Security Logs Aren't Enough: Logging for User Data Protection

DEF CON 24

Presented by: Alisha Kloc
Date: Friday August 05, 2016
Time: 18:00 - 18:50
Location: Village Talks

Uh-oh - your startup just made headlines, but not for the reason you wanted: one of your employees has been accused of stealing a customer’s PII! Surely you can get to the bottom of the situation by checking your security logs… right? Right? Probably not, in fact. Most security logs don’t contain enough information to determine the crucial facts of a user data privacy issue: the “who”, “whom”, “what”, “where”, “when”, and “why” of user data accesses. Without all these pieces of information, as well as signals and alerts that make use of them, you can’t reconstruct the activity and motivations of your employees when they’re accessing user data. Find out how to supercharge your data access logging and ensure your users’ data is well-protected.

Alisha Kloc

Alisha Kloc has worked in the security and privacy industry for over seven years, most recently at Google where she works hard to protect users’ data. She is passionate about data security and user privacy, and believes in combining technology, policy, and culture to ensure users’ protection.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats