SlideShare une entreprise Scribd logo

Security, Privacy Data Protection and Perspectives to Counter Cybercrime 04092008

Gohsuke Takama
Gohsuke Takama

"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008. http://www.codegate.org/

TechnologieActualités & Politique
1  sur  93
Télécharger pour lire hors ligne
Security, Privacy Data Protection, and Perspectives to Counter Cybercrime Gohsuke Takama Meta Associates, Japan gt@inter.net CodeGate Conference April 2008, Seoul, Korea
outline: • introduction • security vs. privacy? • privacy today - revisited • state of cybercrime today • balance of powers • psychological layer security
about… • Gohsuke Takama – Privacy International (London, UK), advisory board member • http://www.privacyinternational.org/ – Computer Professionals for Social Responsibility /Japan chapter, founding supporter • http://www.cpsr.org/ – independent journalist for over 10 years – Meta Associates, founder & president • http://www.meta-associates.com/
introduction • some works of Privacy International • a report in June 2007: quot;A Race to the Bottom - Privacy Ranking of Internet Service Companiesquot; • a study in Dec 2007: quot;Leading surveillance societies in the EU and the World 2007quot;
introduction • Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance and privacy invasions by governments and corporations. • PI is based in London, England, and has an office in Washington, D.C. • PI has over 50 members of international advisory board including MIT's Noam Chomsky and a former member of the U.S. House of Representatives Bob Barr
quot;Privacy Ranking of Internet Service Companiesquot; • Amazon, AOL, Apple, BBC, Bebo, eBay, Facebook, Friendster, Google, Hi5, Last.fm, LinkedIn, LiveJournal, Microsoft, Myspace, Orkut, Reunion.com, Skype, Wikipedia, Windows Live Space, Xanga, Yahoo!, YouTube
quot;Leading surveillance societies in the EU and the World 2007quot;
security vs. privacy
security vs. privacy • really? • false dichotomy? • balance?
Sep 11, 2001
some government's view • threat #1 = terrorists • threat #2…n = criminals, illegal immigrants, etc
some government's view • terrorists mingling among people • thus people need to be watched • people's movements need to be tracked • people's communications need to be monitored
more surveillance
more tracking
more tracking
more monitoring
more monitoring
some government's view • security = surveillance • privacy = barrier
some government's view security 100 privacy 0 100
centralization
panopticon?
data concentration
data concentration • is data secure? • is data accurate? • is operation efficient?
is data secure?…
is data secure?…
individual's view • how I live • how I work
privacy today - revisited • privacy in physical world • privacy in data world
physical world data world
individual's view • how I live in physical world • how I work in physical world • how I live in data world • how I work in data world
likely decentralized economic activities
privacy today… • activities shifting to data world • more activity = more data trail • personally identifiable information (PII) • = privacy data • privacy protection • = personal security • = privacy data protection
individual's view security 100 privacy 0 100
businesses' view
businesses' view • monitoring of… • protection of… • users • user data • employees • employees' data • traffic • traffic • activities • activities
businesses' view security 100 privacy 0 100
security vs. privacy
state of cybercrime
McAfee criminology report • a recent online banking study... • 2 million Americans = 5% of online banking customers • their accounts illegally accessed and robbed • average loss = $1,200 • banking industry total losses > $2 billion
McAfee criminology report • one North American credit company reported... • in 2005 • online fraud losses = $30 million • (all losses = $100 million)
McAfee criminology report • one FBI estimate in 2005... • in the USA • cost of cybercrime = $67 billion
McAfee criminology report • a Gartner Inc. survey… • identity theft-related fraud • in 12 months ending in mid 2006 • approx 15 million Americans = victims • average loss = $3,257 • (total losses > $48 billion?)
