Big Data in Security vs. Privacy
Facebook Twitter LinkedIn

Big Data in Security vs. Privacy

Combined Session
Wednesday, May 14, 2014 12:00—13:00
Location: ALPSEE

Preventing your Enterprise from Cyber Attacks and Threats: Can this be Illegal?

With the evolution of new technologies and approaches to security, such as the application of big data tools to profoundly analyze network traffic in realtime, security professionals can have a high level of visibility into any type of information. These systems do not distinct between personal and "non-personal" information - they are just trained to detect suspicious patterns and can do so only if all packets are inpected. But what does the law say? Do enterprises have a right to process personal data in order to defend themselves against cyber attacks? KuppingerCole´s Senior Analyst and privacy expert Dr. Karsten Kinast, LL.M. will give you an overview on how current and future legislation is and will answer this question. There is an additional workshop offered for this topic.   

Preventing your Enterprise from Cyber Attacks and Threats: Can this be Illegal?
Presentation deck
Preventing your Enterprise from Cyber Attacks and Threats: Can this be Illegal?
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Dr. Karsten Kinast
Dr. Karsten Kinast
KuppingerCole
Dr. Karsten Kinast, LL.M., Attorney at Law (Germany), is founding Partner of the Law Firm “Kinast & Partner” with an exclusive focus on Data Protection Law and IT-Law. He holds a...

Deep Security Monitoring Versus Privacy – Is There a Middle Ground?

The news is rife with the conflict of deep security monitoring versus personal privacy. Similar to the rise of sophisticated global terrorists is the rapid rise of advanced IT security threats from hacktivists, cybercriminals, and nation states, and the fast evolution of security technologies designed to defend against them.  Security professionals now often find themselves pushing the boundary of what is socially acceptable and even legal, while trying to keep up their organization’s defenses.

With the evolution of security technologies such as network packet capture and big data security analytics, security professionals can have an unprecedented level of visibility into what is happening in their enterprise.  But can security professionals use these monitoring oriented technologies without violating both laws and the monitored persons’ sense of reasonableness? 

Given the insidious nature of many advanced threats and their associated malware, which have been known to hide amongst normal application traffic, detection often requires sophisticated anomaly detection leveraging the collection and analysis of very large data sets, which often include the personal information and communications (email, IM, ftp).  Even if the collection of this personal information is not the primary purpose of the security system, doing so can sometimes be illegal and often times raise objections from individuals, workers councils/unions, and data privacy officers.  

After providing the background on today’s threats and why monitoring & big-data analytic defensive techniques are really required to defend against today’s most difficult threats, the presenters/panelists will provide some specific deployment examples that highlight the challenges from both a legal and cultural perspective.  They will go on to discuss how organizations in privacy sensitive regions can use advanced types of security monitoring technologies and will also review both technical and non-technical controls which can help enable a balance between the needs of risk reduction for the organization and the privacy expectations of the users and the laws. And they will also discuss with you the closely related issues of working with employees and data privacy officers to help smooth the deployment of security monitoring systems.  

Dr. Scott David, LL.M.
Dr. Scott David, LL.M.
KuppingerCole
Scott David, J.D., LL.M., is the Director of Policy at the Center for Information Assurance and Cybersecurity at University of Washington and was formerly the Executive Director of the Law,...
Ramses Gallego
Ramses Gallego
Dell
With an MBA and Law education, Ramsés is a +20 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is Strategist & Evangelist for...
Matthew Gardiner
Matthew Gardiner
RSA
Matthew Gardiner is a senior manager at RSA Security and is currently focused on the evolution of security management & compliance in general and SIEM solutions in particular. For the past 10+...
Subscribe for updates
Please provide your email address