Datos personales y riesgos digitales
-
Upload
juan-carrillo -
Category
Technology
-
view
245 -
download
0
description
Transcript of Datos personales y riesgos digitales
![Page 1: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/1.jpg)
Datos personales y riesgos digitales
![Page 2: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/2.jpg)
Casandra
![Page 3: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/3.jpg)
![Page 4: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/4.jpg)
![Page 5: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/5.jpg)
![Page 6: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/6.jpg)
![Page 7: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/7.jpg)
![Page 8: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/8.jpg)
![Page 9: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/9.jpg)
![Page 10: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/10.jpg)
![Page 11: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/11.jpg)
![Page 12: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/12.jpg)
![Page 13: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/13.jpg)
![Page 14: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/14.jpg)
![Page 15: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/15.jpg)
![Page 16: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/16.jpg)
![Page 17: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/17.jpg)
![Page 18: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/18.jpg)
Ambientes digitales
• Windows XP Service Pack 2 • 12 de agosto, 2004 • Por primera vez, Microsoft
habilito de forma predeterminada un firewall de software
• Cuando las características de seguridad se habilitaron, muchas aplicaciones dejaron de funcionar
![Page 19: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/19.jpg)
Confidencialidad Disponibilidad
Default Close Default Open
![Page 20: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/20.jpg)
1 de julio, 2003
Según la ley, las partes afectadas deben revelar cualquier violación de la seguridad de los datos personales a cualquier residente de California, cuya información personal no fue cifrada, y razonablemente se cree que ha sido adquirida por una persona no autorizada.
SB1386, California
![Page 21: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/21.jpg)
![Page 22: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/22.jpg)
![Page 23: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/23.jpg)
![Page 24: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/24.jpg)
Fugas de información recientes
40 millones de registros
Entre 45 y 94 millones
de registros
4.2 millones de
registros
100 millones de
datos de tarjetas
![Page 25: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/25.jpg)
![Page 26: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/26.jpg)
Las Tecnologías de seguridad de
información se triplican cada 6 años
![Page 27: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/27.jpg)
Usamos estrategias de ataque y
contra ataque, espionaje y
contra espionaje
![Page 28: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/28.jpg)
En 1990, las ventas
de la enciclopedia
Britannica logro el
record de ventas…
$650 millones de
dólares
Físico vs Digital
![Page 29: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/29.jpg)
Una Enciclopedia Britannica se
vendía desde $1,500 y hasta en $2,200 USD
Una enciclopedia en CD-ROM se
vendía desde $50 y hasta $70 USD
Físico vs Digital
![Page 30: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/30.jpg)
El cambio de paradigma
![Page 31: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/31.jpg)
Robo físico
![Page 32: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/32.jpg)
Robo digital
![Page 33: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/33.jpg)
¿Cuánto cuesta
el robo digital,
por año?
![Page 34: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/34.jpg)
34 Sm4rt Security
Services
CONFIDENCIAL
¿1 millón de dólares?
![Page 35: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/35.jpg)
¿1 billón de dólares?
![Page 36: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/36.jpg)
1 trillón de dólares
por año
![Page 37: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/37.jpg)
Robo digital
1trillón de dólares
por año en pérdidas,
con crecimiento del
300% anual
![Page 38: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/38.jpg)
![Page 39: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/39.jpg)
![Page 40: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/40.jpg)
![Page 41: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/41.jpg)
¿Por qué la seguridad de
los datos digitales
es una preocupación
creciente?
![Page 42: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/42.jpg)
El Riesgo de seguridad
ha incrementado por 4
aspectos
![Page 43: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/43.jpg)
1. Velocidad
![Page 44: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/44.jpg)
Antes tomaba días o semanas para compartir información
![Page 45: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/45.jpg)
¡Ahora es instantáneo!
![Page 46: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/46.jpg)
2. Dispersión
![Page 47: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/47.jpg)
Las mismas personas que mantenían tus secretos…
![Page 48: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/48.jpg)
… son ahora los principales difusores de tu información personal
![Page 49: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/49.jpg)
durante los segundos finales del superbowl, los fans enviaron
4,064 tweets por segundo
•EN 2010 EXISTIAN 50 millones DE T WEETS POR DÍA
•A INICIOS DE 2011,140 millones DE T WEETS POR DÍA
•HOY,350 millones DE T WEETS
POR DÍA
![Page 50: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/50.jpg)
3. Persistencia
![Page 51: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/51.jpg)
Solíamos controlar, restringir el acceso y destruir físicamente las copias de nuestros
datos personales
![Page 52: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/52.jpg)
52 Sm4rt Security
Services
CONFIDENCIAL
![Page 53: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/53.jpg)
4. Agrupación
![Page 54: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/54.jpg)
Nuestros
archivos solían ser
difíciles de acceder
![Page 55: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/55.jpg)
Ahora están todos agrupados y
disponibles en todo el
mundo
![Page 56: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/56.jpg)
Ahora, si eres visto en un estado inconveniente…
![Page 57: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/57.jpg)
…tu novia tendrá acceso a la información al momento…
![Page 58: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/58.jpg)
…así como sus amigas…
![Page 59: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/59.jpg)
…probablemente ¡para siempre!
