EU Public Sector Data Breaches and Data Loss
EU Public Sector Data Breaches and Data Loss Where do we go from here? Nigel Stanley Practice Leader, Security Bloor Research …optimise your IT investments
Confidence in Government is low Citizen confidence is low Little sign of confidence returning “Something must be done” But what? ©Bloor Research 2009 Telling the Information Management Story
Telegraph. co. uk 12 th January 2009 Government Failed to Clamp Down on Data Loss Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhaskl fhasodfhasdfh; asdhf; asdlfhasdl hf; asdlhfsdfh; sdlkfhwreoptyre potyreooty 3 potypqro 8 yfpqoyf wofyqweofyqwepofyqwepofyw epfyofydpofyqpofyqpotiytyqpti oyqrpotyitioyqprtyiqtoiyqptioy qptopqwoiytpoitypoqtiypoiyy Kjahdfhasdfjkhasdfhaskl fhasodfhasdfh; asdhf; asdlfhasdl hf; asdlhfsdfh; sdlkfhwreoptyre potyreooty 3 potypqro 8 yfpqoyf wofyqwepofyqwepofyw epfyofydpofyqpotiytyqpti oyqrpotyitioyqprtyiqtoiyqptioy qptopqwoiytpoitypoqtiypoiyy http: //www. telegraph. co. uk/newstopics/politics/4220321/Government-failed-to-clamp-down-on-data-loss. html ©Bloor Research 2009 Telling the Information Management Story
Sample UK Government Databases National DNA database - 4. 5 million people (5. 2% of UK population) National Identity Register* TV Licensing DVLA Department for Work and Pensions customer database Schengen Information System Automatic Numberplate Recognition System (ANPR) National Pupil database National Childhood Obesity database NHS Summary Care Record Contact. Point* Communications database* ONSET … (* in development. Source: http: //www. jrrt. org. uk/uploads/Database%20 State%20 -%20 Executive%20 Summary. pdf) ©Bloor Research 2009 Telling the Information Management Story
Types of Inside Threat Incompetent and non-malicious i. e. I sent all of the HMRC database in the post Competent and malicious i. e. I am going to steal this medical data and blackmail the patient ©Bloor Research 2009 Telling the Information Management Story
Public Sector Compliance Non-compliance can be politically painful Regulators are getting more aggressive We all need to avoid headlines… Is the media the best sanction? ©Bloor Research 2009 Telling the Information Management Story
Security Breach Notification Laws Disclosure rules now enacted in some US states Ongoing discussions across the EU Views differ on this law ©Bloor Research 2009 Telling the Information Management Story
Data Encryption Well established Many implementations Can be very complex (key management issues) Purchased by many as a tactical add on If encrypted data is lost who really cares? ©Bloor Research 2009 Telling the Information Management Story
Patches, patches Basic IT hygiene Fail to patch will result in failure Patch testing is a balance Automated tools make life easier ©Bloor Research 2009 Telling the Information Management Story
Summary Government data handling under increased scrutiny We must keep our own houses in order by; Understanding our IT environments Managing known risk Protecting against unknown risks Preventing device misuse Securing mobile devices Politicians need more education and awareness… ©Bloor Research 2009 Telling the Information Management Story
Daily News 50 p 10 th August 2009 Tories Unveil NHS Database Plans Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhaskl fhasodfhasdfh; asdhf; asdlfhasdl hf; asdlhfsdfh; sdlkfhwreoptyre potyreooty 3 potypqro 8 yfpqoyf wofyqweofyqwepofyqwepofyw epfyofydpofyqpofyqpotiytyqpti oyqrpotyitioyqprtyiqtoiyqptioy qptopqwoiytpoitypoqtiypoiyy Kjahdfhasdfjkhasdfhaskl fhasodfhasdfh; asdhf; asdlfhasdl hf; asdlhfsdfh; sdlkfhwreoptyre potyreooty 3 potypqro 8 yfpqoyf wofyqwepofyqwepofyw epfyofydpofyqpotiytyqpti oyqrpotyitioyqprtyiqtoiyqptioy qptopqwoiytpoitypoqtiypoiyy http: //news. bbc. co. uk/1/hi/health/8189674. stm ©Bloor Research 2009 Telling the Information Management Story
Contact Website is www. bloorresearch. com Register for access to research library Security training, advice and consultancy available through Incoming Thought Ltd, a Bloor partner company www. incomingthought. com ©Bloor Research 2009 Telling the Information Management Story
- Slides: 12