crime techniques • phishing • XSRF • spear phishing • XSS • scam spam • pharming • virus • website spoofing • trojan • content altering • spyware • code injection • keylogger • IP hijacking • rootkit • rogue WiFi AP • bot + botnet • sniffer
target • ordinary computer users • personally identifiable information • for identity theft • to illegally use credit cards • to illegally access bank accounts • to illegally access stock trading • to illegally access organizations' networks
value for crime • personally identifiable information (PII) = monetizable data
criminal's view profit 100 privacy 0 100
ENISA report
crime on web 2.0 ? • long tail • user data (PII) = core competence • the web as platform (for attack) • user as a contributor (of botnet, etc) • mash ups (web, malware, botnet, etc) • rich user experiences (of trouble) • distributed operation • loose connection among operatives • collective intelligence
spoof/altered site 1st line 2nd line victims victims stock trading organized crime coders banks credit companies lost/stolen data
final victim • our economy • economy is held as hostage • one type of national security issue
security & profit vs. privacy
quot;security vs. privacyquot; or 'security & privacy' • security for whom? • misleading dichotomy • security & privacy are not opposite
security process & action matrix prevention detection response law making investigate gov - law surveillance administer arrest enforcement monitor promote prosecute self self self defence individual accustomed awareness call police? rule making awareness org defence business manuals monitor call police appliances spoof 0 day transborder criminal deception obfuscation remote op
privacy data protection process & action matrix prevention detection response law making survey investigate gov - law administer hearing give penalty enforcement promote called in prosecute self self call service individual accustomed awareness call gov? rule making awareness org defence business manuals monitor call police PIA PET use called in spoof 0 day transborder criminal deception obfuscation remote op
some acronyms… • PIA = Privacy Impact Assessment • PET = Privacy Enhancing Technology • ROI = Return On Investment
how they lure talents?
how they lure talents? (excerpt) • find target students in password posting site, cracking tool sites, chat, etc (on online game sites possible) • offer easy low risk tasks with rewards • if successful, offer increased level tasks with higher rewards • once involved, blackmail target for forcing to do risky tasks • sometimes sponsor target students to get IT degrees in Univ. (as a reward)
law enforcement's limit • international jurisdiction • can act only after the incident • limited operation & human resources
balance of powers: asymmetric? • attack side: • defence side: organized cybercrime gov, security industry • no compliance to the • compliance to the law law • borderless adhoc • limit by international alliances jurisdiction • long tail attack model • concentric defence • spontaneous action • action after incidents • operation low cost = • security often looked high ROI as anti-ROI cost • luring technically • more security sophisticated youngsters professionals needed • psychological attack • psychological defence approach effective possible?
remedies • need to make businesses to understand… • security is for averting the risk • PII data is targeted • the size of damages (what if 5% of users attacked…) • guidance & aid for small & middle size businesses • = over 90% of businesses are S&M size companies • = attacks are long tail model
remedies • need to prevent technically talented youngsters going to be lured by criminals (from the dark side) • rescue remedy to save lured youngsters from blackmail (& ransom?) (c ) Lucas Film
remedies • need to increase number of security professionals for defence • need to make security professionals as a glamorous job • = cool • = respected • = high pay ( > US$200/hour…?)
psychological layer security
psychological layer security • still a theoretical idea • Bruce Schneier is also looking at similar direction • Feb 2007 quot;The Psychology of Securityquot;
layer approach • examle: OSI model
