1 / 9

The enemy from within : data leakage ISCD 2013 Hungary 2 nd September 2013

The enemy from within : data leakage ISCD 2013 Hungary 2 nd September 2013. Guido Vervaet Security Directorate DG Human Resources and Security. Mandate of Commission's Security Directorate. to protect : personnel information assets and premises. Threats to confidentiality.

thiery
Download Presentation

The enemy from within : data leakage ISCD 2013 Hungary 2 nd September 2013

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The enemy from within :data leakage ISCD 2013Hungary2nd September 2013 Guido Vervaet Security Directorate DG Human Resources and Security

  2. Mandate of Commission's Security Directorate to protect : personnel information assets and premises

  3. Threats to confidentiality • Casualeavesdropping • Hacking and espionage by : • (h)activists, • criminal organisations • foreign intelligence services • (deliberate) leakage by members of staff

  4. Data leakage versus hacking • - By outsiders • - unvoluntary victims • - High tech • - Difficult to prevent • - Very difficult to prosecute • - By insiders • - By deliberate action • - Lowtech • - Verydifficult to prevent • - Easyto prosecute But very similar cures

  5. Risks • Political harm • Financial liability • Reputational damage

  6. Context • tons of sensitive information • internal and external actors • multiple loyalties • ubiquity of computers, networks, iphones, … • culture of "transparancy" • user requirements for: • speed • efficiency • userfriendliness • no prosecution, no condemnation, no deterrence

  7. Possible approaches • Prevent – stopping data from being leaked • Deter – dissuading users from leaking data • Detect – detecting when information has been leaked • Contain – limiting the impact of a leak • Identify – determining the responsible for the leak

  8. Countermeasures • classify sensitive documents • add handling instructions • apply "need-to-know" • tag documents (openly and covertly) • log document access and data exchange • emphasize ethical standards • disciplinary procedures when rules are breached

  9. Thankyou.

More Related