Preconceptions of Risk

06.05.2015 12:00-13:00 Moderator:

Data and Identity Systems Risk in the Larger Distributed Risk Context

Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme. This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation.

In this presentation Thom will look at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:

1. The initial interpretation of risk and how it is often misunderstood.
2. The measurement of risk, and how some systems work and other don’t.
3. The effective treatment of risk, and how sometimes the obvious thing to do can be the wrong thing to do.

With the use of analogies and examples, the audience will appreciate that risk assessment, measurement and management is not always as straightforward as it might first seem. The audience will leave with a new appreciation of how risk can be leveraged for good, and not just perceived as bad.

Negotiating the Risk of Privacy - Understanding Privacy and its Risks

The growing of volume, velocity and variety of Big Data creates new business models for the exploitation of data, for example individual marketing synchronously created out of clickstream data and background knowledge. However, these opportunities arouse privacy concerns. Users lose control over their privacy, and services are uncertain how to keep the trust of their customers in their decent personal data handling.

In this presentation the risk of privacy in the modern communication technology, both Internet and mobile networks, is analyzed. It turns out, that users have to negotiate the risk of privacy between refraining from services, trusting services, using self-data-protection methods and trusting privacy enhancing technologies. Services, on the other hand, have to present themselves as trustworthy with respect of their competent and decent way to handle user data. This presentation identifies the privacy principles and related trust areas and protection means.

Topics of presentation

• The privacy challenge in the Internet and mobile networks
• Privacy principles
• Privacy invading and enhancing technologies
• esp. permission rights management with mobile apps
• Risk management
• Trust and control
• Trust factors in technical environments
• Trust factors in IT privacy
• Negotiating the risk between trust and control mechanisms
Privacy risk factors and related trust areas
• Weaknesses, measures, and remaining trust areas
• Role and perspectives of self and system data protection