1 / 6

Dan Steinberg, JD Portland, OR May 4, 2011

Speaking Notes. Privacy and Security for Research Repositories. Dan Steinberg, JD Portland, OR May 4, 2011. Please do not reuse or republish without attribution. Current models of the relationship between privacy and security are misleading or are altogether inaccurate.

yamal
Download Presentation

Dan Steinberg, JD Portland, OR May 4, 2011

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Speaking Notes Privacy and Security for Research Repositories Dan Steinberg, JD Portland, OR May 4, 2011 Please do not reuse or republish without attribution.

  2. Current models of the relationship between privacy and security are misleading or are altogether inaccurate. “You can have security without privacy, but you can’t have privacy without security.” Fair Information Principles: Notice • Access • Choice • Redress • Security

  3. Notice Choice Access Individual Redress A better view of the relationship between privacy and security acknowledges that there are a large number of topics that are both privacy and security issues. SECURITY PRIVACY Intellectual Property NationalSecurity Physical Assets andResources TradeSecrets Institution Ways of Doing Business Safeguarding a individual’s personally identifiable information

  4. Risk Management is fundamental to information privacy and security. PROCESS OVERVIEW Starting point ARCHITECTURE DESCRIPTION Architecture Reference Models Segment and Solution Architectures Mission and Business Processes Information System Boundaries ORGANIZATIONAL INPUTS Laws, Directives, Policy Guidance Strategic Goals and Objectives Priorities and Resource Availability Supply Chain Considerations Step 1 CATEGORIZE Information System Step 6 MONITOR Security Controls Step 2 SELECT Security Controls RISK MANAGEMENT FRAMEWORK Step 5 AUTHORIZE Information System Step 3 IMPLEMENT Security Controls Step 4 ASSESS Security Controls Adapted from NIST Special Publication 800-37, Rev. 1, Guide for Applying the Risk Management Framework to Federal Information Systems. The six steps in the Risk Management Framework FIGURE 2-2: RISK MANAGEMENT FRAMEWORK

  5. Some, but not all, components of a robust security program: • Risk Analysis • Policies and Procedures • Training and Awareness • Information Access Management • Identity Management • Privacy Controls • Incident Procedures • Contingency Planning • Physical Controls • Transmission Security • Integrity Controls • Disposal Controls • Evaluation

  6. Dan Steinberg Lead Associate JD, CIPP/G, PMP Booz | Allen | Hamilton Tel (301) 838-3856 steinberg_daniel@bah.com

More Related