third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
third Cyber Security Assessment Netherlands - NCSC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
different search results: women get different results from men,<br />
people in Amsterdam get different results from people in<br />
Rotterdam, etc. This can lead to better search results but it also<br />
means that the end-user has less of a grip on what he finds.<br />
6.5 How can we keep a grip?<br />
To summarise the sections above, it is clear that information is<br />
being digitalised at a rapid pace. Moreover, that means a host<br />
of new threats. What is being done to maintain some sort of grip?<br />
Users<br />
Users can be advised on how to handle (personal) data but they are<br />
still largely dependent on the degree of security, which products and<br />
providers integrate. One of users’ responsibilities is to make a<br />
conscious choice about what information is published and who it is<br />
shared with. This reduces the privacy risks and makes it more difficult<br />
for malicious attackers to get hold of and abuse this information. The<br />
trend is that the Dutch are getting better at checking who personal<br />
information is sent to and they are changing their passwords more<br />
frequently. [52: UT 2012] The CBP offers citizens practical information on<br />
protecting their privacy at http://www.mijnprivacy.nl.<br />
Companies and governments<br />
Developments such as cloud and mobile require an ongoing focus<br />
on security so that customers and citizens can make safe use of<br />
services and have their privacy safeguarded.<br />
effectively about what they retain in-house and what the best<br />
means of implementation is, considering the balance between<br />
security, privacy and costs.<br />
Duty of care and reporting<br />
As well as organisations having to be transparent in how they<br />
process and secure any data collated, they also have a duty of care<br />
and reporting. Since 5 June 2012, telecoms providers have been<br />
required to report all security incidents involving personal data<br />
to the Authority for Consumers & Markets. [183] Does the incident<br />
have unpleasant consequences for customers? The telecoms<br />
providers must then also inform the customers concerned. Thus<br />
duty to report is bound up with the duty of care: companies are<br />
required to effectively protect their customers’ personal details.<br />
As a supervisory body, the CBP investigated some 25 (potential)<br />
security and data leaks in 2012. [2: CBP 2013][184] In the case of investigated<br />
the data leaks, citizens were often asked to fill in personal details<br />
on a web form (including medical details) which were then sent<br />
unsecured through the internet. Companies and governments are<br />
currently not obliged to report data leaks.<br />
However legislation is being prepared that will introduce compulsory<br />
reporting of data leaks. [185] «<br />
With the continuing digitalisation of the government, security is an<br />
important aspect; various parties are collaborating in this area with<br />
the aim of making government organisations more resilient and<br />
ensuring that they can recover quickly following a security incident.<br />
[182]<br />
The CBP offers companies and organisations information about<br />
privacy protection at http://www.cbpweb.nl/.<br />
Government organisation rely heavily on procedures and far<br />
less on technical security measures. This does not need to be<br />
a problem if there is sufficient awareness to comply with the<br />
procedural measures. According to research however, this appears<br />
[10: E&Y 2012]<br />
not to be the case.<br />
The expectation is that organisations will increasingly implement<br />
a private cloud environment and (once again) manage their own big<br />
data rather than housing it with external parties. [43: Quocirca 2013] This<br />
will give (back) to the organisations better and more transparent<br />
control over their own data. Organisations are thinking more<br />
182 http://www.taskforcebid.nl/<br />
183 https://www.acm.nl/nl/onderwerpen/telecommunicatie/internet/<br />
meldplicht-inbreuk-bescherming-persoonsgegevens/<br />
184 http://www.cbpweb.nl/Pages/pb_20130219_richtsnoeren-beveiliging-persoonsgegevens.aspx<br />
185 http://www.rijksoverheid.nl/documenten-en-publicaties/wetsvoorstellen/2012/11/01/<br />
wijziging-wet-bescherming-persoonsgegevens-meldplicht-datalekken<br />
78