a security layer model 7 Psychological cognition Human Factor 6 Custom (Habit) behavior 5 Operation rules 4 Content data Intangibles 3 OS/Application software 2 Hardware Tangibles 1 Physical
attacks vs. remedies Psychological phishing, spear phish, ? scam, pharming Custom spoof phishing spam, accustomed best practice pharming, XSS, XSRF, , awareness, digital ID spoof signature, PKI Operation DoS, spam, sabotage, filter, opsec procedure, espionage, ransomware policy, law enforcement Content sniffing, spam, encryption, filter, spyware, alteration content-scan, host IDS OS/ DoS, vuln exploit, FW, network IDS, IPS, Application 0day, rootkit, botnet anti-virus, OS/app patch Hardware direct access, perimeter guard, anti- tampering, alteration tampering, hard seal Physical lock pick, break in, surveillance, perimeter vandalism alarm, armed guard
psychological attacks • exploit social interaction • exploit social protocols • exploit social norms • exploit social status of users
social interactors
prof. Lessig
what things regulate
extensive thought
elements
interactivity
motivation
ill-motivation
de-motivate
de-motivate • example
Atocha station, Madrid
Mar 11, 2004
Madrid demonstrators
deflect motivation • example
hack for cybercrime is lame Borg, from Startrek (c ) Paramount Pictures
hack for security is cool Matrix Reloaded, (c )Warner Bros. Pictures
psychological layer security • passive defence: • user behavior modification • to increase user alertness • active defence: • to de-motivate adversary • to deflect direction of attacks • potential field to look at: • Cognitive Behavioral Therapy • Neuro Linguistic Programming
+ direct attacks to users' mental state
+ a concept example: • Psycho-acoustic Computer Virus • creates near inaudible very low frequency sound (20-40Hz) by exploiting sound synthesizer chip • such very low frequency sound is believed to create fear and awed feeling in hearers • Nazi was believed as they used this sound technique for Nazi Party conventions
psychological attacks how can we counter? • exploit social interaction • exploit social protocols • exploit social norms • exploit social status of users • exploit mental state of users
sources • A Race to the Bottom - Privacy Ranking of Internet Service Companies • http://www.privacyinternational.org/article.shtml?cm d[347]=x-347-553961 • Leading surveillance societies in the EU and the World 2007 • http://www.privacyinternational.org/article.shtml?cm d[347]=x-347-559597 • Map developed: http://english.freemap.jp/ • What Our Top Spy Doesn't Get: Security and Privacy Aren't Opposites • http://www.wired.com/politics/security/commentary/se curitymatters/2008/01/securitymatters_0124?currentPa ge=all&
sources • Our view on security vs. privacy_ Bush uses scare tactics ...USATODAY • http://blogs.usatoday.com/oped/2008/02/our-view-on- sec.html • MI5 seeks powers to trawl records in new terror hunt • http://www.guardian.co.uk/uk/2008/mar/16/uksecurity. terrorism • Police announce London 2012 plans • http://news.bbc.co.uk/sport2/hi/olympics/london_2012 /7277918.stm • UK considers RFID tags for prisoners • http://www.itweek.co.uk/vnunet/news/2207145/governme nt-considers-rfid-tags
sources • Bush Administration's Warrantless Wiretapping Program • http://www.washingtonpost.com/wp- dyn/content/article/2007/05/15/AR2007051500999.html • Mobile firms seek India govt meeting on BlackBerry • http://www.reuters.com/article/ousiv/idUSBOM10000520 080312?sp=true • UK MOD confirms loss of recruitment data • http://www.mod.uk/DefenceInternet/DefenceNews/Defenc ePolicyAndBusiness/ModConfirmsLossOfRecruitmentData. htm • TSA_securitybreach_20080111092648 • http://oversight.house.gov/documents/20080111092648. pdf
sources • What Is Web 2.0 • http://oreillynet.com/pub/a/oreilly/tim/news/2005/09 /30/what-is-web-20.html • Security, Economics, and the Internal Market • http://www.enisa.europa.eu/doc/pdf/report_sec_econ_& _int_mark_20080131.pdf • Criminals 'target tech students' • http://news.bbc.co.uk/2/hi/technology/6220416.stm • The Psychology of Security • http://www.schneier.com/essay-155.html • Hackers Assault Epilepsy Patients via Computer • http://www.wired.com/politics/security/news/2008/03/ epilepsy
? • ?

