当前位置:首页 > 报告详情

设计即安全对隐私从业者的实践意义.pdf

上传人: 明**** 编号:617704 2025-03-13 9页 927.61KB

1、What Does Security-by-Design Mean For Privacy Practitioners?April 4,2024 I.Welcome and Introductions II.Security-by-Design in the National Cybersecurity StrategyIII.CISAs Software Product Security PrinciplesIV.Security-by-Design in the Private SectorV.DiscussionVI.Questions and Answers VII.Closing R

2、emarksAGENDA OUTLINEDrew BagleyVice President&Counsel,Privacy and Cyber Policy,CrowdStrikeCamille Stewart Gloster,Deputy National Cyber Director for Technology&Ecosystem,ONCD,The White HouseEric Goldstein,Executive Assistant Director for Cybersecurity,CISAPaul RosenzweigFormer DAS,Policy,DHSPrincipa

3、l,Red Branch ConsultingWELCOME AND INTRODUCTIONSNation Cybersecurity StrategyPromotes 2 key shifts1.Shifting the burden of cybersecurity from the small players to the larger players who are better able to bear it.2.Realignment of incentives to promote long-term investment in security-security-by-des

4、ignAdditionally,the National Cyber Workforce&Education Strategy contributes to security-by-design by making cyber skills part of the toolkit for all professionals.Software Product Security Principles1.Take Ownership of Customer Security Outcomes2.Embrace Radical Transparency and Accountability3.Lead

5、 from the TopCritical SbD Questions Private Sector PerspectiveHow is Security by Design defined in law,regulation,and practice?You cant manage what you cant defineHow is Security by Design to be measured?You cant manage what you cant countWho will set the standards for Security by Design?Voluntary o

6、r mandatory;private sector or public;national or international?How will standards compliance be enforced?Voluntary?Regulatory?Private liability?Insurance?RESOURCE LISTSecurity by Design Research Project:https:/www.lawfaremedia.org/current-p

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要讨论了“安全设计”对隐私从业者的意义。首先,介绍了国家网络安全战略中的两个关键转变:一是将网络安全负担从小型企业转移到更有能力承担的大型企业;二是通过调整激励措施,促进对安全领域的长期投资。此外,国家网络安全人才和教育战略通过将网络安全技能纳入所有专业人员的工具箱,也有助于实现安全设计。 CISA提出的软件产品安全原则包括:一是对客户安全结果承担所有权;二是拥抱极端透明度和责任感;三是自上而下地领导。 从私营部门的角度来看,关键的安全设计问题包括:安全设计在法律、法规和实践中是如何定义的;如何衡量安全设计;谁将设定安全设计标准;以及如何执行标准合规性。 最后,提供了一些关于安全设计的资源,如安全设计研究项目、CISA的“安全设计”页面以及CrowdStrike 2024年全球威胁报告。文章还鼓励读者通过填写演讲评估表来提供反馈,以改进未来的会议。
如何实现隐私保护?" 如何推动安全设计?" 如何确保客户安全?"
客服
商务合作
小程序
服务号
折叠