Information Security Forum to Present Webinar Focusing on Data Privacy in the Cloud

May 29, 2013 - PRLog -- The risks of using cloud services for private data are significant, but easily managed, this according to the Information Security Forum (https://www.securityforum.org/) (ISF), a global, independent information security body considered the world's leading authority on cyber security and information risk management. The organization has found that with cloud-based systems come inherent challenges and these are further complicated as data subject to privacy regulation inevitably moves into the cloud.

The ISF’s recent report, Data Privacy in the Cloud, provides an overview of privacy as a concept, and explains personally identifiable information (PII), along with the demands typically placed on organizations by privacy regulations. The report also further enhances the ISF Privacy Framework to address cloud-based privacy issues, enabling organizations to develop the privacy safeguards and good practice guidelines specific to their organization – and determine the actions required to achieve privacy compliance when using cloud-based systems.

Every cloud-based system is a combination of a particular cloud service deployed on a specific cloud type. Each cloud service (IaaS, PaaS or SaaS) has different inherent risks, as does each cloud type (private, community or public). Each cloud service and each cloud type provides a different level of control to the purchasing organization, which in turn creates a different degree of inherent risk. There is therefore a different degree of inherent risk in each of the nine categories of cloud-based systems.

During this webinar, Miles Clement, (http://www.linkedin.com/pub/miles-clement/25/2/26a) Principal Research Analyst with the ISF, will highlight how an organization should use the combination of cloud type and service as a basis for considering the information risk so it can be appropriately managed. There are many types of cloud-based services and options available to an organization and each combination of cloud type and service offers a different range of benefits and risks to the organization.

Clement will also address many of the issues that arise when information subject to privacy regulations moves into the cloud, including:

Cloud risk is seen to be complicated
BYOC (bring your own cloud) enables people to bypass organizational safeguards; and they are often unaware of the risks associated with putting PII in the cloud
Locations of information are unclear, potentially triggering additional regulatory requirements or causing a breach of compliance
PII can mix with other organizations’ information
PII can continue to be held by cloud providers after contract termination
Cloud providers can use PII for their own purposes
PII requirements are not always well defined in the contract
Standard uses and policies for cloud services are not always defined in the organization’s security architecture

Please register via this link (https://www2.gotomeeting.com/register/621148946) for the free webinar on Tuesday, June 11 at 8 a.m. (ET)/1 p.m. (BST).

About the Information Security Forum

Founded in 1989, the Information Security Forum (ISF) is an independent, not-for-profit association of leading organizations from around the world. It is dedicated to investigating, clarifying and resolving key issues in cyber, information security and risk management and developing best practice methodologies, processes and solutions that meet the business needs of its Members.

ISF Members benefit from harnessing and sharing in-depth knowledge and practical experience drawn from within their organizations and developed through an extensive research and work program. The ISF provides a confidential forum and framework, which ensures that Members adopt leading-edge information security strategies and solutions. And by working together, Members avoid the major expenditure required to reach the same goals on their own.

Further information about ISF research and membership is available from www.securityforum.org