IBM Global Services IBM and the future of
IBM Global Services IBM and the future of privacy Do the benefits of the electronic age come with a privacy trade off? John Martin Security Practice Leader – IBM New Zealand © 2006 IBM Corporation
IBM Global Services Agenda § Current Trends § Incident after Incident § Data governance § A framework § Privacy § Summary Page 2 IBM and Privacy © 2006 IBM Corporation
IBM Global Services Current Trends § Firm allegedly sold personal data from millions § Laptop loaded with HP employee data stolen from Fidelity § 40, 000 BP’s identities stolen – 4 laptops, Cisco, IBM § Google privacy win – first battle § Visa warns software may store PINs § Researchers warn of coming tax scams § The high cost of data loss Page 3 IBM and Privacy © 2006 IBM Corporation
IBM Global Services Incident after incident of data being leaked or compromise or made vulnerable – day by day § Information is the lifeblood of our economy § Making good use of information and getting value versus protection § Private data needs to be secure 4 What policies? 4 Who to share it with? 4 How to share it? 4 Who is going to manage it? § Information sharing will grow § Is it a natural trade off? § Business, government managing data – what is best practices? Page 4 IBM and Privacy © 2006 IBM Corporation
IBM Global Services Data governance Must consider the appropriate security & privacy measures for each entity with whom you interact Partners Customers Suppliers Privacy at all levels Security Strategy Security People Security Process Security Applications & Data Security Technology Security § The long-term stability and growth is directly influenced by security and resilience focus across critical areas of the operations § Focusing only on the IT related layers is suboptimal and does not address the complete security needs cy iva Pr Facilities Page 5 IBM and Privacy © 2006 IBM Corporation
IBM Global Services The information security capability reference model contains eight themes. Information Security Framework Governance Enterprise Information Management & Privacy Page 6 Threat mitigation Transaction and data integrity Identity and access management Application security Physical security Personnel security IBM and Privacy © 2006 IBM Corporation
IBM Global Services Identity Resolution Private Data Page 7 IBM and Privacy Data © 2006 IBM Corporation
IBM Global Services Privacy § Privacy and Information management strategy 4 Define privacy information strategy 4 Requirements & compliance process 4 Incident response Policy, practices and controls 4 Privacy Impact Assessment 4 Privacy Audit 4 Awareness & training § Data, rules and objects 4 Privacy data taxomony & classification 4 Privacy business process model § Encryption end to end Page 8 IBM and Privacy © 2006 IBM Corporation
IBM Global Services Q&A – Thank you IBM and the future of privacy Do the benefits of the electronic age come with a privacy trade off? © 2006 IBM Corporation
- Slides: 9