tag:blogger.com,1999:blog-2864194660815329192024-02-18T19:11:24.445-08:00Breaking through the firewall between Security and PrivacyDealing with Privacy, Security and IT. And trying to build bridges between these domains.Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-286419466081532919.post-28260770297405332212014-04-07T09:34:00.001-07:002014-04-07T09:34:10.461-07:00 Canadian Anti-Spam legislation (Including software instalation) (Part II)<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<br />
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
--></style><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNaN9VB68SzNbp8NrM5KV2Z5i4fMkRrb1YdggTYWCEJFYWQTFu-2fsG7EBXDksni5yIq-zYaqRPf7VjJI__8hOK9tide6sikddM80_SNfcti-pq-YeS8aNpoce5__k2GzWVGM4CQ5OJJA/s1600/images.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjNaN9VB68SzNbp8NrM5KV2Z5i4fMkRrb1YdggTYWCEJFYWQTFu-2fsG7EBXDksni5yIq-zYaqRPf7VjJI__8hOK9tide6sikddM80_SNfcti-pq-YeS8aNpoce5__k2GzWVGM4CQ5OJJA/s1600/images.jpg" /></a></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">This blog is a continuation of a previous post
concerning the new Canadian Anti-Spam Legislation (CASL). Part I can be found
<a href="http://robertdataprivacytesting.blogspot.ca/2014/03/anti-spam-software-instalation.html" target="_blank">here</a>.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">This part will deal with how to prepare for this new legislation.
</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">First of all, the question comes to mind on what
should we do to prepare for this law. One must first understand that this law
deals with ALL commercial electronic communication from companies,
organizations, non-profits, individuals etc, that send out email and install
software programs. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">Lets take an example or three.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">Your company has a booth at a trade show. You have a
fish bowl at your booth for a prize draw. After the show, you take all the
names of those people who entered the draw and add them to a mailing list. Then
as you prospect these potential clients you send out an email soliciting for
their business. Unless they have specifically 'signed' permission to allow you
to do this (OPT-IN), your company can be found in contradiction of the law and
be fined up to $5 million dollars.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">Another example:</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">You have a web site where potential customers can
download marketing material on the goods or services you provide. However, you
require these web surfers to register before that material would be made
available for download. At the bottom of the webpage you have a check box
(which is already pre-checked for the user) allowing the company in question to
email further updates. This case could be interpreted as being an OPT-OUT
option because the check box is already prefilled. This would satisfy the
CAN-SPAM Act (US) but would not be deemed complaint with the new Canadian
law that requires an explicit OPT-IN option. And once again the company could
be liable for millions of dollars in fines.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">And one final example:</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">You bought a software application to be installed on your
Smart Phone (or PC or IPAD or Mac or Tablet). When you start installing the
package, there is no explicit consent to allow for the installation, therefore the
software company would be liable. Also note that an End User License (EUL)
acceptance may not be enough to satisfy the requirements.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">Find below a few suggestions that, I believe, would
help to start planning for compliance.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">1) Take an inventory of all commercial messages that
your organization is currently, or planning on sending out. This includes text
messaging, Facebook campaigns, emails etc.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">2) Discuss and create policies and guidelines that
define what a Commercial Electronic Message (CEM) (as per CASL) is within your
organization. If there are any exceptions that are applicable these should also
be noted within the new policy.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">3) Create an all-encompassing list of computer
programs that your company directly, or indirectly installs on any electronic
device.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">4) If applicable, create a list of all computer
products (and services) that your organization is involved with. This includes
not only the initial software installation but any updates/upgrades that are
part of your business process.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">5) Discuss and create policies and guidelines that
determine when your organization needs to obtain consent for installation of
some software. Also note, while there are some exceptions (which should also be
documented), all the information will need to be retained for review at a later
date.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">6) Review current consent that has been collected and
see if it complies with the new legislation. If not, a process may need to be
created to obtain consent using the new polices. This is further complicated
because of the three year transition period mentioned within the law.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">7) Document, create, clarify, create a process where
the end user can agree to enter into a commercial arrangement, yet withhold
consent to CEM.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">8) Retain documentation/proof that a written consent was
obtained. This includes date, time and manner of consent. Further consideration
may also be needed if your organization allows for verbal consent rather than
written. Given the strong penalties that can be doled out, every type of
consent must be tracked.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">9) Update the avenues of interaction between the
organization and the end user to reflect the new polices (see above). This includes
templates that are used to send out CEM, websites, social media etc. Also be
aware that mandatory identity and contact information must be included in any
future CEM.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">10) Create a process so that the end user can rescind
any previous consent. Remember that the withdrawal of consent must then also be
forwarded to any third parties and associated companies, if applicable.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">Consider the above as only a guideline on how to
proceed. Again, I emphasize that this is not legal advice nor is it intended to be
all encompassing. Every situation is different.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times;">If you have any questions, concerns feel free in contacting me.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal">
<br /></div>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-60121978051358930442014-03-31T05:46:00.002-07:002014-04-02T19:30:20.631-07:00Canadian Anti-Spam legislation (Including software instalation) A world wide concern (Part I)<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-bidi-font-family:"Times New Roman";}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<br />
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
</div>
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD5Gs2manj2ZSkJm3n2yrQiAdLpRw0yJ30G11kqo05_gwEaXaFPITXyDGdc1Eis3_p_wl-Xyzu8Zuvq5AEqhJvlQmDHfiZ7JeHFPvP8iZ-nvOLFZgdEFroRauJQ4ckbgsrkHp0-L4BEQ8/s1600/no-spam.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjD5Gs2manj2ZSkJm3n2yrQiAdLpRw0yJ30G11kqo05_gwEaXaFPITXyDGdc1Eis3_p_wl-Xyzu8Zuvq5AEqhJvlQmDHfiZ7JeHFPvP8iZ-nvOLFZgdEFroRauJQ4ckbgsrkHp0-L4BEQ8/s1600/no-spam.jpg" height="195" width="200" /></a><span style="font-size: small;"><span style="font-family: Times;"> </span></span><br />
<br />
<br />
<h2>
<span style="font-family: "Trebuchet MS",sans-serif;"><span style="font-size: x-large;"> <i>& Software Installation</i></span></span></h2>
<br />
<br />
<br />
<span style="font-size: small;"><span style="font-family: Times;"> <span style="font-size: large;">On July 1 2014 the new Canadian
Anti-Spam legislation (CASL) will begin to be enforced(first of three phases). Why should I care if I live
outside Canada, or what does it mean if I am a Canadian Business, or should I
care if I am a SMB, as this is only for spammers/the 'bad' guys?</span></span></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">Well you will be very surprised at
the answers to these questions. So let’s get started.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">One of the first things that most
experts agree with is that the 'new' Canadian legislation/regulations is one of the
strongest invoked anywhere in the world that is concerning commercial
messaging.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">But I am getting ahead of
myself. In the 1st part what is exactly CASL? In the best non-legal
verbiage, CASL establishes the rules concerning commercial electronic
messages (CEM). <b>ALL</b><b style="font-style: italic; text-decoration: underline;"> </b>CEM, with exceptions (see below for some examples), must have explicit consent (OPT-IN) before the CEM is sent. It also<b> </b>deals with installation of software programs just to
make things more interesting. (This last part is something that should
worry software development companies. In fact I would hazard a guess that
most software developers are not aware of this implication (more on this
later)).</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">Now let’s try to address some of the
not so obvious parts of this quagmire.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">1) 'Well, this legislation deals with spamming, which we
don't do' !!</span></b></span></div>
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">Very wrong. It covers everyone,
individuals, corporations, unincorporated businesses not-for profit
organizations, and everyone else who sends messages for commercial purposes.
And CEM is not only email, but Instant Messages, Facebook, Instagram, Twitter,
SMS to name just a few. OH, by the way, it could also apply to telephone calls.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">2) I am not located in Canada,why should I care?</span></b></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">The answer may
surprise you. As long as either the sender or the <b>RECEIVER</b> of any CEM, 'lands' on a computer </span><span style="font-family: Times; font-size: large;"><span style="font-family: Times;">that is located in
Canada, </span> is covered under the
act. In the atmosphere of globalization, extraterritorial laws are becoming
more and more prevalent. Examples abound in today's society. Just look at the
EU Data Protection Directive. It has been argued as long as the information
(PII) concerns a citizen of an EU country, the EU privacy legislation will
apply, even though the company in question has no presence within the Europe
Union. In fact the new regulation, EU's General Data Protection Regulation, that has
been proposed and awaiting passing, explicitly mentions this. But I transgress.
So being located outside Canada does not exempt you from the regulations.</span></div>
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">3) Let’s dispel another issue. </span></b></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">The US anti-spam legislation
(CAN-SPAM ACT) replies on an OPT-OUT consent (it is assumed you want commercial
email unless you say otherwise), CASL requires an OPT-IN consent. In fact, not
only that, but sender information, consent requirements and contact info must
also be listed as part of the notice/consent request. So even though your commercial email is designed to comply with
the US rules, it will not be compliant with the Canadian regulations.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">4) Provisions concerning installation of software programs
in Canada. </span></b></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">The legislation also covers consent
concerning software programs that are installed in Canada, whether the person
installing the program is located in Canada or Not (remote control of sites as
an example). Even more about this later.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">5) There are exceptions to the OPT-IN consent
requirements. </span></b></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">They are some exceptions for example, if the CEM concerns a
requested quote or estimate for a service or product, help/confirm/complete a
commercial transaction or provide warranty information. But be forewarned, the law
does not have a very extensive exception list. There are some rules
concerning implied consent as well. They include: if there is a business relationship
within a period of time, if there is a written contract and is only valid for a couple of years
following termination of the contract or if there has been an inquiry made by the
recipient in the prior six months.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">6) So can a check box fulfill the requirements of the
legislation?</span></b></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">This actual gets a little sticky.
There is no mention within either the legislation, or the regulations that were
published in Dec 2013, that a check box OPT-IN would suffice. HOWEVER in a
non-binding enforcement guideline, issued by the CRTC (Canadian
Radio-Television Telecommunication Commission), it was suggested that a check
box is not enough to comply with the requirement.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">7) Additional Computer 'stuff'. </span></b></span></div>
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">Previously I mentioned needing
consent to install software on to a computer. The definition of a computer is
more all encompassing that you may think. It includes smart phones, tablets, or
in fact any computer based device. Now there are some exceptions to this.
Certain classes of programs are exempt. The list includes cookies, operating
systems, java scripts, sub-routines, HTML code, etc. Also I would be remiss if
I did not mention that installation of programs like anti-virus software can also be an exception to
the regulation requirments, but only if it was done by, or for, a telecommunication
service provider[1]. Also, a one shot program to fix an issue may be an
exemption.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><b><span style="font-family: Times;">8) EUL (End user License).</span></b></span></div>
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">There is nothing about EUL within
either the legislation or regulation concerning CASL However, the CRTC issued
an non binding guideline, that accepting a EUR is in itself can not to be
considered explicit consent. Rather a separate agreement dealing with
consent needs to be created for review and acceptance by the end user. In that way the consumer can refuse or give informed consent.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">In my next blog, I will be dealing with
additional items to consider and what should companies do to prepare for CASL.</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;"><br /></span></div>
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;">In the mean time, if there are issues
(non legal advice) you may want me to address, questions you may have feel free
in contacting me</span></div>
<br />
<div class="MsoNormal">
<span style="font-size: large;">I also invite you to review my other blog posts concerning Data, Security and Privacy.</span></div>
<br />
<br />
<div class="MsoNormal">
<span style="font-family: Times; font-size: large;"><b>Please note, do not consider this legal advice,</b> nor does it address individual
circumstances. These blog entries are solely for the purpose to address
generalized questions concerning the subject. I <b>STRONGLY</b> suggest that you do
your due diligence concerning this matter.</span></div>
<br />
<div class="MsoNormal">
<br /></div>
<span style="font-size: small;">
</span><br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">[1] A service, or a feature of a
service, that is provided by means of telecommunications facilities, whether
the telecommunications service provider owns, leases or has any other interest
or right respecting the telecommunications facilities and any related equipment
used to provide the service.</span></div>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-80703359973632963082013-11-26T19:37:00.004-08:002013-11-27T10:09:15.432-08:00Small/Medium Business and Security/Privacy exploration <style>@font-face {
font-family: "MS 明朝";
}@font-face {
font-family: "MS 明朝";
}p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }span.MsoFootnoteReference { vertical-align: super; }a:link, span.MsoHyperlink { color: blue; text-decoration: underline; }a:visited, span.MsoHyperlinkFollowed { color: purple; text-decoration: underline; }span.FootnoteTextChar { }span.prnewsspan { }.MsoChpDefault { font-size: 10pt; }div.WordSection1 { page: WordSection1; }</style>
<br />
<style>@font-face {
font-family: "MS 明朝";
}@font-face {
font-family: "MS 明朝";
}p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }span.MsoFootnoteReference { vertical-align: super; }a:link, span.MsoHyperlink { color: blue; text-decoration: underline; }a:visited, span.MsoHyperlinkFollowed { color: purple; text-decoration: underline; }p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }span.FootnoteTextChar { }span.prnewsspan { }.MsoChpDefault { font-size: 10pt; }div.WordSection1 { page: WordSection1; }ol { margin-bottom: 0in; }ul { margin-bottom: 0in; }</style>
<br />
<style>@font-face {
font-family: "MS 明朝";
}@font-face {
font-family: "MS 明朝";
}p.MsoNormal, li.MsoNormal, div.MsoNormal { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }p.MsoFootnoteText, li.MsoFootnoteText, div.MsoFootnoteText { margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: "Times New Roman"; }span.MsoFootnoteReference { vertical-align: super; }a:link, span.MsoHyperlink { color: blue; text-decoration: underline; }a:visited, span.MsoHyperlinkFollowed { color: purple; text-decoration: underline; }p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast { margin: 0in 0in 0.0001pt 0.5in; font-size: 12pt; font-family: "Times New Roman"; }span.FootnoteTextChar { }span.prnewsspan { }.MsoChpDefault { font-size: 10pt; }div.WordSection1 { page: WordSection1; }ol { margin-bottom: 0in; }ul { margin-bottom: 0in; }</style>
<br />
<div class="MsoNormal">
<div class="MsoNormal">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGAW5RE3ilNIOOfrARtf7ifd23wBaVlRQhP9DLPkFqQwsvfb-JNumqfylQ5EkhyEKfjnBLI4i4ywgg9mBANqFmR0BfXuveHAoEDdUk6RZikJnK8M0huaH1mRLeELNotxUFGOQIljJOalM/s1600/Unknown.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGAW5RE3ilNIOOfrARtf7ifd23wBaVlRQhP9DLPkFqQwsvfb-JNumqfylQ5EkhyEKfjnBLI4i4ywgg9mBANqFmR0BfXuveHAoEDdUk6RZikJnK8M0huaH1mRLeELNotxUFGOQIljJOalM/s1600/Unknown.jpg" /></a><br />
<br />
<br />
<br />
<br />
<br />
In this blog entry I want to explore the effects and the
threats surrounding the small business realm and how it is effected by concerns
of security and of course indirectly privacy.<br />
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
But first some numbers. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
1) Targeted attacks destined for Small <span style="mso-spacerun: yes;"> </span>Business (1 to 250 (employees) accounted for
31 percent of all attacks, compared with 18 percent in 2011, an increase of 13
percent <a href="http://www.blogger.com/blogger.g?blogID=286419466081532919#_ftn1" name="_ftnref1" style="mso-footnote-id: ftn1;" title=""><span class="MsoFootnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "MS 明朝"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast;">[1]</span></span><!--[endif]--></span></span></a><o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-fareast-font-family: "Times New Roman";">2)
According to the National Federation of Independent Businesses, as many as
30% of an average company's employees do steal, and another 60% will steal if
given a motive and opportunity.<a href="http://www.blogger.com/blogger.g?blogID=286419466081532919#_ftn2" name="_ftnref2" style="mso-footnote-id: ftn2;" title=""><span class="MsoFootnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">[2]</span></span><!--[endif]--></span></span></a><o:p></o:p></span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-fareast-font-family: "Times New Roman";">3)
Almost three-quarters (72%) of data breaches investigated by Verizon
Communications’ forensic analysis unit were focused on companies with less than
100 employees.<a href="http://www.blogger.com/blogger.g?blogID=286419466081532919#_ftn3" name="_ftnref3" style="mso-footnote-id: ftn3;" title=""><span class="MsoFootnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "Times New Roman"; mso-fareast-language: EN-US;">[3]</span></span><!--[endif]--></span></span></a></span><o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
And the list goes on. But I hope you get the idea. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
In fact, depending on the source of data, there is no
difference between the security issues of large organizations and small &
medium business (SMB) (under 1000 employees).<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Both types of businesses rely on computerize ‘everything’,
to support their ongoing commercial and not for profit endeavors, never mind
using social media for commercial marketing etc.. Both (large and SMB), for the
most part, have web sites, use email, store information within databases
containing commercial/proprietary information, financial positions (bookkeeping)
etc. The employees also have access to various types of data (including those
mentioned above), and can carry around that information on smartphones (bring
your own device (BYOD)), etc. <span style="mso-spacerun: yes;"> </span>Yet,
except for some superficial attempt to secure the endeavor’s information, most
SMB are vulnerable to threats like those that are mentioned above. The reason
is because not enough is done to protect that sensitive information.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Let’s just investigate some best practices for organizations
today.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
All organizations, whether big or small, should have a
Disaster Recovery (DR)/Business Continuity Plan (BCP) to enable them to still
function and continue to be in business if an issue presents itself. How many
small businesses do have a fully tested, functional BCP? Yet a disaster does
not care if the company in question has 100 employees or 5,000. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
All organizations should have and enforce internet/email
usage policies. This should reduce any blatant misuse and potentially harmful
activities of employees (or at least enable employers to take action if need
be).<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
And the list of items that need addressing goes on and on.
Many large organizations have specialist(s) whose entire responsibilities are
just to ensure the day-to-day operation of the business. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
While all organizations have to address critical issues, SMB
have a number of strong disadvantages. The obvious one that comes to mind is
their lack of resources. Namely most small business cannot afford a full time
security/privacy professional. If money is not the issue (ever heard of a
company where it wasn’t?) then a lack of expertise would be another major
factor (and handicap). It takes time and experience to protect and recover from
security concerns. And the basic human thought, ‘it will never happen to us, is
something all personnel have to deal with.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
So let’s take look at an realistic example of what can<span style="mso-spacerun: yes;"> </span>happen to a $5,000,000 dollar a year SMB business.
<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">11)<span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->They
have a major system failure and their systems were completely down for 4 days,
and only partially in order for another six days. Total loss approx. $175,000 <o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<!--[if !supportLists]--><span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">22) </span></span>Cost
to hire professionals to bring their system back on line $12,000 <o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l1 level1 lfo1; text-indent: -.25in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;"><span style="font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">33)</span><span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->Lost
of a number important documents (payroll information, orders, A/R etc) that
would be difficult to recreate. Cost unknown.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Total cost $187,000 +<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now lets take a look on the cost of setting up a relatively
simple BCP/DR Etc<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo2; text-indent: -.25in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;"><span style="font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">11)</span><span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->Set
up a working and tested DR/backup plan as part of a BCP $10,000<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo2; text-indent: -.25in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;"><span style="font-style: normal; font-variant: normal; font-weight: normal; line-height: normal;">22) </span><span style="font: 7.0pt "Times New Roman";"> </span></span></span><!--[endif]-->Set
up a commercial firewall, configured to help enforce the companies policies $10,000<o:p></o:p></div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo2; text-indent: -.25in;">
33) Set
up endpoint security (Anti-malware, Data Loss Prevention etc.) $5,000<o:p></o:p></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo2; text-indent: -.25in;">
44) Administration,
training $5,000<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Total cost $30,000<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
For a savings of <span style="mso-spacerun: yes;"> </span>about $157,000 and with a big reduction of
risk to the organization it then becomes obvious which of the two is the better
option.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
You can see by the numbers, the company in question would
agree, it was a costly oversight not to do the due diligence, to say the least.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
So we have all these organizations that are liable to have
security/compliance/privacy etc issues, yet money is a huge concern. So what
can be done? <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
There are a number of independent consultants whose
specialty is to work with SMB. These consultants can plan and implement the
best practices that are needed for an organization. They bring expertise,
certifications, etc. that a small organization could ill afford to develop
in-house due to the costs involved. For most SMB, once a comprehensive plan is developed
and deployed, only a small additional cost would be needed moving forward to
make sure everything is tested/working (maintenance/review changes etc) on an
ongoing bases .<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
However, I would be remiss if I did not highlight the
importance of finding a competent resource. There are a lot of consultants that
have hung their shingle out to find business. So due diligence is in order. Ask
for references, preferably with companies of a similar nature. Ask for any
professional certifications that are concerned with this domain/realm. Ask for
an estimate for the work needed. Get a Statement of Work (SOW) which should
also include an established procedure for cost escalation and/or additional
work requests. In other words try to make sure you are getting value for your
money. <o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
At then end it comes down to that, in our electronic world
we work/live in, cutting corners will end up biting you on your bottom line.
Ignoring the issues does not make it go away. But there is a reasonable way of
mitigating those very real risks.<o:p></o:p></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As the saying goes, ‘an ounce of prevention is worth a pound
of cure’, and the sooner the better.<o:p></o:p></div>
<span style="mso-fareast-font-family: "Times New Roman"; mso-no-proof: yes;"></span>
<!--[if gte mso 9]><xml>
<o:DocumentProperties>
<o:Revision>0</o:Revision>
<o:TotalTime>0</o:TotalTime>
<o:Pages>1</o:Pages>
<o:Words>889</o:Words>
<o:Characters>5070</o:Characters>
<o:Company>gan</o:Company>
<o:Lines>42</o:Lines>
<o:Paragraphs>11</o:Paragraphs>
<o:CharactersWithSpaces>5948</o:CharactersWithSpaces>
<o:Version>14.0</o:Version>
</o:DocumentProperties>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]-->
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>JA</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
<w:UseFELayout/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="276">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]-->
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-language:JA;}
</style>
<![endif]-->
<!--StartFragment-->
<!--EndFragment--><br />
<div style="mso-element: footnote-list;">
<!--[if !supportFootnotes]--><br clear="all" />
<hr align="left" size="1" width="33%" />
<!--[endif]-->
<br />
<div id="ftn1" style="mso-element: footnote;">
<div class="MsoFootnoteText">
<a href="http://www.blogger.com/blogger.g?blogID=286419466081532919#_ftnref1" name="_ftn1" style="mso-footnote-id: ftn1;" title=""><span class="MsoFootnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "MS 明朝"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast;">[1]</span></span><!--[endif]--></span></span></a>
http://www.symantec.com/about/news/release/article.jsp?prid=20130415_01<o:p></o:p></div>
</div>
<div id="ftn2" style="mso-element: footnote;">
<div class="MsoFootnoteText">
<a href="http://www.blogger.com/blogger.g?blogID=286419466081532919#_ftnref2" name="_ftn2" style="mso-footnote-id: ftn2;" title=""><span class="MsoFootnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "MS 明朝"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast;">[2]</span></span><!--[endif]--></span></span></a>
<span class="prnewsspan"><span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-field-code: " HYPERLINK \0022http\:\/\/www\.nfib\.com\/business-resources\/business-resources-item?cmsid=29624\0022 \\t \0022_blank\0022 ";"><span class="MsoHyperlink">www.nfib.com/business-resources/business-resources-item?cmsid=29624</span></span></span></span><o:p></o:p></div>
</div>
<div id="ftn3" style="mso-element: footnote;">
<div class="MsoFootnoteText">
<a href="http://www.blogger.com/blogger.g?blogID=286419466081532919#_ftnref3" name="_ftn3" style="mso-footnote-id: ftn3;" title=""><span class="MsoFootnoteReference"><span style="mso-special-character: footnote;"><!--[if !supportFootnotes]--><span class="MsoFootnoteReference"><span style="font-family: "Times New Roman"; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-language: AR-SA; mso-fareast-font-family: "MS 明朝"; mso-fareast-language: EN-US; mso-fareast-theme-font: minor-fareast;">[3]</span></span><!--[endif]--></span></span></a>
http://www.verizonenterprise.com/DBIR/2013/<br />
<o:p></o:p></div>
</div>
</div>
</div>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-16073949416072362982013-10-14T11:05:00.001-07:002013-10-16T07:14:02.414-07:00Robert's Law of security and technology progress<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1791491579 18 0 131231 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
a:link, span.MsoHyperlink
{mso-style-noshow:yes;
mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p
{mso-style-noshow:yes;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:Times;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-bidi-font-family:"Times New Roman";}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<br />
<h2>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHbDinYrw50zOia28_bHOK5f0D2HI8Oi66hiddHRtRYlA0lzi8cdKJZ3kiud5RedzMeHvfN0lG1PIc7jANtWQz0xZQ54NTv7ToeCS_0bfrMWNJ81ekk2KrUcQwvMIbkfy8uyr8T4PVDOU/s1600/security-breach.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="213" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHbDinYrw50zOia28_bHOK5f0D2HI8Oi66hiddHRtRYlA0lzi8cdKJZ3kiud5RedzMeHvfN0lG1PIc7jANtWQz0xZQ54NTv7ToeCS_0bfrMWNJ81ekk2KrUcQwvMIbkfy8uyr8T4PVDOU/s320/security-breach.jpg" width="320" /></a> <b>Robert's law of privacy & security.</b></h2>
<h3>
<span style="font-weight: normal;">"The number of advances in capabilities within the online world is proportional
to the number of issues with privacy and security."</span></h3>
<span style="font-weight: normal;">A strong statement, some would gather, and something that would seem
counterintuative. Would not technology improve security, or as some would say
build a better mouse trap?</span><br />
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">Let’s delve into this a little further. </span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">We now have a number of cloud computing capabilities that improve the
ability to share resources, DropBox, Google Drive, Dump Truck to name but
three. These types of software/hardware allows us to share files among our
peers within the 'Cloud', thus allowing a more seamless experience when trying
to share presentations, school projects etc. Yet this year alone Drop Box (and
I only use this as an example as some other cloud suppliers have had security
concerns expressed about them as well) had a security issue. In a <a href="http://lifehacker.com/5813861/dropbox-accidentally-unlocked-all-accounts-for-4-hours">four(4)
hour period, accounts were unlocked and accessible</a> to the general public.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">Let’s take another example.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">Social media. It is in the forefront of most peoples minds right now. And,
as we see, a lot of companies are embracing this new market place with vigor.
It is seen, by some, to better connect or re-connect, with friends and family.
I for one, keep in touch with relatives from Australia, Hungary and Michigan
using a combination of Twitter, Facebook and LinkedIn. Companies are jumping on
board as well, seeing the opportunity to have another marketing vehicle
in their arsenal, <span style="mso-spacerun: yes;"> </span>providing enhanced
customer service and differentiating themselves from the competition. Yet there
have been a multitude of security and privacy issues with the social media
suppliers. For example, there was the time a that a certain number of users<a href="http://nakedsecurity.sophos.com/2013/06/23/facebook-issues-data-breach-notification-may-have-leaked-your-email-and-phone-number/">
potentially exposed their personal identifiable information within Facebook</a>.
Twitter, another social media darling had a number of <a href="http://mashable.com/2009/07/15/twitter-security-meltdown/">issues
concerning security</a> as well.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">And another</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">RFID = Radio Frequency IDentification.. We all use it. But what is it? It
actually encompasses a lot of different devices and uses. They include the
NEXIS card, issued by the US and Canadian governments to allow pre-screened
passengers, speedier border crossings. It allows Jane Smith to tap her credit card
on the gas pump reader to pay. it can be used to track merchandise in
warehouses etc. Yet within a very short period of time after general deployment
in the public arena security issues started to be asked/exploited in both<a href="http://www.cbc.ca/news/technology/new-credit-cards-pose-security-problem-1.904220">
the public as well as informed experts hands.</a></span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">And finally within the last month (as of this is being written) the <a href="http://appleinsider.com/articles/13/09/24/ios-7-feature-focus-adding-fingerprints-enhancing-security-for-iphone-5s-touch-id">fingerprint
recognition capability within the new iOS 7</a> had it’s security questioned. The
new capability allows anyone with a new Iphone 5S<strike>c</strike> to buy songs etc.,
using their fingerprint, in the ITUNE store (more to follow I am sure). Yet
within a very short period of time, concerns about the <a href="http://www.ibtimes.com/apple-ios-7-security-issues-report-says-new-exploits-can-help-hackers-prevent-device-wiper-using">security
of this capability surfaced</a>.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">So what does this all mean? Should we ban all new technology? While I am
sure there maybe some people who would say yes (as there are still some people
who believe the world is flat and Elvis is alive) that is not going to happen.
