Confidentiality Privacy and Security in PGMT
Post on 10-Apr-2018
219 Views
Preview:
Transcript
8/8/2019 Confidentiality Privacy and Security in PGMT
1/16
Confidentiality,
Privacy and
Security
8/8/2019 Confidentiality Privacy and Security in PGMT
2/16
Simple Definitions
Privacy: The desire of a person to control thedisclosure of personal information
Confidentiality :The ability to control release ofinformation under an agreement that limitsfurther release of that information
Security : Protection of privacy andconfidentiality through policies, proceduresand safeguards.
8/8/2019 Confidentiality Privacy and Security in PGMT
3/16
Why do they matter?
Ethically, privacy and confidentiality areconsidered to be rights in our profession/culture.
Information revealed may result in harm tointerests of the organization (Or its partners,customers or suppliers)
8/8/2019 Confidentiality Privacy and Security in PGMT
4/16
Privacy solutions
Forbid the collection of data that might be misused
Allow the collection of information within a
structure, but with rules and penalties for violationcollectingprocedures.
Generate policies to which individual information
handlers must adhere.
8/8/2019 Confidentiality Privacy and Security in PGMT
5/16
How to ensure Security?
Security can be ensured by controlling the following
Availability ofInformation
Accountability ofindividuals who handle theInformation
Perimeter definition for storing the information
Rule-limited access for the intended user
Comprehensibility and control of all the above.
8/8/2019 Confidentiality Privacy and Security in PGMT
6/16
Security controls
Management controls
Program management/risk management
Operational controls
Operated by peopleTechnical controls
Operated by the computer system
8/8/2019 Confidentiality Privacy and Security in PGMT
7/16
Core security policies
Confidentiality through agreements
Data distribution/transmissionthrough recognised (Email, FTP,
VPN etc)
System access thru defined control.
Virus protection
Backup and recoverySecurity training and awareness
8/8/2019 Confidentiality Privacy and Security in PGMT
8/16
Security: availability
Ensures that accurate, up-to-date information isavailable when needed at appropriate places
Security: accountability
Ensures that users are responsible for theiraccess to and use of information based on a
documented need and right to know
8/8/2019 Confidentiality Privacy and Security in PGMT
9/16
8/8/2019 Confidentiality Privacy and Security in PGMT
10/16
Threats
Threat 1
Insiders who make innocent mistakes andcause accidental disclosure
Elevator discussion, info left on screen, chartleft in hallway etc.
Counter threat 1Behavioral code
Screen savers, automated logout
8/8/2019 Confidentiality Privacy and Security in PGMT
11/16
Threats
Threat 2
Insiders who abuse their privileges
Counter threat 2
Deterrence
Sanctions
Audit
Encryption (user must obtain access keys)
8/8/2019 Confidentiality Privacy and Security in PGMT
12/16
Threats
Threat 3
Insiders who access information inappropriatelyfor spite or profit
London Times reported that anyones electronicrecord could be obtained for $300
Counter threat 3Audit trails
Sanctions appropriate to crime
8/8/2019 Confidentiality Privacy and Security in PGMT
13/16
Threats
Threat 4
Unauthorized physical intruder
Fake Employee
Counter threat 4
Deterrence
Strong technical measures (surveillance tapes)
Strong identification and authentication measures
8/8/2019 Confidentiality Privacy and Security in PGMT
14/16
Threats
Threat 5
Vengeful employees or outsiders bent ondestruction or degradation, e.g. deletion,
system damage, DOS attacksLatent problem
Counter threat 5
Obstacles
Firewalls
8/8/2019 Confidentiality Privacy and Security in PGMT
15/16
Countering threats
Deterrence
Create sanctions
Depends on identification of bad actors
Imposition of obstaclesFirewalls
Access controls
Costs, decreased efficiency, impediments toappropriate access
8/8/2019 Confidentiality Privacy and Security in PGMT
16/16
Activity
Lets identify the threats specific to our projectinformation.
How can we counter them?
top related