Big Data in Security vs. Privacy
Facebook Twitter LinkedIn

Deep Security Monitoring Versus Privacy – Is There a Middle Ground?

Combined Session
Wednesday, May 14, 2014 12:00—13:00
Location: ALPSEE

The news is rife with the conflict of deep security monitoring versus personal privacy. Similar to the rise of sophisticated global terrorists is the rapid rise of advanced IT security threats from hacktivists, cybercriminals, and nation states, and the fast evolution of security technologies designed to defend against them.  Security professionals now often find themselves pushing the boundary of what is socially acceptable and even legal, while trying to keep up their organization’s defenses.

With the evolution of security technologies such as network packet capture and big data security analytics, security professionals can have an unprecedented level of visibility into what is happening in their enterprise.  But can security professionals use these monitoring oriented technologies without violating both laws and the monitored persons’ sense of reasonableness? 

Given the insidious nature of many advanced threats and their associated malware, which have been known to hide amongst normal application traffic, detection often requires sophisticated anomaly detection leveraging the collection and analysis of very large data sets, which often include the personal information and communications (email, IM, ftp).  Even if the collection of this personal information is not the primary purpose of the security system, doing so can sometimes be illegal and often times raise objections from individuals, workers councils/unions, and data privacy officers.  

After providing the background on today’s threats and why monitoring & big-data analytic defensive techniques are really required to defend against today’s most difficult threats, the presenters/panelists will provide some specific deployment examples that highlight the challenges from both a legal and cultural perspective.  They will go on to discuss how organizations in privacy sensitive regions can use advanced types of security monitoring technologies and will also review both technical and non-technical controls which can help enable a balance between the needs of risk reduction for the organization and the privacy expectations of the users and the laws. And they will also discuss with you the closely related issues of working with employees and data privacy officers to help smooth the deployment of security monitoring systems.  

Dr. Scott David, LL.M.
Dr. Scott David, LL.M.
KuppingerCole
Scott David, J.D., LL.M., is the Director of Policy at the Center for Information Assurance and Cybersecurity at University of Washington and was formerly the Executive Director of the Law,...
Ramses Gallego
Ramses Gallego
Dell
With an MBA and Law education, Ramsés is a +20 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is Strategist & Evangelist for...
Matthew Gardiner
Matthew Gardiner
RSA
Matthew Gardiner is a senior manager at RSA Security and is currently focused on the evolution of security management & compliance in general and SIEM solutions in particular. For the past 10+...
Subscribe for updates
Please provide your email address