If we would have banned technology then, no computers? Or if we waited and
implemented the ban when transistors came about. or when the Arpnet/Internet
was created, or when the WWW (world wide web) etc. where would we be now?</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">In reality as the human race continues to explore and innovate, technology
will move forward.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">So Am I advocating we just plow ahead full steam? Well.....</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">I think we need to recognize that with each innovation, invention etc the
security privacy landscape changes. That when we embrace the new mouse trap, we
should also realize that it brings with it potential security privacy issues
that need to be addressed.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">Let’s take the last example I used. Apple introduced the new
capability stating that <a href="http://www.apple.com/pr/library/2013/09/10Apple-Announces-iPhone-5s-The-Most-Forward-Thinking-Smartphone-in-the-World.html">Iphone
5S is an innovative way to simply and securely unlock your iPhone with just the
touch of a finger</a>. However, noticeably absent was any further discussion
about the security component. While I don't expect a detailed discussion,
I do expect a phrase or two addressing the obvious concerns.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">Why is it that security (and indirectly privacy) is such an
afterthought. We introduce new ways to build a better mouse trap<span style="color: red;">1</span> yet we do not look at what the implications for this
new technology are and what changes need to be so it is implemented safely and
securely. Companies jump on bandwagons all the time without fully engaging in a
analysis of the various issues of concern. Apple introduces a finger scanner,
yet a hack was published within the month. Banks introduced 'chip and pin'
credit cards and then tried to deny any reimbursement for <a href="http://www.youtube.com/watch?v=u0HL6gGZSos">fraudulently used cards</a>.</span></h4>
<h4>
</h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;">So what does this all mean? In all our dealings, whether it is building a
new web site (<a href="http://privacybydesign.ca/">Privacy by Design</a>) or a
new technology, we should be advocating Security by Design in what ever we do.
It should not be an afterthought. We should expect that there will be issues
and not wait for some smart hacker to point out the problems. We should take
the bull by the tail and face the situation. Be proactive rather then reactive
as we seem to be most of the time. If we do this, then we will hear less and
less press releases on how some new technology was hacked and broken. And as a
result, a fix had to be <span style="mso-spacerun: yes;"> </span>developed and
deployed. Never mind the PR issues that raise their head during this event.</span></h4>
<h4>
</h4>
<h4>
<b><span style="font-weight: normal;">FOOTNOTE</span></b></h4>
<h4>
</h4>
<h4>
<span style="font-weight: normal;"><span style="color: red;">1</span> The actual saying goes like this 'If a man
has good corn or wood, or boards, or pigs, to sell, or can make better chairs
or knives, crucibles or church organs, than anybody else, you will find a broad
hard-beaten road to his house, though it be in the woods' Ralph Waldo Emerson.
I prefer the modern version for brevity, if for no other reason.</span></h4>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-6785487939371131892013-07-09T07:15:00.003-07:002013-07-09T07:19:36.329-07:00Security/Privacy Personnel, should they be the same?<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:1 134676480 16 0 131072 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
p
{mso-style-noshow:yes;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:Times;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-bidi-font-family:"Times New Roman";}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
</style>
-->
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-Rj388SClDS04VmpOKaxQZ-opuuIk4SoNeAbUalZISlEJIRrIXESX55RPjUaX8Bbf-mgRQorjlIP1fq_g-A3csDU4TESo3SghzPAdCT2yAn111pXMQqFMTSg0iWG-D5qurwTu9JexxqQ/s1600/SecurityPrivacy.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="176" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-Rj388SClDS04VmpOKaxQZ-opuuIk4SoNeAbUalZISlEJIRrIXESX55RPjUaX8Bbf-mgRQorjlIP1fq_g-A3csDU4TESo3SghzPAdCT2yAn111pXMQqFMTSg0iWG-D5qurwTu9JexxqQ/s320/SecurityPrivacy.jpg" width="320" /></a></div>
I have been on the peripheral of the discussion about Privacy and Security
for awhile. The debate is concerning how Privacy personnel are not familiar
with IT security process. And I believe its time to take the bull by the tail
and face the situation, so to speak.<br />
<br />
My thesis is that there needs to be a concerted effort to develop a
liaison group involving people that feel comfortable in both areas of Privacy
and IT Security. These people should understand how data is used within the IT,
and what expectations Privacy places on the organization.<br />
<br />
SO let’s explore<br />
<br />
In the vast majority of enterprises, (those that have a IT department and
also are concerned by privacy, as all companies should be) there are Privacy
officers that deal solely in the Privacy realm (Privacy policy, governance etc)
and the IT personnel whose function it <span style="mso-spacerun: yes;"> </span>is to enhance/maintain/deploy process to
Secure the network assets from the 'bad guy'<br />
<br />
But before we delve into this much further, let’s explore some of the foundations
of these two organizations.<br />
<br />
Privacy requirements come from various requirements, regulations, laws. They
are formulated/created, either by gov't or professional organizations. Examples
include: the PCI DSS, SOX, GLBA, PIPEDA, <span style="mso-spacerun: yes;"> </span>EU Directive, to name but a few.<br />
<br />
These regulations/laws, for the most part are drafted by lawyers, civil
servants, professional committees. I transgress with a quick joke. What is a
camel? A horse designed by a committee. <br />
The point is that, as written, these regulations are not written for the 'common
man'. They deal with the legal aspects of privacy and as such, written in
'legalize'. So to be able to interpret them, create processes to address them,
and ensure compliance with the same, it requires individuals that can
understand those same rules. That is, one with expertise in the legal and/or
regulator profession. <br />
<br />
Security comes from the technical world, the idea of what kind of security
appliances are needed to monitor/secure the systems/network/infrastructure that
are in place within the organization. The understanding of networking
protocols, threats and vulnerabilities etc. needs someone who understands the
technical complicated the Security realm<br />
<br />
So far so good.<br />
<br />
We also understand that to have Privacy, one must have Security, or otherwise
the organization’s public reputation, never mind its ability to function under
gov't rules and industry regulation oversight may be in jeopardy. (IE
data breaches etc).<br />
<br />
However, how many Privacy officers know anything about a 'DMZ' or DLP
appliance (to name but two Technical Security phases/<a href="https://www.google.ca/search?client=firefox-a&rls=org.mozilla:en-US:official&gbv=2&q=gobbledygook&spell=1&sa=X&ei=fezZUa7UHYHEqQH5soGwCQ&ved=0CCwQvwUoAA&biw=2219&bih=982"><span style="color: windowtext; text-decoration: none; text-underline: none;">gobbledygook</span></a>).
That is the Security guy’s responsibility, right?<br />
<br />
How many security personnel understand the ramifications of a stolen laptop
with an encrypted disk, with PII from Customers in the US, or if the PII is
from those customers that are located within the EU. That is the privacy
department issue?<br />
<br />
So that is the dilemma. Each department’s needs to 'use' the other’s
expertise. But is there is no common language? One group doesn't know what it
does not know and the other assumes that everything is addressed. This scenario
is a problem waiting to happen.<br />
<br />
So let’s take an example. But please note that the following example is only
being used to highlight my point. It is an over simplification of the issues.<br />
<br />
A new network is being developed to support an application that is being
rolled out shortly. This application contains PII/PHI information. In one of
the meetings the CPO makes it clear that this type of information needs to be
protected/secured. The Security guys go to the back room and incant some
magic spells over a rack of computers/servers (sorry I could not help myself)
and POOF, out comes a Security policy/procedure etc. plan for the roll out.<br />
<br />
The plan contains the proper role based security rules(RBAC), checks, logs
etc. The Security guys go out for a drink to celebrate the culmination of
designing a 'fool proof' Security envelope (as if there was such a
thing).<br />
<br />
The Privacy person figures out that the proposed process meets the needs and
regulations and goes home with a smile on his/her face. The only people who are
authorized to see the information will have the ability to view the PII/PHI
info. <br />
<br />
However, did anyone look at how support is going to done for this
application? The Privacy professional is not a techie and does not know what
the 'normal' infrastructure for support/maintenance development for an
application is. And why should he/she? Right?<br />
<br />
<br />
WRONG<br />
<br />
The CPO has no idea that during the development and support phases of the
project, that copies of the real data may be created to provide a more
realistic test bed for QA/ regression testing.(see my previous blog entry
for a further discussion concerning this issue).<br />
<br />
Did anyone look at the possibility that there may be data leakage within the
test/regression system? (PII info that can be emailed in the clear from a
developer workstation)? <span style="mso-spacerun: yes;"> </span>Did the person
responsible for Privacy understand the need for a possible Security hardware
deployment within the test environment to prevent data leakage. And where should
that hardware be deployed? How do third parties access the data for
testing? Should they be able to see the test (or Production data)? Should this
be considered with a BCP (business contingency planning) document?<br />
<br />
The people responsible for Security understand the basic Security 'triad'
(CIA. Confidentiality, Integrity and Availability) and have created a process
that addresses these requirements. In this case the Security personnel, and may
be the network administrator, have designed a comprehensive plan to secure the
network where the new application will live on.<br />
<br />
But what do they understand about issues like: if a disk drive goes missing,
even if it is encrypted, they may still need to notify gov't authorities (EU
directive)? And this must be detailed in any contingency planning.<br />
<br />
Do they know that they need to talk to the Privacy department to look
at how test data is used and abused?<br />
<br />
The above mentioned questions are rather over simplified. And of course during
the normal working day, the Security department and the Privacy department
would talk to each other. BUT<br />
<br />
The old adage is very relevant here. 'I don't know what I don't know' or in
the case of the Security personnel they don’t know enough of the Privacy
realm to make sure everything is addressed. And the Privacy officer does not
know how the data is used, to the point that she/he would not know to look into
areas that are not obvious IE Test Bed, Third party issues etc..<br />
<br />
So what is the answer? Cross train personnel. (Easier said then done).<br />
<br />
Have the security department take a course like the CIPP, offered by the
International Association of Privacy Professionals. This will allow for the same
individuals some insight into the issues pertaining to privacy.<br />
<br />
Have the Privacy personnel take a certification course like the SECURITY+
offered by CompTIA. However this may be more problematic because there is an
assumption that the person taking this course (or one that is similar) has some
basic knowledge in networking and IT in general.<br />
<br />
Failing that, Have the people in the CPO office at least try to get the basis
of Security down, so the next time the two groups meet they can at least talk a
common language. And this would help in reducing the chance of something being
missed, and projects coming in on time.<br />
<br />Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com2tag:blogger.com,1999:blog-286419466081532919.post-16532456780513882012013-07-07T14:28:00.002-07:002013-07-07T14:28:46.881-07:00Robert Galambos's Updated Resume
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Arial;
panose-1:2 11 6 4 2 2 2 2 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:10887 -2147483648 8 0 511 0;}
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536859905 -1073711037 9 0 511 0;}
@font-face
{font-family:Wingdings;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:2;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:0 268435456 0 0 -2147483648 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1107305727 0 0 415 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-520092929 1073786111 9 0 415 0;}
@font-face
{font-family:"Arial Black";
panose-1:2 11 10 4 2 1 2 2 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:647 0 0 0 159 0;}
@font-face
{font-family:"High Tower Text";
mso-font-alt:Herculanum;
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
mso-bidi-font-size:10.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-unhide:no;
mso-style-parent:"";
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p.MsoNoSpacing, li.MsoNoSpacing, div.MsoNoSpacing
{mso-style-priority:1;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:Arial;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:.6in .6in .6in .6in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
border:solid windowtext 4.5pt;
padding:24.0pt 24.0pt 24.0pt 24.0pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:20281845;
mso-list-type:hybrid;
mso-list-template-ids:-1144631788 -316640866 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:77752012;
mso-list-type:hybrid;
mso-list-template-ids:-1051141884 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:101268622;
mso-list-type:hybrid;
mso-list-template-ids:1827332896 -491229900 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1412577563;
mso-list-type:hybrid;
mso-list-template-ids:-433583000 -316640866 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4
{mso-list-id:1661277111;
mso-list-type:hybrid;
mso-list-template-ids:-247402892 -316640866 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<br />
<table align="left" border="1" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="border-collapse: collapse; border: none; margin-left: 6.0pt; margin-right: 6.0pt; mso-border-alt: solid black .5pt; mso-border-insideh: .5pt solid black; mso-border-insidev: .5pt solid black; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-table-anchor-horizontal: page; mso-table-anchor-vertical: paragraph; mso-table-left: 42.7pt; mso-table-lspace: 9.0pt; mso-table-rspace: 9.0pt; mso-table-top: -17.15pt; mso-yfti-tbllook: 1184; width: 536px;">
<tbody>
<tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td colspan="3" style="border-bottom: solid black 3.0pt; border: none; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<div align="center" class="MsoNormal" style="margin-bottom: 6.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 20.0pt; font-variant: small-caps; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt;">Robert Galambos</span></div>
<div align="center" class="MsoNormal" style="margin-bottom: 6.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<span style="font-family: Arial;">Mobile: <span style="color: #333333;">416-876-2979 </span></span><span style="font-family: Symbol; mso-ascii-font-family: Arial; mso-bidi-font-family: Arial; mso-char-type: symbol; mso-hansi-font-family: Arial; mso-symbol-font-family: Symbol;"><span style="mso-char-type: symbol; mso-symbol-font-family: Symbol;">·</span></span><span style="font-family: Arial;"> Email: <a href="mailto:rgalambos@gmail.com">rgalambos@gmail.com</a></span></div>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td colspan="3" style="border: none; mso-border-top-alt: solid black 3.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<div align="center" class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<b style="mso-bidi-font-weight: normal;"><i style="mso-bidi-font-style: normal;"><span style="font-family: Arial; font-size: 11.0pt; mso-bidi-font-size: 10.0pt;">Career Profile:</span></i></b></div>
<div align="center" class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<i style="mso-bidi-font-style: normal;"><span style="font-family: Arial; font-size: 11.0pt; mso-bidi-font-size: 10.0pt;">Over seventeen years of experience as presales engineer and consultant
in the software industry, combining high-level sales and marketing knowledge
with deep operational experience, technical savvy and cross-functional
communication abilities. Extensive experience supporting sales initiatives,
managing customer relationships, handling customer service calls and
consultations, and maximizing client ROI on software solutions</span></i><i style="mso-bidi-font-style: normal;"><span style="font-family: "High Tower Text","serif"; font-size: 11.0pt; mso-bidi-font-size: 10.0pt;">. </span></i></div>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td colspan="3" style="border: none; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<div class="MsoNormal" style="margin-bottom: 6.0pt; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; tab-stops: center 260.55pt left 359.35pt;">
<span style="font-family: "Arial Black"; font-size: 14.0pt; font-variant: small-caps;"><span style="mso-tab-count: 1;"> </span>Areas of
Strength <span style="mso-tab-count: 1;"> </span></span></div>
</td>
</tr>
<tr style="height: 65.25pt; mso-yfti-irow: 3;">
<td style="border-bottom: solid black 3.0pt; border: none; height: 65.25pt; padding: 0in 5.4pt 0in 5.4pt; width: 157.05pt;" valign="top" width="157">
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l0 level1 lfo3;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Data Privacy</span></b></li>
</ul>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Client
Relations</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Market Analysis</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Industry
Research</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Security</span></b></li>
</ul>
</td>
<td style="border-bottom: solid black 3.0pt; border: none; height: 65.25pt; padding: 0in 5.4pt 0in 5.4pt; width: 206.15pt;" valign="top" width="206">
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Client &
C-Level Presentations</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Executive
Communications</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Staff Training
& Development</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Data
Optimization & Management </span></b></li>
</ul>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="margin-bottom: 6.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l3 level1 lfo4;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Oracle/SQLServer/DB2</span></b></li>
</ul>
</td>
<td style="border-bottom: solid black 3.0pt; border: none; height: 65.25pt; padding: 0in 5.4pt 0in 5.4pt; width: 173.2pt;" valign="top" width="173">
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Solution
Selling</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Customer
Service</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Product
Demonstrations</span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">Technical
Consulting </span></b></li>
<li class="MsoNormal" style="mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 10.0pt;">DB2/IMS/VSAM</span></b></li>
</ul>
<div class="MsoNormal" style="margin-left: .25in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly;">
<br /></div>
</td>
</tr>
<tr style="mso-yfti-irow: 4; mso-yfti-lastrow: yes;">
<td colspan="3" style="border: none; mso-border-top-alt: solid black 3.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<div align="center" class="MsoNormal" style="margin-bottom: 3.0pt; margin-left: 0in; margin-right: 0in; margin-top: 3.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-pagination: none; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 14.0pt; font-variant: small-caps; mso-bidi-font-size: 10.0pt;">Professional Experience</span></div>
</td>
</tr>
</tbody></table>
<div class="MsoNoSpacing" style="tab-stops: 160.0pt;">
<b style="mso-bidi-font-weight: normal;"><span style="mso-bidi-font-size: 12.0pt;"></span></b></div>
<div class="MsoNormal" style="tab-stops: right 508.5pt; text-align: justify;">
<span style="font-family: "Arial Black"; font-variant: small-caps;">COMPUWARE</span><span style="font-family: Arial;"><span style="mso-tab-count: 1;"> </span>1996
to 2013</span></div>
<div class="MsoNormal" style="margin-bottom: 6.0pt; text-align: justify;">
<i style="mso-bidi-font-style: normal;"><span style="font-family: Arial;">Leading
provider of IT software, services and best practices to deliver peak
performance for technologies worldwide.</span></i><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial;"></span></b></div>
<div class="MsoNormal" style="margin-left: 9.35pt;">
<span style="font-family: "Arial Black"; font-size: 11.0pt;">Sales Engineer & Consultant</span><span style="font-family: Arial; font-size: 11.0pt;"></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Provided
technical analysis concerning Data Privacy </span></b><span style="font-family: Arial; font-size: 11.0pt;">to facilitate completion of RFI
and RFP responses for various clients, with 85 percent success ratio.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Delivered
high-impact presentations </span></b><span style="font-family: Arial; font-size: 11.0pt;">to clients leveraging strong technical skills.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Managed
interoperability and alliance </span></b><span style="font-family: Arial; font-size: 11.0pt;">between software solutions and customers’ strategic
business plans.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Helped potential
clients understand, compare </span></b><span style="font-family: Arial; font-size: 11.0pt;">and contrast several IT solutions.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Collaborated with
sales to develop cost justifications, </span></b><span style="font-family: Arial; font-size: 11.0pt;">business proposals and responses to RFI/RFPs.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Engaged and
coordinated </span></b><span style="font-family: Arial; font-size: 11.0pt;">post-sales
implementation engagements.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Helped close a
minimum $2 million dollar sales </span></b><span style="font-family: Arial; font-size: 11.0pt;">13 years in a row.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Anointed to
learn, support and sell two entire product lines, </span></b><span style="font-family: Arial; font-size: 11.0pt;">due to the unique requirement
of both English and French support and sales.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Contributed to a
team</span></b><span style="font-family: Arial; font-size: 11.0pt;"> that
achieved a minimum 97 percent maintenance renewal.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Liaised with
Product Development and Marketing departments, </span></b><span style="font-family: Arial; font-size: 11.0pt;">perform client sales
management, and report on industry/market trends, competition, and needs.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Maintained
extensive and specialized knowledge of COMPUWARE’s products, customers and
competition, </span></b><span style="font-family: Arial; font-size: 11.0pt;">to
enhance customer service ability and stay current on company offerings.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Produced detailed
phone support, </span></b><span style="font-family: Arial; font-size: 11.0pt;">personal
product demonstrations and on-site evaluations of clients’ current
software solutions.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Responded to
requests for information </span></b><span style="font-family: Arial; font-size: 11.0pt;">or pricing in an efficient manner and prepared sales
package proposals.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Trained and
lectured clients, staff and executives </span></b><span style="font-family: Arial; font-size: 11.0pt;">on various solutions, including Data Privacy and
Application Auditing.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Facilitated
customers and partners, </span></b><span style="font-family: Arial; font-size: 11.0pt;">as well as on-site professional services support such
as installations and configurations upon deployment of software.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Created, updated
and disseminated training materials </span></b><span style="font-family: Arial; font-size: 11.0pt;">for 10 different software products on both
mainframe and mid-tier/distributed environments.</span></li>
</ul>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Served as Project
Manager/Team Lead</span></b><span style="font-family: Arial; font-size: 11.0pt;"> developing and updating training material with a specific timeline
and with the participation of 10 team members.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Gained
proficiency in MS Windows, MS Office, Salesforce.com, </span></b><span style="font-family: Arial; font-size: 11.0pt;">and Data Privacy Solution
Mainframe.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Was one out of
two people chosen (out of 24) to be a mentor </span></b><span style="font-family: Arial; font-size: 11.0pt;">for the Professional
Development Program, training non-IT professionals to be support
personnel. </span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Worked in various
realms, </span></b><span style="font-family: Arial; font-size: 11.0pt;">including
ETL, Data Privacy in the testing space, Data Management and Data
Optimization for both short-term and long-term sales cycles.</span></li>
</ul>
<div class="MsoNormal" style="tab-stops: right 508.5pt; text-align: justify;">
<br /></div>
<div class="MsoNormal" style="tab-stops: right 508.5pt; text-align: justify;">
<span style="font-family: "Arial Black"; font-variant: small-caps;">MONTREAL TRUST / BANK
OF NOVA SCOTIA</span><span style="font-family: Arial;"><span style="mso-tab-count: 1;"> </span>1984 to 1996</span></div>
<div class="MsoNormal" style="margin-bottom: 6.0pt; text-align: justify;">
<i style="mso-bidi-font-style: normal;"><span style="font-family: Arial;">Premier
financial institution providing personal, commercial, corporate and investment
banking services to individuals, small and medium-sized businesses,
corporations and governments.</span></i><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial;"></span></b></div>
<div class="MsoNormal" style="margin-left: 9.35pt;">
<span style="font-family: "Arial Black"; font-size: 11.0pt;">Principal Analyst & Team Lead</span><span style="font-family: Arial; font-size: 11.0pt;"></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Oversaw the team
responsible </span></b><span style="font-family: Arial; font-size: 11.0pt;">for
financial systems, including general ledgers, accounts receivable and
accounts payable within the Trust Unit.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Apprised
management of more efficient methodologies </span></b><span style="font-family: Arial; font-size: 11.0pt;">to ensure better business
decisions.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Provided
guidance, instruction, direction and leadership </span></b><span style="font-family: Arial; font-size: 11.0pt;">to the team to achieve key
results for clients.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Coached and
matured the skill level of direct reports</span></b><span style="font-family: Arial; font-size: 11.0pt;"> in order to continue their
long-term development and ensure solid succession planning and departmental
success.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Liaised with
Payroll, HR </span></b><span style="font-family: Arial; font-size: 11.0pt;">and
Executive Offices as a subject matter expert.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Gained
proficiency </span></b><span style="font-family: Arial; font-size: 11.0pt;">in
COBOL, IDMS, and IBM Multiple Virtual Storage</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Created “What if”
scenarios and provided support </span></b><span style="font-family: Arial; font-size: 11.0pt;">for non-technical end-users.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Designed major conversion
project </span></b><span style="font-family: Arial; font-size: 11.0pt;">for
Pension Plan Changes/Acquisition (BNS).</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Worked with the
Finance Team to determine the ongoing business needs </span></b><span style="font-family: Arial; font-size: 11.0pt;">and requirements for the
reporting of all assets, sales, redemptions, management fees, trailer
fees, and advisory fees.</span></li>
</ul>
<div align="center" class="MsoNormal" style="margin-left: .5in; text-align: center;">
<br /></div>
<div align="center" class="MsoNormal" style="margin-left: .5in; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 14.0pt; font-variant: small-caps; mso-bidi-font-size: 10.0pt;">Certifications</span></div>
<div class="MsoNormal" style="tab-stops: right 508.5pt; text-align: justify;">
<span style="font-family: "Arial Black"; font-variant: small-caps;">Security+</span><span style="font-family: Arial;"><span style="mso-tab-count: 1;"> </span></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1; text-align: justify;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Knowledge of security concepts, tools, and procedures</span></b>
to react to security incidents, to ensure that security personnel are
anticipating security risks and guarding against them.<span style="font-family: Arial;"></span></li>
</ul>
<div class="MsoNormal" style="tab-stops: right 508.5pt; text-align: justify;">
<span style="font-family: "Arial Black"; font-variant: small-caps;">CIPP/C: Certified
Information Privacy Professional/Canada<span style="mso-tab-count: 1;"> </span></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Demonstrates
understanding and application</span></b><span style="font-family: Arial; font-size: 11.0pt;"> of Canadian information privacy laws, principles and
practices at the federal, provincial and territorial levels.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Requires
completion of Certification Foundation Exam </span></b><span style="font-family: Arial; font-size: 11.0pt;">and CIPP/C Exam.</span></li>
</ul>
<div class="MsoNormal" style="tab-stops: right 508.5pt; text-align: justify;">
<span style="font-family: "Arial Black"; font-variant: small-caps;">CIPP/IT: Certified
Information Privacy Professional/IT</span><span style="font-family: Arial;"><span style="mso-tab-count: 1;"> </span></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Entails
understanding </span></b><span style="font-family: Arial; font-size: 11.0pt;">privacy
and data protection practices in the development, engineering, deployment
and auditing of IT products and services.</span></li>
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Necessitates
completion of Certification Foundation Exam </span></b><span style="font-family: Arial; font-size: 11.0pt;">and CIPP/IT Exam.</span></li>
</ul>
<div class="MsoNormal" style="tab-stops: right 508.5pt; text-align: justify;">
<span style="font-family: "Arial Black"; font-variant: small-caps;">IBM Certified
Database Administrator – DB2 9 DBA for z/OS</span><span style="font-family: Arial;"><span style="mso-tab-count: 1;"> </span></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 11.0pt;">Validates
capability </span></b><span style="font-family: Arial; font-size: 11.0pt;">of
performing intermediate to advanced tasks related to database design and
implementation, operation and recovery, security and auditing,
performance, and installation and migration/updates specific to the z/OS
operating system.</span></li>
</ul>
<div style="border-bottom: solid windowtext 1.5pt; border: none; mso-element: para-border-div; padding: 0in 0in 1.0pt 0in;">
<div class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext 1.5pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in;">
<br /></div>
<div align="center" class="MsoNormal" style="border: none; mso-border-bottom-alt: solid windowtext 1.5pt; mso-padding-alt: 0in 0in 1.0pt 0in; padding: 0in; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 14.0pt; font-variant: small-caps; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt;">Education</span></div>
</div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: "Arial Black"; font-size: 11.0pt; font-variant: small-caps; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt;">Concordia University, Montreal,
Québec</span></div>
<div align="center" class="MsoNormal" style="text-align: center;">
<span style="font-family: Arial;">Bachelor of Commerce, Accounting (1979)</span></div>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-64343383713632530552013-06-12T20:31:00.000-07:002013-06-13T05:38:44.655-07:00Robert Galambos Visual Resume<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7todVGjmpk6DsM_NszkGGhyFJHwy1czl29cxLo3cDxDp2LW4lmSs2gMsWzOzdiiFDxdDiHSbGwqVxUvUSXZv1OtOh_wmk_v82uiRvIVf23-5v7iOTL3WIon3t7Duc8dYM3VU3rwNC7xI/s1600/Slide1.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7todVGjmpk6DsM_NszkGGhyFJHwy1czl29cxLo3cDxDp2LW4lmSs2gMsWzOzdiiFDxdDiHSbGwqVxUvUSXZv1OtOh_wmk_v82uiRvIVf23-5v7iOTL3WIon3t7Duc8dYM3VU3rwNC7xI/s320/Slide1.png" width="320" /></a><br />
<br />
<span style="font-size: small;"><span style="font-size: x-large;">I</span>n the world where presentations can make or break a sale, a project, or a policy, I thought it would be a great idea to create something to showcase my MS PowerPoint skill set.</span><br />
<a href="https://dl.dropboxusercontent.com/u/7300616/Visual%20Resume.pdf" target="_blank"><br /></a>
<a href="https://dl.dropboxusercontent.com/u/7300616/Visual%20Resume.pdf" target="_blank"> Visual Resume</a>Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com1tag:blogger.com,1999:blog-286419466081532919.post-7874510797684270782013-05-27T19:14:00.001-07:002013-05-27T19:17:01.516-07:00Musing of Big Data and Privacy<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo4erylTr1TEUlLytLpQWSa6st1Bt0bA0AYPnNDdSS_m3Rh5jZw-KebSnnpXBR5s_NMOFAJmx1efqi-Hijb_s5MWCbeYDIA8v1o4xssMeUJcHJR0AxSOv-fBeJoMYC81T04JdCrYAbun8/s1600/Screen+Shot+2013-05-27+at+8.56.01+PM.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="247" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo4erylTr1TEUlLytLpQWSa6st1Bt0bA0AYPnNDdSS_m3Rh5jZw-KebSnnpXBR5s_NMOFAJmx1efqi-Hijb_s5MWCbeYDIA8v1o4xssMeUJcHJR0AxSOv-fBeJoMYC81T04JdCrYAbun8/s400/Screen+Shot+2013-05-27+at+8.56.01+PM.png" width="400" /></a></div>
<span style="font-family: Times; font-size: 10.0pt;">Big Data and Privacy. Or should a
Big Box store figure out if someone is pregnant? </span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">Is that Private?</span><br />
<br />
<br />
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">So what is Big Data? Is it the
latest 'fashion statement' from the IT world? A bunch of numbers, letters, that
represent something or someone? Something of an asset?</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">All the above and more. Basically it
is the information, or data, that is generated by everyone and everything. Examples of Big Data include
this particular blog entered on the web, the decoding of the human genome, the
buying habits for your customers, your credit score etc. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;"> Its 'stuff'. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Google’s CEO Eric Schmidt stated:
“From the dawn of civilization until 2003, humankind generated five exabytes of
data. Now we produce five exabytes every two days…and the pace is
accelerating.”</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">SO that is Big Data. But how does it
concern privacy? Before we go there, lets reflect this issue. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Companies are generating great
mounds of data. Everything from what you purchase in grocery items (those
Customer loyalty cards) to what credit cards you use and where. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">This is an asset to the company. It
is something that can be analyzed, inspected, and reported on, all for the
purpose to get the upper edge from their competitors, a better understanding
of the customers,how to market/target them to get the best results, What tickles their fancy so to speak? Maybe get that same customer to buy
milk from your company as well as the clothing that they buy now.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">While doing the research for this
blog I came across an interesting case study concerning this <span style="mso-spacerun: yes;"> </span>issue.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">A major Big Box chain’s (not
Wal-Mart) department of thinkers (not a real department but could have well
been named that) got together to try to see if they could 'predict' which of
their customers were pregnant. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">The reason was if they can get that
pregnant customer to start buying the 'stuff' needed for the happy occasion, they
could influence their buying patterns in the future. A better 'bottom' line
(pun intended).</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">They had all this raw data about
their clients and their buying habits. They can mine the information (Big Data)
and determine if there were any patterns. And the results were, to say the
least, eye opening. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br />
<span style="font-family: Times; font-size: 10.0pt;">Now, this blog is not the place to have
a detailed discussion about this, but needless to say the mathematical model
that was developed was successful in more the 87% to predict, based solely on
buying habits, which of their clients were pregnant. They were then able to target
the pregnant customers with<span style="mso-spacerun: yes;"> </span>coupons,
flyer's, etc in hopes getting them to buy more ‘STUFF’, </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">This was done without the a client
filling out a form letting the company know they were expecting, Ms Jane Doe customer
had yet to buy a single diaper etc. The mining of this client’s information from the
company database which indicated her buying habits, was the only determining
factor. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">That is what Big Data is, and what
it can do.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Can you see the issues in privacy in
all this? Actually, there are really three different issues when dealing with
Big Data.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Is what the company doing legal?</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Is it ethical?</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Is it acceptable to the general
public? </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Let tackle the legality first. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">It’s not a simple answer. There are
a lot of variables involved. Where does the customer live? Did he/she give
permission to the company to use the data collected for internal (and maybe
external) use? These are but two questions that privacy officers need to deal
with, address and ultimately sign off on. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Generally speaking, we can assume,
when a customer signs up for a loyalty card, there would be some form of
authorization to use the data. Or at least best practices demands such sort of
disclosure, if nothing else. And this may be the easiest of the three
questions.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Is it ethical? </span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">PHD theses have been
written about this very question for 'years'. There is no gov't review panel to
determine if it is or not ethical, but the question is still very valid.
