SlideShare une entreprise Scribd logo
1  sur  19
Privacy vs Security
You Can’t Have Both
At the same time
Ashley Jelleyman FBCS CITP M Inst. ISP
Head of Information Assurance
© British Telecommunications plc
Privacy vs Security
• We can look at privacy in a number of ways
– Sometimes we as individuals willing give up our privacy
– Sometimes we are forced to give up our privacy to get
something we want
– and sometimes it happens beyond our control.
• And there is a third side to the triangle.
© British Telecommunications plc
Privacy vs Security
• Let me introduce Ethan, aged 13.
• He has an expectation of privacy
– He keeps his bedroom door shut because he’s a teenage
lad who wants his privacy
© British Telecommunications plc
Privacy vs Security
• Which means his bedroom looks like this:
• Because he wants his privacy he surrenders the “security” of
his mum cleaning the bedroom.
© British Telecommunications plc
Privacy vs Security
• He has two PCs, one in his room for homework, one
in the conservatory for games.
• His homework computer has no games on it and only
goes to restricted educational web sites.
• But if he wants to have a computer to play games on
he has to surrender his privacy so I can protect him.
• MS Family Safety.
– Gives remote control and reporting
© British Telecommunications plc
Privacy vs Security
• So again, he has surrendered his privacy and control, for
the right to use the computer.
• I know both he and the network at home are safe and
secure !
© British Telecommunications plc
Privacy vs Security
• Then there is my wife; Margaret, aged, no comment.
• We share a bank account, but I manage the reconciliation
• So my wife gives me all the receipts for the money she spends.
• She has surrendered her privacy to ensure that we have the security
of knowing what money we have, and don’t go overdrawn.
• But if she wants to surprise me with a gift at Christmas it’s difficult,
so I’ve surrendered that pleasure.
© British Telecommunications plc
Privacy vs Security
• So what about at work:
• Most of us have access to the corporate email and to
the internet.
• Our emails are monitored for appropriateness, spam
and Phishing attacks. So if we receive a private
message we can expect it will be at least scanned by
an automated system.
• We have surrendered our privacy for the right to
receive private emails at work
© British Telecommunications plc
Privacy vs Security
• And when the monitoring doesn’t work
• You get incidents like Aramco – a click on a dodgy
link
The August attacks, using a virus called Shamoon, wiped the hard drive of the
Saudi computers and left thousands of Aramco employees unable to access
email and kept them off company networks for a week or more
© British Telecommunications plc
Privacy vs Security
• Internet access is monitored to ensure people don’t
visit in-appropriate sites.
• That gives the company security from viruses trojans
and other malware.
• But we as employees don’t expect the company to
sniff our banking passwords, or other credentials.
• So now we are introducing the concept of trust into
the surrender of privacy equation.
© British Telecommunications plc
Privacy vs Security
• Then we move out into the wider world:
• BT and many other ISPs provide access to the internet.
• As we transact more and more business on the internet
we expose more information, not just to the end website,
but potentially our ISP.
• But again we trust our ISP not to read all of our traffic, look
at what we are viewing, and record our activity
– Except that sometimes they have to by law
– New laws requiring the storage of all on-line activity are being
enacted for National Security reasons.
• Matters of national security can over ride the personal
privacy agenda.
© British Telecommunications plc
Privacy vs Security
• But again, we also surrender our privacy for benefits.
– We allow cookies to be stored on our machines
– Many web sites don’t work without them
• We allow companies to use our experience of their
software to improve the next version, we get better
software.
• We are regularly willing to trade our privacy for the
“security” of a better, more reliable feature rich
service.
© British Telecommunications plc
Privacy vs Security
• What about when we really want privacy,
• We can establish an encrypted link: https:
– But that only works on the sites that offer it
– It isn’t 100%
– Still exposes your IP address
– What about other sites that don’t offer HTTPs:
© British Telecommunications plc
Privacy vs Security
• There are some commercial offerings,
© British Telecommunications plc
Privacy vs Security
• This one promises to encrypt your connection to the
target
• It masks your IP address by proxying the connection
• It will even offer to make your connection appear to
come from a different country.
– Useful if you want to watch domestic online TV from a
different country
© British Telecommunications plc
Privacy vs Security
• But are you really getting privacy ?
– Depends if you trust the provider who is proxying the
traffic.
• I assume that they can see all your traffic.
• So again to get that “security” you are placing your
trust in someone else.
© British Telecommunications plc
Privacy vs Security
• So in most cases the truth isn’t a simple Privacy Vs
Security slider.
• It’s usually a three way deal between
– Privacy
– Security
– and Trust.
Trust
Privacy
Security
© British Telecommunications plc
Privacy vs Security
• And it’s up to each of us to decide how big each circle is.
Trust
Privacy
Security
Any Questions ?