Recommandé

Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 

Recommandé

Data Security - English
Data Security - EnglishData Security - English
Data Security - EnglishData Security
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Understanding Identity Management and Security.
Understanding Identity Management and Security.Understanding Identity Management and Security.
Understanding Identity Management and Security.Chinatu Uzuegbu
 
Cyber Risks
Cyber RisksCyber Risks
Cyber RisksRickWaldman
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & PrivacyNawanan Theera-Ampornpunt
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Data privacy & social media
Data privacy & social mediaData privacy & social media
Data privacy & social mediaProf. Jacques Folon (Ph.D)
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionCybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionNext Dimension Inc.
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and securityAwais Haider
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 

Contenu connexe

Tendances

Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in ITAnushka Perera
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceShawn Tuma
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesKroll
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breachBaltimax
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowShawn Tuma
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionCybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionNext Dimension Inc.
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovEric Vanderburg
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and securityAwais Haider
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security Wee Tang
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsShawn Tuma
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 

Tendances (20)

Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Information Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & ResponsibilitiesInformation Security vs IT - Key Roles & Responsibilities
Information Security vs IT - Key Roles & Responsibilities
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
How to safe your company from having a security breach
How to safe your company from having a security breachHow to safe your company from having a security breach
How to safe your company from having a security breach
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
Data privacy & social media
Data privacy & social mediaData privacy & social media
Data privacy & social media
 
Best Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And ComplianceBest Practice For Public Sector Information Security And Compliance
Best Practice For Public Sector Information Security And Compliance
 
Data security
Data securityData security
Data security
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
Cybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next DimensionCybersecurity: Protection strategies from Cisco and Next Dimension
Cybersecurity: Protection strategies from Cisco and Next Dimension
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnovProtecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
 
What is Importance of Cyber Security
What is Importance of Cyber Security What is Importance of Cyber Security
What is Importance of Cyber Security
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 

En vedette

Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentationashishjoshi
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Francois Marier
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySabra Goldick
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelDATAVERSITY
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Cédric Laurant
 
Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Jason Haislmaier
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Cyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE WebcastCyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE WebcastThomas LaPointe
 
Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)Nawanan Theera-Ampornpunt
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Russell_Kennedy
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014kevintsmith
 

En vedette (20)

Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
Data Privacy Micc Presentation
Data Privacy Micc PresentationData Privacy Micc Presentation
Data Privacy Micc Presentation
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
 
Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)Data Security and Privacy Landscape 2012 (September 2012)
Data Security and Privacy Landscape 2012 (September 2012)
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud Services
 
Cyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE WebcastCyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
Cyber Security and Data Privacy: Views on Article III Standing LIVE Webcast
 
Data privacy and digital strategy
Data privacy and digital strategyData privacy and digital strategy
Data privacy and digital strategy
 
Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)Overview of Information Security & Privacy (August 10, 2016)
Overview of Information Security & Privacy (August 10, 2016)
 
Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)Privacy and Data Protection Act 2014 (VIC)
Privacy and Data Protection Act 2014 (VIC)
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 

Similaire à Security, Privacy Data Protection and Perspectives to Counter Cybercrime 04092008

ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008Donald E. Hester
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crimehomeworkping4
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of DisinformationSara-Jayne Terp
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systemsmeritnorthwest
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonUlf Mattsson
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceMehrdad Jingoism
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Damir Delija
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium PartnersDAVID BERGH
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingThinAir
 

Similaire à Security, Privacy Data Protection and Perspectives to Counter Cybercrime 04092008 (20)

ICT ICA3
ICT ICA3ICT ICA3
ICT ICA3
 
ID Theft and Computer Security 2008
ID Theft and Computer Security 2008ID Theft and Computer Security 2008
ID Theft and Computer Security 2008
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
LifeLock Javelin Presentation
LifeLock Javelin PresentationLifeLock Javelin Presentation
LifeLock Javelin Presentation
 
87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime87161911 selected-case-studies-on-cyber-crime
87161911 selected-case-studies-on-cyber-crime
 
A6704d01
A6704d01A6704d01
A6704d01
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
The Business(es) of Disinformation
The Business(es) of DisinformationThe Business(es) of Disinformation
The Business(es) of Disinformation
 
Merit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your SystemsMerit Event - Closing the Back Door in Your Systems
Merit Event - Closing the Back Door in Your Systems
 