One education site states that ' <i>ethics</i> refers to standards
of behavior that <i>tell</i> us how human beings ought to act in the many
situations..' </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">http://www.scu.edu/ethics/practicing/decision/framework.html</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">While there is no stand fast rules
on what is and is not ethical, one can, if for no other reason, look into
the mirror and ask the question? Is this ok? </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Is it then acceptable? </span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">Going back to
the story above, let’s see what happened. After the store created the model,
they started sending flyer's, coupons that would target the would be moms.
Examples, like diapers coupons , flyer's featuring cribs etc. were sent
out to the targeted group. </span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">Well, you can imagine what happened next. Many irate
customers wondered, first of all, how did this company know they were
expecting. Even more damaging to the company’s reputation was the fact that
they were sending baby oriented coupons to non pregnant clients. And what if
those target accounts were teenagers, and/or single, and/or religious?</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">A public relations nightmare. In
fact, while doing the research, I was surprised that this had not been thought
out more thoroughly in the marketing department of the company.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">All these factors play in the realm
of Big Data. And privacy is just one of those factors.</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Ultimately, the people responsible
for privacy need to assure themselves that the use of the data is within legal
constraints. </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">It can be more complicated if that
data being analyzed is sent out to another company. There are 'mounds' of
companies whose only job is to message the data and make sense of it. They can
then market to those clients with targeted campaigns as successfully as
possible(the pregnant ladies from the above example), to get the best return on
the data. (the Big Data).</span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">Big Data means being able to see
trends and patterns, not determining individuals buying habits per say. </span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">No one
in Costco cares if the individual named Robert will buy a steak or a bottle of
milk. What they do care about is influencing the group that Robert ‘belongs to’
so they can somehow how influence that targeted group to buy both products (as
an example). <span style="mso-spacerun: yes;"> </span></span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;"><span style="mso-spacerun: yes;"> </span>So an argument concerning privacy can go something like this:</span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">Its not the PII
information of a particular person that is being used (for the most part) for
this type of analysis, but that a customer bought an item and he is middle aged, 6
foot, lives in a middle class area, Etc. And he belongs to a statistical group that represents 25% of the customer base in a particular region.</span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">Maybe. But then again is that the only usage of these great mounds of data? </span></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<br /></div>
<div class="MsoNormal" style="mso-margin-bottom-alt: auto; mso-margin-top-alt: auto;">
<span style="font-family: Times; font-size: 10.0pt;">The debate on Big Data, how to
handle it, and the ramifications on privacy will continue. What we need to do,
is have the dialog, ask the questions, figure out what can and should be done. </span><br />
<br />
<span style="font-family: Times; font-size: 10.0pt;">The concerns won't go away, and ignoring the issues will only make it worse. We all need to first understand the issues and then try to make 'a go at it.' And at same time making sure we don't shot ourselves in the foot.</span><br />
<span style="font-family: Times; font-size: 10.0pt;"><br /></span>
<span style="font-family: Times; font-size: 10.0pt;"><br /></span>
</div>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-26611494888143166752013-05-22T08:55:00.001-07:002013-05-22T08:58:58.656-07:00Testing, in the black box (ATV), Security & Privacy<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE5IPFWpI9rJDgyHE4P2Q_OeUnnP8vjAoEHiN2WBFBi1HXvWyZLJt_b3FLVSjBh5YxiNW1COWpWCsffavZuy-r9GqNPy-4Rw4QfveQi3dHkbljna2hJfSKhWu0pkpBzS4qNPaNjT8rPJ4/s1600/Functional.jpg" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="252" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE5IPFWpI9rJDgyHE4P2Q_OeUnnP8vjAoEHiN2WBFBi1HXvWyZLJt_b3FLVSjBh5YxiNW1COWpWCsffavZuy-r9GqNPy-4Rw4QfveQi3dHkbljna2hJfSKhWu0pkpBzS4qNPaNjT8rPJ4/s320/Functional.jpg" width="320" /></a><br />
<b><i><span style="font-size: small;">How Automate Testing Vehicles (ATV) should include Pentesting</span></i>. </b><br />
<br />
Why should privacy officers get involved in development, regression testing process?<br />
<br />
Why does IT need to improve their testing strategies?<br />
<br />
Pitfalls in Testing, Security/Privacy concerns is what drives people to have nightmares. Privacy officers need to have a better understanding of the environment they work in. The IT people need to embrace the notion that Privacy/Security starts from the beginning. So in that way the chances of being on a front page of a newspaper because of a breach and/or a failure will be minimized. NO ONE wants to phone the CIO about a problem like this. It is a team effort.<br />
<br />
I do have to warn you, the reader, that some of the material may be a little IT oriented. But in an organization where one needs to satisfy a number of different objectives, I would suggest at least a basic knowledge of the IT process is needed. And that the IT personnel need to understand the present compliance/regulator landscape.<br />
<br />
Some definitions are warranted before I begin.<br />
<br />
ATV or Automated Testing Vehicle. What is it? Why do I care? And is it a 'best practice'? (one of the most over used phrase at present).<br />
<br />
The idea is fairly simple. Having a set of scripts (automated) that can be run to test the system in question. The objective is to test the system before any changes are implemented. The process should set up the files that will be used for testing(see one of my previous blog posts concerning using data for testing), then run the test scripts, and afterwards run the comparison reports and highlight items of concern from the test just executed. All this is done in an automated fashion. Rather simple concept, but one that can be 'processes' changing in a good way.<br />
<br />
Well there is more to this. But let me define another term or two first.<br />
<br />
IT systems that are down cost money in lost revenue, and good will to the enterprise. As an example, in 2012 Google had an outage.<br />
<a href="http://www.rypmarketing.com/blog/509-how-much-revenue-does-google-lose-during-10-minutes-of-downtime.whtml" target="_blank">Google June 2012 down for 10 min.</a><br />
<br />
The ball park figure cost that Google suffered was calculated at about $750,000. And that was for 10 minutes. Now I am not suggesting all downtime costs are that much. It depends on the circumstances, but I am sure no one would like to find out for their own companies.<br />
<br />
Another good example of the costs is sited at <a href="http://www.websitepulse.com/services/do.the.math.php" target="_blank">costs of web down time per industry</a><br />
<br />
This site allows you to calculate the cost of a web site being down per industry/application. Its an eye opener to say the least.<br />
<br />
In another 'word', downtime is BAD/EXPENSIVE *Yea I know that is two words*. But joking aside we need to reduce unavailability as much as possible.<br />
<br />
PenTesting. <a href="http://en.wikipedia.org/wiki/Penetration_test" target="_blank">Wikipedia link</a> The<b> Information Systems Audit and Control Association</b>(ISACA) defines Penetration Testing as "A test of the effectiveness of security defences through mimicking the actions of real-life attackers."<br />
<br />
(For the reader who is more concerned with Privacy/Security, please read on)<br />
<br />
So now let's proceed. When an application change happens IT personnel (or a designated organization) tests the changes (IE regression testing). They test the change to see if it works. Now depending on the process that is followed, a user may also test/approve the same series of changes to the application for user approval. Fine, right? Do you notice something missing in the above? In fact, there is more then one item here that needs to be defined/explored.<br />
<br />
For many organizations testing to maintain the basic functions within an application does happen in a haphazardly way. Sure the change is tested and to get to the enhancements, some basic functions are tested as well, But, based on my anecdotal experiences, on many occasions, the entire core functions of the changed application are not testing on a consistent bases. A test of the all the basic core functions should also be completely tested whenever there is a change.<br />
<br />
As an example, if the application in question is some public facing web application (a web store as an example), basic function testing should also be done. Test for example, the ability to add/change a Credit card information and make sure that the update still works. Test adding an item to the shopping cart etc.<br />
<br />
So if the new function within the application fails, you have verified that the basic core functions, the one you need to keep the doors open, will still operate.<br />
<br />
Imagine if an error occurs at your bank, yet the basic functions were tested successfully with the 'improved mobile bank portal' (the change that will be implemented). Then logic would dictate that the basic functions should still work (you can still pay bills) even if the enhancement of the bank's mobile app does not. Corrections can be retested and implemented with minimal cost/embarrassment to the organization.<br />
<br />
I am therefore advocating that there should be standard testing scripts that confirm, even with the changes that are going to be implemented, that ALL the core functions still are accessible.<br />
<br />
So to implement a process like this, you first need to map out the basic functions that you can not live without. Once that is done and scripts are created, an automated process should be created. When ready, a series of script can be executed with little human intervention. (less change for human error). The 'Best Practice' (there is that phase again) would be something along the lines of submitting the scripts and going home. When you get into the office the following day the results are ready for analysis/correction etc.<br />
<br />
This should ensure that at even if the new change fails. You, the customer, can still do business with the organization in question. This is what some people call a ATV (see above). This process can be called your insurance policy.<br />
<br />
However, lets' takes this further. Why just test the basic functionality of the application? Should we also test for Security/Privacy issues? Should the company's Privacy/Security office ensure that this type of testing, verification is also included within an ATV and executed whenever anything changes?<br />
<br />
Absolutely!<br />
<br />
A process that includes PenTesting (see above) is something one should consider adding to the above mentioned ATV. With any change there is always a chance that a vulnerability is created that may not have been there before.<br />
<br />
Any failure can by it's very nature, cause the potential to expose sensitive information. It can be business secrets, and/or Personnel Identifiable Information (PII) to name but two potential headaches.<br />
<br />
There is software in the marketplace that has the capability to engage/test/analyze applications for vulnerabilities. Some of the software I have previously mentioned as well as others which are available with the capabilities needed.<br />
<br />
So I suggest that one creates an ATV process that includes the basic functionality of the application/system in question as well as additional testing for security/privacy. All this should be automated so that more extensive testing can be executed as well as reducing the chance for human error.<br />
<br />
Privacy officers need to ensure that any changes that are implemented will not cause exposure that may be costly. IT people need to make sure that the basic systems functions still run, no matter what is changed.<br />
<br />
Finally, while no one can claim in absolute terms that there will be no issues, following these basic concepts can help reduce the chance that the CIO needs to be called because of an issue.<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com2tag:blogger.com,1999:blog-286419466081532919.post-11129065351670526012013-05-06T10:45:00.001-07:002013-05-07T10:30:07.409-07:00Privacy for IT, Security for PO, Privacy by Design PdB.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.blogger.com/blogger.g?blogID=286419466081532919" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://www.blogger.com/blogger.g?blogID=286419466081532919" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" class="rg_i" data-sz="f" name="E2YVKfYpMj_DWM:" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5Ojf/2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf/wAARCADOAPQDASIAAhEBAxEB/8QAHAAAAQQDAQAAAAAAAAAAAAAAAAECAwQFBggH/8QANRAAAQMDAwMDAwIFAwUAAAAAAQACAwQFERIhMQZBUQcTImFxgRQyFSMzQlIkcpElQ6Gxwf/EABkBAQADAQEAAAAAAAAAAAAAAAABAgQDBf/EACMRAAICAgMBAAIDAQAAAAAAAAABAhEDIQQSMUETIhRRYUL/2gAMAwEAAhEDEQA/APcUIQgBCEIAQhCAEIQgBCEIAQhITgZPCACqdZXNgb8MOcql0uGkFkR+5CwEk75X4zseViz8rr+sTbg4rl+0vDYKK8smn9mQaXHgrLBaB7v6eQe6Tzs5bRZ7sypAikcPcA2PlOPyO36z9J5PG6/tDwzCEmR5VOtutDQDNXVRxf7nLZdGFKy6hY6jvlsrXaaWugkd4D1kMpY8FQml7Ry4D8oDgRkHIUgchCEAIQhACEIQAhCEAIQhACEIQAhCEAIQhACEIQAhCQnAQAXAAknZYK63LGWRnDRyfKlulcA0sacBaTfLo2IFupYeRn/5iejxeNf7SHXq8ugp3ujOXLHUd5dI1rwcgrWrxe4mUz9ThnwtYs/VDqOofrBfETs3HCyRwykrPQlkx46TPYG1bZ48St2PdYqvvX8Ecx7SZST8AzlazWdWmSgLYhoJG23C0+4X2qMschccjsVbFhk2cMuaMVR6nfvVMfw+MULHCoIw4OH7SvOrl1NX1mqWqlD3PPJ7LXp659RJqd3RK7+WGP48rd1f089tJ6M014ghFSyscyYnLfZOD+Vtls9ULpR2z9LPIXvZ+x55d9151TyPjcA4amnZNqZcvwdm8YUpFW0bza+u7tVX9lRUTSSNe4D2gdsL2Wy3z/qTaOaMxCWPWwF2cLmu13GKgqhN7etwHx34W1U/XFWa51XIzU4x+2CD+0JbixSkjpQHKVaJ6fdaMvdP+nqHATRjkncregQRkbhdoyUlZwlFp0xUIQrEAhCEAIQhACEIQAhCEAIQhACEIQAhCEAKCtlENM9/gKYrG3qQCH2/8uVTJLrFs6Yo9ppGrXGqPtueTvyvN79WmokdG0OdITgBvJW83SnqK1/6el77H6JbZ09R2omWbEtQeXu7fZeRau2e4mkqR5Y/obqCshdOIdLcZDXu3K1k00lFVuhq43RvYcOBG69yut6bTBzQ4At4wvJ+sq2Otr/faAJNOD9VpxZZSfVoycjCku5Sr6unjAaw6hhYOZ7p5S4j7DwsjT2574TUVLtDOwKjggFRU6IBlo5K0ppeGNqUvSqGO0jZZMQsqadzmYGgAFTwUPvAtYcyE4DVSljdTTOhLi0g7qO1k9KH07mtlEbmjbuqk0RqJXuj3weFekkj/ThwH8wHAKht59qT3XD4uOHKSrW6IoqYk6JWYJ4KmgBgeQ/hW610Lwfad8m8FMie2aImTAcAouyfCay3uW1XBs0D9Jz/AMr3/ovq6G5wRMnezL/2uB2z4XNrNEuphOHA7FZbp+9VForo5Gu/lteNbexCnx6Ie1s6vHCVULHcoLra6espXhzJGA7dj4V9aEZwQhCAEIQgBCEIAQhCAEIQgBCEIAQhCARxAGStautUJZ3Bu/YYWfrX+3TSO8BadPIKdrppD83cDwsnKlpRNvDgrcg91lO4sY4NP9x7rD3+7wxxECUZH1WMulU4hzy8j8rzu/XZpMjWzZcNgMrFHG5y0ehKcYK2Xr9eQ4GQfJ3YArVaWQzzPqKk5a3f7/RV3VEk2ljjtnLlYkl1ujjYwAAZIW2GNQVGDJmeR/4SzvfVxOkc88/GMcAKS2uMDS1hw+TYEqsKj2gWD+47/ZNkqSasFuwA2wrV8KWkZmn1UtTqacvPH2VC8Fv6gOz837n6JkFwdG8uyHSHbJ7BQzPbV1bQD8nclQo0xKVobHE+TSBuAdypZHMjglaTueFYnljo6cxR4JHLliZHuf8AN3GeFZbKPRKwuawOcCAUSTaWEM3JVmrmjnpIQ1unSMFV4tIOCBjGCpRDQlMWPAY74uO4d9UGQ+6cj7qGQYOByENedWondTRWz2P0Lvc7aya1SyEwvbrYCeCvbAuTelOoJbDe6atYCQ1wDwO7V1PaK+G52+CspzmOVocFeD+FZr6XEIQrlAQhCAEIQgBCEIAQhCAEIQgBIVVrbhTUbC6aUA9h3Wv1N8qKsltOPaj8nkrnPLGHp1x4Zz8Mnea1kbHM1DAGStCudY6V5JO3ZZO51LWw+2XZc7krVK+fRndYcs/yOz08ONY40a71bcnQU7mtO5XnJJfKXu33Wy9V1omk0Dla/p/lDC0YI1Ex8mXaVCMI18/dSl2S57TxsoGguOAnE4DgutHBMQEukHdOkJa4+QomOOvZSScknkpQvQ1j8NO2SU6B5Zqf37KMDDSe6CSWho7oRY90jnDc5Sx5cQMcKMjBwSpYjpyQhKJKl7T8I9k0PwRkcKFx+aRzvklCx0rvnkJGnLhhI7cApGktyUoiy3GBqa7twV7/AOiF2fVWOWhedRpnbZPAK58YT7Q85Xq3oNcI4r7V0sjiHyx5aPOFC0yXtHvKQlCVdjkCEIQAhCEAIQoKmqhpma5pGtH1KAnSE4G5WDquooWjFMwyO8nhYue41dTnXKWtP9rdlxnnjHzZ3hx5y90bHVXSlpgdUgLh2CwVbfqiYFkA9tp/u7rGvLGjLiCVWlqGtyQVlnnk/wDDXj40I+7JyzU/XK8vd5cUyesbE0gYWNkuA1Y1bKB0rZHfuByszbZrikgmd+oeXElY+5U4LMnwr8tRDSxEucFg23Q19S6kponyvP8Ai3OFME2RJpennl/LX3ExNGMHCxknx1M8FW70Xi7VBds5ryCFRYdbi4916UVUUeTOXaTZGH6CfJTwfPhMlGXjHcpXnSCFYqNh2eXKR+7HHwmN2AKASWOCAbk/dK74vx4QwYAJ8pZW4cCe6EDRzkqZn7DhRO2ICkaSTgbqCSPulmxkYQ9uCmE5O6lEMXUntALVEn6sNQJkgOGrbvS6odB1tby3PyfpOFpudlt/pdKyPra3ueARqwM+VDLI6mSpAlXU5AhCEAIQhAYe7XqOkBihxJMew4C1aeolq5i+pkLj47BVZJ9yScuPJKruqOd15+XPb0eniwKJddMAcDZQzVmhuM7rHPqN85xhVpakEE5CzdmzQootT1mx+SoVNcQMZKpTVY1kArHVlVgHdSlYbouS3AjcndU5bu5nB3+ixElS+R4ZGC5xOAB3XonQ/p9LVGOvvTS2PlkJ7/ddoYexxnmUUYzpzpq59TvD5dcFHnd57/ZenW/pugsdslit8IbIYyDKRlxOPKzkEEVPE2KFjWMaMANGAE97Q5paeCtsMSgjz8maU3s5H6lj9u8VUbv3tkdqPlYqBuQ4eFsPXdO+Dq24xkH+qSPssNStw8hw5CBbZUa3OHEbApj93HwrwaBA7VsMqk0ZzjsiDGnbZAxnHkJ7mKMjDwpRUV3ATnfN7MoeMBIw4IKE/RHHMmAnNOlxRGzVMB5KWZumQhQB0zcAHyFWd+5WZd2N+yrvUoiQjTzlKeEwHdOzspKocOy2DoqqfSdSUc0UfuPa/ZuM7rXm8gLN9MVj6C6w1EYBLDncKs9I6Y4uUqR1faJ6iehifVta2ZwyQ3sr6xPTNVHXWenqoyT7jcnPlZZdI7RzkqbQIQhSQCEIQHj81Rg4yqctT9VSqKr5bKpLPvyvFSPcZcmqzgjKoy1ZDSCVBLODlY2oqORldIxKSlRbfUgAklVIo6m41baakjdJK84ACpRvmq52wU7S97zpAHcr3n0+6QgsNAyeeMOrpRl7iP2/QLTjxWzLly0ip0N0BT2iNlXcmNmrCMgHcMW+gYAA4QlWxRSWjDKTk7YJCUEpjuVJBzn6uwe11TNUtbhkpxn6rSYiMuBP1BXqXq/QyB8vuMx8tbHeV5G1+dgfkAs8W5XZqyxUaa8aGyvcRpJ7q5DThtOZD3IVB7wSD3zusi2qZ7DWO4yFaSdHOLVkUkQy7SqsoALfIVtj2vnkwfj2VRxxNv5UoiQszcBqjHJwpJTrcccBNZguA+in4R9Hj4uDvCZUOJkyppm/EEcKtK4H8KFsS0Szg+2P+VWJyFLI/U0fZQqyKthjdK3hIgFSVHs3cFlba3TO0rGwt4PO6zdjpZK6vhp4WkvkeGgALlk8NvFSW2dG+l5eelINfGo4+y25Y3p63ttdnpaNo/psAP37rJLrBVFIy5JdptoEIQrFAQhCA51qZgTkELHz1JG2R91qL6mq5E7x9yq8lXV4+UxKwrjP+ze+Wv6NonrGjbXuq0XvVs7YKZjpHvOA0Dla22pkDsuOpe6eiNttlRSuuGkS1QOnJ/sXRYqObzdlZmvTr0/ZZ2tuFza19Y4ZawjZi9GGwQlWiMUkZXJydsEhKVIQrECJMZSoQGqeodibd7BNoZqmjGpvkrl2pp30tZJFIC0gkYK7McAQQRkFeI+svQrYIze7Yw6Qf50YHH1XJxqVo6qacOr+eHi8rdLt+CjVgYyh5yd0mC7jsrHP7onp3hr8k88onGZst78KBpxv4VuIaYjK7ntlQ9FltUI1n+nLj/lhRwOHunV42Uhk/ktZ9cqGABz3E9giJ+k8szTTY7qkDkJXO2ISNHxUpUUbsAfKCk7p4UkDEI4Ke1ud0BLA7DhngcL1L0Ws7q3qAVUkeYoBqJI2ytU6X6GvV+fD+npHime4ZncMABdIdH9M0nTFsbSU3yed5JCN3Fc+vZmhZOsK+mdSoQuxnBCEIAQhCA4wcc8pmkHkKQvYEmtp7LmWInRbZat19KOqz01fmxVDv9HUkMf9D2K1INBHGE10Zzlp3SwdlQyNlja9hDmuGWkdwpF5B6T+oLJ4IbJd3aJ2DTDK47OHheuMeHfdXTIoeg8ISEqSBEJON8pCShI7Kq3CkiraWSCoaHxvbpc08EKbJKVrc87qCDlT1I6bd031DLDGxwppDqiJ4x4WrRHScldOertlpbl02ZpacvdC4HW0btHdc31zKVta5tGT7AOxcqv+iyX0rTR6SD53Svky1rewRUSa37cDhQZJKJBumPkfk7cAJItQLiPCR2NIQHac47qSPo07kpRs0JqkDMx5QIYnNITSMIDT2CEEhaDuFsXRlgku9+oaYtyySQF32WvxMcXBoGSvbvRDpqqZObxUgCINLYwqO7o6JKrPYaGjhoaSOmp42sjjaGgNGFYSBKupzBCEIAQhCAEIQgOL44Sd3KXQG8BSBN1ZOACudlhp1H6BNO3ClwfCTSO5UAIJ5IJWSxuLXsIc0jsV7/6beoUN9ZHbq/EVcxoAJ4kA/wDq8ADW9yrNBVSW+thq6d5bJE4OBCmyaOvQdkLC9JXmK+2OmronAue0B48O7rNDjdXWyoJrshOCHKQNb9U5oQBgJUIK1xp46ujmp5W6mSNLSFy11708bBfJKdjHNic7Lcrqx+4XmXrN0626WZtdGQ2amJJPkKktbLxV6OeZA1jsFMa3LsKf9HI6J0xHxBxnyUR0so+RaVHZDq78IJQA7A4TFYkid7gDhhTw2982wGE7JBY5N6KABJ2UoJDcELNU9pEbfnuVj6imfJVOjibsFVZE2dHhlFWUs5Knha07uP4Vuit+on3mkELJQ2qAnJBVZZYotjwyeynbKX3JhsupOh6MUXTNFEBuYw4/lc/W6lYyaNrRy4BdLWtnt26mZjGI2j/wowy7SbLciPSKRaQhC0mQEIQgBCEIAQhCA45L2jYBGcDJ2CbGzDS934VeZksh3IAXMsE9Z/axVhJI87khWGUrAfm7Ks+0xzcNbj8KbFNlMNkPDgjXK3kZVh9NIB8XDH1Ssb7Q41H6pYo9D9GeshaLp/C6x+KWqOGkn9rl0ICHDI4K42drbIyaIaHtIIwuoOg+paS79P0RfVRfq/bDZIy4ashSmGbUEHhKkOOxVioiXKQhGFBIp3Wr+oFRRwdOVcdVPHGZGYaHHcrN3i4w2q2z1tQcRwsLiuW+rOoqzqK6TVVVK4xlx9tmdmhVltUTF07Hj+Hx03tOqdRBJCVtZQsh0lwc7steco3brl+FP6d/5DXwyMz4JJ2kPHO6zlK6jjjAbI3K1HCMuHDiksVr0mHI6u6NzLoncPB/Kr+xGx5c0AErVWzSt4kcPypW11S3/uH8rn+BrxnX+XF+o2QAZU8YWtR3adv7gCrkN8aP6kZ/CpLDM6R5GN/TZKMhtREfDgV0jbXa6CncO8bf/S5ap7xSuIOvSR5Xv3SXWFmqbJRtkuVO2YRhrmufggrpx04tpnHlSUkmmbghVqevpKkZgqYZP9jwVYzlazEKhCEAIQhACEIQHGs8ufi3hRCNztyVJGwE5KsMaCuZYbBA0bu4TpJQ3YYH2TZn4GBsqrCXyDJQke+U7qAyOJT5xhyGMyhA0F/KmpqmppZGy080kcgOzmuwlEWfsEj3Nj305KWKPTeifVe4W97Ka9k1FNx7n9zV7VaLrS3ikbWW+ZssT/B3C5AfVuOwGFtHSnU916acZaKoJY8bxHdqm6FJnUw25P4Rk9lzk71U6mbIXtqGc8FquUfrRfopAKmCCVvcAYU2KN59arxHRdOGiEgM9ScaAeB5XPh1crZepr5UdQXB9fV51P8A2szs0eAsI5rXDjCiw0UzlNJ+imlbg7KLCEDSQkyE4gppUgPykI8JUmRvsgE0pdKQkYQhAYSgubwSPsk38oyUBbpbnXUjgaarniI/xeQtq6a9SeoLPXxST1klTTg/OOQ5yFpYdvwlz9FBJ1J0X6iWvqud9PAHQVDdwx5/d9lua41tFzqbTXw1tHIWTROy0hdPenfVTuqrKKmWExzMOl++xPkKUxRtiEIViAQhCA//2Q==" style="cursor: move; height: 195px; margin-top: 0px; width: 231px;" /></a></div>