![Page 60: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/60.jpg)
![Page 61: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/61.jpg)
![Page 62: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/62.jpg)
Necesitamos aceptar los riesgos
Los riesgos potenciales son
infinitos
![Page 63: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/63.jpg)
![Page 64: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/64.jpg)
Los ambientes son altamente dinámicos
![Page 65: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/65.jpg)
![Page 66: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/66.jpg)
Las Piezas cambian sin previo aviso
![Page 67: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/67.jpg)
Las reglas cambian constantemente
![Page 68: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/68.jpg)
Los jugadores cambian
![Page 69: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/69.jpg)
El Fin justifica los Medios
En la prevención del Riesgo Intencional
Nada menos
que asegurar
todos los vectores es suficiente
![Page 70: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/70.jpg)
Las Defensas deben ser Optimizadas
![Page 71: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/71.jpg)
Optimizar la velocidad
![Page 72: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/72.jpg)
Optimizar los Recursos
![Page 73: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/73.jpg)
![Page 74: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/74.jpg)
3 Tipos de Riesgo Digital
1. Accidental
2. Oportunistico
3. Intencional 3. Intencional
![Page 75: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/75.jpg)
![Page 76: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/76.jpg)
![Page 77: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/77.jpg)
1 1 p 1
1
momento
1 dispositivo
1
canal
Autenticada
c/x factores
Riesgo
Intencional
Riesgo
Accidental
Rela
ció
n / c
one
xió
n
∞
0
Redundancia
Disponibilidad
Filtrado
Confidencialidad
Integridad Amenaza
Externa
Impacto
Interno
Peor
Esfuerzo
Mejor
Esfuerzo
Riesgo
Oportunista
Suma de
Esfuerzos
![Page 78: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/78.jpg)
![Page 79: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/79.jpg)
![Page 80: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/80.jpg)
![Page 81: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/81.jpg)
![Page 82: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/82.jpg)
![Page 83: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/83.jpg)
![Page 84: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/84.jpg)
![Page 85: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/85.jpg)
![Page 86: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/86.jpg)
86
![Page 87: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/87.jpg)
![Page 88: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/88.jpg)
![Page 89: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/89.jpg)
![Page 90: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/90.jpg)
![Page 91: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/91.jpg)
![Page 92: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/92.jpg)
Necesitamos usar la analogía médica
![Page 93: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/93.jpg)
![Page 94: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/94.jpg)
![Page 95: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/95.jpg)
![Page 96: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/96.jpg)
![Page 97: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/97.jpg)
![Page 98: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/98.jpg)
![Page 99: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/99.jpg)
![Page 100: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/100.jpg)
![Page 101: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/101.jpg)
101
![Page 102: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/102.jpg)
![Page 103: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/103.jpg)
![Page 104: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/104.jpg)
1 1 p 1
1
momento
1 dispositivo
1
canal
Autenticada
c/x factores
Riesgo
Intencional
Riesgo
Accidental
Rela
ció
n / c
one
xió
n
∞
0
Redundancia
Disponibilidad
Filtrado
Confidencialidad
Integridad Amenaza
Externa
Impacto
Interno
Peor
Esfuerzo
Mejor
Esfuerzo
Riesgo
Oportunista
Suma de
Esfuerzos
![Page 105: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/105.jpg)
![Page 106: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/106.jpg)
Tres Vectores para gestionar Riesgo
Valor
para terceros
Anonimidad
de los terceros
Accesibilidad
para terceros
![Page 107: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/107.jpg)
![Page 108: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/108.jpg)
![Page 109: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/109.jpg)
![Page 110: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/110.jpg)
![Page 111: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/111.jpg)
Risk Analysis
![Page 112: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/112.jpg)
Weak password storage protocol
Absence of robust password policy
Absence of data entry validation for web applications
Existing applications with vulnerable remote support
Weak wireless ciphered communication protocol
Absence of operating system security configuration
Impact
Always
Possibl
e
Almost
never
Insignificant Medium Very high
Pro
ba
bili
ty
Main Risks
![Page 113: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/113.jpg)
Not Viable Nice To Have
Quick Hits Strategic
Effort
High
Moderate
Minimum
Minor Medium Major
Positiv
e Im
pact of
Imple
menta
tion
Strategic
Quick Hits
Security configuration guidelines for applications
Security configuration guidelines for operating systems
Migration of passwords storage protocols
Password Policy
Secure application development process
Migration of remote support protocol
Migration of wireless communication protocol
Action Plan
![Page 114: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/114.jpg)
Vulnerability patches and updates process
Security configuration guidelines for applications
Secure application development process
Security configuration guidelines for operating systems
Migration of password storage protocols
Migration of remote support protocols
Recommendations for Sustainability
Secure change process administration
Risk administration process
Policies and Configuration Guidelines
Superior Technologies
Password policy
Governance
Processes and Roles
User controls
Network controls
Application controls
Data level controls
Host controls
Migration of wireless communication protocols
Recommendations
![Page 115: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/115.jpg)
Q1
Security configuration guidelines for applications
Password policy
Security configuration guidelines for operating system
Migration to robust remote support protocols
Migration of password storage
Secure change process administration
Risk Administration Implementation
Vulnerability patches and updates process administration
Secure application development implementation
Q2 Q3 Q4 Q1 Q2 Q3 Q4
2012 2013
Migration of wireless communication protocol
Mitigation Roadmap
![Page 116: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/116.jpg)
Demystifying the
Privacy Implementation Process
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 117: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/117.jpg)
Business Process Analysis
• Identification of applicable Law
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
Issuers
•Legislators
•Regulators
•Organizations
Obligations
•Laws
•Norms
• Industry Standards
•Contracts
Auditors
•Authorities
•Organizations
![Page 118: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/118.jpg)
Business Process Analysis
• Stakeholder Information acquisition
– Types of data
– Internal and external data flows
– Purpose of treatment
– Information systems and security measures
– Retention policies
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 119: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/119.jpg)
Data Lifecycle Inventory
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
Data Reception
Purpose of Use
Information Systems and
Storage
3rd Parties Involved
Data Retention
Data Destruction
![Page 120: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/120.jpg)
Privacy Legal & Regulatory Requirements (PIA)
1. Legal & Regulatory
– Contracts
– Clauses
– Privacy notices
– Authorizations
– Jurisdictions
– Other regulations • Money laundering
• Sectorial
• Etc.