Hacking_SharePoint_FINAL
Hacking_SharePoint_FINALHacking_SharePoint_FINAL
Hacking_SharePoint_FINAL
 
Who is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattssonWho is the next target and how is big data related ulf mattsson
Who is the next target and how is big data related ulf mattsson
 
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissanceCe hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
 
Ht t17
Ht t17Ht t17
Ht t17
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
 
Common sense security by Fortium Partners
Common sense security by Fortium PartnersCommon sense security by Fortium Partners
Common sense security by Fortium Partners
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Why_TG
Why_TGWhy_TG
Why_TG
 
How to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's ClothingHow to Catch a Wolf in Sheep's Clothing
How to Catch a Wolf in Sheep's Clothing
 

Plus de Gohsuke Takama

PacSec2020 AI and Security Panel Round2 intro overview
PacSec2020 AI and Security Panel Round2 intro overviewPacSec2020 AI and Security Panel Round2 intro overview
PacSec2020 AI and Security Panel Round2 intro overviewGohsuke Takama
 
PacSec2020 ai-security_overview
PacSec2020 ai-security_overviewPacSec2020 ai-security_overview
PacSec2020 ai-security_overviewGohsuke Takama
 
Cyber Security Trend AI 6-25-2019
Cyber Security Trend AI 6-25-2019Cyber Security Trend AI 6-25-2019
Cyber Security Trend AI 6-25-2019Gohsuke Takama
 
Privacy shield - Secret & Lies 3-3-2017
Privacy shield - Secret & Lies 3-3-2017Privacy shield - Secret & Lies 3-3-2017
Privacy shield - Secret & Lies 3-3-2017Gohsuke Takama
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Gohsuke Takama
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本Gohsuke Takama
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...Gohsuke Takama
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013Gohsuke Takama
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本Gohsuke Takama
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナーGohsuke Takama
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011Gohsuke Takama
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageGohsuke Takama
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーGohsuke Takama
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Gohsuke Takama
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Gohsuke Takama
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30Gohsuke Takama
 

Plus de Gohsuke Takama (17)

PacSec2020 AI and Security Panel Round2 intro overview
PacSec2020 AI and Security Panel Round2 intro overviewPacSec2020 AI and Security Panel Round2 intro overview
PacSec2020 AI and Security Panel Round2 intro overview
 
PacSec2020 ai-security_overview
PacSec2020 ai-security_overviewPacSec2020 ai-security_overview
PacSec2020 ai-security_overview
 
Cyber Security Trend AI 6-25-2019
Cyber Security Trend AI 6-25-2019Cyber Security Trend AI 6-25-2019
Cyber Security Trend AI 6-25-2019
 
Privacy shield - Secret & Lies 3-3-2017
Privacy shield - Secret & Lies 3-3-2017Privacy shield - Secret & Lies 3-3-2017
Privacy shield - Secret & Lies 3-3-2017
 
Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016Hackers and Hacking a brief overview 5-26-2016
Hackers and Hacking a brief overview 5-26-2016
 
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
Privacy is Personal Security, Digital Privacy is Digital Self Defense 11-18-2015
 
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
パーソナルデータ保護の課題と国際情勢 2013 - 2014, EU, USA, と日本
 
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
BCL WhiteSalon "Convergence of Bio X Silicon X Robotics may bring us to the C...
 
パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013パーソナルデータ保護の課題と国際情勢2013
パーソナルデータ保護の課題と国際情勢2013
 
データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本データプライバシーでのEUとアメリカ...そして日本
データプライバシーでのEUとアメリカ...そして日本
 
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
標的型(サイバースパイ)攻撃とソーシャルエンジニアリング, KPMGセミナー
 
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
サイバー犯罪・サイバースパイ活動とアイデンティティ_11-04-2011
 
A perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionageA perspective for counter strategy against cybercrime and cyber espionage
A perspective for counter strategy against cybercrime and cyber espionage
 
Privacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシーPrivacy in Digital Society デジタル社会におけるプライバシー
Privacy in Digital Society デジタル社会におけるプライバシー
 
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
Startup Weekend Tokyo12 20 2009 Wubble Yoga App1
 
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
Workshop「企画書・プレゼン・リリース作成に効く! ネットメディア時代のロジカル文章脳プログラミング術」
 
TGC Planning Sheet 1.30
TGC Planning Sheet 1.30TGC Planning Sheet 1.30
TGC Planning Sheet 1.30
 

Dernier

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Dernier (20)

What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Security, Privacy Data Protection and Perspectives to Counter Cybercrime 04092008

  • 1. Security, Privacy Data Protection, and Perspectives to Counter Cybercrime Gohsuke Takama Meta Associates, Japan gt@inter.net CodeGate Conference April 2008, Seoul, Korea
  • 2. outline: • introduction • security vs. privacy? • privacy today - revisited • state of cybercrime today • balance of powers • psychological layer security
  • 3. about… • Gohsuke Takama – Privacy International (London, UK), advisory board member • http://www.privacyinternational.org/ – Computer Professionals for Social Responsibility /Japan chapter, founding supporter • http://www.cpsr.org/ – independent journalist for over 10 years – Meta Associates, founder & president • http://www.meta-associates.com/
  • 4. introduction • some works of Privacy International • a report in June 2007: quot;A Race to the Bottom - Privacy Ranking of Internet Service Companiesquot; • a study in Dec 2007: quot;Leading surveillance societies in the EU and the World 2007quot;
  • 5. introduction • Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance and privacy invasions by governments and corporations. • PI is based in London, England, and has an office in Washington, D.C. • PI has over 50 members of international advisory board including MIT's Noam Chomsky and a former member of the U.S. House of Representatives Bob Barr
  • 6. quot;Privacy Ranking of Internet Service Companiesquot; • Amazon, AOL, Apple, BBC, Bebo, eBay, Facebook, Friendster, Google, Hi5, Last.fm, LinkedIn, LiveJournal, Microsoft, Myspace, Orkut, Reunion.com, Skype, Wikipedia, Windows Live Space, Xanga, Yahoo!, YouTube
  • 7. quot;Leading surveillance societies in the EU and the World 2007quot;
  • 9. security vs. privacy • really? • false dichotomy? • balance?
  • 11. some government's view • threat #1 = terrorists • threat #2…n = criminals, illegal immigrants, etc
  • 12. some government's view • terrorists mingling among people • thus people need to be watched • people's movements need to be tracked • people's communications need to be monitored
  • 18. some government's view • security = surveillance • privacy = barrier
  • 23. data concentration • is data secure? • is data accurate? • is operation efficient?
  • 26. individual's view • how I live • how I work
  • 27. privacy today - revisited • privacy in physical world • privacy in data world
  • 28. physical world data world
  • 29. individual's view • how I live in physical world • how I work in physical world • how I live in data world • how I work in data world
  • 31. privacy today… • activities shifting to data world • more activity = more data trail • personally identifiable information (PII) • = privacy data • privacy protection • = personal security • = privacy data protection
  • 34. businesses' view • monitoring of… • protection of… • users • user data • employees • employees' data • traffic • traffic • activities • activities
  • 38. McAfee criminology report • a recent online banking study... • 2 million Americans = 5% of online banking customers • their accounts illegally accessed and robbed • average loss = $1,200 • banking industry total losses > $2 billion
  • 39. McAfee criminology report • one North American credit company reported... • in 2005 • online fraud losses = $30 million • (all losses = $100 million)
  • 40. McAfee criminology report • one FBI estimate in 2005... • in the USA • cost of cybercrime = $67 billion
  • 41. McAfee criminology report • a Gartner Inc. survey… • identity theft-related fraud • in 12 months ending in mid 2006 • approx 15 million Americans = victims • average loss = $3,257 • (total losses > $48 billion?)
  • 42. crime techniques • phishing • XSRF • spear phishing • XSS • scam spam • pharming • virus • website spoofing • trojan • content altering • spyware • code injection • keylogger • IP hijacking • rootkit • rogue WiFi AP • bot + botnet • sniffer
  • 43. target • ordinary computer users • personally identifiable information • for identity theft • to illegally use credit cards • to illegally access bank accounts • to illegally access stock trading • to illegally access organizations' networks
  • 44. value for crime • personally identifiable information (PII) = monetizable data
  • 45. criminal's view profit 100 privacy 0 100
  • 47. crime on web 2.0 ? • long tail • user data (PII) = core competence • the web as platform (for attack) • user as a contributor (of botnet, etc) • mash ups (web, malware, botnet, etc) • rich user experiences (of trouble) • distributed operation • loose connection among operatives • collective intelligence
  • 48. spoof/altered site 1st line 2nd line victims victims stock trading organized crime coders banks credit companies lost/stolen data
  • 49. final victim • our economy • economy is held as hostage • one type of national security issue
  • 50. security & profit vs. privacy
  • 51. quot;security vs. privacyquot; or 'security & privacy' • security for whom? • misleading dichotomy • security & privacy are not opposite
  • 52. security process & action matrix prevention detection response law making investigate gov - law surveillance administer arrest enforcement monitor promote prosecute self self self defence individual accustomed awareness call police? rule making awareness org defence business manuals monitor call police appliances spoof 0 day transborder criminal deception obfuscation remote op
  • 53. privacy data protection process & action matrix prevention detection response law making survey investigate gov - law administer hearing give penalty enforcement promote called in prosecute self self call service individual accustomed awareness call gov? rule making awareness org defence business manuals monitor call police PIA PET use called in spoof 0 day transborder criminal deception obfuscation remote op
  • 54. some acronyms… • PIA = Privacy Impact Assessment • PET = Privacy Enhancing Technology • ROI = Return On Investment
  • 55. how they lure talents?
  • 56. how they lure talents? (excerpt) • find target students in password posting site, cracking tool sites, chat, etc (on online game sites possible) • offer easy low risk tasks with rewards • if successful, offer increased level tasks with higher rewards • once involved, blackmail target for forcing to do risky tasks • sometimes sponsor target students to get IT degrees in Univ. (as a reward)
  • 57. law enforcement's limit • international jurisdiction • can act only after the incident • limited operation & human resources
  • 58. balance of powers: asymmetric? • attack side: • defence side: organized cybercrime gov, security industry • no compliance to the • compliance to the law law • borderless adhoc • limit by international alliances jurisdiction • long tail attack model • concentric defence • spontaneous action • action after incidents • operation low cost = • security often looked high ROI as anti-ROI cost • luring technically • more security sophisticated youngsters professionals needed • psychological attack • psychological defence approach effective possible?
  • 59. remedies • need to make businesses to understand… • security is for averting the risk • PII data is targeted • the size of damages (what if 5% of users attacked…) • guidance & aid for small & middle size businesses • = over 90% of businesses are S&M size companies • = attacks are long tail model
  • 60. remedies • need to prevent technically talented youngsters going to be lured by criminals (from the dark side) • rescue remedy to save lured youngsters from blackmail (& ransom?) (c ) Lucas Film
  • 61. remedies • need to increase number of security professionals for defence • need to make security professionals as a glamorous job • = cool • = respected • = high pay ( > US$200/hour…?)
  • 63. psychological layer security • still a theoretical idea • Bruce Schneier is also looking at similar direction • Feb 2007 quot;The Psychology of Securityquot;