<br />
So far I have tried to tackle how different professionals look at privacy differently and how stakeholders are an important piece of the pie<br />
<br />
What I am going to try to address within this post is how technical ideas affect privacy and security, as well.<br />
<br />
I will also attempt to provide some guidance concerning some of the issues I will discuss here.<br />
<br />
Please note, I have no relationships with any of the companies that I mention here, or any in any other posts that I have written. Also, it is up to the reader to do their own due diligence.<br />
<br />
Now, the reader may have some level of knowledge of the 'tecky' stuff but I will try not to make any assumptions. What I want to do is to highlight some aspects, describe them for those who may not be as technically inclined, and provide some resources where more research can be done.<br />
<br />
Some lay people use the words security and privacy interchangeable. While security is needed to maintain privacy, it can mean other things as well. For example, physical security of a public facing office (banks, insurance agents offices etc) is generally accepted that it need to be addressed, to protect the employees (non privacy issue) and protect the companies customers from data breaches, which is a privacy concern.<br />
<br />
What I am going to deal with here is security that is needed to protect Personal Identifiable Information (PII)<br />
<br />
So lets get started.<br />
<br />
Security<br />
<br />
Hopefully, when a developer starts coding for a new application, or making enhancements to an existing application, he/she will know how to code to prevent security holes within the code. But as we all know, we are all human.<br />
<br />
SO what can we do?<br />
<br />
A new type of software is emerging that can help developers to highlight what they should be coding. This is in a form of questions/guidance that can be based on questions/queries from a knowledge base. The objective is to build into the design document (this is the document that concern how the programs work together and coded, given the requirements of the application being worked on). This would then place into the design document specifications of the required defences that need to be incorporated within the code.<br />
<br />
The two software products that I am aware that falls within this category are:<br />
<br />
1) SD Elements (http://www.sdelements.com)<br />
<br />
2) Security Innovations (https://www.securityinnovation.com)<br />
<br />
Both have there strength and weaknesses. They also tackle this aspect of security coding in a very different way.<br />
<br />
As an analogy, let us use the example of your car (or your friends, car if you don't have one <S>), or boat, bike etc. Which is cheaper? Is it changing your oil every x KM/Miles, or waiting for the engine to seize when the oil can no longer do its job?<br />
<br />
On average it costs about $4,000 to fix a vulnerability in an application (SD Elements). According to White Hat Security (https://www.whitehatsec.com/resource/stats.html) on average, there are 56 vulnerabilities per website (2012). So let's do some math, Shall we?<br />
<br />
It will cost $4,000 times 56 on average to fix all the problems with security on a public facing websites, for a total of, and average of $224,000.<br />
<br />
You can close your mouth now.<br />
<br />
And to top it all off 85% of all websites White Hat tested had one vulnerability. And to make matters worse, it took, on average, 193 days from the date the issue was detected until it was resolved. Never mind that 61% of the White Hat tested websites that had vulnerabilities were never fixed in the first place.<br />
<br />
In other words, the best practices, as well as the ROI, demand that we need to try to nip this issue in the bud. It follows that company's policy should have security requirements and processes be part of the design phase of any project.<br />
<br />
Privacy<br />
<br />
At this point let me highlight a series of documents, white papers that have been produced by the Information & Privacy Commissioner of Ontario Canada. (IPCO) Dr Ann Cavoukian PH. D.<br />
<br />
The premise advocated by the IPCO is that of Privacy by Design (PbD). It goes in to much more depth that is beyond the scope of this blog but I encourage you to head over there and explore.<br />
<br />
There are two sides to the equation. Security for the professional IT people and Privacy for the legal 'minds'. How in essence they are complementary and how they must exists together.<br />
<br />
As a note here, one of the white papers on the sir 'Privacy and Security by Design: A convergence of Paradigms' talks about what I am writing about here. It was released in Jan 2012.<br />
<br />
I do have to make an admission to the reader. I started writing these blogs, and this one in particular, before I had any notion of this white paper's existence. When i did discover the PbD white papers i realized the concepts, topics, and themes were similar to the issues I have explored in my blogs,<br />
<br />
I will continue along this road next time. I will highlight examples of different forms of testing for security and ideas of privacy.<br />
<br />
<br />Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-84798730856791115112013-04-30T05:09:00.001-07:002013-04-30T14:38:24.334-07:00Stakeholder/Privacy/Security Oh My<div style="text-align: justify;">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Times;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1791491579 18 0 131231 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536870145 1791491579 18 0 131231 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
</style>
</div>
<br />
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"> </span><img class="rg_i" data-sz="f" name="fXsc7N9uCEm3sM:" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBhQQEBUUExQVFRUVFRQYFBgVFRUWFRQXFBQVFBcUFxUXHCYeFxojGRUUHy8gIycpLCwsFR4xNTAqNSYrLCkBCQoKDgwOGg8PGiwkHyQsLCwsLCwpLCksLCkpLCwsLCksLCwsLCwsKSwsKSwpLCwsKSksKSwsKSwpLCwsKSksKf/AABEIALcBEwMBIgACEQEDEQH/xAAcAAAABwEBAAAAAAAAAAAAAAAAAgMEBQYHAQj/xABBEAABAwIEAwYEAggFBAMBAAABAAIRAyEEBRIxBkFREyJhcYGRBzKhsULBFCNSYnKC0fAzkqLh8RZTssIVQ2MI/8QAGgEAAgMBAQAAAAAAAAAAAAAAAwQAAgUBBv/EAC4RAAICAgEDBAECBQUAAAAAAAABAhEDIRIEMUETIlFhMgVxFCORwfBCgbHR4f/aAAwDAQACEQMRAD8AYZoYpVD0Y77FUSuS6LEgDoY9VoVZmoEdQR7iElkvDrX4QB8NLGuBdez9bgTbfn7BTrNVIn6dD1OUb+yi4bodz9lpPCeElu3n4f3CrVLhtzXguG5F+VzaP75haVleFbTpgNssvJNPRr4sbg9jgPc0d0Anx2HoN1F5pmmJpDVrogc5a6B/VTD8OHi8kdJMHzhReN4ap1bdkwAGbyfud1eC0XfcUynE1qrZeWOtZzARPodlAZhm9R1VzW1WUWtdBJA1EjcAkgK54LBim2yi8xyFpqF4iHGXAtaRq63G5V4W3spJrsRueAigNTtR0/NtPimOTZeazRClOJWfqgAOUW8LLvBzNOnVYJ97SMCSqTTJnKOFHASXD0SGY5NUpOkOBEq94bTpER6KK4mqsZSJdH5pfNhjNbJKNRKy2rIvuFUuLMx02BSxzrUSJiDYqq584l5vKxOLlqQvLYxY++60HgmrqZvss4YCrxwBmLWAtcbynum9syRjtGg0Csc464y7fHFjDNOiSxsGznT33+pEeQCuPEPF4osqaTfQ+COR0mPqsp4cwHa16YN9TgXeS0Mk9D+HHbJ6lkNXEsBptuJO288kb/pbEt+aiT4gLYcmwrabA1oAspMNSyyN7HvRS0efMzymtSHeYQPEKv1XEG3+y9OYvAU6jSHtBB6hZ7xR8MqbmOdRsdwPy8USOZr8ijwLwNfghn5FarhiTD262jo9nzR5tM/yeC2ReZ+HqtTLsyoudbRVaHTbuOOlwPoSvTAcm4u0I5FTEqiPgxdEelMELrqBB8wraKbjziB5mygsOE+4wxoo4fWQSA9sgCTewt5kKJyrMRVE6Xt/ibH1EhIdTK5UaPTw9rZF8VURpg7GxWU5ng+zfHLkVuuYZU2uwtd79FlXFHDtTDPh12nYoMG4sNJWirdn/f5pRrEr2KGnr/yjcgKiJRyRHNmyNVrtkBHLOq7yO8RuKq6jPo33QVeZ3gaFT4dJPNdw2hlZ+Fdqb2gD6eoRLxGprSbOu0O8ZerGwqj8e8NxT7btC+pqF3ODSG3sALkyRz/CU7m98KYl0mT0svJFyGAs4ODCCAWkbhwkQAfCboYY90KicEcUYio40a1QvhssLgJ7phzS7c/h3V3wOIBb6rGyKmegjPkrRKUa4CTxWNOzdzz6eKSFPY+6ZZlh6xeDSa1wG+okHqIA3v4q8ZvscdWOq2PdS3Afzkuj6AKNxWfl40kAb7THunTKTnCHv7Pr+oJjvdZPK6h8XgXmo1tOtqYQ41SWBtosGiZmeZR4pvZyVJff7MlMPXDqUv5G3t/wkaeb02mByT+nloNIN8PvdNaPCDXEoslPgkjz2dueRtE9kfEOshoI+6f8R5IcVRLZI8gq/kuVjB1p5FXqliQ5shEwKShxnspGNqpGI51k7qBIv62KrGJJ1QVtOd8LPxdadmj6qh8YcGuw9RpbcOn0ISjw1J12KuPllNcyEWliHMu0wnGLw5aYO643L3cwrRgyroksuwRxeFrzd+hwHmojgZh/Sv4WyfSytvCGDe1tVos4h2nzIso/JcrNPGBxtrp3ER3pvbzBRcuo0anRQco8l4Zo+FzFoAN48AT9lJYfHtqDunbkRBVOfSxHahgltADemWa3Hp3hDR6E+SNk2FxGHdqqvDhq7vWOhMXSyVRuzQ7yqi0ZlmRpiGgFx/aMBo6lQA4somr2TqwLzaBYT0ba/uVLZrhO1d5gQm1PIGdr2zxrqW7zrxAgW2sFdebf7HGnSpfuVjirJoxQrCxNF0fxscCP9JUh8NOO3V6hw1Uz8xpOO9ie6etrhPeKarW0nVHGBTa50+Q2+yx/g7Hup4qg4GC2qyD4ahIPheEzBtbFs8FwUfOz0yl8CLlJvZC7Rq6NTugJ9kyZa7jfiWHUtB538gP91n3D1PF0Xlol9PUfngGJ5QrtjapcC7fmenkE1wlGb9Vl5ZcpNmxihxVD/DVJaOSg+LsD21MgCTy81P02WRXsuhytIukjIcv4QxNWrp0wOpFh5q65bwFh2WqM7ZxElziYHgGiwVvpMAbso2m15eHxAkgk2cRJgEcxsrb8kglbMk4w4fp4bE6WfKWhzWkk6ZJBE7kSFCB1vEfVaX8QMia9oqj52iAfCSYPrKzDFVdINiCNjuD4FXTvQPIlytHRiEFFOqk9UFbiCs3YJtmbKZpPNUta0Ndqe4DuNjvH2Qx2YMoU3VKjg1rRJPXwA5nwWScXcZ1McSwSyiDZnNxGznnmfDYeO60uNqjKj3sn+2DczoGnTLKVcF1MuZpc7VTJM+wMctSttUmk6eTvuneFy1mJwmFqR3qTWVKfX/D0Ob6tJHmB0TithQ9sbgpHr8HpTVdman6d1Hq43fdMJh8zEbiU7oZiJ3n6qt4nK6jf8N0ed49d0xrsxNOTDXesGZ8f9kikx6Wy/OIeN1E1aTWar9VVsLxHXBhzDPm2PO5UFjfiGXFw0O7riCCQDYwb3jmmsUZy7IBkyRjFps1WjiARZPcuxgDoVW4P48wVdukvFKp+xVgT/C75XffwTzG4ttOprmyvPJki6oxbZP5rVEgqWybEMLLQqeOJqLxuE3wvEjBWaA6AT1gJeHWS9Smjt7NFrYxrBJVI4szljyOgVypBr2DnIUTmHD9EDUQE1kjOW09F5ptUZPmjBUqNjqrBheHw4NJRuIalFtRobp1SAI3U/hcO4MBhdxztu2UeHRG4HBClVgDcpDOsBDjVaLD5o5dSfDnKkSP1ykcJ8xR5RUlTCYMrwu0RmV48OF90fMcSDtsNz0UdjsEaOIcAdLXyWnl4j0P5JM16tJ2ktZoP4+84z0c230lZkou3E9DGUZpSiTdXMGEN0nUYjuwduqQxGYuaII9QmgexontD17lLSfmiJeYFrpvh6BqONV7nERDGlxLW9XcgTveF2UWlZauO6Kv8UcU79HpN1EB9R2oA/MGtBAI5gGFU+DMvdXxVNoEw9jiZjS1jgST0EKZ4xeMXjm0HSBTaQDzDntFQu8oAHorv8LuHKeGo1ash9VxDOjmtMaQQdtTj9AnoY5cE2Y2fOnNmmVzYeK5hPmRajYgTMADzgRKNhfmTAiQvFNGnR0H5O0cWncNNpvyB/wB0jgawbDT6HkQrLmDWGm7tAC0Al0iYAEzCplIGpW7ZstpwBTYQBa5LzHMk2HILP6iCj7ka2DI5Rr48lipo+hNqD04D0C7CMNyTZtN0RNks6oihy5Zy2ip8av00T/dlkuMnUWm07GN+i2nP8IHtPPqsV4krFlVzROkH28ArYn7qKz/Gxl/8K83AQWlcP4/LW4akH4gatPe1sOoEkkgwDzPVBaSxr5Qg8r+GZFjc0q13aqtRzz+84mPIbD0SAKSCUCaYA3b4YY3tcupdaeph/lcY+kKTzOkaB1i9NxuP2HHn5E+x81Qfg1m0Pq0Cd4qN9O67/wBVrDmBwIIkEQQdiDyTGXFHPip/4xLFml0+Ztf4itmu07KOx9eBKNn2XnDOBae46dN7j90/1UPXx5NouvPTwyxy4yPU4csMsecWMMbXOl7uZhojkXHSPuqFnNPs8ZiGchVf/wCRI+hV2xNYGtRpkwDUDnk7AMBdJPIWVM4qqTj8Qf8A9D9AB+S1emhWLl9/2Mnqp3m4/X9yPiCpbA8S1aYDdZc0fhdcenT0ULKAKM0mqYCi/wCSZxhq7g2oTSJ6nuE/xcvVXujkVIQRfosJa9Wvgzi19CvTY95NFxDSCZDJNnN6Qd/BAeCEVaQNpm608xLKYAEkbXQzbGOdhzNpb+Sr2NzbSQB1CsmLrMqYU3F2/kl1KE0+JOT7NmMYnEmniGuN4cCtKwHEZqsADTeFmGJYXVvX81pmGzLCYag01a1KmYFi9ur/ACi/0SUE21RpdsaHDv8AFHon2DEvKpj+OqL60YdlSuRHyjQweJe+IHonNbPqjgQIpyDOkyY8HGPy62ElmrGDZnOSRJcacQ0qdM0wA9wgk/8AbuNiN3QdvG+6ZYXMhZtS4I35EKl8RvJovgG4LBBJ+abnoNR8zeYkzZsDTmmzqAB9Ep1cUmjR6Kbp/BPtw+FAkx6wuOqtqWYIaPr/ALJsMLziPRPMPS0hKJfI/kyWjOc7wJGdF34TSDri06OziRcbKey3HnD1WOY4HSQHQIaSIJZOzoPPaZiIBCGYVzUxTnN5d0EEXgHTuY+bX/mCTrGLAmAIB1TMbn1Op38y3unX8tWed6h/zNFty74vYWrVdSrtfh3tJBLu/TJBiz2iQNjdo3V1y7GMqw+m9r2kWcxwc0+oXmTjDBaK4qDaoL/xNsbeWnzumOWZ5Ww7tVGq+m7qxxb7xv6obikwitqz10+6rTaI7WoBZoe4AdL/AGmVkWU/HHG0QBV7OuP326Xf5mR9QVqPBWe0M4ours1UqrXaa9NrgQHRIcJF2uGxtseYSnUYXOKoa6fIot2P6lQN5ptUx8RvB2MGD5HmrHRyqm0zpk9XHV97JTHYZtSm5rrCNz+GNneEJP8AhJV3G/4hfBXaTidynTHJpl2Ja9tnNduJaQ5pgxIcLEJWo6ErxcQrdjbOa4YxxOwBJWKZzWD3udsCSfdaBx5mpZRLf2jHpuVlWYVy0Sd0TEvdZJfiE7YDogo6SboJqgQz1IzXykybwjsWqZpO8HZj+j46g+YGsNd5P7v5j2XoY4gNaXOIDQCSTsABJJXmAOIuNxt5rc8HmJxmDobgPptdUPUgbDqJE+w6pzp/d7TN6z2tSEH5721So6pTJa4BtOfwsBmY5zufTooZ9D9Y7T8k28o/5Cs78KyGttI9vKeV01r5cS5rRzJB6gRJnyAMHxROt6eOXFce6BfpvWSw56n+LT/7/wDCpY3KT+i4iu4HU9jgz91kx9RJ8oWfZtX14iq79qo8/wCora+LsTSoYOqHxPZkNYNzIhvkOcnosKcZMncmT63QMsFjhGCHOnyvLKU38gBXQbrhQYEsNii6HbIpXCbhdK0brluDfi6VJzQSXMY6fNoKc4/I8TTZp1G/LqrD8KdLsqwzxvoLT5se5v5Ky4kNcY5hZPocbfkL6cXR5l4vqPoPFIy1xEnrEkAesFNeG8kbiXd+qxjQflDmio6OQB2G1z9gSJL4w93NqreTW0QPCaTXfdxPqqcIKdwxUYo5PejY8NgWUWaWNDWjkPYkzv5mefLtEMSYBiQetxz3k3mfWZm8l+POrv5Pf/md/VX/AIXqD9DYQSSNWrc96YiTEWjnsWy4CyaUrdC0ocVdjnMaWt1NvjMeAtEcv7vMgWeizS0DwUNRogvB8QN+gMW8vAf1tFHCy0eizerXvNLpPwO0sVZI5vmXZ07bmzfM2TithNJsqzxDjWghznAMbEyREO7moeU6vHS07biw43OVB801CNjagJdzNp8RZkG/geZ3LV1wk/0+guqDxHn36Q9opyGMLiDsS4hokcwIYI9U3HEWIaP8Z5/ih0+ZcL+q2PUSVGO8Tey6cQZf22Hc0fMO83+Js29RIjlqBCzsGyf/APVWK/7p/wArZ9438VGueST/AHJO5Q5STegsYuKoNqWkfAnMHMzTs2nu1aVQPHLuDW0+YIif3j1WZkqVyLNquFc6pSeWPLHMDm2IDxDoPIxzF7rngtR6C46+LdDLnGlTArYgfM2Yp0z0e4bu/dHqQsO4p+IWMzEkVarhTn/DZ3KY/lG/m6Sq/VrEkkmSTdEAVKosah8IM+IpvpEyGPkDoHdPUH3WnVcVIWE/DguZidX4XjSfuD7j6rXm1y2xWP1Gps0cW4oqvGlfXVa3oHH67ql5i0OZ6fmrPxDUL6tQjkNIPgLn62VXe2QPALmFUrL5H4G9OiIQSMkII/EFyIiq1dYV07IjbFa5meBULXPhnmGvAhh3pPc30J1j/wAj7LIgrr8MMfpr1KRNqjWuHmwwfo76Jjp3WRCnWRvE/rZrFKiNwPNR+Y1XyRS+aImJIBk25TYXKk/0hlNhJcLDqFEZTmDTTa9z2y7VNx+26PotSPyYU09UU/jml2eCcSSXPeASbk3uSTvsVmK0f4lYoOpUmMIdL3uMGY0Nge5qH2WfDCu6FZ3VyvJ+xtfp8eOG35Yg7ojtXC290ZKDzCTdB7roo3RXOuuNlqN6/wD5/wA7LsNiMO4z2Tm1GAm+mrIcB4BzAfN/itCpVYqEnosF+CGMczNqbRs+lXa7yDDUH+pgW3ZhSdqJHRDkls5bTR58+K2K7TN8UejmN/yUmN/JVembp1n+K7XF16kzqrVT6F7o+kJnRUjosxQqwcEYzRiNB2qNseYLe8L+IB9gq+UfC4g03te3dpBHpyPnsrp0yrVqjWWd0g+I+8R4bi3WOqt+XEFoVJw1cVabHtNnBpHr+HxsSCNx5K2Zc8hqV6te9P6Gujfsa+xLi3MjSokMu90x4BokkmR4cxusQznHGvVcS9zmg9ydoFpAAAHstI40zEsFR9pDQxtpkzO52+YjnssrR8cFGC+9gMk3Kb+tHISbjJ8kd7oCTFgulUAbordkd1giMK4WDRCUa+39+CQcZSlNWOBnBdIXGC6UayTHUgLjOruadwXlLHYam4bkX8wVe8Vh/wBWOoVM4PpFlBrehd/6n+quFav+rusKe5M1Y9kUHP3lpcwC7t/IuLp+3soDEQxv3/oFMZ3jtdU+3oFDv7zhOzb/ANFfE9EydzlLBDSJF+frdBHc8yuomwdIiRRHQey72Q6D2RkFtmMBojkPZKNqkXFvKyTQUONCzsS47uJ9Sk9XiVxCVLZKR2UFxBQhE4unDym7nKRzKlIlRbiowkdhSUGopKMzaUO9hCyfD3Pzgcwo1O7DnCm/ULBlRwa4g8iBeV6Az3iCm2m6HCQD9F5bpnmtWwzG1KIqB2ppbJM9B3gfGxSvUZHCn8hMcOTZlLnSSet/dGpFEJnZca5HTK0OCutRNVkYHdXKGhcHBwwzQ7+Xl3XHULmxufSQbHe+UqkMWZ5PmL2Nph2ksa0DcCzgAARsQJjb8XhIv1PMWmhqBtF55Wm58jugdWtRYfpXuSKDx3jwYa2+p73O3/CSIv4k7cmt6lU9SPEeM7TEPPQ6efKZF/Ekeii3u9yj+BfyFNz4BdK61sBFcVCxyqbIoC4/kEdcOhXOhdpLjrIUlCC9MWT7KqGuq0dLpmArDwlhNVSfEIeaXGDL4lcjR8ioQwf3v/wpLGuimfJIYWjpaEz4hzHsqDjzs0ebrf1PosNbZqFExVWXu8z7BJE7+g9yitd3vOUoN48f90xFUgcnbF2hcRWOsgulSJBXZRF0lbhihpQlFlCVw6GXUQFdlQgaUJRZQlQgKjZBCgqzIJCnpUXmdKDPVQtF7I8ldjkiylgENbDM45WvhfMHNweMaTYUiR4Oc1zT7wPZVQuHVPsFm3ZUa9OJ7UACORHXwhDzx5Rr9v8AktjdOyOCKUA5ccukFWlK0rkDrb3SAKAcrJlWi/YSQwCJsNnMGwHMXR8XnHYUnh0jU0hgB1AumoRJG15PvzMqJyHPS4aDGoREgHVESfOPzXOK8a402tcbztAEASdvMn3TEqlEWjyjOiuufJkoreqTLkYOQLGBRIuN0ZzkkSoyJAmSlC5JU0qAqo6wjkrh9ki5yUwzt1F3O1oe0KJe4NG5MLXsk4QOllSk22loc38TSLbcxELMeFKOvFNnkvR+RUgKY8gizwxyY9gPWlDJor9Wjobe0dbLM/iBm+qu2k3and38To+zfut6zDEtp0nvfGljXOdN7NBJ+gXlzFY12KxL6psaj3OgbDUZAjoNvRZy6VY3yseXUOaqiWw1OYHRdrzDiOtvNO6FENbHhc9B080liXCLeQSvK2NVoIWH+/G6CUDSf76WXVLZCFQXCuSt0ww0roKJKGpQgdCUSVyVCB5QlFlclQgpKTxNHW2Leq7qXZUOpkNj8vfQfoqN0nccwQeYIsQkmMlW3Nc8bWwTKDqWp7HS2ofwCZIB3M7EG3sFWyxCjF+RqbS/ESdT6Qk3MS5SNRWkiqY5ynJK2KfpoU3VCN9Ow8ybD1V3yr4RvscVUDZ/BSIJ9XkaR6ApL4acUNwzX06lqbnggxs5zYg9QYCu1P4k4XtdDiQRaXCAPLkAlm32QxGK7szDi7hE4J8s1OpHYkgkeZAAjxVbK9CZlltLFUi5pa9jxeCCLjcLL80+GtftYw7dQM2/Z8Z/ZXVKtMq1b0UxlSD5bFL43HGppncAj3T7OuFMRhXubUpuIbGp7WVDTE/vloB9LKJNIoiboHSsACNKTXRTJUIdLkDTMaoMAxMGJ6T1XQyDf1jeFsmZZVTpZS6jRaGirBaHSSXOgguJ57Ic58e4xhwvJdeDH6GFeWF4a4saQHODSWtJ2BdsCVwtWw8RZT+hZUMNTZLqummAACX1HxqPnYn08FmfEXDlTAva2o5ri5uruk26gz0XYZFLRzLgcNkM9OcvwL6gquaJFKnrqeDe0ZTn/NUaPVJ0MG+pIpsc+N9LS6POAtT+D3Cmujjv0hhpitSFBhe0g9/U5zgDyBbTPmArWrA060jPshxvZYhjuUwfVejOHMyD6TYPJebcxy2phqjmVWljmki4IBgxLTzHiFonAnF4LQwnvN3B+4TOOSapiuaDT5Iu/wAWs5NHLKgG9YtpT0Dru/0tI9VhuRnvrWfiHiRiMsqxu3Q8fyuE/QlY5lhPaiPVL9RH2tB+ne0y2TYAb8/76qPx2JDTciRtJ2RcyzkUm6KfzH5j0n81E5dTNWq0G97/AHJWdjxWuT7D88n+lFqwghjfJcRKmZtaYnbogh8JPdF+UV5IOUUldKIVuGIjsrkrkrkqHQ+pclFlCVCB5QlElCVCB5XZScrqhKJjh/Nn0KkseWzFt2Og7PbsWxPiItCsPF/C1PEYb9Lw7Ax+nVUYz5Xj8RaBaRcyNx4qk0qpaQRuCCPMLU+EMYKtGo5p7hqWH7JNOmXN8tRPuUfAnKfB9mv6C/Uy9OHqLun/AFRizjKScpjiXLhQxNRg+XUS3yNwPTZRlHDuqPaxolznBrR1LiAB7kJfJFxk4sexzU4qS8hKeJIYW8nEEny6K4/DzhxuIqGrVbqYz5Wm4c7q4cwOn9FVM0yx2Gr1KL41U3lrtJlpLTuDzHMK6fD/AIips/VPcGEkQSYB3tJtzSmS0tDEWn3NQ7RobAAA5RZSuV4caQ7mQP78FXReOYkfcKx0y0CxjyE/RBSruMJqrQpUrC4ewgdYlp9Rt6wqlnfAuExQdppMY4zD6UNIPWB3T5EK2do9ouWk/u2Psf6pkQzd0sd1HcM+oh31VrfgskmtowXifhk4KoGl4fM/hLHW6gyPUEqIa8LY+NcsNfD1Rp7Uta51OIa4OFw4cvQbrFSZR8c7QtmxqMtC4IBE7Le8zcx9PD82ipTJjkBt9YXn2SPFaJ8PuLQ9v6JW3P8Agu8rhh8Ry9uipmXJBukmoSpmoYisyrUo2B0lzp6ENi3ufdRWcZDh8TWeatNjhpgEjvSIIAduOe3ijmp3Nrtvb2MJrjazmllRmwMP5y08/Q390tvuaNRehfh/gWjhKjnUTUb2gEt1ktEdOfuSrWzKzHzOUNlmGNS5qPnlDrD0U3TwrwLVn+oafyXN92UlUUopiGKyhlRumoxtQdHtBWa8Z/C8D9fgQab23NMHumP2DyPhstYpMcPmdq8YA+yOaIIVoyaehbKk1swzLMzNei6lUJY4tcxwcCLwRB9Vn+stPQheh+IuCxUcatGGVfESypHJw/MXWIcScOYijWqF9B7W63GQ0lkEzZwtF096sZxXyZscThJ/BC6yTJ3S1DFuZOkxO6QiEWVyl5Ljn9JK6miCtZyicpVJaD7oORGYd9P5mPb/ABMcL+oUnmOUilhqNftGu7We4PmZab3RLFqIxclJmuOqHajqFCUKShKIT5e4Q1KEoPqQlE1IalCB5XZScrupQ4HlTWR8U1MJSfTZT7TUZb+6YvKg232S2Gq6XA39N45okJuLtFJwjNVJWgmIbiMXWLntMnqNIF+pVuyP4e0yA6vVYT+yHtgfVI0CQLOJn5bzFuZ2CUrMbElwnmAdRPiCAqt7t7J4UY6RZqfw/wAvO7WHyqkfZycs+GGBftTHo9x/NZxXqNBO3rEoUczLNhP2sqvfgtFNeTVMDwTUww00Kss5U6skD+Fwu36jwU7SwNUth9JjvDUD9SAsQxfHOMb+rY8taLQwwPpdTXw/zLMKuKpxUrlvaM1yXOpinPf1aiRceqD6SkxqOWUEasMC8n/Dc2Nu+2PaSmOYYLGu7rDS0/vkk+zQrcKchFdhp5n6LqwHX1LZnlfg6vUEVKukGZFJz2TO4MclGt+FOEG7XH+d39VqJwA5ud9B+SK3LKY5E+bifzRVBLwLSlKTttmXu+FmD/Zf6VHLtP4TYeQW068g2Ie4QeswtXp0w35WgeQCDz1Ur6IrXllCwvDVWiDHbuHSo8Pjym6jc7xVTD0nEMl34dXyk9CRstKdQBTWtgW9B7BUeKL8B455rXJmdcAZx+lahiAGPa7uta4gFsbgze60FuFEd17x/NI+qZ4jJqRBPZsDjzAj3hJNwjAIhzf4XEfmlsmGuyH8Wfmqb2TdCmeZlLtaojBVQ2xeXdJN1IU8SEGMS+XQ5gFN8ZhGuY4OAIIIPiCEBiZSmJI7MnwKjiAs8w5vguzr1GcmvcB5Tb6JicOOimeJamrF1iP2yo1aUNxViMtN0N/0YdFxONKCtSK8mbvxjlxr4OpTYBqOkibfK4HfyCxHF4ZzHFrhBBg7IILslaAYnuhsQilo6BBBCDhSwdAudmOiCCh0HZD+yUU0vEoILpLHmV5U6vVZTa4y8wJ2S2a5P+j1HU3OOtpgxt6FBBIvPJdV6Xjjf+90WUbVj7hTOhgqrqhYKuphbBgRJBnbwTDEFrnucJGpxdFoEkmAggno7ZSSoc1M7LWhrWtbA6SfqkKWYlz269Tmz3gDEjoEEFeziiqJHA5a/FOIpUW3eHTqaDFxoJna/nZWvLvhPWqXq1GUxazGgmwjwCCC54KvTot+V/CXCUr1Gmq79829hAVuwuBZRaGsa1rRsGgD7IIK8SsmLawuh5QQVylne2HRKASgguNUdTOGmoPOc+OGkuovc3qHU49iZ+iCCWm9jWNKhll3FZrG2HeG9Q+n9iQrCymHNkT67oILkHs7NKhN+AlNauStP4iEEEwLjV3DDD/9j/ROaORMpiTUqEeJn8kEFRpfBdTl8iBzvBUpL6jrby2ofsFEcQ8f4A0SG4ktMWijVM+F2j7oIKk4x+AkJyfkwvF1A6o5wJILiQTYkE9EkAggroocQQQXTh//2Q==" style="height: 175px; margin-left: 0px; margin-top: 0px; width: 263px;" /><br />
<br />
<br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">To
continue with the theme I presented last time in which I discussed
the differences between privacy (first pillar) and security (second
pillar), I want to add a third pillar, that of the stakeholder. </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">It
seems obvious that he/she should also be included in any discussion along
these lines. And yet stakeholders can only add complexity to the equation.<span style="mso-spacerun: yes;"> </span>But before I begin, here are a couple of
notes. I received a number of comments concerning the previous post. Some
people commented about the fact that any discussion should include other
interested groups as well. And as you will see, that is exactly what I
will be doing here.<span style="mso-spacerun: yes;"> </span>Yet I would be
remiss unless I addressed another issue that was also brought up. </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">What
I 'd like to do, and only you, the reader, will be able to determine if I
am successful, is to highlight the 'human' factor in this equation. As we
move more and more to depending on, exploring, and exploiting the technology we use/rely on, we have had to develop tools to manage
and control the reliance on the same technology. We have tools to check
the code for security holes. We have tools to make sure we develop
compliance processes. We have tools to help the auditors to verify
systems, etc. </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">Yet
the one aspect that is forgotten in this mix is the human factor. He/she
is the coder, the report writer, the auditor who verifies the results.
