More Content - Including Podcasts

Thursday, February 16, 2012

The impact of mobility, social networking, data breaches and intelligent analysis on privacy and organizational security

Michael Argast, Director, Western Canada, TELUS Security Solutions
The impact of mobility, social networking, data breaches and intelligent analysis on privacy and organizational security
In a whirlwind 30-minute session, Michael will cover a wide ranging set of topics and talk about their impact on privacy, security and risk management. He will provide practical, straight forward advice on how to orient your organization’s policies and security investments to ensure privacy needs are met, while balancing open access, security and fiscal considerations. Topics covered will include bring your own device strategies, flexible workstyles, social networking, data breaches, change in threat profiles and more. This session targets those interested in privacy and security from a business or operational perspective.

Four trends Telus sees in the business environment:
Consumeraisation of IT
Evolution of personal workstyles and employee mobility
Need to provide enterprise employees with access to data that is behind and beyond the firewall
Unequalled customer service quality

Privacy in mobility and security...
Who should get to know who your friends are?
Xinga is facebooks biggest customer, you are the commodity facebook sells them.
Overall, all organisations allow employees access to facebook for personal use.
IOS applications have full access to your address book with no controls, other than access to publish in the app store. Security controls are being provided to consumers to control this, but the individuals need to stay on top of these threats to our privacy.

Who should get to know where you are and where you've been?
Again we discuss the location tracking concepts that are either published and acknowledged or not. Are there positive aspects to this information being available? Certainly, but consumer need to control the access that data.

Bill C-30
With a warrant requires backdoors to be built for browsing history and Skype, GoogleTalk, etc. may limit availability of tech services and applications into Canada due to cost.
Without a warrant, law enforcement wants a long list of PII.
The ALPR Automatic License Plate Recognition systems allow an officer to grab a license plate and do a system lookup. It leverages an MC grabber which grabs all cell phone information in a geographic area. Leveraged with Bill c-30, this gives police the ability to track the movement of all private citizens.

About 90% of IT security breaches are not discovered by the company breached, but by third parties who are using big data correlation to build socio economic profiles. What else are they doing with this data though? Corollary, that people with more security technology in place, report more breaches. They don't actually have more breaches, they are just more aware of the breaches occurring. So are you not only aware of who is coming in, but what data is going out to third parties?

- Posted using BlogPress from my iPad

Location:13th Privacy & Security Conference

No comments: