security best ways to protect your intellectual capital
out of 31
Post on 21-Jan-2018
Embed Size (px)
- 1. BIM, Security and the Building Lifecycle UK Security Expo 2017 Featured Project: Dubai International Airport | US $4.5B Value Trusted by the worlds largest projects Security: Best ways to protect your intellectual capital With
- 2. Agenda Introduction BIM, Security & the Building Lifecycle Impacts of the GDPR Aconex Response Q&A Steve Cooper, Aconex Steve Maddison, Ascentor Phil Brown, Ascentor Steve Cooper, Aconex All
- 3. Introduction Steve Cooper General Manager UK & Ireland, Aconex
- 4. Is information security relevant to construction and refurbishment projects? Information Security and the Building Lifecycle Steve Maddison Principal Consultant, Ascentor Steve.firstname.lastname@example.org
- 5. BIM, Security and the Building Lifecycle UK Security Expo 2017 Section1: BIM and Information Security: What are the information security risks to implementing BIM? Section 2: The Building Lifecycle: How do risks to information using BIM change during the building lifecycle? Section 3: Managing BIM Information Security Risks: What basic measures can help manage information security risks? Summary Presentation outline
- 6. BIM, Security and the Building Lifecycle UK Security Expo 2017 What is Building Information Modelling (BIM)? BIM is not a single piece of software or model: It is a new way of information processing and collaboration for construction projects with data embedded within a model BIM Level 2 mandated for HMG projects by 2016: BIM is for the lifetime of the building, not the construction project.
- 7. BIM, Security and the Building Lifecycle UK Security Expo 2017 What types of information are generated? Diagrams: floor plans, layouts, locations, detailed photos (internal and external), Documents: proposals, technical options, finance details, contracts, management plans. Models: laser scan data, point clouds, 3D models. Meta data: construction elements details of build specifications and composition. Specifications: schedules of products and capabilities.
- 8. BIM, Security and the Building Lifecycle UK Security Expo 2017 What are the risks? The information on a building project can be highly sensitive. It can be critical to the delivery of the project and long term support of the built asset. 3D models allow a virtual walk through of the building that otherwise wouldnt be available. Information could be used by potential attackers to disrupt the project, plan physical attacks, support cyber attacks, threaten personnel, disrupt services. Potential threats Terrorists, hackers (professionals, amateurs, political), criminal groups, state sponsored groups, insiders.
- 9. BIM, Security and the Building Lifecycle UK Security Expo 2017 What could possibly go wrong? What could happen? Inappropriate access to sensitive information (commercial, legal, personal, IP, security); Information is corrupted or incomplete; Information is not available when required. And what are the consequences? Project delays, cost increases, service disruption could include: legal, contractual, financial, reputational.
- 10. BIM, Security and the Building Lifecycle UK Security Expo 2017 Is information security necessary for BIM? Depends on your viewpoint: Client - Cares more about avoiding information exposure; Builder - Focus is on time avoiding cost and time overruns; Building operator - Concentrates on service delivery to customers; If you dont think any of this applies to you then why worry! If it does apply, then why isnt it built in already?
- 11. BIM, Security and the Building Lifecycle UK Security Expo 2017 Information risk and the building lifecycle Stage 0 Strategic definition Stage 1 Preparation and brief Stage 2 Concept and design Stage 3 Developed design Stage 4 Technical design Stage 5 Construction Stage 6 Handover and close out Stage 7 In use Increased Information Sharing
- 12. BIM, Security and the Building Lifecycle UK Security Expo 2017 In-use information security risks BIM data is used to support maintenance activities. This leads to: Increased information dissemination; Increased access to 3D models and meta data; Increased data retention. Building management system issues: Remote access support; Increased technical vulnerabilities Internet of Things.