etc. No system is fool proof and no human is perfect, except you
the reader.<span style="mso-spacerun: yes;"> </span>So why bring this up? I do
so because some of the comments I received include the following: 'a
security/privacy system that is put in place will address the wide divide
between humans and technology/compliance'.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">In
response to this I say that tools are important, but we must realize that
the tools are not the entire solution to this quandary. We need
to understand entire eco system so we can successfully address the
issues of Security, Privacy, Regulation, and Compliance.<span style="mso-spacerun: yes;"> That being both the technology we use, and the tools we use to control/enhance it. </span></span><br />
<br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">So let's begin My objective in the previous
blog was to highlight some of the inherent issues that prevail within the
privacy/security domain. Here I want to explore the added complexity by
adding the involvement of the stakeholder to this process.<span style="mso-spacerun: yes;"> </span>Let define some terms. A stakeholder is the
'outsider'. The person who ultimately gains from the process being
discussed. For a lack of a better way of definition, the owner/holder of
the data in question. This can be a VP
of the product line, the director of the stores, the sales manager etc.
He/she is the one who can say, without question, 'the buck stops here". </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">Generally
speaking he just wants good end results. Most stakeholders see the added
cost of implementing a well defined privacy policy/practice in place as an
overhead that needs to be controlled. </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">They
want to make sure their data is safe but ask them if they think the added
cost of security systems in place is, for example, worthwhile to prevent
internal development personnel from having access to the real data, they
would balk. (Note this is a generic over simplified statement, but I use
it to make a point). To address this issue I point to a number of
organizations that rely on non disclosure agreements (NDA) <span style="mso-spacerun: yes;"> </span>the only protection to address the above
mentioned issue. This is 'cheap' to implement and easy to maintain. Yet I
hope you, the reader, understands that this solution is like having your teenager
promise they will clean up the room. A good idea but without any other
incentive probably doomed to failure.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">The
problem here is that we all have different views on the same situation. We come
with different experiences, responsibilities, education. While the stakeholder
is ultimately the person responsible (For further info along these
lines read about the SOX act that was passed in the US), she/he may not
know how a truly good governance regulation compliance (GRC) process is created.
And in fact he might not even know why the company needs one in the first
place. </span></div>
<div class="MsoNormal">
<span style="font-family: Times; font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><br style="mso-special-character: line-break;" />
<br style="mso-special-character: line-break;" />
</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">So
taking the analogy I used in my previous post(how security personnel and
privacy professionals look at a 'square' and see it differently), the stakeholder
is the owner of the 'square'. He holds the square but has no idea how it
is constructed but only knows how the square is used, IE. not how the WEB
application works. Only that a customer can sign in and order the
widget.<span style="mso-spacerun: yes;"> </span>So what can we to do? The answer
I suggest is fairly simple. Education. </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">The
privacy officer must educate the interested parties. These parties include
the stakeholders, the IT personnel Given that there is a privacy officer
already in place means that the first step has been taken. The
people who work on security need to educate everyone on what needs to done
and what it takes to get it done.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">The
security personnel need to interpret the requirements and educate the
parties on how this is implemented. Why does it extend the software development
cycle. So in other words by educating the parties they can justify
the time and materials that will be needed to produce eco systems that achieve
the goals set out by all the interested parties within a manageable
framework.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">So to
help the reader, I am suggesting a couple of different resources that
can be used to help. </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">1) A
short piece on how to explain HIPAA to the layman (Stakeholder). It
also provides some additional reading that may be of interest.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">http://www.ehow.com/info_7778811_laymans-guide-hipaa-compliance.html</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">2) A
very interesting website that targets NON lawyers with information concerning
privacy. There are a lot of very good additional links that can
be of some help. Please note that this site deals mostly with US laws.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">http://www.eprivacy.com/lectures/toc.html#toc</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">3)
Another good resource for educational purpose is the Electronic Privacy
Information Center website. Once again, mostly US information.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">http://epic.org/privacy/</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">4) On
the consumer side of the debate, a list of resources can be found at </span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">http://www.privacyrightsnow.com/affiliates.htm</span><br />
<br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">5) And finally, two studies that come out yearly. </span><br />
<br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"> A) One is the Telus security group yearly that looks at the state of Canadian companies security. It has 5 recommendations as well as pointers on how to try to make security more prevalent in the workplace. Registration is required.</span><br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"><br /></span>
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">http://promo.telus.com/securitystudy/</span><br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"><br /></span>
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"> B) The other one is the Verizon security's 2013 Data Breach Investigation Report. This report is a yearly report that encompasses expertise and information from various international organizations responsible for the reporting and investigation of data breaches. If you do not look at any other resources listed here, then this is the one to read.</span><br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"><br /></span>
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">http://www.verizonenterprise.com/DBIR/2013/insider/</span><br />
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"><br /></span>
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;"><br /></span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">Please
note the opinion of the individual authors/websites are their own, and I do not
advocate, agree or dis-agree with the opinion expressed.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">And
this is just a sample of various resources that are available to help with the
issues described above. But ultimately it is up to the individual to make sure
they adhere to the best practices within their industry and Country.</span></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<br /></div>
<div class="MsoNormal" style="tab-stops: 45.8pt 91.6pt 137.4pt 183.2pt 229.0pt 274.8pt 320.6pt 366.4pt 412.2pt 458.0pt 503.8pt 549.6pt 595.4pt 641.2pt 687.0pt 732.8pt;">
<span style="font-family: Courier; font-size: 10.0pt; mso-bidi-font-family: Courier;">Till
next time</span><br />
<br />
<a href="http://ca.linkedin.com/in/robertgalambos">
<img alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn" border="0" height="25" src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" />
</a>
</div>
<div class="MsoNormal">
<br /></div>
<pre wrap=""></pre>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-22858933943155305442013-04-16T05:15:00.000-07:002013-04-30T14:31:19.638-07:00Privacy and Security sometimes don't talk the same language.<br />
<br />
<img class="rg_i" data-sz="f" name="GcDmc7ZQKspiKM:" src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQyXXyomfb_33HyHM-u3t7ZZHrNWLtIuuWajpJ86rCsPtIVkMpY" style="height: 196px; margin-left: 0px; margin-top: -11px; width: 258px;" /><br />
<br />
In this blog, which may seem as a little rambling of sorts, I will try to first explain where I see the disjointedness between Security (where the IT people see it) and Privacy (where the Audit Privacy officers see it). I will then try to guide the reader to various resources on the web to offer help.<br />
<br />
This will allow the reader, no matter which side of the fence they sit on, to at least understand the other side and understand what they are talking about. Some of these resources quoted below will be targeted for the IT techies, and the others for the Privacy gurus. By putting them in one central location I hope to bring together, in some small part, the two groups so they can better understand each other.<br />
<br />
So let's begin. <br />
<br />
<br />
Privacy. According to the Webster online Dictionary: '<span class="ssens">freedom from unauthorized intrusion <span class="vi"><one's right to <i>privacy</i>></span></span> '<br />
<br />
Security. According to the Webster online Dictionary<span class="ssens">: 'measures taken to guard against espionage or sabotage, crime, attack, or escape '</span><br />
<br />
<br />
An explanation. Security is the process that is put in place to protect the Privacy of the information, whether it is Personnel Identifiable Information (PII), company's intellectual property etc. <br />
<br />
We have a problem. The 'WE' in the previous sentence belongs to the IT personnel as well as the Privacy Officers of an organization. Many times the Computer guys speaks in 'techy talk' (subroutines, C#, apache configuration etc) and the Compliance personnel <span class="text">talk in legalese</span> (jurisprudence, PIPEDA, Opt in, Office of the Privacy Commissioner etc). So, it is no wonder that many organizations seem to have a disconnect between the two.<br />
<br />
To address the need for privacy and security in our day to day computer lives, some measures were/are developed by people who may look at a issue but see it in two different ways.<br />
<br />
As an analogy, let's take a look at a square drawn on a piece of paper. The IT people see it as four lines connected at the corners, and the Privacy people see it as four corners connect by some lines. (I hope you get my meaning in this analogy I just presented). Both are right, but both don't see the entire picture either. And thus, this illustrates the issues that many organizations face.<br />
<br />
Yes this disconnect is evolving. There are now certification/training sessions for people who are responsible for privacy policies and are not technical (for more info go to <cite>https://www.<b>privacyassociation</b>.org/) but try to bridge the gap (CIPP/IT)</cite> And there is various <span class="st"><i>integrated development environment (IDE)</i></span> to try to ensure that the code written can be tested for security (IE PENetration testing etc.) But as much as these two groups are trying to work and understand each other there can be some areas where they are miles apart.<br />
<br />
If you have followed this series from the beginning, you would have remembered at least one very common example where there is a security/privacy hole big enough to drive a tractor trailer through. (see my previous blogs for more information) And I would bet my two weeks of pay(jar of peanuts) that most Compliance/office of privacy departments have yet to investigate the arena. This is a clear example where the lack of understanding of one department operations by another can lead to some very ominous problems. <br />
<br />
Privacy Officials, for the most part do not understand the nuisances of coding, testing , developing applications etc. for the current market place. They do know the laws of the land, and do create compliance rules that all have to abide by.<br />
<br />
IT professionals, again for the most part, do not understand the rules that governs Privacy. What is a Opt in or Opt out option? Why must Credit card numbers be treated under some externally developed standards? What are those standards? (Well, maybe they do, but this is used only as a simplistic example). IT professionals know how to create a automated process to sell, bill, retrieve the widgets that the company makes, Yet the problem is that IT people (the techies) more often then not are not involved, nor understand the Privacy Realm.<br />
<br />
Education on both sides is the only real answer. So in the following I will try to give some resources to the reader with some comments that may help understand the other side.<br />
<br />
Please note I do not have any financial relationships with the organizations listed below. Nor do I recommend or agree with the statements contained within, though I have found these sites to contain valuable information. Whether you are a techie or privacy person I strongly suggest you take a look at all these resources to better understand the world we have to work in, so to speak.<br />
<br />
The first resource that you may or may not be aware is the Privacy Rights Clearing House. (https://www.privacyrights.org/). A very useful web site, where among other items, is a list of all publicly disclosed data breaches since 2005. In fact according to the web site, as of when I started writing this blog, <b>607,472,154 DATA RECORDS WERE BREACHED</b>. The number of breaches were<b> 3,678 DATA BREACHES made public since 2005. </b><br />
<br />
The type of breaches that you will find there include 'dumpster diving', laptop/hard drive being misplaced, and SQL injection to name but three. Chances are that you or someone you know was a victim of at least one, if not more, of a data breach. In fact if you do the math, the number of records is about twice the entire population of the US. And this site is very light on breaches outside of the US.<br />
<br />
The next resource is Ponemon Institute (http://www.ponemon.org/). This site has a wealth of research on the who and how of privacy. Its stated purpose is 't<i>o enable organizations in both the private and public
sectors to have a clearer understanding of the trends in practices,
perceptions and potential threats that will affect the collection,
management and safeguarding of personal and confidential information
about individuals and organizations</i>.'<br />
<br />
<br />
The next site I would like to point the readers to is the Verizon Security Blog. (<span class="share-source separator">http://securityblog.verizonbusiness.com). Basically a week by week analysis of what security issues are out there. Also, they have teamed up with various </span><br />
<span class="share-source separator">International Law Enforcement organizations to issue a yearly report investigating the causes of data breaches. And the information would be a surprise to some. For example</span><br />
<span class="share-source separator"><br /></span>
<span class="share-source separator">97% </span>OF ATTACKS ARE AVOIDABLE BY SIMPLE OR INTERMEDIATE <br />
CONTROL.<br />
<br />
The latest report on this web site is a review of 2012, but the updated 2013 report is expected out very shortly.<br />
<br />
Next is an organization called <span class="st">International Association of Privacy Professionals</span> <cite>(https://www.<b>privacyassociation</b>.org). </cite><br />
<cite><br /></cite>
I happen to have two certifications from them. They have two items I would recommend the reader to investigate. One is a blog they call Privacy Perspective, an interesting blog where various people talk about issues of the day. The other item is their 'DASHBOARD' (They have one for US, Canada, Europe and ANZ). They gleam information from various sources and present them in a concise 'executive' brief type.<br />
<br />
<br />
The above resources are just a tip of the iceberg. The problem with Privacy professionals and IT gurus understanding each other and thus being able to frame the issues/requirements/concerns, etc taking into account each other's prospective is not something that can be done within a simple blog. But I hope that it will open some people's minds on what the issues are and some resources that will bridge the gap. Or at least have each side gain a better understanding of the other.<br />
<br />
<span class="ssens"></span>
Next blog will continue along these same lines.<br />
<br />
However the next blog will be in two weeks time.<br />
<br />
Till then, if you have any comments or feel like you want to touch base, drop me a line at rgalambos@gmail.com<br />
<span class="ssens"></span>
<a href="http://ca.linkedin.com/in/robertgalambos">
<img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn">
</a>Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-81165722363277877282013-04-10T08:27:00.000-07:002013-04-30T14:29:29.241-07:00Data Privacy Project road map part Deux<style>
<!--
/* Font Definitions */
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"MS 明朝";
panose-1:0 0 0 0 0 0 0 0 0 0;
mso-font-charset:128;
mso-generic-font-family:roman;
mso-font-format:other;
mso-font-pitch:fixed;
mso-font-signature:1 134676480 16 0 131072 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
mso-themecolor:hyperlink;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast
{mso-style-priority:34;
mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
mso-add-space:auto;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-fareast-language:JA;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1321806277;
mso-list-type:hybrid;
mso-list-template-ids:-1516206788 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1
{mso-list-id:1504126066;
mso-list-type:hybrid;
mso-list-template-ids:-68405934 67698705 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l1:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2
{mso-list-id:1652248609;
mso-list-type:hybrid;
mso-list-template-ids:-96546678 -1261673478 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-text:"%1\)";
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.5in;}
@list l2:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l2:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
</style>
-->
<br />
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<img class="rg_i" data-sz="f" name="HpNCYfGF2Nt0rM:" src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcTezlVV_jmzHHKzwSNnSQRkRWei2tLy2gyzDCQPbD_c5lUI5Tps8A" style="height: 160px; margin-left: -3px; margin-top: 0px; width: 240px;" /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Before we get started, let’s review some critical items that
we covered last time.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The analysis phase of any Test Data Privacy Project (as all
other IT projects) is the lynch pin, where you make or break the project. So to
summarize this step you need the following:</div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">1)<span style="font: 7.0pt "Times New Roman";"> </span></span></span>Identify
the meta data of the application(s) in question</div>
<div class="MsoListParagraphCxSpMiddle" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">2)<span style="font: 7.0pt "Times New Roman";"> </span></span></span>‘Marry”
the meta data to the data stores (the field in the meta data that corresponds
to underlying <span style="mso-spacerun: yes;"> </span>table/file)</div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l0 level1 lfo1; text-indent: -.25in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">3)<span style="font: 7.0pt "Times New Roman";"> </span></span></span>Inspect
the potential PII Fields/data to see if they are actual fields that need
masking. A sample would be nice to show the SME, if there are any questions
about the field contents.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Then we have the design step. The following is the continuation
of the discussion from my pervious blog entry.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
It is the SME who is the critical member of the project team
in this phase. He/she will be asked questions like, how do these fields that
were identified in the previous step as PII, interact with each other?<span style="mso-spacerun: yes;"> </span>A simple example: is there an edit to make
sure the city zip/postal code combination is valid?. The rules should be
consistent throughout the environment. IE, if you age the birthday in one file in
a certain way, you will need to age the birthday the same way in any other data
store you have.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Now before we move on, I should address a question that
should be brought up at this time. Are you going to need to sub-set the data
while masking it? (see my blog <b><i>Testing and Data Privacy, is there an
issue (final post or is it)? </i></b><span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold;"><span style="mso-spacerun: yes;"> </span>After you
answer that question, the next one is HOW? (And as I mentioned before, my
expectation is that you will answer YES to this question). Are you going to
want to take a random set of customers (as an example) and mask all the related
records of those customers? Or has the SME given you a list of branches that
will be used for testing? So you need to also mask the customers of those
branches, including the addresses of the customers of those chosen branches, <span style="mso-spacerun: yes;"> </span>the SSN/SIN/Tax ID for those customers, and
extract only those products that the target branches have to sell etc.<span style="mso-spacerun: yes;"> </span>What this all means is that you will need to
design the extract process at the same time as the masking process. This can be
a large hurtle to be overcome, BUT the end results will more then make up for
the effort. (this will be a subject of another blog entry in the future)</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">WARNING WARNING WARNING</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">I’ve got your attention, I hope. What I need to highlight here is that
the sub-setting of data and the obfuscation of the data needs to be done at the
same time. Failure to do this, may mean an increase chance of a data
breach.<span style="mso-spacerun: yes;"> </span>Now back to your regular
scheduled program.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">The actual masking rules do not only depend on the requirements, as
defined by the SME and/or legal/privacy personnel (see above), but also is
driven by the chosen tool set that you have. For example, if the toolset you
are using, does not use >128 bit Strong encryption, should you still use that
technique for masking? If you need to be able to reverse the obfuscation (if
there is a legitimate reason) then that may restrict what kind of rules/code
that can be used to mask the data in the first place.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">Another aspect that needs to be considered, but many times forgotten, is
how will the audit requirements be satisfied for this project? And make no
mistake about it, there will be a need for audit reporting for this process.
Why do I say that? It is because the masking process is most likely being
driven by either regulatory requirements, or best practices. And in either case
some sort of ‘proof of the pudding’ will be required. This also needs to be taken
into account within the project.</span></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">Once the design phase is finished, we will then move on to the
coding.<span style="mso-spacerun: yes;"> </span>There is not much I can say here
:</span></div>
<div class="MsoListParagraphCxSpFirst" style="mso-list: l1 level1 lfo2; text-indent: -.25in;">
<span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold; mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">1)<span style="font: 7.0pt "Times New Roman";"> </span></span></span><span style="mso-bidi-font-style: italic; mso-bidi-font-weight: bold;">Depending on the
chosen toolset you will be using, it will indicate how one will code the rules,
and the limitation of those same rules</span></div>
<div class="MsoListParagraphCxSpLast" style="mso-list: l1 level1 lfo2; text-indent: -.25in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">2)<span style="font: 7.0pt "Times New Roman";"> </span></span></span>Try
to reuse as much of the masking rules as you can. There is no need to reinvent
the wheel, if one can help oneself. Some tolls allow for one rule to be applied
to many different data sources. And for obvious reasons that is something I
encourage you to do as much as possible</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Next is the implementation phase. This should be the easiest
step. I mean, isn’t this just another IT project? And don’t you implement IT
projects ‘all the time’? <span style="mso-spacerun: yes;"> </span>It should
follow the same process, right?</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Maybe. But to see if it is easy, one needs to ask a series
of questions first. Some examples of questions are as follows;</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoListParagraphCxSpFirst" style="margin-left: .75in; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.5in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">1)<span style="font: 7.0pt "Times New Roman";">
</span></span></span>How often will the obfuscation needs to be run?</div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.5in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">2)<span style="font: 7.0pt "Times New Roman";">
</span></span></span>Who is responsible for the running of the
process? Will it be production support, or will the users themselves run the series
of jobs in question?</div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.5in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">3)<span style="font: 7.0pt "Times New Roman";">
</span></span></span>Will there be a need to have user input before
each run. (IE. Will the data sub-setting requirements change)</div>
<div class="MsoListParagraphCxSpMiddle" style="margin-left: .75in; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.5in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">4)<span style="font: 7.0pt "Times New Roman";">
</span></span></span>How will change management be taken care of? In
other words, if a file/field is changed or added, how will the masking process
be updated? Who will do it? And how do you ensure nothing falls between the
cracks.</div>
<div class="MsoListParagraphCxSpLast" style="margin-left: .75in; mso-add-space: auto; mso-list: l2 level1 lfo3; text-indent: -.5in;">
<span style="mso-fareast-font-family: "Times New Roman";"><span style="mso-list: Ignore;">5)<span style="font: 7.0pt "Times New Roman";">
</span></span></span>Make sure that the Audit reporting is
implemented. Is it on request, or will some sort of reporting need to be done
every time? Will the reports need to be secured?</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
And in all these steps, you should make sure you document
EVERYTHING, in a concise and accurate manner. Only with this being done can one
try to assure a successful ongoing, maintainable process. I would suggest
setting up a Lotus/Excel worksheet to help with this.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
The intention of this blog is not to replace due diligence.
