SlideShare une entreprise Scribd logo

Duncan hine input3_irm_and_outsourcing

E-Government Center Moldova
E-Government Center Moldova
1  sur  12
Télécharger pour lire hors ligne
Information Security Risk Management IT operation outsourcing The Cloud and Data aggregation
 More data is collected, storage is ‘free’  Data sets are connected and correlated for many reasons  They are combined with open source data sets – credit referencing = identity exists  Data sets are shared internationally  There is a new focus on privacy people are sensitive to this issue  Privacy sensitive information is valuable and can easily be sold if stolen
 Single records unclassified or low classification, or privacy sensitive only  As set grows 10, 100, 1,000, 10,000, 1m, 10m......100m something changes but traditional classification did not change  Changes for two reasons damage caused by large data loss is clearly greater – resign, resign, resign......  Acquisition of large data sets opens up opportunities for new insights with dangerous consequences
 Forgery and alteration does not work  Better to apply for a real one in a false identity  All identities checked on application for ‘social footprint’ so must take from a real person  May already be holder or past holder or known to agency - fraud will be detected  Need to know in advance use two methods  With target cooperation and without  Access to large data sets reduces risks
 On line genealogy and credit referencing  Electoral rolls  Travel data sets (if you travel you already have a passport)  Vulnerable adult data sets addicts, long term carers  Lists of professionals with issues All increase the chance of success and reduce the number of simultaneous applications that need to be made
 Standard method was to adopt the identity of a dead child born about the same time as the applicant who would not have a passport  Duplicate birth certificate obtained (a legal right in UK)  Application will not work now as deaths checked, but for various reasons records not complete
 Monitor open source deaths in online local newspapers  Find a soldier who served abroad, 20-40 yrs older than target  Use on line regimental histories to establish when served overseas and what countries  Aim to identify a country where soldier was around the time the applicant was born with weak record system  Forge a birth certificate for that country  Apply as the illegitimate child of the dead soldier – it was always kept a secret
 Using a cloud makes aggregation happen inherently  Cloud needs to be set up so penetration is limited in containers to manage risk  Encryption at rest looks like the answer but it introduces many other problems  These include key management, escrow, and penetration of key provider  RSA issue a good example  It’s not just about accessing the data but also the ability to combine big data sets  WP is a good example
 Many controls will be traditional  Passport special control process was to cost Eu 10m  By taking two highly vetted people from a pool of 24 at random and using a four eyes process same/better protection was delivered at a fraction of cost  To break this have to corrupt all 24 people  Basic training and awareness more important than ever
 Traditional approach to risk management is still valid for the cloud but the threats and risks are different  Controls and mitigations are similar but applied differently  There is a good opportunity, the risks are greater if they are not well engineered but they can be !  Risk management must be done properly by specialists and asset owners together
Duncan hine input3_irm_and_outsourcing

Recommandé

Dp5
Dp5Dp5
Dp5Tommy Vandepitte
 
Threat Indicators and Cyber Intelligence Sharing in Financial Sector
Threat Indicators and Cyber Intelligence Sharing in Financial SectorThreat Indicators and Cyber Intelligence Sharing in Financial Sector
Threat Indicators and Cyber Intelligence Sharing in Financial SectorBlaz Ivanc
 
Turning Weaknesses into Opportunities Case of the Civil Registry Agency
Turning Weaknesses into Opportunities Case of the Civil Registry Agency Turning Weaknesses into Opportunities Case of the Civil Registry Agency
Turning Weaknesses into Opportunities Case of the Civil Registry Agency E-Government Center Moldova
 
Moldova Open Government Data by Mrs. Irina Tisacova
Moldova Open Government Data by Mrs. Irina TisacovaMoldova Open Government Data by Mrs. Irina Tisacova
Moldova Open Government Data by Mrs. Irina TisacovaE-Government Center Moldova
 
Model for an integrated and implementation-oriented urban revitalisation process
Model for an integrated and implementation-oriented urban revitalisation processModel for an integrated and implementation-oriented urban revitalisation process
Model for an integrated and implementation-oriented urban revitalisation processUrban Expert - Integrated urban development and participation processes
 
Els tres porquets
Els tres porquetsEls tres porquets
Els tres porquetsPere Vergés
 
Concert a càrrec de Damaris Gelabert
Concert a càrrec de Damaris GelabertConcert a càrrec de Damaris Gelabert
Concert a càrrec de Damaris GelabertPere Vergés
 
Assessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto VeldreAssessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto VeldreE-Government Center Moldova
 

Recommandé

Dp5
Dp5Dp5
Dp5Tommy Vandepitte
 
Threat Indicators and Cyber Intelligence Sharing in Financial Sector
Threat Indicators and Cyber Intelligence Sharing in Financial SectorThreat Indicators and Cyber Intelligence Sharing in Financial Sector
Threat Indicators and Cyber Intelligence Sharing in Financial SectorBlaz Ivanc
 
Turning Weaknesses into Opportunities Case of the Civil Registry Agency
Turning Weaknesses into Opportunities Case of the Civil Registry Agency Turning Weaknesses into Opportunities Case of the Civil Registry Agency
Turning Weaknesses into Opportunities Case of the Civil Registry Agency E-Government Center Moldova
 
Moldova Open Government Data by Mrs. Irina Tisacova
Moldova Open Government Data by Mrs. Irina TisacovaMoldova Open Government Data by Mrs. Irina Tisacova
Moldova Open Government Data by Mrs. Irina TisacovaE-Government Center Moldova
 
Model for an integrated and implementation-oriented urban revitalisation process
Model for an integrated and implementation-oriented urban revitalisation processModel for an integrated and implementation-oriented urban revitalisation process
Model for an integrated and implementation-oriented urban revitalisation processUrban Expert - Integrated urban development and participation processes
 
Els tres porquets
Els tres porquetsEls tres porquets
Els tres porquetsPere Vergés
 
Concert a càrrec de Damaris Gelabert
Concert a càrrec de Damaris GelabertConcert a càrrec de Damaris Gelabert
Concert a càrrec de Damaris GelabertPere Vergés
 
Assessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto VeldreAssessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto VeldreE-Government Center Moldova
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskJohn Loveland
 
Information security
Information securityInformation security
Information securityOnkar Sule
 
Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theftmherr_riskconsult
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy
 
Duncan hine input2_ irm_and_outsourcing
Duncan hine input2_ irm_and_outsourcingDuncan hine input2_ irm_and_outsourcing
Duncan hine input2_ irm_and_outsourcingE-Government Center Moldova
 
Modeling and Detection of Data Leakage Fraud
Modeling and Detection of Data Leakage FraudModeling and Detection of Data Leakage Fraud
Modeling and Detection of Data Leakage FraudIOSR Journals
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedStuart Clarke
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Save yourself with the CSDF - ISACA Auckland - 16 June 2021Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Save yourself with the CSDF - ISACA Auckland - 16 June 2021Chris Hails
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul LanoisAIIM International
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Data Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementData Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementClinosolIndia
 
What To Do if You Were Scammed
What To Do if You Were ScammedWhat To Do if You Were Scammed
What To Do if You Were ScammedMary Gathege
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptxVITNetflix
 
Graphs in Government
Graphs in GovernmentGraphs in Government
Graphs in GovernmentNeo4j
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by RegulaRegula
 
What Is "Secure"?
What Is "Secure"?What Is "Secure"?
What Is "Secure"?Peter Coffee
 
The new era of smart
The new era of smart The new era of smart
The new era of smart E-Government Center Moldova
 
The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsE-Government Center Moldova
 

Contenu connexe

Similaire à Duncan hine input3_irm_and_outsourcing

Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskJohn Loveland
 
Information security
Information securityInformation security
Information securityOnkar Sule
 
Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theftmherr_riskconsult
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy
 
Modeling and Detection of Data Leakage Fraud
Modeling and Detection of Data Leakage FraudModeling and Detection of Data Leakage Fraud
Modeling and Detection of Data Leakage FraudIOSR Journals
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedStuart Clarke
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and MitigationsApril Mardock CISSP
 
Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Save yourself with the CSDF - ISACA Auckland - 16 June 2021Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Save yourself with the CSDF - ISACA Auckland - 16 June 2021Chris Hails
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul LanoisAIIM International
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Data Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementData Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementClinosolIndia
 
What To Do if You Were Scammed
What To Do if You Were ScammedWhat To Do if You Were Scammed
What To Do if You Were ScammedMary Gathege
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptxVITNetflix
 
Graphs in Government
Graphs in GovernmentGraphs in Government
Graphs in GovernmentNeo4j
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by RegulaRegula
 

Similaire à Duncan hine input3_irm_and_outsourcing (20)

Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer Forensics
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info Risk
 
Information security
Information securityInformation security
Information security
 
Naccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity TheftNaccu Card Fraud And Identity Theft
Naccu Card Fraud And Identity Theft
 
Steven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 AssignmentSteven Leahy_IT 543_Unit 1 Assignment
Steven Leahy_IT 543_Unit 1 Assignment
 
Duncan hine input2_ irm_and_outsourcing
Duncan hine input2_ irm_and_outsourcingDuncan hine input2_ irm_and_outsourcing
Duncan hine input2_ irm_and_outsourcing
 
Modeling and Detection of Data Leakage Fraud
Modeling and Detection of Data Leakage FraudModeling and Detection of Data Leakage Fraud
Modeling and Detection of Data Leakage Fraud
 
White Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US LocalizedWhite Paper - Nuix Cybersecurity - US Localized
White Paper - Nuix Cybersecurity - US Localized
 
Data Loss Threats and Mitigations
Data Loss Threats and MitigationsData Loss Threats and Mitigations
Data Loss Threats and Mitigations
 
Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Save yourself with the CSDF - ISACA Auckland - 16 June 2021Save yourself with the CSDF - ISACA Auckland - 16 June 2021
Save yourself with the CSDF - ISACA Auckland - 16 June 2021
 
[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois[AIIM18] GDPR: whose job is it now? - Paul Lanois
[AIIM18] GDPR: whose job is it now? - Paul Lanois
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Data Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data ManagementData Privacy and Security in Clinical Data Management
Data Privacy and Security in Clinical Data Management
 
What To Do if You Were Scammed
What To Do if You Were ScammedWhat To Do if You Were Scammed
What To Do if You Were Scammed
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
 
Graphs in Government
Graphs in GovernmentGraphs in Government
Graphs in Government
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
 
9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula9 Trends in Identity Verification (2023) by Regula
9 Trends in Identity Verification (2023) by Regula
 
What Is "Secure"?
What Is "Secure"?What Is "Secure"?
What Is "Secure"?
 

Plus de E-Government Center Moldova

The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsE-Government Center Moldova
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucE-Government Center Moldova
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterE-Government Center Moldova
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...E-Government Center Moldova
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranE-Government Center Moldova
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielE-Government Center Moldova
 

Plus de E-Government Center Moldova (20)

The new era of smart
The new era of smart The new era of smart
The new era of smart
 
The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data Analytics
 
Digital Transformation by Richard Baird
Digital Transformation by Richard BairdDigital Transformation by Richard Baird
Digital Transformation by Richard Baird
 
Mpay&Mcloud
Mpay&McloudMpay&Mcloud
Mpay&Mcloud
 
Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013
 
Hannes astok data protection agency
Hannes astok data protection agencyHannes astok data protection agency
Hannes astok data protection agency
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariuc
 
Hannes astok policy development
Hannes astok policy developmentHannes astok policy development
Hannes astok policy development
 
Digital security hannes astok
Digital security hannes astokDigital security hannes astok
Digital security hannes astok
 
MCloud operational framework
MCloud operational frameworkMCloud operational framework
MCloud operational framework
 
Arhitectura de securitate_MCloud
Arhitectura de securitate_MCloudArhitectura de securitate_MCloud
Arhitectura de securitate_MCloud
 
Ibm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloudIbm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloud
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protection
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedter
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...
 
Star storage m cloud week
Star storage m cloud weekStar storage m cloud week
Star storage m cloud week
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moran
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur riel
 
4 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_20134 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_2013
 
3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud
 

Duncan hine input3_irm_and_outsourcing

  • 1. Information Security Risk Management IT operation outsourcing The Cloud and Data aggregation
  • 2. More data is collected, storage is ‘free’  Data sets are connected and correlated for many reasons  They are combined with open source data sets – credit referencing = identity exists  Data sets are shared internationally  There is a new focus on privacy people are sensitive to this issue  Privacy sensitive information is valuable and can easily be sold if stolen
  • 3. Single records unclassified or low classification, or privacy sensitive only  As set grows 10, 100, 1,000, 10,000, 1m, 10m......100m something changes but traditional classification did not change  Changes for two reasons damage caused by large data loss is clearly greater – resign, resign, resign......  Acquisition of large data sets opens up opportunities for new insights with dangerous consequences
  • 4.
  • 5. Forgery and alteration does not work  Better to apply for a real one in a false identity  All identities checked on application for ‘social footprint’ so must take from a real person  May already be holder or past holder or known to agency - fraud will be detected  Need to know in advance use two methods  With target cooperation and without  Access to large data sets reduces risks
  • 6.  On line genealogy and credit referencing  Electoral rolls  Travel data sets (if you travel you already have a passport)  Vulnerable adult data sets addicts, long term carers  Lists of professionals with issues All increase the chance of success and reduce the number of simultaneous applications that need to be made
  • 7. Standard method was to adopt the identity of a dead child born about the same time as the applicant who would not have a passport  Duplicate birth certificate obtained (a legal right in UK)  Application will not work now as deaths checked, but for various reasons records not complete
  • 8. Monitor open source deaths in online local newspapers  Find a soldier who served abroad, 20-40 yrs older than target  Use on line regimental histories to establish when served overseas and what countries  Aim to identify a country where soldier was around the time the applicant was born with weak record system  Forge a birth certificate for that country  Apply as the illegitimate child of the dead soldier – it was always kept a secret
  • 9. Using a cloud makes aggregation happen inherently  Cloud needs to be set up so penetration is limited in containers to manage risk  Encryption at rest looks like the answer but it introduces many other problems  These include key management, escrow, and penetration of key provider  RSA issue a good example  It’s not just about accessing the data but also the ability to combine big data sets  WP is a good example
  • 10. Many controls will be traditional  Passport special control process was to cost Eu 10m  By taking two highly vetted people from a pool of 24 at random and using a four eyes process same/better protection was delivered at a fraction of cost  To break this have to corrupt all 24 people  Basic training and awareness more important than ever
  • 11. Traditional approach to risk management is still valid for the cloud but the threats and risks are different  Controls and mitigations are similar but applied differently  There is a good opportunity, the risks are greater if they are not well engineered but they can be !  Risk management must be done properly by specialists and asset owners together