Episode 4 – Privacy and security: a practical intersection
In this episode of the Privacy Matters podcast series, Nicole Stephensen speaks with Dr Keith Marlow. They canvas the importance of understanding the unique value of personal information as an information asset and the cooperative roles of a Chief Privacy Officer (CPO) and Chief Information Security Officer (CISO). In addition, Keith shares what prompted him to write his book, Personal Information Security & Systems Architecture: PII Techniques for Businesses.
More information on Keith’s book, Personal Information Security & Systems Architecture: PII Techniques for Businesses available via the IoTSI Bookstore.
Keith Marlow is a Sydney-based cyber security and enterprise cloud architecture expert with a particular interest in the protection of personal information as a unique kind of information asset.
In this episode of the Privacy Matters podcast series, I am joined by R Jason Cronk. Jason is a privacy expert, currently based in the Atlanta, Georgia area. In demand globally, Jason joined me for a chat (and even a sneaky bridge climb!) during his recent travels to the Australia and New Zealand regionJason is a member of the International Association of Privacy Professionals, which is the premier privacy industry body worldwide, and has recently published a book about engineering privacy (Strategic Privacy by Design).In this episode, we talk about:⦁ Some key messages when speaking with a city’s CISO (or Chief Technology Officer, Chief Digital Officer or other person tasked with securing data) about the risks involved with IoT deployment⦁ The privacy risk relating to IoT deployment that resonates most with Jason, and⦁ Jason’s new book, Strategic Privacy by Design, and how it is a relevant read for those developing or considering projects involving IoT tech. R Jason Cronk is a US-based privacy expert. He directs the Enterprivacy Consulting Group, a boutique privacy consulting firm, where his current focus is on helping companies overcome the socio-technical challenges of privacy through privacy engineering and Privacy by Design (PbD). He is a CIPP/US, a PbD ambassador, a licensed attorney in Florida, an author, blogger, speaker and passionate advocate for understanding privacy. His unique background includes a combination of entrepreneurial ventures, work in small and large businesses, strong information technology experience and legal training.
In this episode of the Privacy Matters podcast series, I am joined by Nicolas Cairns, Director of Aegis 9 Security Intelligence. He is a security risk and intelligence expert whose work takes him to some of the darker corners of where privacy and security professionals would generally operate.Based on the idea that the deploying IoT technologies for smart city and critical infrastructure initiatives requires a multidisciplinary approach, as well as a multifaceted risk management approach, we cover the following topics:⦁ Whether the characterisation of data (and particularly, personal information) in digital environments as “the new oil” is at odds with the public policy imperatives driving smart city initiatives⦁ The ‘black market’ for personal information⦁ Nic’s top 3 risks relating to personal information and the deployment of IoT technologiesIt will be great to check back with Nic in a few months, particularly in relation to the risks he identified, to see how these are playing out in smart city and critical infrastructure contexts.
Nicolas Cairns Director, Aegis 9 Security IntelligenceNic is a security risk and intelligence expert, with core elements of his work including Threat Intelligence, Cyber Intelligence, Human Intelligence, Signals Intelligence and Open Source Intelligence. His work additionally includes malware analysis, counter-terrorism, anti-drug trafficking and exploitation of people, systems and companies (for red-teaming and penetration testing).
In this episode of the Privacy Matters podcast series, I am joined by Tom Cornelius - a cybersecurity expert whose company, ComplianceForge, has been selected by CIO Review Magazine as one of the Top 20 Cybersecurity Compliance Providers for both 2017 and 2018.
In our conversation, Tom speaks about his progression from Commissioned Officer in the US Armed Forces to cyber consulting, and shares his insight about:
⦁ some of the key governance, risk and compliance issues associated with deploying IoT technologies in smart city environments, and
⦁ the misconception in the IoT deployment space that privacy and security are the same thing.