Each IT environment is different, with its unique challenges. My sole intention
is to try to help the community to tackle this concern head on. Experience
tells me that this is a big task, but does not have to be daunting. </div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
As the many clients I have known can attest to, if one does
this methodically, with foresight, one can achieve a successful conclusion.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
If you have any questions about this or any other topic that
I post, or you want me to explore some issue, drop me a line at <a href="mailto:rgalambos@gmail.com">rgalambos@gmail.com</a>.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
Till next time</div>
<a href="http://ca.linkedin.com/in/robertgalambos">
<img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn">
</a>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-63447619501567173112013-04-01T11:47:00.001-07:002013-04-30T14:25:06.576-07:00Data Privacy Project road map <br />
<img class="rg_i" data-sz="f" name="2c02j7sZ-kOvGM:" src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBxQSEhUUExQVFBUWGBcYFhYXFxgdFxodIBgaHRwfGBggHCggGB4lGyAXITEhJiktLi4uGiAzODMtOCgtLisBCgoKDg0OGxAQGywmICQsLCwsNDQ0LCwsLDQ1NCwsLCwsLCwsLCwsLCwuLCwsLCwsLCwsLSwsLCwsLDQsLCwsLP/AABEIAL8BBwMBIgACEQEDEQH/xAAcAAABBQEBAQAAAAAAAAAAAAAAAwQFBgcCAQj/xABQEAACAQIEAwUFBQMIBgYLAAABAgMAEQQSITEFE0EGIlFhcRQygZGhI0JSYrEzcsEHJDRTgpKy8BVDRHOi0RZUY6PC4SU1ZIOEk5Szw9Lx/8QAGgEAAgMBAQAAAAAAAAAAAAAAAAIBAwQFBv/EADERAAIBAgQEBAYCAwEBAAAAAAABAgMRBBIhMRNBUfAFYYGxMnGRodHhIsEjUvEUBv/aAAwDAQACEQMRAD8AZYmfmu3N9ozJM6Q4aLMisI7EGVrAMJCBqTYBhbqaSwjY0hrmZsxVGzArlfLZ2Rt8gN7cvuk72Bqa4HBGqZkMrliczzZhISTmIsQAqkm9lGU7671JVuUL63FKsXxsgXKJEPecNlU3BiXIpBtq12LXsEIA0O/UyY1owLyqcveZChcElQAqhlzZRmLMFzNoALHSz0VPD82FyFOHxoLcuSFUJ7vOEjy2sBdsrctL6nKug9aUOExTqBJNGGGa5jVkXoF0BubDM247xG4FS1FTkIIqfh05IK4pgACLEa20sdDYN0JsdyRrQOGykODOy3YFCrOzAKAEUljtoWa2rEm5INStFTkQXI2Ph0gkLnEOVa4yagAZie7ZrKbMw2NjlI2tSR4TMb3xUmoIFgbgm2oOe9wACB0JapeijIgIzG8LdgBFPJEAoX33b7wudTctlzC973YG4yipOiipSSAKKKKkAooooAKYnia94rHM4QKXIjItm90APlLsQVICgkh1PUU+w+EbESrh0JFxnmcHVIr2sPBpDdB5Bz0FPIuw8qxCJZYkRZBIECHK7WIzN/VkAgjLexRbHui2erVknaI0Y33K/PxORFmZsOVWA98vIoDHS6RMFKSSg6ZMw73dBJvZ6MYh1UswNrZUkbf91TVg4D2NMLo8sqylJHmGVCpMjczV2LtcLzJABpvc3Iq3XpI1Z8xnFGaxszHKsGKJ88LOq/3mQL9aXGDxB0GFnPryVHzMorQqKbiyIyooacHxbbYfL/vJoxf+5npeLs7izuuHXyMsjfpEtXWio4kupOVFRTsrOfenhXxywuTt0Jlt8xUP2g4eYHSJMS7ysQxGSIKqA94kBLkagb7lR969XnjHEkw8TSOQANrm1zYm1/CwJJ6AE9Kz7Cq7F5pb82U5mB+6Pur8LkkdCbbAUQzSdrkOyFZYlY3I9Dsw9GGo+FROL7PK1zFLJCTuBlZD6ow1F9d96maK0tJiFA452dnUE5Vl8JFvdbDS4/aAdbAuNLW1qAh4OVjKvECyZwSv7QWI7xjtmdNd8httcG4rXqhuNcBWbvKSrjVbWBDDYo9rxm/w8RreqZUehNzK48HEoVnYXIPulGUW67321tcHwNEcoWQ5Mz2Ui6s2VhluSOo01Kkaa9BVgxUDKVALLdipcjKUbVirKp0s3estxpcZqisTiGQsygIblA8YBTNa4KZTlBO5t451FxVGyGGUePIKtEShXu62LAWJ0FrFTvtvRTDGvfUpre98zHQj8V9QTr470VXoBunDGBjGUsQC4Bbe2Y+GlugI0IsfKnVR/AiOVptzJbaAbyMQTYAag38r26VIV0Y7IQKKKKkAooooAKKKKACiiigAooooAKKKKACkcXiOWhaxY6BUHvO5NkRfNmIHzPSlgL1JdkOG89xin1jQsMMPxH3WmP8AxKn5SzffFknLKiUrkz2R4KcLCeYQ08rcydhsXIAyr4IigKB4C/U1N0UVlLAooooAKKKKACiiqx2540YoxBHYzz9xQegO5I8LXJ/KrnpYwBBccx3teI3vBCRlGlne4I9QCFc+Yi8HFc0nhoQihRc26ndje5Y+ZNyfWlK1wjlRW3cKKKKcgKKKKAI/inDRLdlC57AHMO64Gyv106HcGxG1VXioXltpygSFkJUM0TA5rSrbvgG7A2uRcjvFg96qJ7Q4b7N5F3Ve/YXJQb6fesOnkDuoqupC+qJTMr4hgSJHjWI8wPblDVbZb3A8D7wILCx32JKWx6Msli7G2iG2uS219NPdsR0uNBpRWNxQxqvBXJjszq5VmGZQVvr1Q+7rcWsBYU/pjwVyYRcMLM4s+pADsBrYXHgbU+rfHYQKKKKkAoruKJmNlBJ8q8kjKmxBB8DQBzRRRQAUUUUAFFcySKvvMq/vMB+ppjLx3CqbNiYBbf7VD+hNDaQEhRUanHYG9x2k844pn/woacHGNa64bFvpcAYd1v5XcLb186XPHqFhX2JsTKuFQlQ4zzuPuQ3sQD0eQ3RfABz0rSIowqhVACqAABsABYAfCqDwHjEmFjIOCmaWQ55ZJJcLGCx0AAMxKogsoG9hfcmu5/5QXDFSmBjPQycRUn4pHCx+tZJTzO5YtC/UVm7du5jtiOHofwpFjJyR43VU/Q15/wBK8Swv7VlJ2CcKxB+rzD60rZNzSaKzRe0mK6z4lhY+5gsMh/7zEn9K6wPEsXJfJjp43R4VkjxGHwrjLKSqMvKtfvi2rDZvIkzEXRpNFVAcQ4kh/wBixK+H2uHf5kyqfptSydsHT+kYHFReLRhJ4x/ajbNb1QegozIksuJnWNGdvdUEnx08B1PgOtZhBM2Imkxb2OclIBuBGDYkH8xAAPVVv98047XdscPimiwsU4QPZpWfNGwH4QHCkP4dQxUjY0rltYAWAAAA2A6AeVquoxu7iyYUUUVpECiiigAooooAKAaKKAM/7TcIiiWQlC+QhkS9s0ZawCkA+7nUWt9xj4UVbuMwpYSSC6pa9rhuoFiNd2OnnRWeVPUa51wEjkgA3szDZgR3jYWOtrWsbKLWsq7CQrqOMsQqgknQCuopCzZIMjakNOwDLcaMIEPda2oMjXFxYK2tNUqwoxvIIwcnZBHAzAkDQbnZR6sdB8aZzcSgQgZ2ndrlY8OpckDcmQ2jVR1bNYdanpuB3GbIjuFJV8a7OMwBsVh0RNeoVTYnbaqt2tORc00q4ksO9EpEcN1tlDIozzqLEhQp2sTass8bySLVRZ0OIq4jfERx5JZMmEwoJdJNNZZzYc42uEWwUXBtqrU9wi2ijHgHC20GUSPkKi5suW1hf3ctNOEdjsTLImIxUuV2QghCPskJ9yAAWVmWwZ7nKL2zFsyS0vDTC6wklkYWwzm1+6v7GQ9WCAlG+8qkHVbsuHm+Jeb777sTOH8dEIUUW+m//nRXSM4V1HuPUb7VzXUe49RQBC4Lh6LgoJlig5ghwskk0kCSSyNOxzEu+wVAxtYk6agDXrC84ktG2J0NvscFEoGgNtMKTsR1pxhHzcLi88PgV+SS/wART3A8pZIy7II3e8g50gVV5Z7zE4qzsSE0Edhci2lc1uyuPa7sN8Rg8W66pj3v4StF8wZYwPlam0vAtRzIlv8A9vio2t46NM1S+Fhi9pjZ0WRc8nMHKhljKWcJywsLShgeUe8w0zX6VDdo35YVUjdc0kha0TIHju1l5ZjRRoVF7t7nneiF5yUeoOJWMZLBnPLiwehsDnjF+t9IyetKLizsvKXT7qyOB6WQXFdNcoqrFIjBGV5DKxaRiB38pktHY3IC+Nr6V1eUsG5cOmTu2ATu5rXjYSBr5tSSfdXwtXYp8WEMsI/XvmJZEn2cjZ2Z5ZWWNdAVwsu/hmL20F/pVoPBMwDIcU6nUFYIrf8AHIL1UuFYh4suZU7ryOCvL05nLzgLyAoH2aEZQpGuutaP2exTPCkeGxGGGRQAjRSM6j8w5yE+u1crG8WMs81v8x4qL0IOfs+REzsOILl109gXr55/82pnhOGPBNKrsxYnhbEMyEqPbZdLoiiwAI6k6+NhOY9MVzXXEYpFVQHXlwZVZbA6K07XYOD0bp4io2FX9qkDszkpwwgNluo9pxBy91VBtYnr11NUwbtdk2RYqKKKYg4xGGSYZJkWVToVdQwPzrPOyTukSxPbL9t7O2tykc7Rsr/mU5LeKsPDXSYveHqP1qj8PH8z4aw0zT41j6MuIYj0zZfkKspSakgew/oooreIFFFFABRRRQAUUUUAcyRhhZhcHcGiuqKLANu0DSJg3MbGMyXR5QLlI7qHC+DMGOvRVcjWvOzLNHAMg5avqqC32afdVWtfbUnqSTXfGIg+DxCs2UKhbyGZWhYkeSyE/wBkVxiMWI7KvurYFjfQCRUbpqcvMPqorieJZs6SN2Etq2Pyb760zkMaSM+UCTlsbga2sV2/EblQbXO3hXQxZOfJFNKUUsyxIWIGuW/gWtcLqbEG1qrkvE2UNMGQuFbItwxkmykLGqi5JTcra4IUEbGudToy3eiNVSrG1lqX/sRiGfBQiQkyRosclx94Kp32buldRpXnEMRBmlkxc3KgiZYokzFc8ilJGdQO9IwbIigC4yyfiqudlcVi5lbDwsMOEFjJIoaTTcpFbLGSzbuSQABl7pqb7AcKhtO+VmxayOrzTEPMubXQ7KA+ddAoJRj5114JN3MM5NxSK5KWmjMeEwkUT4aJZTisQvKxTgAnOkSjOQ9iCzGxuwI6VK5gdRsbEeh1FNvYXdZ4ZVlx0mGSOKLEKwjxBdzKZWWUyAhA2VCMx9xgQbGnYwrwcqKcKCyxpHOthGXygcuVdo3JFlYd1z+Emx0Uaqi2mUyg7XOa7h95fUfrXLqQSDoRoRXWH95fUfrW0rITgr34WngsWFNz4ZsSAPgK1jhcKiGKygfZp0H4RWRcGkvwwXt/R8FbTxmxCfxqV4/xrErxCHDJPio4jgopCuFgSV8+YqSQVNlt19K5FaLaSHW/fmapeqf/AChcJeREmQFjGGDganKdbgeRH18qiP5Qu0vOi5GBxEkU6YuGCRlV1yly62zEAN3h909KgOC9rp5MfDiHmkGH9nmzRFzyy0OER5Cy7XEjsNt1qugp05qcd0M9RpRVbmcvgMXJ7SZJVGEmzB725xGdLg3Qo9wR+bxqR4OrCTFK+bu4h1sb6WA0HlXpsPjlVajaxTKFiToGhB2I2I0I9D0orwDWtc1mVlzFROcIxgYnnPLKxIOUyEEZdmDMbZhfuqDcm23V3DOr40spVgVwXeXYke3G9uh2JU7Uw7PR3MlgGYhVVLKc18xN7qQFAGpII+lS+HwmTEtc3Ilw+boLmDFOco6Dv15zFRjGtKMdi+N7E7RRRVJB1G1iD4a1mbcUKcFwEoD/AGMhR1BRXLPGzKySFHAUo1iLaiQjQitKB/j+lZL2ilSPhHDoEvqRLISfeY4dXHXUBZAB4ZPKr8NT4laMHzaX3JR1B2+S3fw0oP5XRr/E5aXh7e4c+/FiE88isPo1UaivVPwenyk/t+ETw0anwzjuHxGkMyM34L5X/uNYn4CpGsVniVtCLny3Hx6VYuD9rsTCAslsQg2zkiUDw5mzf2gfWufV8PrQdo/yXl+Pw2K4PkaRRTHg/FosUmeInSwdGFnQ+DD9CNDT6sIgUUUUAFFFFAHk2F50U8I3lhmjH7xjbLp+9aqVjOM5lSdbXlZQRfujNKXN+uis+2xYb1e8LNkdX/CwPyN6zbtZwxcPiZYbBBYth5ALLZiZICBsARmgJ6FV8K5+Np3abLqUmrlh7J4VMVh3bRssyLmuQUaV8IqutjfPyuYqtuMpFxmNSnBcEuPgbFYdwmKJ5bklOa0aTMUEr5bpI8eQF7d4AetVDsV2mOBxJ5tzE4WNguuezCzoLXLB2Y5fzOBqoFabwvDwGRMXhJkMKiVJFDXQK1nNj9wq6hgh0AeTa4rPa6sWQWtz3sZwtoubI4sWIjTxKR5u8fDNI0h66ZdTTvifZ5ZXMiyPC7e8Utc6AEg6MCQFB1scouDaphHBAI2IBFe1C02NGRNWZGcI4cMLEVRSQtwigguVF7XJIDOzF3JNtZDUPxLiwxuGaOFHRZs0bTS5UWPK+WQgZszSKQcoUe8AbjerJjcYkS5nNhewABLMeioo1dj4AXqpYaHKs0bI0brK2IylgRkxLyMu2gYMjAqCRfqatpQUpWZTVeVWiOOIzh5XZdATp/z+O9IxnUetc14TofQ/pXUS5GMh4IwvCwBv7Jw4/wB6WVv1NW/tH2bwsmJWZ8dLhMRyViAixCRMUzEjpfVvDTSquBbhasN/ZOF/QufqdKjf5UcKTjJwoicJwuMnmglsomsTH+F9rGuTNXasWLfvzNP4/wCxYl44JsRGskc0ciRiZFk5i6oCt7m9xpbXSonD9meFSFoY5EZo1xCukeIGZRK32uZVNx+HXYACqXwZ4v8ATMxL4RbtguWMQmedrwJYQPsr3y6+NqjOBSYU4BYRE0mOGF4l3ozrGPtbiZAb3YWAuOopFBrS7JNExHCOCzxySGXDmIRxQSsmJAjCq4aMOVcKGzKLMdTqKacY4FwaQNi0nw0cjSNbECcFDIV1U9/Ke7rYetZjxCVHwczRlWVcBw1HK2IEglS4a33tDcHXSpXEzJDMRiGiBj4tA0xQZYQhgNiI9cosGvvf4U0YSi01JgOMdiY4cvMkjAb3GDqUcXtdGBsw8x8bG9Kg316VCcSjjXBRyF+UxfHSYcSIORNCXX7Ox1Vm1K2Hy0NSnD/2Sd3J3V7mvd02110rv+H4iVROL5FM42LnwSSHDQqxJeWYAlY+89j7qi3u28TbW/hSmGAGJbuZCZIbre5H8zmbvH7x1uTrv8aZ9jiO+quUcnMQFBBUZbakW3Lab6+lOYf6Y97XGJUGwNjbhpO19NCK49ZNVZZt7l9/4onqKKKQQ4n91v3W/wAJqhNFBFgoXnW8HIgZSYlkjk+zAAQe7HMJWfS40djqLhbzj3yxSnwjkPyRjWD8f4QMOuHTKqs2EjmPdXMGcye81sx0CmxJtc2q/DUXWqqC8/tqShtI92Jta5Jtppc32AAHwAHlSbnoNzQjXAPiL0nC1z/ZX63v+gr3bmrRjHnt38iw6Zgth1P+SaIgdSTcHYWrhUu7HwsB+p/h8qXqqlBznnbaSbSXLpd9e/UHXCeJHCzpML5R3ZQPvRnf4j3h6VrKsCAVIZSAVYbEEXBHkRY1jlT/AGX7UeygQz3MH3HGpiubkEblL3OmoJ61zfFMI1LjRWnP8/n/AKJOPM0WivEYEAqQwIBUg3BBFwQeoI617XHKgooooAKj+1PAjxHD8pSFxEYIgJ2dTq0THwJAKk7MBUhQDSzgpKzBOxi5aSPPFOrRzxasJAbEC1g4uNb5LNrcW+Nq/k9gWabFYeNpEMiMQyMDG62/YymzAqVvZtGGVrHUir1x3CR42JY8SC2UqUkW3NAzDMua4urLcWPWxsbUn2X4WmExs74eGR4WiVJ2jisEmGWQBYwSbNGykhQQGGm9hgnScC2LTdi74SYuisylGIGZDup6jwNjfUaGlRTLC8WhkYIsgDkX5bgpLb/dOA/h060lj+IcqeFHsscuZAT1kILAX6WCkW68z8tZ7G3MkjjgqCX+dMLtIDyr/wCrhPuqv4S4AdjuSwBuEW0bxI3xOK8BBglPrzcU2/iFN7eYqxgLGnRERfRVUD6ACqlBiC8TzG4OLlMwU3usSoscNwdiyLnt+er8Om5plFbSKRxXjbG3gf0r2vG2Pof0rpGQj3T/ANEqSf8AZuFj5MTv8RWmhVaxMGfNGoL2TUGxym5uR5eVZxH/AOqo7/8AVuH/AEjc/wAK0RHACAysjKiEoLW2tqbX389bVxsRsu+hbH4n31O2jUd72YFgRawjvpaxBv02+FKI2ViVgILEXYZAW3uWsenifGkeYi2DYhtQLElRfU7d3U6/QV0ZULaTm4NioZd77EW08PjWS49hXD6AgQ5AW1ACa/mNj6eeo+HQxDXtynAvvdLevvX8tvprSCSLa3PJOut0vvba3iCK4TEJYn2gkf2PxW07uuulAWHkcrNo0bLtuVI28ifT41mXazgJwsl1/ZOSUP4TuVJ/Ty9DWiqyqdZyQo1BK9Dcljb4fA17jMPFiomjazIdLjoR1B8QetacLiXh6imtuYso3RmvZOJ2nIRgvca5Ivpddh43tr4XqRwD5sVMdLjHOGI2OXhqLp5XvTZZxgPcHMmcG7t7irfugKPea1mPr4WrnsXc5y2pOKnYnrf2SFdfG9z866eK/wAknVWz28+7CR0Vi2UUUVkAacXt7PPfbkTX/wDlNWN9sMYZ5Y5srKjQwxrmK5rpGL3AJsCc1vTpWv8AaOTLg8U29sPiD/3T1lfbTivMjwsKziVY4gxAiyZGKqANu93QfmK2+GymsXBQ87/K2pZBKzZVMJ7i/uj9KTBKNqDY6X6b3F/Dcj5Urh/dX0H6V7IG+6R8a9hkvSg1e6S2179yTmFwb233I/z086VprLhS/vNYjbKLWpvDiGVirtoNmI/U2qh4x0Go1Y2T2en3V9Pr9NiL2JKgikoMp1BzeJpWt8JZ43/ZJPdjuP8AszCCVv5u7dxj/qmJ+iMd+gJv430YisaIBHiDVn7KdqTEVgxBvFosUp3Q9FkPVOgb7ul9NuBj8Dwv8lP4fb9e3yK5x5ov1FBFq9rmFZyzAbm3r8v1I+de1RD2m+0Kixa7alj3RdrszAaAC2YgX1OUbAWLB8SDKTdbJfmO1lRbbltSF06XJO46BquKuRNidwxAYEkKBrmOy+Z8AN/hWacLmtGjJDPmKgvLGwRmbZmz8xWa51v1vUvxLintt44SRhQbSSagzW+4g3Ed7XPW1tNacAW2rl47ERcko8jZh6TtdjduK4llys+LC9BJypl2P3XMluutgfOkpuOSGNo2MLRMP2csbwppawysGi0IBBVFN7a0+orGsRJF7oxZHjtO+ZFxcGJfCoAeVHMXjdgbgsTmYqOiM+Une21WrhPHYsYJGjLh0Zc6OVJsy3VgykhtiCNLEDxFVeZYgdAQ/Xlg5v7WX/xVFzyvE9150N/9cgy2NxrMi9yQE7mwIsN7XrZh8W09UZ6lDozSa5k909dD+lVjgXaR+ZyMUArXAjl0AckaA7DUhgGAAvoQDarTXWhUjNXiZJRcXZkdJilThkSFlVmwuAKgmxI5MlyPG1q0lOIrZSkkB7o96UA3sN7A+f0rOkwMiRiKLFTJEvuRMsEqoOgUyRswA6C5tQ2DkItzl6anCYUn/AP06msVTCykMpJGk+3796Afh+1310uLaaederjb2sYTcn/W/wB37ut+vh51mRwEn9cn/wBHhP8A9KbYzmxvAivE3Nk5euBgawEbtcIi5ie6B6VTLBNK7Gzo1tZJCRYR5bC5zm99dhl1+fWuQZfwR3/eO+nlta/y86yp+GMxJMnDmt/WYGNSPUGVT9KIMIR7v+hWP+6jU+lxiL/SquB5k5jWxzLjRbddTe1umm97UtaskGDlOpw/DG/dllQ/NXNvh/GlP5yo/o+HA8sfj7fQVDw/mFy7drOBLNh3KLaRLyLbckKAR6FQB8BVJ7Eyd5lH9dizr5Jgx/Ej4UHiGItpDCQd7cQxv8V/SqxL28bCymOPBYdRhxKmVJZCGLsjMwcrdtVG9a6FOo4umtef5F3NYorMOH/yj4meWKMRYaISyJHmbmuFzMFBIDLexI61obcC4gf9swyeS4Nj/inNPUozptKStdX9AsM+2cmXh+MP/s8o+a5f41iXaGdVxU6Rpb7aUKoGgCuV6elbvN2Rd1PtWNnni0Z4ljhjjcKc2VsqFiptqM2tYFI/Nu72Jcl20G7Esfqa6ng9KpKpNwdnbf1X4/QyOYVsoHgBXdJQoBmsANbaeX/nela9XR+BfT+hgpk8KmO7DxI8Rc//AMp6aRn2C+JHyH+R86z4ymnFylqlFr1drewMn+xfA4sVFJHIXWSErZ4yASj5jZgQQ1nDa797fwjONcPOGxDwlublykEWBswuA4v3WHh6HrSPDeJPhZ+fHY5FsyH3XBvofjY+oFeAkksxzOxLOx3LHUk/GuXg8NUVdwTair+a3a223T+giTuJSZrXvb90XP13pNNd2zKQb3y2+BHxp1XDZVuxAFtzautUoO+bNpzu3/y3VDl77CcZeUPBIcxiVWR/vFb5cr+JGlj4XvRS3YThbwxPJIpR5ipCn3lRQcuYdCSWNvSivL1XFzeTa+nyKHvoVfhMGeQpI/2asxka+UqiWdybL3yPs7Emxy7U+GEbFZXmBSBdcPhRoqr0L/iYjU38fhUPwl2kDxnNmkw8qC57ubLdbm2pbKVJvqWF9he0cOmDxRsDoUU/QVxMXUlGCS5mrDwjKWo4VQBYaAdBXtFFco3BSExLHICR1YjcDoB5nX0APlS9JQLuTuST9bD6AVK6gxHF4lIEuRpsqqLsxPRR1JponEJif6P3b2K8y7gefdyX/Lm8q7wNpnaU7KWjjHgAbMfViCPQDxNSQFtBT6R0auxNXqnoVsYUTczDyDvQsHh1ynIbMFBF7WBCkja48Ku3ZfivtOHVzfmITHKDvmXS7DYFhZiB1J8Kq2PVlxAZGVS8RILC6XTcMBrYoxNwb90eFSHZRmSa7DL7TGpZRewlW7bdMyFviPOujgq2WduT9zLXhdX6Eyec82JHtAhigXDmwiRieaDc52dQLEHfx28Z9OyOKYA+1MwsCCDDGToN1OEe3zrnsfhI5cXjQxa4XC6LJIumRtwrC+t96t3+iR0mxA/98x/W9/jWyUpZnqZkinjshiwf2khGm2Kh8ddDw7+PlpXbdkZ0khmR53eFy6iWSGRNVKHuKkXQm3eHxq3S8Oc7YnEL6ck/4ojSKcIlB/p2KPkRhPn/AEalbb3bGshk3F8eDb2DmC/vc+OPT927/wCKiXjGIG/DJmPXLLhT+sgqUbBzX0xLW8GjjP1AWuuVPf8AaxW84Wv8+d/Co1AgJeNSt73CMQ3qcKf/AMlNP9ILueCSjzMWGP6En6VYsRBjCe5PhgNNGwsjHz1GKH6UoqYoLq+Hdup5ciD5cxrUAVXFHDyAX4c0ba2Iw7AjfqsBFVDEdgVnkklbEthmeRmKexztGovZRzCsY2GultfjWsK2L6rhz6PIP/AaY9oWn5DZ1hC5or5Xct+1Ta6AU1Ocqcs0HZgZWv8AJpa5jxcxsQQRgZVsRYjLnlHWtDj4zxEA/ZRyH7uaNYR8f51Iw/u/CpJ9z615SzqznbM9iLjA8S4i6srQYIAqRpiJr6ix15JFfP8AhGuinbSvo8nQ+h/Svm7C/s1/drt+AyfFn0sNEUg90eevz1ruuYfdHoP0rqvT0/gXyQwE2pJLk3PX6Dp/GlGW9eKvWq6kZSaXLvv6+QCEq3bKOti3oP8Amf405prA5uzAXudDcbDQfW9LiUdbj1/57VRh6tK7lfVv7a2189/UEd1L9keHc/FrcXjhtK/gWv8AZj+9rbwU1DSOFF/p1PpWm9k+DnDYcBh9rIc8vk3RfRRp65vGs3iuIUYcJbvf5fv8izdkTJNe15RXAKTMuy/DVlgEjqjMSw76ZgADYBRcW/WpQ8HX+qw5PiEK/S5/Wo/sNiAY5Fvez5rm9+8B/EGrNXHlucnEVJxqtXIocKH4flPOB8tqBwkfhY//ABM9StFQV/8Apq/7P6sihgkVlDxCzaK3Mkc3tfUkAr11v0HlXfD57ARse+rOgvuQtiD65GQ/GnWPQmM2FyLMPVSGH6WqG4pOFkVwdSFmQdWCgrKPM8oowH5KrqwzROj4biJcSze/9ErgcKIlygkjMza/mYt/GnFciQWBuLNaxvvcXFvHSuqwO7d2eiRG8b7qpLa4ja7C17oRle46jKSfhSOKdoU7xZ4dCsgN5Ytbqx/GFNiGGosLg1KYgjKc21iD530tbrfwpl2fbNhouvcAN/LQirIytG/RiNXdi9/yWy82bFTlkzumHR0X8isBIvQxuCCCPMdK0Ovnvg8j8NxqTw35Nmzp+TeRB8AZF80PjX0EjhgCDcEAgjYg7GutSqKauYJQyux1RRRVooUz4th5JImWGUwOctpAqkizAkWZSNRcXsbXvTyuZJAouxAHiSAPnUAVSTAcQisRiZcQCbEA4RbaHXXCjNrpuN65bFcRFyI5DbZW9n1+IA8qtWJxCRqXdgqjck6f58qrvEO0U3LDxRKgY2TnX5jm5sqwAg3JAGrAi9ytgaV2XMLHbLxLKbGDNbS+ovbqMq6X86f9oG/m4zWBaTDqbbXM0Y08r1Jxk2FxY2Fxe9j1F+tRnaRM0SD/ALfDn+7MjfopqWtAGrGvKKKrFOJz3H/db/Caw/jnA/Z4cHMovDicPCwYagSiMCRfI3Gb4t4VtPFXtBOb2tDKb+Fo2N6g+znDI8ZgpsBL3QVR4wWJeNsqm4J711PLaxAuH6hrnVgsS8PWVRevmiUzF8P7oHhp8tKUrmWJopGRxlYMVYeDroR9Pp511XuMNNSpq3LtP1VmWIKbO2c2Hujc+PkP4mnJFWrsR2PgxWHaSZ8YlnKK0UKtEALDXuMznqSLAbHWsXimJ4MUnfK97e3qQxz2E7M4LErGuKlMUrveGNJVzTJa/fUhimzBSCpI6aAmvdp8FHHPLy2gaNpXCJExORbmwZSAy2AsSRvfWrW38mhN24fjYpmjIYRspjlUixFyCcrXFxdV6VRMdnSSUT3Equ3NDAAh7ktcDTU3208K4uHkp1cynyej5ffYhDEqwYBGIK2dT1zA9258iK0R+0pkMM0YuktkK31Sbu51YW2C6g9RqLVQsOh1J3bX0HQVI8Ika8sK/wCvifLtpIiMyWvsWXPGT4PWnG4KXAVZb815cvp/fkRJaXL4vaFOVnNlawbvWyhS7KGbXS9tr/fWiqFHKYSDnjItZZGsV5ajKBl3IzH6g9KK46qaa+4thp2HxuTEcvSzqQD4kajwvpcbVoNY9gsUY5EkG6Mp+R2rYEYEAjYi4rnz3OVj4WmpdT2iiilMAVX8fHZY2NyYJSht7wVrAEDxAMR87eBqwUwxkOYyR/1sZIH5l0J/4o/lQX4epkmn0179LjDgZukkWYfZuDGV2yN3ksDra+YW6bVKMCdCoP8Aa0/S4qEwIEckUoGVZwUkHQSDUa9dQ61YawVNJd+p6+nqhtFhACGNyRqLsxCnxW5Nj51GcNLQyTRnVA2dR1VX1uLnVQ1wfDfqanKjuLYZzlli1kjvYfjU+8vx3HmKISu7PmTKNtUOcTHzEIU2O6nwYG4JHkQLirZ2R7X8rh8IyxERF4jzJWjKhSOWt+W4vkZF7xGotVS4fiFkRWUWUi4ta3+fI0+7NPy8aqc2WJZwSOWqueal2FkdWUMyFu9a/dt1q/DSyzcSmvG8cyLzhe3au2XkFre8YsRhJAvkRzg19unWpJO1MVrmHFD0w0r/AFjDj61WdZFlcvPI7HJ38Eskg1uRJJyhGgXwXRbXux0qM4rHgkjiDtw7K4Zj/NSjONiVnZy51YG6Au3SwvboXZkNA/6RwWu3NT9/Dzr+sdV3tTxeGcj3Xw+Fj9rmvl75+0SKOzqR3ist72Pu+NQvCcZhpp0jw+HFiCYkQPhQ5W5LMzHMyjTuCxtmOVx7rzBw+0c5uXKmXEApFIwdlkSPlKxJJBQSJJkBuMxDW0tSud0SkJ8N4mWKIYnmkghEuHw6ZSVz5u+12AUqQIlT3o1vvmNpPh5lw+SR4UDsoE2MxLjmFiNQqLfIpNssasPQWuatBwMiTmPmZe+5jfNK8j2y3kizd5JO8SSwsUhUlcpqc4vBhxGvOwbuzAOJAZJI1sb35ycwxDqdLWJ1IuaVPoNbTUfHtBibEe0YVnuwWJMNKJT72UhGmzG5yg93S510qc4y7FMNnAVjKmZQbgNypCQD1sb1XI8/MAiWaMn3VgxIaJ7EFhy5SgzZbi63ChlJANhSY4uIpOXi8XFeORGIkmjvGxjxBy5rKWyqYVudSddL09xGWGio+Li6vfkxzTW6rGVQ6aWkkyK39kmlcmJa+kMIvoSWlYj90ZFHzb41VKrCO7JVOT2Q27Vf0HGW/wCrYj/7TVXeHzYnDSJjJcMxj7mblTRMSpjMcQykrsXF/n0q0Sdn45P6Q8uI/LI5Ee97GGPLGw/eU/GpOWFWUoyqUIKlSBlIItYrta2lqzzxWqyl8cP/ALGY8Z4TFjseWMTpI0gEuGRhmdhFn+0mYhYGAQ5giv7u9yKawdl4ZSFiTM75812mWKIrYlUxZLRSNcMpsjHQ+7atBxXZiFopIkLxRyA3RCOWCSCSEINgSBmUEK2txqaZv2blMPK5kQjBDGFUlEcxta0pMjMqZbBUXRSqnvAADUvEZNJZ2kvN/wBC8GS5FU4f2Lw85Kxqzkls0oeQ4aIKAQqEMHndgym5YJvY6ZTcOy0QhTSeFo4xy3CsqhSNRnRWaNHW5uVN2DDNcqDS+G4OzhUxFjDGuVMOGLofzTMQvNteyx5QijoTbLITcLgexeCFiBYZoozYeAuug8hVNbGub/k3L1/I8KT3Mo/lE7UluIK2HxC2w8YWN43BAdtXIYHvH3Bbbu28RVKntIxdmLMWLElt2JuSRtcnWvow8LgtbkQ28OVHb5ZaZydl8Ebk4PC6bnkx/Xu1vwvjNCjFRdFNrnfX2B0HvoYHSuCNp8Odf28W3mwB+l61rF8J4OTlGGhla5BWBCxBG4ZkIVDv7xHhUDxDgeADWXDRwtoQGxGIklFraiCOTe99cx/hXQrf/Swq05U5U2rrrf7WFdKXIzjHSZocwyZUChtLd4lQRlv3gMo9NfGile2EmEQmHDJKrq5EjOSE0Fiqx307wG+ulFcdSzK+xnkrOxWK0vsZxHm4cKfej7p9Pun5afCs0p5wziUmHbNG1iRY6XBHmKJK5nxFHiwtzNdorPMH2qneRFeTKpIBKKuYX06gir7wrhzyzwwHEuvNLKGMUbG4RnGlhuFbWqW7NRfMxLw2q1dNd+gtTXiGihxvGc3wtZh590k+oFPO0fZ/EYSVU9pDqwvfkqNTewIv+V/kPGo0pP8A1kTesbC/yeonOMHaTJh4bX+JJP1G82DVubEdn+1jP4SeoPk4Df26V4RjjIpVwBLGcsijx6EeTDUV3g8IVILNchcigCyqunxJ0GpPyprxeIxuuJT7ndlH4oyf1XcVkk4yk0vTvzO/h4Tp0o591o/l+iWoopOe+U2BJ27tr/C+mm9UmohUmlRn5WQrfOVa4HedtVtt3crEW1v81cXgcTIADLEhDKysiPmUgggq2bQinmFwpDMWAF1A0Om7EgaDQDKL2F7U9q11LO8StQutQPEcc0ZifF2juCFjhjWwGygm9lvY2pCLCgMZCWeQ7ySMzyf3mJIHkNKXoqJVZy0bJjTjHZDHjE7RIJ0NngdJUINtVbUehXMD5GtEx/EGhxUhhgMgnjinV82WIFu42Y2LE3SLKqqSxkNhveg8QCmKTmGyZGzHXQWN9tasnAkxcmEwcshC2w8kYysQ3KUpaR2DG7WCgAXIznQ3JTXhHeDRnxGkk0S83HMUrGCbCQlmFw3tAETKdBmiZOaCdsmUk2Nr0wmxOIOaV5ZOSySh2JWLCAkBFuWuRGqljdSzO29iMqqyYEwFImjM88qu0eHLgArmXO2ImJPcHcBRcxYAAmQDRyey3PkWbHytiHXWOJLx4aL9yMG7G2mZjr4VbOpCnuVRU5kbNxKafNHg80HcVHnyE4uXKvdAjbTCRHUhpSu/dGtzZeBcP5OHgR1XmRxIrsBe75RnN7XN3zG+5JJO9PcPAsahEVUUbKoAUegGgpSsVau6hpp0lACaKKKzlwUUUUAFFQ+J7QICyRKZXUkMPdVT+Zm1tsO6G3qIxHHJ3do1YBhYlIUXMoOxMspykaE6JfyqbEXLZPMqKXdlRV1ZmICj1Y6Cot+0MR/ZB5+t41+zI8RKxEZ2OzGqy2Bkds7suYah2LTSLf8AA0gCx9PdS2gpduGxsbyAym9/tWLi42IQ9xT6AVDlFd9+5KjJ99+w4m7SSSG0ZUC5B5KmZrjoZCBFGfJr+tMMRh5JrGQKdjfENzip/LCtokPmpqSopeK+Q/CXMZJw/QCSWWS3TNy09MkeUEfvXp1hoFjXLGqov4UUKPkAK7rqPceoqtybHUUj597RH+d4j/fS/wCNqKUx2EZ3zrqXZidt7k+NFeklRlTtGXRP6nFe5//Z" style="height: 173px; margin-left: -4px; margin-top: 0px; width: 238px;" /><br />
<br />
-->
As I am sure most people agree, and have experienced as well, the majority
of projects either come in over budget, late, or even worse, they never finish
at all. A critical project like Data Privacy is no exception. But then again
failure is not an option because of the consequences.<br />
<br />
Before I begin, lets talk about privacy and the foundation of the project.<br />
<br />
Politics. Yes I said it. And I am not talking about the govt type of
politics, but the ones that all organizations have.<br />
<br />
The first step that needs to be addressed is to get upper management
sponsorship for a Data Privacy project. This is critical for the success of the
project. Someone has to make the decision to bite the bullet to start funding
and make sure that all department heads understands that is mandated from
the top.<br />
<br />
This proposed project is cost centered. It will not generate any
revenue. It wouldn't make the widget run faster, nor get more customers. So
getting funding for these type of projects is harder to get. One needs to make
sure that upper management understand the business need, the ROI etc..<br />
<br />
The data in question can span many applications which means many different
departments are involved. A number of application owners are the stake holders
in a project of this sort. So unless there is someone high up giving
directions, most likely roadblocks may appear that could be insurmountable.<br />
<br />
This can be very daunting. I suggest that you start with a pilot project,
unless you are in a small IT shop. Ideally choose a relatively isolated application,
if possible. Start small to be able to learn where the road blocks/pit falls
are. It is easier to learn from a mistake now then to tackle more then
you can chew. <br />
<br />
Who owns the data? Who will decide how the data be scrubbed? How much
data will be scrubbed? Who will maintain the process once it is developed?