  • 64. layer approach • examle: OSI model
  • 65. a security layer model 7 Psychological cognition Human Factor 6 Custom (Habit) behavior 5 Operation rules 4 Content data Intangibles 3 OS/Application software 2 Hardware Tangibles 1 Physical
  • 66. attacks vs. remedies Psychological phishing, spear phish, ? scam, pharming Custom spoof phishing spam, accustomed best practice pharming, XSS, XSRF, , awareness, digital ID spoof signature, PKI Operation DoS, spam, sabotage, filter, opsec procedure, espionage, ransomware policy, law enforcement Content sniffing, spam, encryption, filter, spyware, alteration content-scan, host IDS OS/ DoS, vuln exploit, FW, network IDS, IPS, Application 0day, rootkit, botnet anti-virus, OS/app patch Hardware direct access, perimeter guard, anti- tampering, alteration tampering, hard seal Physical lock pick, break in, surveillance, perimeter vandalism alarm, armed guard
  • 67. psychological attacks • exploit social interaction • exploit social protocols • exploit social norms • exploit social status of users
  • 77. de-motivate • example
  • 82. hack for cybercrime is lame Borg, from Startrek (c ) Paramount Pictures
  • 83. hack for security is cool Matrix Reloaded, (c )Warner Bros. Pictures
  • 84. psychological layer security • passive defence: • user behavior modification • to increase user alertness • active defence: • to de-motivate adversary • to deflect direction of attacks • potential field to look at: • Cognitive Behavioral Therapy • Neuro Linguistic Programming
  • 85. + direct attacks to users' mental state
  • 86. + a concept example: • Psycho-acoustic Computer Virus • creates near inaudible very low frequency sound (20-40Hz) by exploiting sound synthesizer chip • such very low frequency sound is believed to create fear and awed feeling in hearers • Nazi was believed as they used this sound technique for Nazi Party conventions
  • 87. psychological attacks how can we counter? • exploit social interaction • exploit social protocols • exploit social norms • exploit social status of users • exploit mental state of users
  • 88.
  • 89. sources • A Race to the Bottom - Privacy Ranking of Internet Service Companies • http://www.privacyinternational.org/article.shtml?cm d[347]=x-347-553961 • Leading surveillance societies in the EU and the World 2007 • http://www.privacyinternational.org/article.shtml?cm d[347]=x-347-559597 • Map developed: http://english.freemap.jp/ • What Our Top Spy Doesn't Get: Security and Privacy Aren't Opposites • http://www.wired.com/politics/security/commentary/se curitymatters/2008/01/securitymatters_0124?currentPa ge=all&
  • 90. sources • Our view on security vs. privacy_ Bush uses scare tactics ...USATODAY • http://blogs.usatoday.com/oped/2008/02/our-view-on- sec.html • MI5 seeks powers to trawl records in new terror hunt • http://www.guardian.co.uk/uk/2008/mar/16/uksecurity. terrorism • Police announce London 2012 plans • http://news.bbc.co.uk/sport2/hi/olympics/london_2012 /7277918.stm • UK considers RFID tags for prisoners • http://www.itweek.co.uk/vnunet/news/2207145/governme nt-considers-rfid-tags
  • 91. sources • Bush Administration's Warrantless Wiretapping Program • http://www.washingtonpost.com/wp- dyn/content/article/2007/05/15/AR2007051500999.html • Mobile firms seek India govt meeting on BlackBerry • http://www.reuters.com/article/ousiv/idUSBOM10000520 080312?sp=true • UK MOD confirms loss of recruitment data • http://www.mod.uk/DefenceInternet/DefenceNews/Defenc ePolicyAndBusiness/ModConfirmsLossOfRecruitmentData. htm • TSA_securitybreach_20080111092648 • http://oversight.house.gov/documents/20080111092648. pdf
  • 92. sources • What Is Web 2.0 • http://oreillynet.com/pub/a/oreilly/tim/news/2005/09 /30/what-is-web-20.html • Security, Economics, and the Internal Market • http://www.enisa.europa.eu/doc/pdf/report_sec_econ_& _int_mark_20080131.pdf • Criminals 'target tech students' • http://news.bbc.co.uk/2/hi/technology/6220416.stm • The Psychology of Security • http://www.schneier.com/essay-155.html • Hackers Assault Epilepsy Patients via Computer • http://www.wired.com/politics/security/news/2008/03/ epilepsy
  • 93. ? • ?