Understanding Data Privacy in Emerging Technologies

Explore the importance of data privacy in emerging technologies through insights on security threats, breach examples, costs and liabilities, traditional solutions, and legal aspects. Learn about internal and external threats, liability costs, and safeguarding measures to ensure privacy and security in technological advancements.

• Data Privacy
• Emerging Technologies
• Security Threats
• Privacy Laws
• Cybersecurity

odysseus Follow

Uploaded on Aug 25, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

Presentation Transcript

1. DATA PRIVACY EMERGING TECHNOLOGIES by Virginia Mushkatblat 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 1

2. INC MAGAZINE FASTEST JOB CREATION CHART 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 2

3. WHY SECURITY? JP MORGAN CHASE SNAPCHAT TARGET CSU HOME DEPOT Healthcare.gov LAST MONTH MEDICAL DATA BREACHES DATA STOLEN BY INSIDERS Memorial Hermann Hospital AltaMed Health Services Beachwood-Lakewood Plastic Surgery 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 3

4. THREAT CLASSIFICATIONS: WHO EXTERNAL THREAT: STOLEN LAPTPS > THE HACKER ( insurance study) malicious outsider (s) 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 4

5. THREAT CLASSIFICATIONS: WHO part2 INTERNAL THREAT: THE THIEF malicious outsider (s) Rare Insider s trade Selling PII on the black market Selling PII, sabotage CxO Production user DBA Developer 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 5

6. THREAT CLASSIFICATIONS: WHO part3 INTERNAL / EXTERNAL COMBINATION THREAT: THE NA VE The unintentional insider un-suspecting employees victims to fishing ; reckless abusers 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 6

7. THE COSTS LIABILITY : Target puts the costs at $148 million in the second quarter REPUTATION : PUTTING ONESELF INTO VICTIM SHOES NOTIFICATION LAWS LESSER KNOWN COSTS: FINES FTC ( minimum 10,000 fine for non-compliance in GLBA) MONEY GRAMM experienced $100, 000 FINE CA Supreme Court ruled Zip Codes are PII; $1000 per violation for retailers who ask for Zip code at point of sale Auditing and insurance Regaining good will (e.g. target credit monitoring) 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 7

8. TRADITIONAL SOLUTIONS: EXTERNAL THREAT TRADITIONAL SOLUTIONS FOR OUTSIDER THREAT Operations: Firewalls Network Monitoring Against DDOS Anti Viruses Development: Encryption on different levels: at Rest (symm, asymm) in transit (ssl,tls) Architectural decisions, or so called Privacy by Design: use of stored procedures and proper use of encapsulation in code Identity Access Management More technical solutions plus LEGAL: PRIVACY LAWS 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 8

9. INTERNAL THREAT SOLUTIONS ENCRIPTION DATA MASKING Method Media Protects against Role SDM Disk at rest Developer, outsourcers DDM Application in real time Business Roles, third parties IDENTITY MANAGEMENT AUDITS 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 9

10. EMERGING TECHNOLOGIES AND ARCHITECTURES ANTI VIRUSES Adaptive technologies As the malware adapts so do the antivirus makers Virtualizing: traffic or a page itself AirGap. Virtualization of the page. It acts as a barrier against malware designed to get employees to click on an affected link 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 10

11. EMERGING TECHNOLOGIES AND ARCHITECTURES SEPARATION OF CONCERNS: Mask Me separating the data from the entity PEER-To-PEER GOOGLE s Two Steps Verification two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. Messenger and Notary server Data masking : de-coupled algorithms, centralized audit reporting 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 11

12. Appendix: FRAMEWORK FOR DATABASE SECURITY 1. 2. 3. Establish legal base Implement Identity and Access Management Data discovery: discover the databases and other storage identify sensitive data identify encryption method ( at-rest, in-transit, in-use) identify roles-based masking requirements Find out vulnerabilities Fix privileges Establish protection methods Audit access, data, and transactions characteristics in real time Establish notification and response systems Do the drills 10. REACT!!! 11. Report the breaches 4. 5. 6. 7. 8. 9. 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 12

13. APPENDIX FRAUD CLASSIFICATION Wire and access device fraud: unauthorized access to the bank accounts of customers Identity theft: steal identities, facilitate the cash-out operations, including transferring money making purchases, file fraudulent tax returns with the IRS seeking refunds. Other threats: DDoS, Trojans TECHNICAL KNOW-HOW: stealing logins/passwords, reading of the networks traffic, Trojans, SQL injection, firewall penetration 25.08.2024 Hush Hush info@mask-me.net 213.631.1854 13