These will be questions that need asking.<br />
<br />
Who will lead the project? What resources will be brought to bear on the
project? Will the SME of the applications be used as reference, or will they be
actually part of the project team?<br />
<br />
Who will maintain the process after it is complete? <br />
<br />
Ok, we can start, Right? Well not exactly. The next step is to
determine what 'methodology'/process/expertise will be used. Are you
going to develop something in house? Or are you going to purchase something?
The company may already have the tools in place that are capable to
obfuscate data. Then all you have to do you is to deploy them.<br />
<br />
The next item is determining what exactly needs masking/scrubbing. There are
a lot of factors that need consideration. Some examples are, but not limited
to, the PCI DSS standard (ie. if you retain/use Credit card information). If you
have EU customers/locations/presence then one must be sure to adhere to the EU
Privacy Directive. Or if you operate in Canada then one must make sure the
company abides by PIPEDA, and so on. Most likely the answer to these questions
will come from your legal, privacy or audit departments. So consultation is in
order.<br />
<br />
So we now have all our ducks in a row. Like most IT projects there are
basically four steps for a successful project. They are: analysis, design,
coding and implementation, each building on the previous success.<br />
<br />
The most critical step, is as you can imagine, is the analysis. In
fact I would expect that at least 50% of the time that you spend on the
project will be in this first critical phase.<br />
<br />
Analysis. In this first step your objectives are:<br />
<br />
1 ) Identify all the data stores that have Personnel Identifiable
Information (PII).<br />
<br />
2) Take all the meta data and scan them for tell tale signs that they
contain PII, for example a field that is labeled 'ADDRESS'. That in itself is
not enough just to find those fields so named. You will also need to marry the
meta data to the actual data store (where the data resides. ie. DB, flat files
etc). This should be enough, but trust me it isn't.<br />
<br />
The after these two exercises are finished, one needs to actually look at
the data and see, if that ADDRESS field is actually PII. It could be the
address of your branch office in which case it would probably not be PII, and
outside the scope of the project.<br />
<br />
Then there are the data field labels that do not reflect what is stored. An
example could be a field that is labeled 'NUMBER'. This could be a phone number,
a reference number, or the number of times the customer has ordered from your
company. You will need to inspect the files, that you have identified (see
above) and make sure you have a list of all the data fields, and
the data stores that need obfuscating.<br />
<br />
<span style="mso-bidi-font-weight: normal;">This</span> is time consuming to be
sure. But if the analysis is not done completely and thoroughly then the
project is doomed for problems further down the road.<br />
<br />
The results of this phase are a list of files that contain PII, and the
fields within those files that need to be worked on..<br />
<br />
Design. In this step your objective is to design the various techniques
needed to obfuscate the data.<br />
<br />
Taking the information developed in the previous step, a systematic approach
will prevail.<br />
<br />
You need to categorize the various data items that were discovered. For
example, all the names<span style="mso-spacerun: yes;"> </span>should be
grouped together and then masked the same way.. They all need to be masked the
same way to maintain consistency and interoperability between the different
applications. IE you need to make sure that Robert that is scrubbed to Oliver
in application A. Then, if Robert appears in application B, it will also be
scrubbed to Oliver in that application. This is crucial to the long-term
success of this process.<br />
<br />
The SME needs to determine the business rules that are applicable to the
various groups of data. Are there edits on addresses to make sure that the masked address is located in the specified city? The birthdays of customers are
important to be maintained because of insurance rates etc?<br />
<br />
The masking rules that are being created against the various data fields
need to take all business logic into account. And then to add to the complexity
of the situation. the project team may be also be mandated to sub-set the data
while copying from the production system. (see one of my previous blogs with a
short explanation of various forms of testing that are normally inherent within
an IT department).<br />
<br />
In the next post I will continue to explore the design stage and then delve
into the next two stages of Privacy project.<br />
<br />
and as always if you have any questions drop me a line at<br />
<br />
rgalambos@gmail.com<br />
<br />
Robert Galambos CIPP/C CIPP/IT
<a href="http://ca.linkedin.com/in/robertgalambos">
<img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn">
</a>Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-34212120694293523472013-03-26T08:48:00.003-07:002013-04-30T14:22:22.319-07:00Testing and Data Privacy, is there an issue (final post or is it)?In the previous posts I covered the issue of testing data and privacy. What options are generally available to 'address' the issue, and a description of what each of the options are.<br />
<br />
This time I will wrap up this portion of the discussion and then further delve into related issues that may be of interest.<br />
<br />
If you have read the previous post, you may have surmised that the option I favour is analysis of the data structure/elements. Then applying intelligent business savvy masking rules to the copied data This entails designing a process that would obfuscate the Personnel Identifiable Information(PII) data by applying rules that take into account the business logic to the information that is retained within the organization for testing purposes.<br />
<br />
But at the same time there is never an all or nothing answer to these issues. It all depends on the situation, the company culture and requirements to name but a few mitigating circumstances. But let me explain.<br />
<br />
And by the way, I will try to stop myself from going down the techy talk that most NON IT people get lost in.<br />
<br />
So let's assume the company we work for has surmised that the testing environment(s) that exists presently needs to be scrubbed to ensure that there is no real PII information. Yet the CIO also insists that one of the requirements to ensure quality work is the ability to copy real data for testing from time to time.<br />
<br />
So the requirement is to copy data, when needed, but removing PII at the same time. That the removal of the sensitive information will still retain the quality that is needed.We need to develop a process that scrubs the data consistently and have it executed whenever a data copy is to be done. Right?.... But how much data do we scrub? Do we need more then one copy? Who is going to be responsible to maintain the obfuscating rules etc.?<br />
<br />
These are just some of the other factors that need to be considered. <br />
<br />
As you start your analysis you may come up with a question along these lines. Will there be a need to sub-set the data while copying the real data for testing?<br />
<br />
The more revealing question may be, what are we going to be doing with this data after it is scrubbed? You might think that testing is the response and you would be right. But what kind of testing? You see in most medium to large companies there are more then one kind of testing that is done before any changes are put into the real world.<br />
<br />
There is the testing that the coder/programmer does to help make changes to the code to ensure that the program works and produces the anticipated results. Generally speaking, this is called unit testing. In this case there may not even be a need for real data just some made up stuff. So we might not need to consider this type of testing in our requirement analysis.<br />
<br />
Then there is what I call kernel testing. To run a logical unit/series of 'programs' (yes they can be stored procedures, scripts etc, but I am trying to keep the terminology simple and it really means the same thing) to see if it runs with the changes successfully. Usually this is where a small sample of real data would be used. The data used here does not have to be related to any other application/data, so the masking process would be rather easy to implement. There would be no need to ensure that the same rules that are applied here would be applied to another application within the organization. <br />
<br />
Next is some form of regression testing. Simply put, this is to make sure the application still works with the changes done to code. However, you will probably not want the same number of records as production data. Otherwise each test would take the same amount of resources/time as
production. Remember, you are testing to make sure everything works, and
if it doesn't you need to correct the issue and retest. The old adage
goes like this, time is money. The quicker the programers/coders can turn around the
testing the better. That means you will need to sub-set the data in question. AN example would be take a single branch's data as a test versus the entire companies branches. However this is not as easy as it sounds.<br />
<br />
For example, if we have a banking application that we are going to be testing, we may decide to use only branch 'A' as the testing branch. This branch has a wide variation of customers etc. and it fits very nicely in the testing that needs to be done. We will need to copy only those customers within that branch (this most likely will be in some other location database). We will then need to copy only those accounts of those customers within that particular branch. In other words copy all the related information and only the related information for that branch, sub-setting the data. Oh, don't forget that we will need to mask the data as it is being moved over from production to avoid any potential issues further down the line.<br />
<br />
Next maybe a user acceptance test allowing the users of the application in question to test the change(s) to ensure it is what they asked for and it works are required. While a complete copy of data can be used, a sub-set of data can also be used in most cases.<br />
<br />
And then in the next order of business there may be a volume test. This test is normally done to ensure that the application can take the real world volume. (all the branches), the final kick of the tires, you can say.<br />
<br />
<br />
Now while I have generalized, and each company/requirements are different, I hope you can see complexity that is involved. The type of testing and the data used for that testing is extremely important, and it is just as important to analyze each testing requirement and come up with a solution that meets all the needs.<br />
<br />
So lets assume that we have all the answers to the questions posed above. We know what kind of data we need, the various versions/copies and the other parameters that may have been discovered. What is next?<br />
<br />
The next post will cover the how to. The components of privacy project, the pitfalls, the bumps on the road, and the elephant in the room (and yes there is a BIG elehpant that needs to be fed)<br />
<br />
While is may not be directly related to a privacy role, anyone in privacy needs to understand the complexity inherent in the process that a company needs to go through, so the project will come to a successful completion.<br />
<br />
So I strongly suggest you stay tuned for the next installement. Till then if you have any questions feel free in contacting me at the email address below<br />
<br />
rgalambos@gmail.com <br />
<br />
<a href="http://ca.linkedin.com/in/robertgalambos">
<img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn">
</a>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-60880149912652008072013-03-18T05:32:00.002-07:002013-04-30T14:21:52.390-07:00Testing and Data Privacy, is there an iIssue, (PART III out of IV)?<br />
Let's recap. In the previous posts I discussed why we should be aware of how application changes are tested within your IT department etc. or we may have a data breach before you know it. Then I explained how to mitigate some of the risks with different processes/choices and listed the pros and con for each of them.<br />
I will now continue the discussion about the various options, and which ones are the best etc.<br />
<br />
So lets get started<br />
<br />
The four choices that I presented previously are<br />
1) Create your own test data<br />
2) Copy production data into the test environment<br />
3) Same as #2 but have everyone sign Non-disclosure agreements<br />
4) Same as number #2 but obfuscate(scrub) the data<br />
<br />
Looking at the obvious option #2. that is clearly a TABOO or is it?. The reason that we should not do this is obvious, right? Copying Data is what happens in the real world today. As far as I know there are not studies along these lines, (most companies would not want to share this type of information) but experience tells me that you would be surprised at the number of companies which have at least some areas where this practice is done regularly. While it can be argued that this would happen only within smaller companies, experience would say otherwise. Remember that you may have a policy in place forbidding this, but in some corner area of IT that has been around for years, they may be practicing "copy the data" because that is how it was always done. That being said, you may be surprised to hear me say that there can be times when there is a legitimate reason (fooled you) to copy production data within a testing environment.<br />
<br />
This will be a topic for a future post concerning (and this is a BIG hint) testing, cost, risk and support issues that revolve around data and data privacy.<br />
<br />
For now let's just say this is not a good option and should only be considered in specific areas and reasons.<br />
<br />
Option #3 in my opinion is slightly different then just 'saying no'. It should be standard policy that all individuals, no matter who they are, employees, consultants or outsourceers need to sign a non disclosure agreement. But let me clear, this will not help in preventing any data breaches. And just to remind you why, there are studies concerning data breaches
that state that more than 70% of all data breaches are non malicious. If the breach is malicious (disgruntled employee, criminal activity etc.) it will not stop data from be exposed either. So if it does not prevent breaches, why bother? What this does is make it easier for legal remedies in case there is a need. <br />
<br />
Option #1 is a viable option. Many companies I worked with have policies along those lines And in fact chances are that your testers will have to make up some data to test things that should not happen in real life. IE testing for error checking/handling. But is it be all to end all? No. One can never make up all the permutations and combinations one would need to test to ensure that, first the change worked, and two that it did not break anything else. Now there are processes that mitigate the risks (for another post) involved. However there are no guarantees.<br />
<br />
Last but not least there is Option #4. This option states that all product data copied over to testing should have the Personnel Identifiable Information (PII) scrubbed. There are problems even with this option. To do a good job in scrubbing the data (it took me two years to be able to even pronounce obfuscate, never mind to spell it, so scrub is the term that describes the option as well, and easier to roll off my tongue) takes time, money, expertise and some risk.<br />
<br />
So what does the process entail. How does one go about scrubbing data? The first step is to identify all the fields that have PII. Easy, right?. Nope. In this complex world we live in, I can assure you in saying, <span class="st"><i>No '</i><b>data'</b><i> is an island</i> <i>entire of itself</i>' (to Paraphrase John Donne)</span><br />
<span class="st"><br /></span>
<span class="st">Programs (applications, process etc) work together. The bill that is entered in the Accounts receivable system needs to be posted into the GL (as an example). etc. The bill also has a purchaser's Credit Card Number that feeds the Credit Card processor etc. The address on the bill is entered in the customer information system.</span><br />
<br />
<span class="st">This interaction can be complex to say the least. One application has edits in place to verify a Zip/Postal code matches the address because the program that sends out mail needs to make sure the combinations make sense. But the application that is used for analyzing buying habits may not even look at this.</span><br />
<br />
<span class="st"> </span><span class="st">Once all the PII fields are discovered and how they are related between applications/files/databases, the next step is to figure out what method should be used to scrub the data given the interaction I just described. Do we scramble the values, or should we generate new ones. Does the data need to follow certain business rules? Are there home made systems that need to be used to mask the data (IE. account number generator).</span><br />
<span class="st"><br /></span>
<span class="st">There are basically four differnet types of scrubbing methods. </span><br />
<br />
<span class="st">#1 A simple scrambling method. Taking wherever the letter 'A' appears and changing it to 'X' as an example. (there are variations of this to make it harder to reverse it the results).</span><br />
<span class="st"><br /></span>
<span class="st">#2 Looking up a translation table. by various methods using the original value as a key to find an entry within the translation table. So if that value appears in another location, the same scrubbed value is returned.</span><br />
<span class="st"><br /></span>
<span class="st">#3 Generating new data. Basically either randomly or with some guidelines. This is an issue because every time the same value will be scrubbed, the result will be different this losing consistency.</span><br />
<span class="st"><br /></span>
<span class="st">#4 Replace the data with a 'string' or blank etc. As an example putting 'N/A' in each free form field because no processing is done to that data.</span><br />
<span class="st"><br /></span>
<span class="st">And there are other techniques that I did not mention, such as, date aging, flip flopping of real data, mathematically manipulating the values etc.</span><br />
<span class="st"><br /></span>
<span class="st">After it is determined what techniques are to be used, the next step is 'coding' the rules to be applied. and then testing them. Expect that this is an iterative process because the more you do, the more will appear that you may have missed something.</span><br />
<span class="st"><br /></span>
<span class="st">And finally the implementation of the process.</span><br />
<span class="st"><br /></span>
<span class="st">This is not an easy task, nor is it something that should be taken on lightly. But if you don't want to have your company in the cross hairs of journalists, bureaucrats, courts, general public. You need to do due diligence (making sure you do the best you can to prevent data leakages).</span><br />
<span class="st"><br /></span>
<span class="st">In the next chapter I will talk about how this fits together in the overall picture, how one needs to consider other factors when talking about testing.</span><br />
<span class="st"><br /></span>
<span class="st"><br /></span>
<span class="st"><br /></span>
<span class="st"><br /></span>
<br />
<a href="http://ca.linkedin.com/in/robertgalambos">
<img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn">
</a>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-73201578768825786832013-03-18T05:24:00.001-07:002014-02-17T14:05:49.037-08:00Robert Galambos's Resume<style>
<!--
/* Font Definitions */
@font-face
{font-family:Arial;
panose-1:2 11 6 4 2 2 2 2 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:10887 -2147483648 8 0 511 0;}
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
@font-face
{font-family:Wingdings;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:2;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:0 268435456 0 0 -2147483648 0;}
@font-face
{font-family:Wingdings;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:2;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:0 268435456 0 0 -2147483648 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-520092929 1073786111 9 0 415 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
h3
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-link:"Heading 3 Char";
mso-style-next:Normal;
margin-top:0cm;
margin-right:-27.0pt;
margin-bottom:0cm;
margin-left:4.5pt;
margin-bottom:.0001pt;
text-align:center;
text-indent:-36.0pt;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:3;
tab-stops:0cm;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
h4
{mso-style-noshow:yes;
mso-style-priority:9;
mso-style-qformat:yes;
mso-style-link:"Heading 4 Char";
mso-style-next:Normal;
margin-top:12.0pt;
margin-right:0cm;
margin-bottom:3.0pt;
margin-left:0cm;
mso-pagination:widow-orphan;
page-break-after:avoid;
mso-outline-level:4;
font-size:14.0pt;
font-family:Calibri;
mso-fareast-font-family:"Times New Roman";}
p.MsoTitle, li.MsoTitle, div.MsoTitle
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-link:"Title Char";
margin:0cm;
margin-bottom:.0001pt;
text-align:center;
mso-pagination:widow-orphan;
font-size:14.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
font-weight:bold;}
p.MsoBodyText, li.MsoBodyText, div.MsoBodyText
{mso-style-noshow:yes;
mso-style-unhide:no;
mso-style-link:"Body Text Char";
margin:0cm;
margin-bottom:.0001pt;
text-align:justify;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-noshow:yes;
mso-style-unhide:no;
mso-style-parent:"";
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-unhide:no;
mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Courier New";
mso-fareast-font-family:"Times New Roman";
mso-bidi-font-family:"Courier New";
mso-ansi-language:EN-CA;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Heading 3";
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-hansi-font-family:"Times New Roman";
font-weight:bold;}
span.Heading4Char
{mso-style-name:"Heading 4 Char";
mso-style-noshow:yes;
mso-style-priority:9;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Heading 4";
mso-ansi-font-size:14.0pt;
mso-bidi-font-size:14.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
font-weight:bold;}
span.BodyTextChar
{mso-style-name:"Body Text Char";
mso-style-noshow:yes;
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Body Text";
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-hansi-font-family:"Times New Roman";}
span.TitleChar
{mso-style-name:"Title Char";
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:Title;
mso-ansi-font-size:14.0pt;
mso-bidi-font-size:14.0pt;
font-family:"Times New Roman";
mso-ascii-font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";
mso-hansi-font-family:"Times New Roman";
font-weight:bold;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-unhide:no;
mso-style-locked:yes;
mso-style-link:"Plain Text";
font-family:"Courier New";
mso-ascii-font-family:"Courier New";
mso-fareast-font-family:"Times New Roman";
mso-hansi-font-family:"Courier New";
mso-bidi-font-family:"Courier New";
mso-ansi-language:EN-CA;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:10.0pt;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-fareast-font-family:Calibri;
mso-hansi-font-family:Calibri;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:36.0pt 36.0pt 36.0pt 36.0pt;
mso-header-margin:36.0pt;
mso-footer-margin:36.0pt;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:89279732;
mso-list-type:hybrid;
mso-list-template-ids:1978429296 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:54.0pt;
mso-level-number-position:left;
margin-left:54.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:90.0pt;
mso-level-number-position:left;
margin-left:90.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:162.0pt;
mso-level-number-position:left;
margin-left:162.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:198.0pt;
mso-level-number-position:left;
margin-left:198.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:234.0pt;
mso-level-number-position:left;
margin-left:234.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:270.0pt;
mso-level-number-position:left;
margin-left:270.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:306.0pt;
mso-level-number-position:left;
margin-left:306.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:342.0pt;
mso-level-number-position:left;
margin-left:342.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:107044073;
mso-list-type:hybrid;
mso-list-template-ids:-1277006414 -1292340730 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:50.4pt;
mso-level-number-position:left;
margin-left:50.4pt;
text-indent:-25.2pt;
mso-ansi-font-size:9.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:54.0pt;
mso-level-number-position:left;
margin-left:54.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:90.0pt;
mso-level-number-position:left;
margin-left:90.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:162.0pt;
mso-level-number-position:left;
margin-left:162.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:198.0pt;
mso-level-number-position:left;
margin-left:198.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:234.0pt;
mso-level-number-position:left;
margin-left:234.0pt;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:270.0pt;
mso-level-number-position:left;
margin-left:270.0pt;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:306.0pt;
mso-level-number-position:left;
margin-left:306.0pt;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:930314650;
mso-list-type:hybrid;
mso-list-template-ids:1171001642 67698689 67698689 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
</style><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiX-mP7lPsnp6wekSPcAeugq9V6zZvZ1Bw45aF-hPlsZdDwj3zAPbsFHWp3nu5-9EH6aCgwQdsjictIgzkj1OYDVoXFxuAZ1JLqDVFG4mMhhDthSG8-kBKc62wz8Xtn1NKJvlXyYJS_KKk/s1600/QRCode_Ov5Eu.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a>
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Arial;
panose-1:2 11 6 4 2 2 2 2 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:10887 -2147483648 8 0 511 0;}
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-536859905 -1073711037 9 0 511 0;}
@font-face
{font-family:Wingdings;
panose-1:2 0 5 0 0 0 0 0 0 0;
mso-font-charset:2;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:0 268435456 0 0 -2147483648 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:"MS 明朝";
mso-font-charset:78;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:1 134676480 16 0 131072 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:-520092929 1073786111 9 0 415 0;}
@font-face
{font-family:"Arial Black";
panose-1:2 11 10 4 2 1 2 2 2 4;
mso-font-charset:0;
mso-generic-font-family:auto;
mso-font-pitch:variable;
mso-font-signature:647 0 0 0 159 0;}
@font-face
{font-family:"High Tower Text";
mso-font-alt:"Athelas Bold Italic";
mso-font-charset:0;
mso-generic-font-family:roman;
mso-font-pitch:variable;
mso-font-signature:3 0 0 0 1 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-unhide:no;
mso-style-qformat:yes;
mso-style-parent:"";
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-CA;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-noshow:yes;
mso-style-priority:99;
color:purple;
mso-themecolor:followedhyperlink;
text-decoration:underline;
text-underline:single;}
.MsoChpDefault
{mso-style-type:export-only;
mso-default-props:yes;
font-size:11.0pt;
mso-ansi-font-size:11.0pt;
mso-bidi-font-size:11.0pt;
font-family:Calibri;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"MS 明朝";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;
mso-ansi-language:EN-CA;}
.MsoPapDefault
{mso-style-type:export-only;
margin-bottom:10.0pt;
line-height:115%;}
@page WordSection1
{size:8.5in 11.0in;
margin:.6in .6in .6in .6in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:20281845;
mso-list-type:hybrid;
mso-list-template-ids:-1144631788 -316640866 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:77752012;
mso-list-type:hybrid;
mso-list-template-ids:-1051141884 67698693 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2
{mso-list-id:101268622;
mso-list-type:hybrid;
mso-list-template-ids:1827332896 -491229900 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:Arial;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1412577563;
mso-list-type:hybrid;
mso-list-template-ids:-433583000 -316640866 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4
{mso-list-id:1661277111;
mso-list-type:hybrid;
mso-list-template-ids:-247402892 -316640866 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:12.0pt;
mso-bidi-font-size:12.0pt;
font-family:Wingdings;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<br />
<table align="left" border="1" cellpadding="0" cellspacing="0" class="MsoNormalTable" style="border-collapse: collapse; border: none; margin-left: 6.0pt; margin-right: 6.0pt; mso-border-alt: solid black .5pt; mso-border-insideh: .5pt solid black; mso-border-insidev: .5pt solid black; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-table-anchor-horizontal: page; mso-table-anchor-vertical: paragraph; mso-table-left: 42.7pt; mso-table-lspace: 9.0pt; mso-table-rspace: 9.0pt; mso-table-top: -17.15pt; mso-yfti-tbllook: 1664; width: 536px;">
<tbody>
<tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0;">
<td colspan="3" style="border-bottom: outset 1.0pt; border: none; mso-border-bottom-alt: outset windowtext .75pt; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<table align="left" border="0" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; margin-left: 6.0pt; margin-right: 6.0pt; mso-border-insideh: none; mso-border-insidev: none; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-table-anchor-horizontal: page; mso-table-anchor-vertical: paragraph; mso-table-left: 474.55pt; mso-table-lspace: 9.0pt; mso-table-overlap: never; mso-table-rspace: 9.0pt; mso-table-top: -.75pt; mso-yfti-tbllook: 1184;">
<tbody>
<tr style="height: 58.1pt; mso-yfti-firstrow: yes; mso-yfti-irow: 0; mso-yfti-lastrow: yes;">
<td style="height: 58.1pt; padding: 0in 5.4pt 0in 5.4pt;" valign="top">
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 6.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman"; mso-no-proof: yes;"></span><span style="font-family: "Arial Black"; font-size: 20.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"></span></div>
</td>
</tr>
</tbody></table>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 22.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"></span>Robert Galambos</span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">M: <span style="color: #333333;">416.876.2979 <span style="mso-spacerun: yes;"> </span></span>| <span style="mso-spacerun: yes;"> </span></span><span lang="EN-CA"><a href="mailto:rgalambos@gmail.com"><span lang="EN-US" style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman"; text-decoration: none; text-underline: none;">rgalambos@gmail.com</span></a></span><span style="color: blue; font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"> </span></span><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"> </span>|<span style="mso-spacerun: yes;"> </span></span><span lang="EN-CA"><a href="http://galambos.me/"><span lang="EN-US" style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">http://galambos.me/</span></a></span><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"></span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 4.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Blog: </span><span lang="EN-CA"><a href="http://robertdataprivacytesting.blogspot.ca/"><span lang="EN-US" style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman"; text-decoration: none; text-underline: none;">Security
& Privacy</span></a></span><span style="color: blue; font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"> </span></span><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">|<span style="mso-spacerun: yes;"> </span></span><span lang="EN-CA"><a href="http://ca.linkedin.com/in/robertgalambos/"><span lang="EN-US" style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">http://ca.linkedin.com/in/robertgalambos/</span></a></span><span style="font-family: "Arial Black"; font-size: 20.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"></span></div>
</td>
</tr>
<tr style="mso-yfti-irow: 1;">
<td colspan="3" style="border: none; mso-border-top-alt: outset windowtext .75pt; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: center;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; text-align: justify; text-justify: inter-ideograph;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Professional, results oriented <b style="mso-bidi-font-weight: normal;">Presales Engineer and Consultant</b> with a proven track record
