The digital transformation of business along with social media, cloud computing, big data analytics, mobile & pervasive computing and the internet of things is bringing a multitude of new risks like espionage, cyber attacks, fraud, hacking, data theft, social engineering attacks and more. On the other side, the potential damage from these risks is continually rising, as operational infrastructures and the internet of things are being connected to the internet.
In this track, we will assess this new risk landscape and define the new role information security professionals have to take over in the world of digital business.
After attending this block of sessions you will be able to
- Define the new role information security professionals have to take over in the world of digital business.
- Describe the Changes in Data and Identity Risk Landscapes
- Discuss the tasks for the IT Risk Officer to build a firewall between the digital and the analogue world.
- Describe how security has evolved from Physical Security to Information Security and from Digital Security to Interaction Security.
- Discuss and approach to understanding and ultimately measuring risk
This block qualifies for up to 2 Group Learning based CPEs depending on the number of sessions you attended.
From Security to Information Security to Digital Risk
Hanns Proenen will take you on a small journey through traditional IT security, as it was until recently, and how he is observing and experiencing the shift to information security and IT risk. He will talk about the tasks for the IT Risk Officer and how to build a firewall between the digital and the analogue world.
Mapping the Changes in Data and Identity Risk Landscapes – From Physical Security to Information Security to Digital Security to Interaction Security
Well-managed organizations address unique and emerging risks, such as networked data and identity-related risks in the context of their overall risk profile, and seek to implement solutions that can cost-effectively address organizational risk at multiple levels. As new online and networked system risks associated with data and identity handling systems have surfaced, pre-existing risks still remain relevant; and together they vie for the attention of managers around the world, causing them many sleepless nights. How are emerging risks similar to and different from traditional risks faced by enterprises? How can traditional risk mitigation strategies inform, or mislead, managers seeking to address emerging risks?
Data and Identity Systems Risk in the Larger Distributed Risk Context
Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme. This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation.
In this presentation Thom will look at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:
- The initial interpretation of risk and how it is often misunderstood.
- The measurement of risk, and how some systems work and other don’t.
- The effective treatment of risk, and how sometimes the obvious thing to do can be the wrong thing to do.
With the use of analogies and examples, the audience will appreciate that risk assessment, measurement and management is not always as straightforward as it might first seem. The audience will leave with a new appreciation of how risk can be leveraged for good, and not just perceived as bad.
Negotiating the Risk of Privacy – Understanding Privacy and its Risks
The growing of volume, velocity and variety of Big Data creates new business models for the exploitation of data, for example individual marketing synchronously created out of clickstream data and background knowledge. However, these opportunities arouse privacy concerns. Users lose control over their privacy, and services are uncertain how to keep the trust of their customers in their decent personal data handling.
In this presentation the risk of privacy in the modern communication technology, both Internet and mobile networks, is analyzed. It turns out, that users have to negotiate the risk of privacy between refraining from services, trusting services, using self-data-protection methods and trusting privacy enhancing technologies. Services, on the other hand, have to present themselves as trustworthy with respect of their competent and decent way to handle user data. This presentation identifies the privacy principles and related trust areas and protection means.
Topics of presentation
- The privacy challenge in the Internet and mobile networks
- Privacy principles
- Privacy invading and enhancing technologies
- esp. permission rights management with mobile apps
- Risk management
- Trust and control
- Trust factors in technical environments
- Trust factors in IT privacy
- Negotiating the risk between trust and control mechanisms
- Weaknesses, measures, and remaining trust areas
- Role and perspectives of self and system data protection
- Privacy risk factors and related trust areas