1 / 12

EU Public Sector Data Breaches and Data Loss: Where do we go from here?

This article examines the issue of data breaches and data loss in the public sector, highlighting the low confidence in government and the need for action. It discusses UK government databases, types of inside threats, compliance issues, breach notification laws, data encryption, and the importance of patching. The article concludes by emphasizing the need for improved IT management and increased awareness among politicians.

jstandish
Download Presentation

EU Public Sector Data Breaches and Data Loss: Where do we go from here?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EU Public Sector Data Breachesand Data LossWhere do we go from here? Nigel Stanley Practice Leader, Security Bloor Research Nigel Stanley Practice Leader, Security Bloor Research

  2. Confidence in Government is low • Citizen confidence is low • Little sign of confidence returning • “Something must be done” • But what?

  3. 12th January 2009Government Failed to Clamp Down on Data Loss Telegraph.co.uk Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy http://www.telegraph.co.uk/news/newstopics/politics/4220321/Government-failed-to-clamp-down-on-data-loss.html

  4. Sample UK Government Databases • National DNA database - 4.5 million people (5.2% of UK population) • National Identity Register* • TV Licensing • DVLA • Department for Work and Pensions customer database • Schengen Information System • Automatic Numberplate Recognition System (ANPR) • National Pupil database • National Childhood Obesity database • NHS Summary Care Record • ContactPoint* • Communications database* • ONSET • … (* in development. Source: http://www.jrrt.org.uk/uploads/Database%20State%20-%20Executive%20Summary.pdf)

  5. Types of Inside Threat • Incompetent and non-malicious i.e. I sent all of the HMRC database in the post • Competent and maliciousi.e. I am going to steal this medical data and blackmail the patient

  6. Public Sector Compliance • Non-compliance can be politically painful • Regulators are getting more aggressive • We all need to avoid headlines… • Is the media the best sanction?

  7. Security Breach Notification Laws • Disclosure rules now enacted in some US states • Ongoing discussions across the EU • Views differ on this law

  8. Data Encryption • Well established • Many implementations • Can be very complex(key management issues) • Purchased by many as a tactical add on • If encrypted data is lost who really cares?

  9. Patches, patches, patches • Basic IT hygiene • Fail to patch will result in failure • Patch testing is a balance • Automated tools make life easier

  10. Summary • Government data handling under increased scrutiny • We must keep our own houses in order by; • Understanding our IT environments • Managing known risk • Protecting against unknown risks • Preventing device misuse • Securing mobile devices • Politicians need more education and awareness…

  11. 10th August 2009Tories Unveil NHSDatabase Plans Daily News 50p Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy Gfdsghseiogljhdfkljhlkhlkhaf Kjahdfhasdfjkhasdfhasdfhasklfhasodfhasdfh;asdhf;asdlfhasdlhf;asdlhfsdfh;sdlkfhwreoptyrepotyreooty3potypqro8yfpqoyfwofyqweofyqwepofyqwepofywepfyofydpofyqpofyqpotiytyqptioyqrpotyitioyqprtyiqtoiyqptioyqptopqwoiytpoitypoqtiypoiyy http://news.bbc.co.uk/1/hi/health/8189674.stm

  12. Contact • Website is www.bloorresearch.com • Register for access to research library • Security training, advice and consultancy available through Incoming Thought Ltd, a Bloor partner company • www.incomingthought.com

More Related