Scribd Logo
Upload

Welcome to Scribd!

  • Clase9 - Normativas y Estándares@Nov21

    Uploaded by

    hogu
    5 views11 pages
    The document introduces concepts of cybersecurity and discusses key standards and regulations, including: 1. The GDPR (General Data Protection Regulation), the primary data protection regulation in Europe and beyond, which establishes 7 key principles for lawful and fair processing of personal data. 2. ISO 27001, which defines an Information Security Management System (ISMS) focused on maintaining the confidentiality, integrity and availability of information systems and data. 3. The 7 principles of the GDPR are outlined, including lawfulness and transparency of data processing, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

    Original Description:

    Original Title

    Clase9_Normativas y Estándares@Nov21

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document introduces concepts of cybersecurity and discusses key standards and regulations, including: 1. The GDPR (General Data Protection Regulation), the primary data protection regulation in Europe and beyond, which establishes 7 key principles for lawful and fair processing of personal data. 2. ISO 27001, which defines an Information Security Management System (ISMS) focused on maintaining the confidentiality, integrity and availability of information systems and data. 3. The 7 principles of the GDPR are outlined, including lawfulness and transparency of data processing, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    5 views11 pages

    Clase9 - Normativas y Estándares@Nov21

    Uploaded by

    hogu
    The document introduces concepts of cybersecurity and discusses key standards and regulations, including: 1. The GDPR (General Data Protection Regulation), the primary data protection regulation in Europe and beyond, which establishes 7 key principles for lawful and fair processing of personal data. 2. ISO 27001, which defines an Information Security Management System (ISMS) focused on maintaining the confidentiality, integrity and availability of information systems and data. 3. The 7 principles of the GDPR are outlined, including lawfulness and transparency of data processing, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 11

    Introducción a la Ciberseguridad

    Noviembre 2021

    Prof. Paco Martín


    Objetivos Hoy:
    1. Conceptos básicos de Ciberseguridad
    2. Normativas y Estándares
    GDPR -- General Data Protection Regulation

    ➢ Reglamento General de Protección de Datos (RGPD)


    ➢ 2018
    ➢ Normativa de referencia en protección de datos, no
    solo en Europa sino en gran parte del mundo
    ➢ Los 7 principios de la GDPR:

    •Lawfulness, fairness and transparency


    •Purpose limitation
    •Data minimisation
    •Accuracy
    •Storage limitation
    •Integrity and confidentiality (security)
    •Accountability
    GDPR -- General Data Protection Regulation

    ➢ La GDPR aplica al procesamiento de datos personales

    ➢ Procesamiento:
    ✓ Recolección, organisación, estructuración,
    almacenamiento, alteración, consulta, uso,
    comunicación, combinación, borrado o destrucción

    ✓ Datos Personales:
    ✓ Datos personales son aquellos que se pueden
    identificar como relacionados con una persona
    natural concreta
    GDPR -- General Data Protection Regulation

    ❑ Los 7 principios de la GDPR

    ➢ Personal data shall be:

    (a) processed lawfully, fairly and in a transparent manner in relation to


    individuals (‘lawfulness, fairness and transparency’);

    (b) collected for specified, explicit and legitimate purposes and not further
    processed in a manner that is incompatible with those purposes; further
    processing for archiving purposes in the public interest, scientific or
    historical research purposes or statistical purposes shall not be considered
    to be incompatible with the initial purposes (‘purpose limitation’);
    GDPR -- General Data Protection Regulation

    (e) kept in a form which permits identification of data subjects for no


    longer than is necessary for the purposes for which the personal data are
    processed; personal data may be stored for longer periods insofar as the
    personal data will be processed solely for archiving purposes in the public
    interest, scientific or historical research purposes or statistical purposes
    subject to implementation of the appropriate technical and organisational
    measures required by the GDPR in order to safeguard the rights and
    freedoms of individuals (‘storage limitation’);

    (c) adequate, relevant and limited to what is necessary in relation to the


    purposes for which they are processed (‘data minimisation’);

    (d) accurate and, where necessary, kept up to date; every reasonable step
    must be taken to ensure that personal data that are inaccurate, having
    regard to the purposes for which they are processed, are erased or rectified
    without delay (‘accuracy’);
    GDPR -- General Data Protection Regulation

    (f) processed in a manner that ensures


    appropriate security of the personal data,
    including protection against unauthorised or
    unlawful processing and against accidental
    loss, destruction or damage, using appropriate
    technical or organisational measures
    (‘integrity and confidentiality’).

    (g) Data controllers are responsible for


    complying with the principles and letter of the
    regulation. Data Controllers are also
    accountable for their processing and must
    demonstrate their compliance
    (‘accountability’)
    GDPR -- General Data Protection Regulation
    GDPR -- General Data Protection Regulation
    ISO 27001 (27002, 27003)

    ➢ El SGSI (Sistema de Gestión de Seguridad


    de la Información) (ISMS Information Security
    Management System) es el concepto central
    sobre el que se construye ISO 27001

    ✓ Confidencialidad: la información no se
    pone a disposición ni se revela a
    individuos, entidades o procesos no
    autorizados.
    ✓ Integridad: mantenimiento de la
    exactitud y completitud de la información
    y sus métodos de proceso.
    ✓ Disponibilidad: acceso y utilización de la
    información y los sistemas de tratamiento
    de la misma por parte de los individuos,
    entidades o procesos autorizados cuando
    lo requieran
    ISO 27001 (27002, 27003)

    You might also like