1 / 9

Legal Informatics, Privacy  and Cyber Crime

Legal Informatics, Privacy  and Cyber Crime. Etalle. Part 6b: the tasks. 2019. Case Study 1 (1/3).

dhouston
Télécharger la présentation

Legal Informatics, Privacy  and Cyber Crime

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Legal Informatics, Privacy  and Cyber Crime Etalle Part 6b: the tasks 2019

  2. Case Study 1 (1/3) Your company intends to acquire a new important Client and entrustsyou with the following task: youhave to design and present a detailedplan with a proposal to assist it in improvingits data governance and management throughout the whole data life-cycle, cybersecurity and legalcompliance of data processing, also in consideration of the requirements set by the GDPR.

  3. Case Study 1 (2/3) The prospective Client is a medium-sized company owning and managing 3 health clinics. Currently, theyprovideall standard services to patients, i.e. lab analyses, specialisedvisits, daysurgery. Theyhave 30 employees with differentroles (scientificdirectors, administrationpersonnel, nurses, in-housedoctors) and free lance medical staff (specialiseddoctors). Theyhaveexternalconsultantstaking care of specificactivities (i.e. lawyer, accountant, payroll/labourconsultant). They take care of about 5000 patients a year and have a legalobligation to storeadministrativedocumentation for 10 years (legalordinaryprescriptionperiod) and medicalrecords for 20 years.

  4. Case Study 1 (3/3) From the data management viewpoint, the company isquitetraditional: several data are still on paper and digital data are processed with standard hardware and software tools, like personal computersused by the administrationpersonnel, one computer in eachambulatory, one server in each clinic, management software. The company plans to makesignificantinvestments in new medicaltechnologies, whichwilldigitizemosthealth data (x ray, medicalrecords, fMRIscans, 3D scans, lab exams, etc.). They are interested in storing data in the cloud and wish to provide new services to patients, via mobile apps and web-portals to access and download electronichealthrecords, book visits on-line, etc.

  5. Case Study 2 Study the following attack description Breaking the Target: An Analysis of Target Data Breach and Lessons Learned, by Xiaokui Shu, Ke Tian, Andrew Ciambrone and Danfeng Yao. (For the assignments) Available at https://arxiv.org/pdf/1701.04940.pdf We are going to • Discuss how the attack was carried out • Discuss the legal aspects of the breach • Discuss ”what went wrong” from the defender perspective • Etcetcetc….

  6. Case Study 3 (Facultative) Discuss the following article: Framing Dependencies Introduced by Underground Commoditization, by Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna. Available at https://research.google.com/pubs/pub43798.html

  7. OLD STUFF

  8. Articles for the presentation. TBD in cooperation with Prof. Cevenini how to do this. Framing Dependencies Introduced by Underground Commoditization, by Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J. Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna. Available at https://research.google.com/pubs/pub43798.html Breaking the Target: An Analysis of Target Data Breach and Lessons Learned, by Xiaokui Shu, Ke Tian, Andrew Ciambrone and Danfeng Yao. (For the assignments) Available at https://arxiv.org/pdf/1701.04940.pdf

  9. Articles to for the discussion (TBD) 2019 Internet Security Threat Report, available at Symantec.com Branch, Federal Network Resilience Cybersecurity Assurance. Unintentional Insider Threats: Social Engineering. (2014). Only the sections: 3, 5, 6.1, 6.2, 6.3 Available at https://resources.sei.cmu.edu/asset_files/TechnicalNote/2014_004_001_77459.pdf Luca Allodi, Marco Corradin, Fabio Massacci. Then and Now: On the Maturity of the Cybercrime Markets. The lesson black-hat marketeers learned. IEEE Transactions on Emerging Topics in Computing, 4(1):35-46, Jan 2016. https://www.win.tue.nl/~lallodi/allodi-tetcs-15.pdf M. Karami, Y. Park, D. McCoy Stress Testing the Booters: Understanding and Undermining the Business of DDoS Services, WWW '16 Proceedings of the 25th International Conference on World Wide Web. Pages 1033-1043 (for the assignments). Available at https://arxiv.org/abs/1508.03410 Michel van Eeten Katsunari Yoshioka Daisuke Makita Carlos Hernandez GañanMaciejKorczyński Arman Noroozian. Who Gets the Boot? Analyzing Victimization by DDoS-as-a-Service. Proceedings RAID 2016. (for the assignments) available at http://mkorczynski.com/RAID16Noroozian.pdf

More Related