Current issues by MOA and republish by hubspot-directory.blogspot.com
1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research...
-
Upload
gerald-parker -
Category
Documents
-
view
213 -
download
0
Transcript of 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research...
![Page 1: 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.](https://reader038.fdocuments.in/reader038/viewer/2022110208/56649d985503460f94a82bea/html5/thumbnails/1.jpg)
1
Dan Steinberg, JDPortland, ORMay 4, 2011
Speaking Notes
Privacy and Security for Research Repositories
Please do not reuse or republish without attribution.
![Page 2: 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.](https://reader038.fdocuments.in/reader038/viewer/2022110208/56649d985503460f94a82bea/html5/thumbnails/2.jpg)
2
Current models of the relationship between privacy and security are misleading or are altogether inaccurate.
“You can have security without privacy, but you can’t have privacy without security.”
Fair Information Principles: Notice • Access • Choice • Redress • Security
![Page 3: 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.](https://reader038.fdocuments.in/reader038/viewer/2022110208/56649d985503460f94a82bea/html5/thumbnails/3.jpg)
3
A better view of the relationship between privacy and security acknowledges that there are a large number of topics that are both privacy and security issues.
Individual
Notice
Access
Redress
Choice
PRIVACY
Safeguarding a individual’s personally identifiable information
SECURITY
IntellectualProperty
NationalSecurity
PhysicalAssets andResources
TradeSecrets
Ways of DoingBusiness
Institution
![Page 4: 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.](https://reader038.fdocuments.in/reader038/viewer/2022110208/56649d985503460f94a82bea/html5/thumbnails/4.jpg)
4
Risk Management is fundamental to information privacy and security.
The six steps in the Risk Management FrameworkFIGURE 2-2: RISK MANAGEMENT FRAMEWORK
Step 1CATEGORIZE
Information System
Step 2SELECT
Security Controls
Step 3IMPLEMENT
Security Controls
Step 6MONITOR
Security Controls
Step 5AUTHORIZE
Information SystemStep 4
ASSESSSecurity Controls
RISK MANAGEMENT FRAMEWORK
PROCESS OVERVIEW
Starting pointARCHITECTURE DESCRIPTION
Architecture Reference ModelsSegment and Solution Architectures
Mission and Business ProcessesInformation System Boundaries
ORGANIZATIONAL INPUTSLaws, Directives, Policy Guidance
Strategic Goals and ObjectivesPriorities and Resource Availability
Supply Chain Considerations
Adapted from NIST Special Publication 800-37, Rev. 1, Guide for Applying the RiskManagement Framework to
Federal Information Systems.
![Page 5: 1 Dan Steinberg, JD Portland, OR May 4, 2011 Speaking Notes Privacy and Security for Research Repositories Please do not reuse or republish without attribution.](https://reader038.fdocuments.in/reader038/viewer/2022110208/56649d985503460f94a82bea/html5/thumbnails/5.jpg)
5
Some, but not all, components of a robust security program:
Risk Analysis
Policies and Procedures
Training and Awareness
Information Access Management
Identity Management
Privacy Controls
Incident Procedures
Contingency Planning
Physical Controls
Transmission Security
Integrity Controls
Disposal Controls
Evaluation