continuously Harden - Embracing DevOps to Secure All The Things - Chayim Kirshen


There’s no such thing as a coincidence - Discovering Novel Cyber Threats - Jim Penrose

  • leverage your own uniqueness
  • assume obfuscating
  • understand the tradecraft of adversaries
    • how can one "know" your adversaries. resesarch, reports, forensice reports.
  • reimaging does not keep them out.
  • if you don't have the staff then get people who can.

Questions:

Q: honeypots ?

A: a server is a door a jar but it's not

Q: tell me about tools you use to characterize your uniqueness

A: Dark trace machine learning,