We also chat about the Secure Controls Framework (SCF), which is a practical cybersecurity and privacy resource developed by Tom in collaboration with a group of security and privacy volunteers. It’s good stuff!
Tom Cornelius is Senior Partner at ComplianceForge, an industry leading cybersecurity service provider. Tom is also the founder and lead contributor for the Secure Controls Framework (SCF).
Tom’s philosophy is that “technology without strategy is chaos”. With a proven record of building and leading successful technology teams, Tom delivers results. He offers hands-on leadership, technical skills, business acumen and a thorough understanding of cybersecurity operations, Governance-Risk-Compliance (GRC) and privacy.
Tom spent a decade in the US Army as a Commissioned Officer. While he was a rated aviator and flew Blackhawk helicopters around the world, he also served in numerous staff roles as an Information Systems Security Officer (ISSO). He left the military to focus on cybersecurity, and his extensive operational repertoire includes standing up Nike’s first 24x7 Security Operations Center (SOC). Specialising in GRC, Tom has held director-level roles within Fortune 500 companies, including Nike and Cognizant.
Bruce Sinclair interviews Bryan Kester, Steve Jennis, Brandon Harris and Justin Buchanan.
Download the first chapter of the best-selling book IoT Inc: https://www.iot-inc.com/chapter1
After going through each of the major consortia, we are heading back to tech, but not as deep a dive as usual. Having left the edge behind, we are now moving on to the network fabric that holds everything together. In this episode of the IoT Business Show, we talk about some of the most important issues surrounding IoT Platforms today.
In this episode of the Privacy Matters podcast series, Nicole Stephensen speaks with Sophie Bradshaw, Privacy Lawyer.
They cover the importance of maintaining the normative dialogue (community engagement and trust) when considering IoT technologies; the value of privacy impact assessments; and, the potential challenge of using traditional consent models in an IoT context.
Sophie Bradshaw is the founder and principal of Elgin Legal, a specialist privacy and technology law practice. Sophie has a passion for working with clients to navigate legal and regulatory issues and find commercially-driven solutions. She has over 15 years’ experience in Australia and overseas advising private and public sector across a broad range of industries. She is a committee member of the Queensland Law Society’s Technology and IP Policy Committee and a member of the International Association of Privacy Professionals.
Sophie Bradshaw
This email address is being protected from spambots. You need JavaScript enabled to view it.
document.getElementById('cloaka6b306ba9b9a627281adb3028bd110f9').innerHTML = '';
var prefix = 'ma' + 'il' + 'to';
var path = 'hr' + 'ef' + '=';
var addya6b306ba9b9a627281adb3028bd110f9 = 'sophie' + '@';
addya6b306ba9b9a627281adb3028bd110f9 = addya6b306ba9b9a627281adb3028bd110f9 + 'elginlegal' + '.' + 'com' + '.' + 'au';
var addy_texta6b306ba9b9a627281adb3028bd110f9 = 'sophie' + '@' + 'elginlegal' + '.' + 'com' + '.' + 'au';document.getElementById('cloaka6b306ba9b9a627281adb3028bd110f9').innerHTML += ''+addy_texta6b306ba9b9a627281adb3028bd110f9+'';
In our introductory podcast in the Privacy Matters series, we talked broadly about what privacy is… and set the stage for further discussion about the opportunities privacy best practice can present in an Internet of Things (IoT) eco-system. Privacy is about the protection of personal information in accordance with the law. It’s not surprising, then, that the term “personal information” has a specific meaning in privacy law. Although definitions do vary slightly across jurisdictions, the term is generally understood to mean information about an identified individual, information that identifies an individual or could reasonably lead to the identification of an individual. An individual is a person. And only a natural person (that is, someone who is alive) can have personal information.
It’s easy to assume that we are all on the same page about what privacy is. But, as information technologies, machine learning, social media, cloud services and the availability of data driven gadgetry increasingly bridge the privacy profession with cyber security, data analytics, risk management and others, it’s important to unpack the concept a little: