Paradigm Richard Spires June 23 2015 Data Protection and Privacy A New Paradigm 2 Resilient Network Systems All Rights Reserved Existing securityidentity models are inadequate ID: 409014
Download Presentation The PPT/PDF document "Data Protection and Privacy: A New" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Data Protection and Privacy: A New
Paradigm
Richard Spires
June 23, 2015Slide2
Data Protection and Privacy: A New Paradigm
2
Resilient Network Systems
– All Rights ReservedExisting security/identity models are inadequate:The complexity of an Agency’s IT environment Significant “off the radar” IT Antiquated systems lead to OS, DB, and other system software vulnerabilities
PIV rollout issues along with high assurance identity management for outsidersContinuous Monitoring still in its infancyAgencies struggle to protect their IT systems, are reactive, and may not know for significant time they have been breachedSlide3
3
Resilient
Network Systems – All Rights Reserved
Data Protection:Prioritize what you are protecting – what cannot be compromised without significant impactSafeguard at the data set and document level – even separate records within data setsMinimize movement of highly sensitive data to only what is requiredMove to “attestation” based models against sensitive data (particularly for PII)Strengthen the identity management and other policies for accessing sensitive data
Data Protection and Privacy: A New ParadigmSlide4
4
Resilient
Network Systems – All Rights Reserved
Privacy:Lessen exposure of PII – only when absolute “need to know”Leverage attestation-based models against PII data (e.g., IRS attesting to an income amount, rather than sending a transcript)Minimize holding of PII when possible – leverage other public or private authoritative data stores rather creating another oneLeverage sophisticated encryption and segmentation technology when holding PII
Data Protection and Privacy: A New Paradigm