[Owasp-austin] Attend the January 29 OWASP Austin Chapter Meeting Remotely!

Josh Sokol josh.sokol at owasp.org
Fri Jan 25 21:41:11 UTC 2013


Looks like the link hotspot in my message didn't match the text.  URL to
register to join the Webinar is:
https://www3.gotomeeting.com/register/846849854


On Fri, Jan 25, 2013 at 3:22 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> *January  OWASP Austin Chapter Meeting*
>
>
> *When*: January 29th, 11:45am-1:00pm
>
> 11:45 AM - Chapter Announcements
> 12:00 PM - Presentation
>
> *Topic:* Data events, or why security is cloudier than you think
>
> Data security doesn't involve just securing data at rest or in transit. It
> also needs to be secured in use ­ which means that at any point, the
> characteristics of the data can change. We call this situation a "data
> event," and it can mean that security requirements have to change as a
> result.
>
> This is not the same thing as logging event data; this is taking into
> account changes in the combination, use or business context surrounding
> specific data. For example, a press release is confidential and requires a
> certain set of security policies in the areas of access control, DLP, key
> management (if encryption is involved), and so on. But once the business
> event occurs, the press release suddenly becomes the opposite of
> confidential, and all the policies have to change immediately as a result.
>
> Data events can also occur when data elements are combined in particular
> ways so that they become covered by regulations. A query might produce a
> small enough sample size that it needs to be treated as protected
> information, or a doctor becomes a patient so that her name is now
> protected by HIPAA. Data events are often tied closely to the business
> context, and as such can mirror transactions and workflows.
>
> Data events are important because traditional security policies have been
> applied to the current container of the data: this database is confidential
> because some rows are confidential, or this Word document requires access
> control (but its content can be copied and pasted somewhere else).
> Container-centric security is too static for today's high-speed, big-data,
> cloud-based (pick as many buzzwords as you like) processing.
>
> This talk will describe the concept of data events, and will invite
> audience discussion on how security controls can be adapted to them.
> *
> **Speakers: *Wendy Nather
>
> *Wendy Nather *is Research Director of the 451 Research Enterprise
> Security Practice. With over 20 years of IT experience, she built and
> managed the IT security program at the Texas Education Agency, where she
> directed multimillion-dollar initiatives for a statewide external user base
> of over 50,000. She also provided security guidance for the datacenter
> consolidation of 27 Texas state agencies.
>
> Wendy previously worked in various roles in the investment banking
> division of Swiss Bank Corp (now UBS). Based in Chicago, Zurich and London,
> she also served as the first IT Security Director for the EMEA region. She
> has spoken at various industry conferences in the US and abroad, and
> co-authored The Cloud Security Rules. She was also named one of Tripwire
> Inc.’s “Top 25 Influencers in Security.”
>
> Register to join the Webinar:
>
> https://www3.gotomeeting.com/register/846849854<https://www.gotomeeting.com/register/891195518>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-austin/attachments/20130125/8f47b268/attachment.html>


More information about the Owasp-austin mailing list