Contenu connexe

En vedette (9)

trabajos tercera parcial
trabajos tercera parcial trabajos tercera parcial
trabajos tercera parcial
 
Sebastian espinosa
Sebastian espinosaSebastian espinosa
Sebastian espinosa
 
Greenwich perspective
Greenwich perspectiveGreenwich perspective
Greenwich perspective
 
Innovative Multi Sector, Multi-stakeholder Partnerships for Scalability and S...
Innovative Multi Sector, Multi-stakeholder Partnerships for Scalability and S...Innovative Multi Sector, Multi-stakeholder Partnerships for Scalability and S...
Innovative Multi Sector, Multi-stakeholder Partnerships for Scalability and S...
 
Laporan multimedia
Laporan multimediaLaporan multimedia
Laporan multimedia
 
M Health Utilizing Mobile Technology
M Health Utilizing Mobile TechnologyM Health Utilizing Mobile Technology
M Health Utilizing Mobile Technology
 
Pank Koria HR4 ICT12
Pank Koria HR4 ICT12Pank Koria HR4 ICT12
Pank Koria HR4 ICT12
 
intel iot roadshow cupid vt
intel iot roadshow cupid vtintel iot roadshow cupid vt
intel iot roadshow cupid vt
 
Módulo 3
Módulo 3Módulo 3
Módulo 3
 

Similaire à CTO Cybersecurity Forum 2013 Ashley Jelleyman

Chp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxChp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxHarishParthasarathy4
 
Introduction to E commerce
Introduction to E commerceIntroduction to E commerce
Introduction to E commerceHimanshu Pathak
 
TPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxTPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxSPMTPCAMPUS
 
TPC_Presentation.pptx
TPC_Presentation.pptxTPC_Presentation.pptx
TPC_Presentation.pptxSPMTPCAMPUS
 
How you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsHow you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsIulia Porneala
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptxCharithraaAR
 
Cyber Safety & Cyber Crimes by me.pptx
Cyber Safety & Cyber Crimes by me.pptxCyber Safety & Cyber Crimes by me.pptx
Cyber Safety & Cyber Crimes by me.pptxTejasSingh70
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessArjith K Raj
 
3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of DataMomina Mateen
 
Cyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxCyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxPREMTRIVEDI5
 
Cyber_Security_Awareness_Presentation (1).pptx
Cyber_Security_Awareness_Presentation (1).pptxCyber_Security_Awareness_Presentation (1).pptx
Cyber_Security_Awareness_Presentation (1).pptxjaved75
 
Cyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxCyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxMalikMumtaz6
 
Cyber_Security_Awareness_Presentation.pdf
Cyber_Security_Awareness_Presentation.pdfCyber_Security_Awareness_Presentation.pdf
Cyber_Security_Awareness_Presentation.pdfBalaMurali958529
 

Similaire à CTO Cybersecurity Forum 2013 Ashley Jelleyman (20)

online privacy
online privacyonline privacy
online privacy
 
Chp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptxChp-15 Cyber Safety ppt-std 11.pptx
Chp-15 Cyber Safety ppt-std 11.pptx
 
Cyber Safety ppt.pptx
Cyber Safety ppt.pptxCyber Safety ppt.pptx
Cyber Safety ppt.pptx
 