- 13. BIM, Security and the Building Lifecycle UK Security Expo 2017 BIM information is in many different places Customer Information Systems CDE Prime Contractor Information Systems Staff Devices Internet Subcontractor Information Systems Staff Devices Subcontractor Information Systems Staff Devices Cloud Support Systems
- 14. BIM, Security and the Building Lifecycle UK Security Expo 2017 Information security awareness and maturity There is a general lack of awareness about Information Security in the construction industry: The level of awareness of information security tends to decrease down the supply chain; Tier 1 contractors are increasingly required contractually to manage risks both for themselves and down the supply chain.
- 15. BIM, Security and the Building Lifecycle UK Security Expo 2017 Information Security built-in Information Security should be part of the process from the outset. Contracts should specify information security requirements: Non-functional security requirements; Employer information requirements; Security aspects letter.
- 16. BIM, Security and the Building Lifecycle UK Security Expo 2017 Know what information is important and what the risks to it are Identify and value sensitive information assets: - Know what it is and where it is; - Determine customer protection priorities; Identify and assess risks: Determine if you have something to protect; Consider: - Who needs access to and why; - Understand if it needs to be accurate and complete; - Know what the availability requirements are. Have a governance structure: Supplier + customer working together.
- 17. BIM, Security and the Building Lifecycle UK Security Expo 2017 Control information sharing Information assets that are valued and labelled support controlled sharing: Common naming conventions and security gradings. Balance sharing information with managing access: - Have access controls within the CDE; - Manage all forms of data information sharing. Roll down information security to supply chain companies; - Basic information security measures; - Monitor and manage information dissemination.
- 18. BIM, Security and the Building Lifecycle UK Security Expo 2017 Lessons learned Balance information protection and accessibility. Manage supply chain information security. Information security extends beyond the project for the life of the building. Need intelligent suppliers and customers. Use tools that protect information. Guidance on Information Security for BIM: Centre for the Protection of the National Infrastructure: http://cpni.gov.uk/ Institution of Engineering and Technology: http://theiet.org/
- 19. BIM, Security and the Building Lifecycle UK Security Expo 2017 Summary BIM is about sharing information in a controlled and secure way. Intelligent customer and Intelligent Supplier. Security needs to cover the entire lifecycle of the built asset. This presentation was delivered to the UK Security Expo Conference on 30 Nov 2017
- 20. GDPR and security Phil Brown Lead Consultant, Ascentor email@example.com Impacts of the GDPR
- 21. Why working with Ascentor will set you apart General Data Protection Regulation Coming Soon! 21 GDPR will be enforced across the EU on 25th May 2018. In the UK, it will replace the Data Protection Act 1998. In essence it impacts any business that does business with EU members, regardless of where the processing takes place. Businesses will really need to know & understand: 1. what personal data they hold 2. where the data is being stored 3. the legal condition for processing the data 4. how they will respond to individuals exercising their rights 5. that the Regulation is not prescriptive in that it sets outs out the expectations but does not define how businesses should act a risk based approach
- 22. Why working with Ascentor will set you apart GDPR the underlying 6 principles 22 The GDPR requires that personal data shall be: 1. processed fairly, lawfully and transparently 2. collected for specified, explicit and legitimate purposes 3. adequate, relevant and limited to what is necessary 4. accurate and, where necessary, kept up to date 5. kept for no longer than is necessary 6. processed in a manner that ensures appropriate security PEOPLE PROCESSES TECHNOLOGY There is no one size fits all solution but one approach is to keep the data subject foremost in your mind rather than fixating on the most convenient solution.
- 23. Why working with Ascentor will set you apart Lawfulness of processing 23 Processing will only be lawful if one of the following conditions is met: the data subject gives consent for one or more specific purposes its necessary to meet contractual obligations entered into by the data subject its necessary to comply with legal obligations of the controller its necessary to protect the vital interests of the data subject its necessary for tasks in the public interest or exercise of authority vested in the controller its for the purposes of legitimate interests pursued by the controller (there is a balancing test)
- 24. Why working with Ascentor will set you apart General conditions for consent 24 The following conditions apply for consent to be valid: controllers must be able to demonstrate that consent was given i.e. the need to keep records written consent must be clear, intelligible and easily accessible, otherwise its not binding ticking a box or choosing appropriate technical settings are valid methods more
View more >