Sector2015: Difference between revisions
No edit summary |
No edit summary |
||
Line 7: | Line 7: | ||
Oct 19th CSA Cloud Security Alliance | Oct 19th CSA Cloud Security Alliance | ||
'''Cavoukian''' | |||
twitter: @AnnCavoukian | |||
@AnnCavoukian | |||
privacy bigger than security | privacy bigger than security | ||
Line 135: | Line 129: | ||
* understand the tradecraft of adversaries | * understand the tradecraft of adversaries | ||
** how can one "know" your adversaries. resesarch, reports, forensice reports. | ** how can one "know" your adversaries. resesarch, reports, forensice reports. | ||
* reimaging does not keep them out. | |||
* if you don't have the staff then get people who can. | |||
Questions: | |||
Q: honeypots ? | |||
A: a server is a door a jar but it's not | |||
Q: tell me about tools you use to characterize your uniqueness | |||
A: Dark trace machine learning, |
Latest revision as of 15:16, 20 October 2015
http://www.sector.ca/Program/Sessions/Schedule
oct 19 CSA pre conf conf
Oct 19th CSA Cloud Security Alliance
Cavoukian
twitter: @AnnCavoukian
privacy bigger than security
basic sec safegaurds
presentation. micheal chairtoff - sec of dept home land security - huffing ton post.
privacy is not the same secrecy
if nothing to hide then worry.
"duty of care" "If you break the law then you forfeit your privacy." - Cavoukian ( ack! I don't hink so )
PHIPPA
hipppa I was talking to the stake holders: "institutions, doctors, health-care providers"... um what about patients?
informationalselfdetermination
Long German Words @longgermanwords
informationelle Selbstbestimmung
privacy by design 7 fundamentals.
questions / Critique 1. some on in the business decideds to do this, they do it after deciding it's the right hting. Cost / benifit. 2. what is the cost compared to before? 3. what you get out of "gratitude and loyalty" 4. post snowden days. - most people don't know about snoden , why not assange / wikileaks?
are you promoting being open, or are you saying you need to be more secure ... don't be snodened.
5. collection , use , destruction
how to prove all that?
6. transparency - being open with 7. tell me about 23 and me. 8. duty of care - to protect the data. 9. it is uncumbant onyou to tell people about how you use the data. incumbant? 10. how long have you got their data.
PbD - rivacy by design - survalence - biometrics - eg with olg - smart meteres on smart grid
There is a cetification ( ryerson ) Privacy by design ryerson.ca/PBD/Certification
Using privacy by design to achieve big data innovation without compromising privacy.
De-idenification
nymi band cardiace rhythm
oiasis - co chair technical commitee - pbd- for software engineers - playbook.
case studies about cost.
question: risk harm , how to you fold riks problems into risk management.
OPM office of personelle management - break.
preso:
Microsoft guy john weigelt @thumbstackhead
train 3254
microsoft "lockbox"
scoped , temp admin access.
customer gated access
---
panel: future
brian higgins - entrust
then with third brigade
three things: 1. IT will influence all the old sckool inductries ( imagine 3d printer electrical / plumbing ) 2. IT isn't one big thing. it's lots of little htrings nad some IT will go away.
some stuff will be an commodity, foil this with what the pumlbing industry looks like.
3. two citizens wrt standarded : the influenceser s and the followers.
neila cruz - european
_______
track plan
oct 20:
oct 20
plan:
- 14:40 15:40 - 701A - Automation is your Friend: Embracing SkyNet to Scale Cloud Security - Mike Rothman
- 15:55 16:55 - 803 - Run Faster, Continuously Harden - Embracing DevOps to Secure All The Things - Chayim Kirshen
There’s no such thing as a coincidence - Discovering Novel Cyber Threats - Jim Penrose
- leverage your own uniqueness
- assume obfuscating
- understand the tradecraft of adversaries
- how can one "know" your adversaries. resesarch, reports, forensice reports.
- reimaging does not keep them out.
- if you don't have the staff then get people who can.
Questions:
Q: honeypots ?
A: a server is a door a jar but it's not
Q: tell me about tools you use to characterize your uniqueness
A: Dark trace machine learning,