within the software industry, combining high-level sales and marketing
knowledge with deep operational experience, technical savvy and
cross-functional communication skills. Extensive experience supporting sales
initiatives, managing customer relationships, handling customer service calls
and consultations, and maximizing client ROI on software solutions</span><span style="font-family: "High Tower Text","serif"; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">. </span></div>
</td>
</tr>
<tr style="mso-yfti-irow: 2;">
<td colspan="3" style="border: none; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 6.0pt; margin-left: 0in; margin-right: 0in; margin-top: 6.0pt; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; tab-stops: center 260.55pt left 359.35pt; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 12.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";">RELEVANT<span style="mso-spacerun: yes;"> </span>SKILLS & CERTIFICATIONS</span></div>
</td>
</tr>
<tr style="height: 84.0pt; mso-yfti-irow: 3;">
<td style="border: none; height: 84.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 157.05pt;" valign="top" width="157">
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l0 level1 lfo3;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Data Privacy</span></b></li>
</ul>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Client Relations</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Trouble Shooting</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Security+</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Data Management</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">HTML/CSS </span></b></li>
</ul>
</td>
<td style="border: none; height: 84.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 206.15pt;" valign="top" width="206">
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">C-level & Client Presentations</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Executive Communications</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Staff Training & Development</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l2 level1 lfo2;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Data Optimization </span></b></li>
</ul>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l3 level1 lfo4;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Oracle/SQLServer/DB2</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l3 level1 lfo4;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">WebEx</span></b></li>
</ul>
</td>
<td style="border: none; height: 84.0pt; padding: 0in 5.4pt 0in 5.4pt; width: 173.2pt;" valign="top" width="173">
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">MS Project</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Customer Service</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Solutions Demonstrations</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Technical Consulting </span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Salesforce.com</span></b></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; mso-list: l4 level1 lfo5;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; font-size: 9.0pt; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">MS Office</span></b></li>
</ul>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly;">
<br /></div>
</td>
</tr>
<tr style="height: 14.25pt; mso-yfti-irow: 4; mso-yfti-lastrow: yes;">
<td colspan="3" style="border: none; height: 14.25pt; padding: 0in 5.4pt 0in 5.4pt; width: 7.45in;" valign="top" width="536">
<table border="1" cellpadding="0" cellspacing="0" class="MsoTableGrid" style="border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-yfti-tbllook: 1184;">
<tbody>
<tr style="mso-yfti-firstrow: yes; mso-yfti-irow: 0; mso-yfti-lastrow: yes;">
<td style="border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt; width: 524.85pt;" valign="top" width="525">
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-element-anchor-horizontal: page; mso-element-anchor-vertical: paragraph; mso-element-frame-hspace: 9.0pt; mso-element-left: 42.75pt; mso-element-top: -17.15pt; mso-element-wrap: around; mso-element: frame; mso-height-rule: exactly; tab-stops: right 508.5pt; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 12.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Security+ </span><span style="font-family: Arial; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"> </span>|<span style="mso-spacerun: yes;"> </span></span><span style="font-family: "Arial Black"; font-size: 12.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">CIPP/C </span><span style="font-family: Arial; font-size: 12.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"> </span>|</span><span style="font-family: "Arial Black"; font-size: 12.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;"> </span>CIPP/IT</span><span style="font-family: Arial; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><span style="mso-spacerun: yes;">
</span>|<span style="mso-spacerun: yes;"> </span></span><span style="font-family: "Arial Black"; font-size: 12.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">IBM / DB2 9 DBA for z/OS</span><span style="font-family: Arial; font-size: 12.0pt; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"></span></div>
</td>
</tr>
</tbody></table>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 0in; margin-right: 0in; margin-top: 3.0pt; mso-pagination: none;">
<br /></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 0in; margin-right: 0in; margin-top: 3.0pt; mso-pagination: none; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 14.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";">professional experience</span></div>
</td>
</tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; tab-stops: 160.0pt;">
<span style="font-family: "Arial Black"; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-fareast-font-family: Calibri;">COMPUWARE</span><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: Calibri;"><span style="mso-tab-count: 8;"> </span><span style="mso-tab-count: 1;"> </span><b style="mso-bidi-font-weight: normal;">1996
to 2013</b></span><b style="mso-bidi-font-weight: normal;"><span style="mso-ansi-language: EN-US; mso-ascii-font-family: Calibri; mso-bidi-font-family: Arial; mso-bidi-font-size: 12.0pt; mso-fareast-font-family: Calibri; mso-hansi-font-family: Calibri;"></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 9.35pt; margin-right: 0in; margin-top: 0in;">
<span style="font-family: "Arial Black"; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";">Sales Engineer
/ Consultant / Trainer</span><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span lang="EN-CA" style="font-family: Arial;">Helped close minimum $2 million
dollar sales </span></b><span lang="EN-CA" style="font-family: Arial;">13
years in a row.</span></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span lang="EN-CA" style="font-family: Arial;">Contributed to a team</span></b><span lang="EN-CA" style="font-family: Arial;"> that achieved a minimum 95 percent
maintenance renewal.</span></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Held Discover Meetings </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">with current and potential clients to discover
client issues, concerns and sales opportunities.</span><span lang="EN-CA" style="font-family: Arial;"></span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Delivered high-impact presentations, trained
clients, staff and c-level executives </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">on
various solutions, concepts and best practices.</span></li>
<li class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Worked with Multiple Projects/Clients </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">simultaneously.</span><span lang="EN-CA" style="font-family: Arial;"></span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Facilitated customers and partners, </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">as well as on-site professional services support
such as installations, post sales transition, and configurations upon
deployment of software.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Liaised with Product Development and Marketing
departments </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">reporting on industry/market
trends, competition, and proposed new product functionality.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Provided technical analysis as well as collaborated
with sales to develop cost justifications, </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">to facilitate completion of RFI and RFP responses
for various clients in an efficient manner and helped prepared sales
package proposals.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Managed interoperability and alliance </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">between software solutions and customers’ strategic
business plans.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Helped potential clients understand, compare </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">and contrast several IT solutions.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Produced detailed phone support, </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">and on-site evaluations of clients’ current
software solutions.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Engaged and coordinated </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">implementation engagements with a +90% success ratio.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Served as Project Manager/Team Lead</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"> with the participation of 10 team members,
developed, updated, disseminated training materials for 10 software
products with a specific timeline.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Mentored individuals </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">for the Professional Development Program,
training non-IT professionals to become support personnel.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Was one of the ‘Go To Guys’ </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">for difficult situations/clients.</span></li>
</ul>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; margin-left: .5in; margin-right: 0in; margin-top: 0in;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";">Delivery
Consultant and/or Solution Architect services to major financial institutions
I.E. Barclays (UK), </span></b><b style="mso-bidi-font-weight: normal;"><span lang="EN-CA" style="font-family: Arial; mso-bidi-font-family: "Times New Roman"; mso-bidi-theme-font: minor-bidi;">Kasikornbank (Thailand), Royal Bank of Canada,
Banque National du Canada, among<span style="mso-spacerun: yes;"> </span>others.<span style="mso-spacerun: yes;">
</span></span></b><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";"></span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: 3.0pt; margin-left: 99.35pt; margin-right: 0in; margin-top: 0in; text-indent: -99.35pt;">
<br /></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Determined requirements</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">,<b style="mso-bidi-font-weight: normal;"> Designed,
and then Deployed Data Privacy process</b> and successfully meld various
complex relationships into a cohesive business process.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Resource person</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">
on the functionality to both Compuware’s software and the client’s own
software environment.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Mentored </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">local
consultants, foreign consultants, non-bank consultants in both evaluations
and interpretation of the project results.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Addressed concerns</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"> and provided pro-active concepts to the client
to maintain the quality of data as well as reducing QA costs. This lead to
a 20% reduction of time and material costs.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Targeted training</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"> on usage of the software.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Designed and implemented</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"> pilot projects/POCs to completion and presented
the solution to the stakeholders.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Proactively</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">
advised on best practices within the industry and provided various
industry resources.</span></li>
</ul>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; tab-stops: right 508.5pt; text-align: justify; text-justify: inter-ideograph;">
<br /></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; tab-stops: right 508.5pt; text-align: justify; text-justify: inter-ideograph;">
<span style="font-family: "Arial Black"; font-size: 12.0pt; font-variant: small-caps; line-height: 115%; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">MONTREAL
TRUST / BANK OF NOVA SCOTIA</span><span style="font-family: Arial; font-size: 12.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><span style="mso-tab-count: 1;"> </span><b style="mso-bidi-font-weight: normal;">1984 to 1996</b></span><span style="font-family: "Times New Roman"; font-size: 12.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"></span></div>
<div class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; margin-left: 9.35pt; margin-right: 0in; margin-top: 0in;">
<span style="font-family: "Arial Black"; mso-ansi-language: EN-US; mso-bidi-font-family: "Times New Roman"; mso-fareast-font-family: "Times New Roman";">Principal Analyst & Team Lead</span><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"></span></div>
<ul style="margin-top: 0in;" type="square">
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Team Lead responsible </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">for financial systems, including payroll, human
resources, general ledgers, accounts receivable and accounts payable
within the Trust Unit.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Supervised </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">analysts
responsible for critical financial, HRS and payroll systems. Systems.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Apprised management of more efficient
methodologies </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">to ensure better business
decisions.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Provided guidance, instruction, direction and
leadership </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">to the team to achieve key
results for internal clients & users.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Coached and matured the skill level of direct
reports</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"> in order to continue their
long-term development and ensure solid succession planning and
departmental success.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Liaised with Payroll, HR </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">and Executive Offices as a subject matter expert.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Created “What if” scenarios and provided support </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">for non-technical end-users.</span></li>
<li class="MsoNormal" style="margin-bottom: .0001pt; margin-bottom: 0in; mso-list: l1 level1 lfo1;"><b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Worked with the Finance Team to determine the
ongoing business needs </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">and
requirements for the reporting of all assets, sales, redemptions,
management fees, trailer fees, and advisory fees</span><span style="font-family: Arial; font-size: 12.0pt; line-height: 115%; mso-ansi-language: EN-US; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";"><span style="mso-tab-count: 1;"> </span></span><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"></span></li>
</ul>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<span style="font-family: "Arial Black"; font-size: 14.0pt; font-variant: small-caps; mso-ansi-language: EN-US; mso-bidi-font-family: Arial; mso-bidi-font-size: 10.0pt; mso-fareast-font-family: "Times New Roman";">Education
And Professional Development</span></div>
<div align="center" class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in; text-align: center;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">B. Comm. - Bachelor
of Commerce, Accounting</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"> <span style="mso-tab-count: 5;"> </span><span style="mso-spacerun: yes;"> </span><b style="mso-bidi-font-weight: normal;">1979</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Concordia University, Montreal, Quebec</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">IBM DB2 DBA
for z/OS<span style="mso-tab-count: 9;"> </span>2008</span></b></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">International Business Machine, USA</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">CIPP/C. – Certified
International Privacy Professional</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">/Canada<span style="mso-tab-count: 4;"> </span><b style="mso-bidi-font-weight: normal;">2007</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">CIPP/IT. – Certified
International Privacy Professional</span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">/Information
Technology<span style="mso-tab-count: 1;"> </span><b style="mso-bidi-font-weight: normal;">2008</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">International Association of Privacy Professional, USA</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Security+<span style="mso-tab-count: 10;"> </span></span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"><span style="mso-tab-count: 1;"> </span><b style="mso-bidi-font-weight: normal;">2013</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">CompTIA, USA</span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<br /></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<b style="mso-bidi-font-weight: normal;"><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">CCENT. – Cisco
Routing and Switching </span></b><span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";"><span style="mso-tab-count: 7;"> </span><b style="mso-bidi-font-weight: normal;">spring 2014</b></span></div>
<div class="MsoNormal" style="line-height: normal; margin-bottom: .0001pt; margin-bottom: 0in;">
<span style="font-family: Arial; mso-ansi-language: EN-US; mso-fareast-font-family: "Times New Roman";">Cisco, USA</span></div>
Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-64782654363537801552013-03-06T11:52:00.001-08:002013-03-09T11:25:34.452-08:00Testing and Data Privacy, Is there an issue(Part II)??So here we are now. Lets recap some of the major points about the subject that we covered previously before we go on.<br />
<br />
<div class="r">
IT departments maintain and use both 'Production' (what is used to run the business) and Testing environments. They need data to test with. And where do you think most of the testing data comes from? In the 'real world', it is most likely 'real' Credit cards numbers ( <i>PCI DSS </i>does not allow this (<span style="font-weight: normal;">Payment Card Industry Data Security Standard), Tax Identification numbers etc.</span></div>
<div class="r">
<span style="font-weight: normal;"><br /></span></div>
<div class="r">
<span style="font-weight: normal;">And to further complicate the matters, testing by it's very nature, means easier access to the data by Developers, Testers, IT operations etc. And this gives us the exposure that business try so hard to avoid. And you may not even know about it.</span></div>
<div class="r">
<span style="font-weight: normal;"><br /></span></div>
<div class="r">
<span style="font-weight: normal;">So lets take a look at some legal ramifications of this matter. </span></div>
<div class="r">
<br /></div>
<div class="r">
<span style="font-weight: normal;">An example is in Canada, where one of the principle laws governing Privacy is </span><span class="st">Personal Information Protection and Electronic Documents Act (<i>PIPEDA). </i>Basically (and this is an over simplification but is good enough for this discussion) the Company will use the Personal Identifiable Information <i>(PII</i>) it gathers solely for the intent that 'advises' the user. So if a user goes into a bank to open an account as an example , he/she has to sign a 'whole bunch' of papers, and more often then not get a copy of them to take home to wall paper the house (I know its a bad joke.) Realistically these statements are only read by a lawyer or a privacy specialist). </span><br />
<br />
<span class="st">But in all seriousness, at least one of these documents(Best practices) is basically an agreement made with the bank that allows the bank to gather the information they need, to provide the service you are requesting from them. It also states who they may share that information with, and how they will protect it, and hopefully list a Department/Person in case one has any questions about the Privacy Policy of the Company. </span></div>
<div class="r">
<span class="st"><br /></span></div>
<div class="r">
<span class="st">I guarantee that there is no place in that document that states the company may use the information for testing purposes. And don't forget the looser criteria requirements of the testing world.</span></div>
<div class="r">
<span class="st"><br /></span></div>
<span class="st">If you think that this is only for Canada you will be mistaken, big time. As an another example in the EU one of the applicable 'laws' is called</span> Directive 95/46/EC (Or more commonly known as the The EU Directive on Data Protection). It is one of the most stringent laws pertaining to Privacy there is. And don't be fooled by thinking that just because you do not have any offices in the EU or Canada etc, you don't have to worry about that. In fact if you have any customers from the EU, or collect some information while they are on your website, you may still be under their Privacy jurisdiction.<br />
<br />
Now this particular aspect is worth a book in itself, but let's just leave it for now, and if you, the reader agrees, we can try to figure out what needs to be done, and the benefits/cost of each solution.<br />
<br />
1) Well, lets create the test material needed and not rely on ANY real data.<br />
<br />
The Pros:<br />
<br />
Will not need to worry about relaxed security restrictions because the information does not represent any real person.<br />
<br />
The data is 'easy' to create. So even if the printed reports are found in the trash bin there will be no worries.<br />
<br />
The Cons:<br />
<br />
'Quality' of the made up data. Is the data, a good sampling of the various permutations and combinations of different aspects of your customers. I.E. do you have customers who live in NYC (Hong Kong, Budapest, Montreal etc) and who have a chequeing account in the spouses name as well as two children's accounts, etc. If you do not cover all the different variations that exist, how do you know that your testing is complete and will be able to discover failures before implementation?<br />
<br />
2) Copy Real Data for use in testing<br />
<br />
The Pros:<br />
<br />
You will be testing with real data, and if there are a issues, they will be discovered before the change is put into 'production. If the tests work then there is no reason why it will not work during productions<br />
<br />
The Cons: <br />
<br />
As previously discussed, chances are that you are close to breaking some laws (if any of the information in question is PII).<br />
<br />
The data volumes, is another concern. Who nowadays has the capacity, large or small business, to be able to copy the entire production data to be used for testing. And if we are talking about most major companies they may have many testing environments to help them to move forward.<br />
<br />
Then there is extra time you will need for multiple testing to be done with large amounts of data. (another topic in my series of Blogs in the future will be about volumes of data and testing types, etc. and issues/solutions).<br />
<br />
The reduced Security (see above) around the testing will allow increased access. This could increase the chances of a Data Breach. <br />
<br />
If there is a Data Breach, your company's reputation would suffer and its name may appear on the front page of the local/national newspaper etc. The cost of loss of customer confidence with your organization may also effect the bottom line. This can cost millions of dollars and loss of business. (All depending on the number of records exposed).<br />
<br />
3) Copy Real Data For use in testing and have everyone sign non disclosure agreements.<br />
<br />
The Pro:<br />
<br />
You now use real data, with all its different combinations, to test with and the legal protection of a non disclosure agreement.<br />
<br />
The Cons:<br />
<br />
According to some studies, over 70% of all Data Breeches are non malicious and therefore agreements of this sort would not stop a breach.<br />
<br />
We are also still looking at large volume issues.<br />
<br />
<br />
Real data may not have all the information you need for testing properly (testing for error handling as an example)<br />
<br />
4) Copy and obfuscate(scrub) the PII data so no one can figure out who the real data record represents<br />
<br />
The Pros:<br />
<br />
You get real data to work with and thus even if a reports ends up in a trash bin, no one can figure out who the data identifies, belongs to.<br />
<br />
The Con:<br />
<br />
You will need to have a full understanding your data<br />
<br />
You will have to do analysis work on how to scrub the data.<br />
<br />
You will need to understand how the PII data work together within your environment/application. <br />
<br />
In my next blog I will further investigate all of the above options and discuss which option maybe the most suitable for your situation. Maybe a hybrid solution could be the answer.<br />
<br />
<br />
If you have any comments or questions, feel free in dropping me a line<br />
<br />
<br />
As a note, this blog is not attended to be legal advice. <br />
<br />
Robert<br />
<br />
<a href="http://ca.linkedin.com/in/robertgalambos">
<img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn">
</a>Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0tag:blogger.com,1999:blog-286419466081532919.post-37362907114669649362013-03-02T15:56:00.002-08:002013-03-09T11:23:26.224-08:00Testing and Data Privacy, Is there an issue? <pre>Privacy and Testing. </pre>
<pre> </pre>
<pre> </pre>
<div style="text-align: left;">
<pre>First let me introduce myself. My name is Robert Galambos and </pre>
<pre>I have more than 17 Years experience in the field of 'Data Privacy' and </pre>
<pre>Data Access/Management. I have two certifications under my belt. </pre>
<pre>CIPP/C and CIPP/IT (<span class="st"><i>Certified Information Privacy Professional/Canada and </i></span></pre>
<pre><span class="st"><i><span class="st"><i>Certified Information Privacy Professional </i></span>Information Technology</i></span>).</pre>
<pre>But enough about me. </pre>
<pre> </pre>
<pre>So first, let's look at some basic information as we get started. </pre>
<pre> </pre>
<pre>You have an IT department. </pre>
<pre> </pre>
<pre>This department processes various data items (stuff) that helps run</pre>
<pre>your business.</pre>
<pre> </pre>
<pre>You are also fairly certain that your data is 'SAFE' or so you have been </pre>
<pre>told. Your IT department (either inside or outsourced) is consistently</pre>
<pre>upgrading the system(s) based on requests from the users (that's you) </pre>
<pre>or adding to capacity or getting the latest gadgets etc. </pre>
<pre>This may include adding additional security functionality to your computer</pre>
<pre>systems, for example, 2 pass authentication.</pre>
<pre>And these are probably good things, helping to better service </pre>
<pre>your customers/business and making sure your competitors can't access </pre>
<pre>any of your data. etc. </pre>
<pre> </pre>
<pre>For any changes to occur successfully, they have to be tested fully </pre>
<pre>before they are put into the 'real world'. This is to prevent the change</pre>
<pre>from causing headaches, or maybe something even worse. This is what you can </pre>
<pre>call due diligence. </pre>
<pre> </pre>
<pre>The above series of statements apply to about 95% of all businesses </pre>
<pre>that have any sort of web presence, automated processes etc. </pre>
<pre> </pre>
<pre>So far so good?</pre>
<pre> </pre>
<pre>But what does all that mean? </pre>
<pre> </pre>
<pre>It means that the 'real world' (production) data (examples like</pre>
<pre>your customer's tax-id, credit card number, is safe (or so we hope)). These</pre>
<pre>'things' are called Personal Identifiable Information (PII). </pre>
<pre> </pre>
<pre>Most companies recognize that strict protection must be in</pre>
<pre>place to help prevent sensitive information, whether PII(see above) or</pre>
<pre>company information, from getting out. </pre>
<pre> </pre>
<pre>However (you knew this was coming didn't you?) there may be some other </pre>
<pre>areas where that same strong protection is not 'there'. And this could be </pre>
<pre>extremely hazardous to your company's future.</pre>
<pre> </pre>
<pre>Let me explain. </pre>
<pre> </pre>
<pre>Most IT departments maintain at least two environments, one that runs </pre>
<pre>your business (what I refer as the 'real world') and the other to </pre>
<pre>test/develop the changes that your company needs/wants.</pre>
<pre> </pre>
<pre>Probably your Company's IT department has at </pre>
<pre>least one separate test environment(and probably a lot more). </pre>
<pre> </pre>
<pre>This test environment may contain production/real data that will then</pre>
<pre>be used for testing. It may have only a sample of the real data or maybe</pre>
<pre>some made up data (a topic for a later post)or a combination of the two). </pre>
<pre> </pre>
<pre>'There is no better data to test with than production data' or so the</pre>
<pre>thought process goes. </pre>
<pre> </pre>
<pre>(The scary part is next)</pre>
<pre> </pre>
<pre>Your company MAY BE in jeopardy of contravening </pre>
<pre>some privacy laws<span style="font-size: small;"><b> </b></span>either in your own country, or a country where you may </pre>
<pre>have a branch office or even only where some of your customers who like </pre>
<pre>your product/service live/work.(isn't the internet grand?). </pre>
<pre>(more on this in a latter post)</pre>
<pre> </pre>
<pre>Your company may also have an increased risk of a data breach. </pre>
<pre> </pre>
<pre>Those test 'areas', which I mentioned above, may have some production data</pre>
<pre>that is there 'only for testing purposes'. Yet by their very nature </pre>
<pre>this same data will not be as secure as production. </pre>
<pre> </pre>
<pre>For example, you may have people needing to access the test/change </pre>
<pre>environment(I.E. consultants, programmers, tester etc.) for their day </pre>
<pre>to day work tasks. This results in needing more 'open' access rules. </pre>
<pre>Imagine a programmer throwing out some reports he was testing and then </pre>
<pre>the report being found in a trash bin? with the sensitive information</pre>
<pre>still visible? </pre>
<pre> </pre>
<pre>No one wants to be on the front page of the WSJ.</pre>
<pre>Yet that may just happen. A recent study stated that more than</pre>
<pre>70% of all data breaches (exposure of sensitive data) are </pre>
<pre>NON malicious in nature. </pre>
<pre> </pre>
<pre>Next post I will address these issues as well as exploring other issues of </pre>
<pre>concern within the Testing/Data Privacy realm. </pre>
<pre> </pre>
<pre>If you have any comments, good/bad or questions feel free to drop me a line</pre>
<pre>at</pre>
<pre> </pre>
<pre><span style="font-size: small;">rgalambos@gmail.com</span><span style="font-size: large;"><span style="font-size: small;"> </span></span></pre>
<pre><span style="font-size: large;"><b><span style="font-size: small;"> </span></b></span></pre>
<pre><b><span style="font-size: small;">Robert Galambos CIPP/C CIPP/IT </span></b></pre>
<pre><span style="font-size: large;"><b><span style="font-size: small;">IBM certified DB2 z/OS DBA</span><span style="font-size: small;"> </span></b></span></pre>
<pre></pre>
</div>
<a href="http://ca.linkedin.com/in/robertgalambos">
<img src="http://www.linkedin.com/img/webpromo/btn_viewmy_160x25.png" width="160" height="25" border="0" alt="View Robert Galambos CIPP/C CIPP/IT VA3BXG's profile on LinkedIn">
</a>Anonymoushttp://www.blogger.com/profile/08487410036907296551noreply@blogger.com0