Data Security for Project Managers
0 likes•391 views
The document outlines key insights from a presentation at the 58th annual American Translators Association conference on data breaches and management systems. It emphasizes the importance of encryption methods, both symmetric and asymmetric, and the significance of proper vetting and security measures for data management. Additionally, it addresses preventative strategies against breaches and the criticality of a robust response plan.
Data Security for Project Managers
- 1. Alaina Brantner @afterwords_t9n 58th Annual Conference American Translators Association Saturday, October 28th 3:30 PM EST Joseph Wojowski @ferluc666
- 2. information is beautiful - World's Biggest Data Breaches
- 3. Overview • Identifying the issues • Qualifying Data Management and Storage Systems • Qualifying Providers • Preventing breaches
- 4. Identifying the issues • Wording and Marketing • Data collection (cookies) • Third-party add-ons • Mishandling content • Hardware • Passwords
- 5. Top 500 Passwords: Is yours here?
- 6. A Proactive Approach to Qualifying Data Management and Storage Systems • When qualifying CMSs, you want to look for: • ISO 27001 Certification for Information Security Management • Encryption
- 7. History of Encryption • DES key algorithm 56-bit: 256 possible combinations to decrypt data • AES key encryption • AES 128-bit: 2128 • AES 256-bit: 2256
- 8. Why does this matter? • DES 56-bit Encryption • Using Base 10: ≈1,000,000,000,000,000 • Hypothetical computer checking 1,000,000,000 keys/sec = • 1,000,000,000,000,000 seconds to find the key • 1,000,000,000,000,000 divide out seconds/hour • 1,000,000,000,000,000 divide out hours/day • ≈10 days to recover the key • In real life it could take anywhere from 6 days to a number of hours
- 9. Why does this matter? • AES 128-bit • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 • 1,000,000,000,000,000,000,000,000,000, 000,000,000,000 • (quadrillion keys/sec = 1 million times faster than they are today) • 1,000,000,000,000,000,000,000,000,000, 000,000,000,000 hours • 1,000,000,000,000,000,000,000,000,000, 000,000,000,000 years • Time to crack key: 1,000,000,000,000,000,000 • Estimated age of Universe: 13,700,000,000 years
- 10. Why does this matter? • Quantum Computing • Search time taken by square root ≈ million x faster • AES 256-bit: 2256 • 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,0 00,000,000,000,000,000,000,000,000 • Quantum computation – search taken by square root ≈ million x faster • AES 128 • 1,000,000,000,000,000,000,000,000,000,000,000,000,000 • AES 256 • 1,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,0 00,000,000,000,000,000,000,000,000
- 11. Basic Cryptography • Symmetric Key • Same key used to encrypt and decrypt data • Faster than public key encryption • Needs to be stored securely • Secure channel required to transfer key – telephone
- 12. Basic Cryptography • Key Encryption • Uses two keys – a public key and a private key • Private key does not need to be transferred • Slower than symmetric key
- 13. Public and Private Keys
- 14. Qualifying Providers • Initial Screening • Non-disclosure and confidentiality agreements • Documentation • Quality assurance systems Data Security Where do you primarily work? (i.e. dedicated office, public space) Do you intend to handle our content over public wifi networks? What email domain do you share content through? How do you store your content? • On the cloud? If so, what service? • Privately hosted server How do you transfer content to any partners? Do you use public machine translation in your work? Have you customized the settings on your router? Do you allow home sharing on your network?
- 15. Preventing and responding to breaches • Properly vet internal employees and external partners • Deliberately store and transfer content • Strong passwords • Authentication and two-step verification • Encryption • Management plan for responding to breaches • Assessing damages • Corrective action • Documentation • Audits and process improvements
- 16. Questions?
- 17. Further Reading Wojowski, Joseph. “Data Storage and Security.” 3 Apr. 2015 josephwojowski.wordpress.com Ibid. “Machine Translation Technology and Internet Security.” 3 Apr. 2015 Ibid. “Passwords, Data encryption, and the underutilized file format.” 18 Jan. 2016 Ibid. “The Personal Cloud: your own asteroid in cyberspace.” 30 Jul. 2015 Ibid. “Translation and the Sharing Economy: what’s yours is mine.” 9 Feb. 2016