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 121: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/121.jpg)
Privacy Legal & Regulatory Requirements (PIA)
2. Technical
– Authentication & authorization
– Access control
– Incident log
– Removable media and document management
– Security copies
– Recovery tests
– Physical Access
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 122: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/122.jpg)
Privacy Legal & Regulatory Requirements (PIA) 3. Organizational
– Data privacy officer
– Roles and responsibilities
– Policies, procedures and standards
– Notifications to authorities
– Audits
– Compliance and evidence
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 123: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/123.jpg)
Legal & Regulatory Data Categories • High Risk
– Syndicate Affiliation – Health – Sexual life – Beliefs – Racial Origin
• Medium Risk – Financial Profile – Personal Fines – Credit Scoring – Tax Payment Information
• Basic Risk – Personal Identifying
Information – Employment
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 124: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/124.jpg)
External Economic Data Value (IVA)
• Black Market Value – Sale price
• News Value – Newspaper
– Magazines
– Television
• Competition – Market Value
– Brand Value
– Political Value
• Authorities – Fines
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 125: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/125.jpg)
Data Value Categories
Lvl Value Classification Example
4 > $10M Secret
CC Magnetic Strip,
PIN number, User &
Password
3 $100K -
$10M Confidential
Name, Address,
Credit History,
Account Statements
2 $1,000 -
$100K Private
Bank Account
Numbers,
Pre-published
Marketing Info
1 $0 - $1,000 Public
Published
Marketing
Information
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 126: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/126.jpg)
Asset Inventory
Asset
Legal &
Regulatory
level
Data
Value
level
Most
Sensitive
Data
Applicable
Policy
Applicable
Controls
DB1
L&R
Medium
Risk
Secret Application
Passwords
1. Secret
Data Policy
1. Oracle
Secret Data
Standard
App5
L&R
High
Risk
Confidential
Payment
Card
Number
1. L&R High
Risk Policy
1. J2EE High
Security
Standard
2. Application
Confidential
Data Mgmt
Standard
Srvr3
L&R
Medium
Risk
Private
Client
Account
Data
1. Private
Data Policy
2. L&R
Medium
Risk Policy
1. Solaris 10
Medium
Hardening
Standard
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 127: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/127.jpg)
Policy Generation
How should this data be: – generated? – stored? – transferred? – processed? – accessed? – backed-up? – destroyed? – monitored?
• How should we react and escalate an incident or breach?
• How will we punish compliance?
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
![Page 128: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/128.jpg)
Controls, Standards & Procedures
• Controls are defined and mapped for each policy level
– Technical Standards
– Procedures
– Compensatory Controls
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
DB2 HP/UX J2EE Oracle
High Risk
Med Risk
Low Risk
![Page 129: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/129.jpg)
Controls, Standards & Procedures
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
Norms Controls
![Page 130: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/130.jpg)
Implementation & Audit
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory
Best Practices
Controls
ASSETS NETWORKS COMUNIC.
Evidence
I.ACT D.SEG CONTRACT
Laws and Regulations
LOPD SOX LSSI
PROCESSES
APPLICATIONS
PEOPLE
![Page 131: Datos personales y riesgos digitales](https://reader033.fdocuments.es/reader033/viewer/2022052903/55762309d8b42a4e1c8b4e0b/html5/thumbnails/131.jpg)
Implementation & Audit
Data Value (IVA) Legal & Regulatory Requirements (PIA)
Data Categories Data Categories
Asset Inventory
Policy Generation
Controls, Standards, Procedures
Implementation & Audit
Business Process Analysis Data Lifecycle Inventory