Introduction to E commerce
Introduction to E commerceIntroduction to E commerce
Introduction to E commerce
 
TPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptxTPC_Presentation - Copy.pptx
TPC_Presentation - Copy.pptx
 
TPC_Presentation.pptx
TPC_Presentation.pptxTPC_Presentation.pptx
TPC_Presentation.pptx
 
How you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNsHow you can protect your online identity, online privacy and VPNs
How you can protect your online identity, online privacy and VPNs
 
Cyber security-1.pptx
Cyber security-1.pptxCyber security-1.pptx
Cyber security-1.pptx
 
cybersec-01.pptx
cybersec-01.pptxcybersec-01.pptx
cybersec-01.pptx
 
Cyber Safety & Cyber Crimes by me.pptx
Cyber Safety & Cyber Crimes by me.pptxCyber Safety & Cyber Crimes by me.pptx
Cyber Safety & Cyber Crimes by me.pptx
 
awareness.pdf
awareness.pdfawareness.pdf
awareness.pdf
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber AwarenessCyber Security and Cyber Awareness
Cyber Security and Cyber Awareness
 
3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data3.5 Online Services and Security and Privacy of Data
3.5 Online Services and Security and Privacy of Data
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Cyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxCyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptx
 
Cyber_Security_Awareness_Presentation (1).pptx
Cyber_Security_Awareness_Presentation (1).pptxCyber_Security_Awareness_Presentation (1).pptx
Cyber_Security_Awareness_Presentation (1).pptx
 
Cyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptxCyber_Security_Awareness_Presentation.pptx
Cyber_Security_Awareness_Presentation.pptx
 
Cyber_Security_Awareness_Presentation.pdf
Cyber_Security_Awareness_Presentation.pdfCyber_Security_Awareness_Presentation.pdf
Cyber_Security_Awareness_Presentation.pdf
 
Web Technologies.pptx
Web Technologies.pptxWeb Technologies.pptx
Web Technologies.pptx
 
Web Technologies.pptx
Web Technologies.pptxWeb Technologies.pptx
Web Technologies.pptx
 

Plus de Commonwealth Telecommunications Organisation

Plus de Commonwealth Telecommunications Organisation (20)

Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint GironsCommonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois HernandezCommonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
 
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatseCommonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
 
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijerCommonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat DegertCommonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
 
we.learn.it - February 2015
we.learn.it - February 2015we.learn.it - February 2015
we.learn.it - February 2015
 
We learn it agenda
We learn it agendaWe learn it agenda
We learn it agenda
 
Reflections on scale up and transferability
Reflections on scale up and transferabilityReflections on scale up and transferability
Reflections on scale up and transferability
 
Planning your learning expedition final
Planning your learning expedition finalPlanning your learning expedition final
Planning your learning expedition final
 
Le template 2015 final
Le template 2015 finalLe template 2015 final
Le template 2015 final
 
Mapping Tools Version 3
Mapping Tools Version 3Mapping Tools Version 3
Mapping Tools Version 3
 
5 expedition posters
5 expedition posters5 expedition posters
5 expedition posters
 
Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El Shami
 
Session 6.1 Stewart Room
Session 6.1 Stewart RoomSession 6.1 Stewart Room
Session 6.1 Stewart Room
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
 

Dernier

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 

Dernier (20)

Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 

CTO Cybersecurity Forum 2013 Ashley Jelleyman

  • 1. Privacy vs Security You Can’t Have Both At the same time Ashley Jelleyman FBCS CITP M Inst. ISP Head of Information Assurance
  • 2. © British Telecommunications plc Privacy vs Security • We can look at privacy in a number of ways – Sometimes we as individuals willing give up our privacy – Sometimes we are forced to give up our privacy to get something we want – and sometimes it happens beyond our control. • And there is a third side to the triangle.
  • 3. © British Telecommunications plc Privacy vs Security • Let me introduce Ethan, aged 13. • He has an expectation of privacy – He keeps his bedroom door shut because he’s a teenage lad who wants his privacy
  • 4. © British Telecommunications plc Privacy vs Security • Which means his bedroom looks like this: • Because he wants his privacy he surrenders the “security” of his mum cleaning the bedroom.
  • 5. © British Telecommunications plc Privacy vs Security • He has two PCs, one in his room for homework, one in the conservatory for games. • His homework computer has no games on it and only goes to restricted educational web sites. • But if he wants to have a computer to play games on he has to surrender his privacy so I can protect him. • MS Family Safety. – Gives remote control and reporting
  • 6. © British Telecommunications plc Privacy vs Security • So again, he has surrendered his privacy and control, for the right to use the computer. • I know both he and the network at home are safe and secure !
  • 7. © British Telecommunications plc Privacy vs Security • Then there is my wife; Margaret, aged, no comment. • We share a bank account, but I manage the reconciliation • So my wife gives me all the receipts for the money she spends. • She has surrendered her privacy to ensure that we have the security of knowing what money we have, and don’t go overdrawn. • But if she wants to surprise me with a gift at Christmas it’s difficult, so I’ve surrendered that pleasure.
  • 8. © British Telecommunications plc Privacy vs Security • So what about at work: • Most of us have access to the corporate email and to the internet. • Our emails are monitored for appropriateness, spam and Phishing attacks. So if we receive a private message we can expect it will be at least scanned by an automated system. • We have surrendered our privacy for the right to receive private emails at work
  • 9. © British Telecommunications plc Privacy vs Security • And when the monitoring doesn’t work • You get incidents like Aramco – a click on a dodgy link The August attacks, using a virus called Shamoon, wiped the hard drive of the Saudi computers and left thousands of Aramco employees unable to access email and kept them off company networks for a week or more
  • 10. © British Telecommunications plc Privacy vs Security • Internet access is monitored to ensure people don’t visit in-appropriate sites. • That gives the company security from viruses trojans and other malware. • But we as employees don’t expect the company to sniff our banking passwords, or other credentials. • So now we are introducing the concept of trust into the surrender of privacy equation.
  • 11. © British Telecommunications plc Privacy vs Security • Then we move out into the wider world: • BT and many other ISPs provide access to the internet. • As we transact more and more business on the internet we expose more information, not just to the end website, but potentially our ISP. • But again we trust our ISP not to read all of our traffic, look at what we are viewing, and record our activity – Except that sometimes they have to by law – New laws requiring the storage of all on-line activity are being enacted for National Security reasons. • Matters of national security can over ride the personal privacy agenda.
  • 12. © British Telecommunications plc Privacy vs Security • But again, we also surrender our privacy for benefits. – We allow cookies to be stored on our machines – Many web sites don’t work without them • We allow companies to use our experience of their software to improve the next version, we get better software. • We are regularly willing to trade our privacy for the “security” of a better, more reliable feature rich service.
  • 13. © British Telecommunications plc Privacy vs Security • What about when we really want privacy, • We can establish an encrypted link: https: – But that only works on the sites that offer it – It isn’t 100% – Still exposes your IP address – What about other sites that don’t offer HTTPs:
  • 14. © British Telecommunications plc Privacy vs Security • There are some commercial offerings,
  • 15. © British Telecommunications plc Privacy vs Security • This one promises to encrypt your connection to the target • It masks your IP address by proxying the connection • It will even offer to make your connection appear to come from a different country. – Useful if you want to watch domestic online TV from a different country
  • 16. © British Telecommunications plc Privacy vs Security • But are you really getting privacy ? – Depends if you trust the provider who is proxying the traffic. • I assume that they can see all your traffic. • So again to get that “security” you are placing your trust in someone else.
  • 17. © British Telecommunications plc Privacy vs Security • So in most cases the truth isn’t a simple Privacy Vs Security slider. • It’s usually a three way deal between – Privacy – Security – and Trust. Trust Privacy Security
  • 18. © British Telecommunications plc Privacy vs Security • And it’s up to each of us to decide how big each circle is. Trust Privacy Security