© 2006 IBM Corporation
IBM Global Services
IBM and the future of privacyIBM and the future of privacyDo the benefits of the electronic age come with a Do the benefits of the electronic age come with a privacy trade off?privacy trade off?
John MartinJohn MartinSecurity Practice Leader – IBM New ZealandSecurity Practice Leader – IBM New Zealand
IBM Global Services
© 2006 IBM CorporationIBM and Privacy Page 2
Agenda
Current Trends Incident after Incident Data governance A framework Privacy Summary
IBM Global Services
© 2006 IBM CorporationIBM and Privacy Page 3
Current Trends
Firm allegedly sold personal data from millions Laptop loaded with HP employee data stolen from
Fidelity 40,000 BP’s identities stolen – 4 laptops, Cisco, IBM
Google privacy win – first battle Visa warns software may store PINs Researchers warn of coming tax scams The high cost of data loss
IBM Global Services
© 2006 IBM CorporationIBM and Privacy Page 4
Incident after incident of data being leaked or compromise or made vulnerable – day by day
Information is the lifeblood of our economy Making good use of information and getting value versus
protection Private data needs to be secure
What policies? Who to share it with? How to share it? Who is going to manage it?
Information sharing will grow Is it a natural trade off? Business, government managing data – what is best practices?
IBM Global Services
© 2006 IBM CorporationIBM and Privacy Page 5
Data governance
Must consider the appropriate security & privacy measures for each entity
with whom you interact
Partners
SuppliersCustomers
SecuritySecurity
PrivacyPrivacy
Trust
SecuritySecurity
PrivacyPrivacy
TrustTrust The long-term stability and growth is directly influenced by security and resilience focus across critical areas of the operations
Focusing only on the IT related layers is sub-optimal and does not address the complete security needs
SecuritySecurity
Security
Strategy
Security
Process
Security
People
Security
Applications & Data
Technology
Facilities
SecurityPrivacy
Privacy at all levels
IBM Global Services
© 2006 IBM CorporationIBM and Privacy Page 6
The information security capability reference model contains eight themes.
Enterprise Information Management & Privacy
Information Security Framework
Governance
Privacy
Threat mitigation Transaction and data integrity
Identity andaccess management Application security
Physical security Personnel security
IBM Global Services
© 2006 IBM CorporationIBM and Privacy Page 7
Identity Resolution
Private Data Data
IBM Global Services
© 2006 IBM CorporationIBM and Privacy Page 8
PrivacyPrivacy and Information management strategy
Define privacy information strategyRequirements & compliance processIncident response
Policy, practices and controlsPrivacy Impact Assessment Privacy AuditAwareness & training
Data, rules and objectsPrivacy data taxomony & classificationPrivacy business process model
Encryption end to end
© 2006 IBM Corporation
IBM Global Services
Q&A – Thank youQ&A – Thank youIBM and the future of privacyIBM and the future of privacy
Do the benefits of the electronic age Do the benefits of the electronic age come with a privacy trade off?come with a privacy trade off?