1 / 11

Protecting Data in a Collaborative Environment

Protecting Data in a Collaborative Environment. Willa Pickering, Ph.D. CDM Responsibilities for Data Protection. Identify what data must be protected Shared data in collaborative environments Intellectual property Personal and private National security

branden-shaw
Télécharger la présentation

Protecting Data in a Collaborative Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Protecting Data in a Collaborative Environment Willa Pickering, Ph.D.

  2. CDM Responsibilities for Data Protection • Identify what data must be protected • Shared data in collaborative environments • Intellectual property • Personal and private • National security • Identify why the data must be protected • Threats • Federal and state regulations • Identify who can access the data • Communities of interest • Identify how the data can be protected • Security Plan • Data risk management

  3. Collaborative Data Warehouse Environment (What Data Needs Protection) • Integration of data from multiple sources • Health data, banking data, knowledge discovery in business intelligence systems • Users may access data that they don’t have permission to access in the source system • Data Mining • On the fly queries • Aggregation of data • Inference issues - construct new groupings and extract information based on derived patterns Data Collection/Provider Controls Warehouse Server Controls Data Access/Mining Server Control Inference Controls Query/Union Checks Raw Data Protection Data Sanitization

  4. Collaborative Net-Centric Environment (What Data Needs Protection) • Visible to the right people or systems • Need to know vs. need to share challenge Global Connectivity (Cloud Computing, SOA, Post/Pull) Enterprise Services (Collaboration, Content Delivery & Discovery, Metadata Discovery) Authoritative Data (Relevant, Sufficient) Common Platform (Portal, Integration, Interoperability) Consolidated Infrastructure (Architectures, Standards)

  5. Data Protection Threats (Why Data Needs Protection) • Threat to Data • All forms of electronic data (printouts, photocopies, data in documents, spreadsheets, email, graphics, databases) • Theft or misuse by unauthorized users • Threat to Physical Assets • Loss of physical data (mainframes, servers, workstations, laptops, networks) • Intentional or accidental destruction • Natural forces (electrical or magnetic disturbances) • Control by inside or outside forces • Threat to Business • Denial of service attack • Unauthorized access to sensitive data • Threat to Networks • Terrorists • Disgruntled employees • Hackers • Competitors • Criminals • Information brokers

  6. Increasing Regulations (Why Data Needs Protection) • Non-US Regulations • UK Data Protection Act of 1998 • European Union Data Protection Directive • Canada Personal Information Protection and Electronic Documents Act • Russia Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data • Federal • Gramm-Leach-Bliley Financial Services Modernization Act • Health Insurance Portability and Accountability Act • Health Information Technology for Economic and Clinical Health Act • States • California Data Security Breach Notification Act • Minnesota Consumer Card Data Protection • Nevada Data Encryption Policy

  7. Communities (Who Can Access the Data) Identify the appropriate groups of people to share data • Establish charters and governance structure • Identify data assets to share • Understand data sharing constraints • Promote trust by identifying authoritative sources and associating trust discovery metadata • Manage feedback mechanisms by identifying and establishing processes to evaluate and refine the quality of the data

  8. IT Security Mechanisms (How Can Data Be Protected) Authentication • User ID and password • Physical security device, ATM card, computer chip • Biometric identification, voice, eye, thumbprint • Authorization • Level of access • Controls • Database attribute/column, row/object, table/class • Application • Host/geographic • Security Strategies • Check points to validate users • Error handling if viewers seek to view without permissions • Roles • Limited view of only what viewer has permission to see • Roles • Secure Access Layer/Firewall Protection • Session Content - logging • Single Access Point - no back doors • Cross-Domain Guards

  9. Data Risk Management (How Can Data Be Protected) • Audits • Liability exposures • Compliance risks • Unmet data security requirements • End-to-end security checks • Risk Mitigation • Data replication/versions • Altered data • Logs • Exception monitoring • Event alerts

  10. References • Data Warehouse • Inmon, W., Security in the data warehouse: data privatization, Enterprise Systems Journal, 11, n3, p.76, March 1996 • Mack, D. & Cain, M., The Essential Guide to Security and The Data Warehouse, 2010 • Zhang, N. & Zhao, W., Privacy-preserving data mining systems, IEEE Computer Society, 2007 • Zhang, N. & Zhao, W., Privacy-preserving OLAM: An information-theoretic approach, IEEE Computer Society, 2009 • Net-Centric Environments/Communities • DoD Net-Centric Data Strategy, 2003 • DoD Metadata Discovery Specification, 2003 • Security Access Controls • Ambler, S., Agile Database Techniques, 2003 • Security Plan • Kimball, R., “Hackers, Crackers, and Spooks,” DBMS 10, n4, p.14, April 1997 • Data Risk Management • Winn, J. & Wrathall, J. Who Owns the Customer? The emerging law of commercial transactions in electronic customer data, http.//www.law.washington.edu/Profile.aspx?ID=103&vw=pubs

More Related