By Daniel E. Frank and Don Borelli

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "By Daniel E. Frank and Don Borelli"

Transcription

1 30-SECOND SUMMARY As intelligent, interconnected devices become more widely available and increasingly host high-value information like a hospital patient s medical records the intrusion points for cyber attackers also expand. This article looks closely at the scope and potential legal risks of cyber attacks. If your company or organization become a target, it is the responsibility of more than just technical (IT) staff to contain the threat. This is neither a technical article nor a doomsday scenario cyberscare tactic. Rather, this article aims to provide in-house counsel with some of the basic tools they need to deal with the inevitable cyber intrusions that they will confront.

2 By Daniel E. Frank and Don Borelli The Internet of Things is the talk of the day among tech experts. It refers to a complex world of intelligent, interconnected devices used by both government and business for convenience, as well as daily operations. These connected devices can speed a guest reservation at a luxury hotel or link a hospital heart monitor to a patient s history. But these systems are also intrusion points for cyber attackers. ACC DOCKET MARCH

3 CYBERSECURITY: HOW TO PREPARE FOR AND RESPOND TO CYBER ATTACKS For some industries, like electric utilities and the defense industry, cyber attacks are a daily occurrence. Cyber attacks are also increasing against hospitals, major hotels and universities. Each of these targets provides access to potentially high-value information, often with less advanced security barriers than previous targets, such as financial companies. In 2012, for example, the healthcare industry accounted for 36 percent of all data breaches the most reported data breaches by any industry. Hospitals store large amounts of personal information. In the last two years, there have been nearly 200 attacks directed at internet-connected medical devices alone an alarming example of how the healthcare industry is attracting cyber attacks. Like hospitals, hotels have become an attractive target. Hotels may be unable to monitor and secure facilities that are globally distributed and linked to a variety of electronic service providers. A board of directors meeting at a luxury hotel might rely on unsecured Wi-Fi for internet access. An embarrassing data breach of sensitive guest data or a cyber attack by a hacktivist group against a senior executive at a Daniel E. Frank counsels electric industry clients in cybersecurity matters, as well as regulatory, compliance and enforcement matters before FERC, NERC and state public service commissions. Don Borelli is chief operating officer of the Soufan Group. The authors gratefully acknowledge the substantial contributions of a third co-author (former in-house counsel specializing in cybersecurity) who wishes to remain anonymous. hotel could be a devastating blow to a hotel operator s reputation. The education industry is equally vulnerable. In 2012, the education industry reported the second most data breaches of any industry sector, right behind the healthcare industry. Foreign governments target universities for access to restricted data or technology that may save years of expensive research and development. Aside from a direct hacking attack on an educator s system, simple negligence in security practices may result in loss of sensitive data. For example, the Chinese government allegedly intercepted classified data on plasma research when a University of Tennessee professor visited China and allowed a sensitive document to be ed to him on unsecured networks. Almost a quarter of all data breaches in 2012 occurred as a result of accidental data disclosures. With professors working on multiple sensitive projects, and increasingly using online tools for collaboration, the risk of accidental disclosure has increased significantly. These examples are not intended to cause alarm. Rather, they are offered to emphasize the scope and potential legal risks of cyber attacks, and the importance of remaining prepared in case one should occur. In-house counsel no less than technical (IT) staff should play a vital role in preparing for and responding to cyber attack. The basics: What in-house counsel can do today Create a culture of security Every person in your company needs to understand that security is a fundamental pillar of the business. Staff should be instructed that security facilitates all other operations and that, without security, the business is subject to risks that could cause it to fail. This is not to create a culture of fear. Rather, a culture of security ensures that every staff member understands and follows security procedures and helps prevent many of the damaging cyber attacks likely to cause harm. In-house lawyers can take the lead in developing and promoting a culture of security. Lawyers can help translate the technical requirements of security procedures into everyday language that employees can understand and implement. For example, intrusions via social engineering (which exploits your vulnerabilities by targeting your personal information, such as s and passwords) and mixed physical and cyber intrusions (which can occur when a vendor or contractor is on-site) can cause substantial harm and are very difficult to prevent with technical solutions. Lawyers can bridge the gap between technical solutions and behavioral changes required to combat these intrusions, thereby raising awareness and creating a culture of security. Be proactive According to a major security research study released in 2013, the three most important ways to minimize data breach costs are to: (1) create and maintain a data breach response plan; (2) have a strong security posture; and (3) hire a chief information security officer (CISO). 1 A company needs all three. Secure the data within the company s control, be persistent in verifying security practices, and invest in a qualified expert to manage the program. In-house counsel should play a key role in developing the plan and security posture. In-house counsel can bridge the gap between the requirements identified by the IT or technical staff and the implementation of those requirements by operations personnel, management and others within the organization. The lawyer can also help IT and technical staff understand the legal and regulatory requirements applicable to the organization, while also serving as a gateway to communicating cyber-related concerns across internal departments. The lawyer s role begins at the outset of the development of the organization s 38 ASSOCIATION OF CORPORATE COUNSEL

4 CYBERSECURITY: HOW TO PREPARE FOR AND RESPOND TO CYBER ATTACKS security policy. Do not wait until the security policy is developed to review it. If you wait until then, you run the risk of having no meaningful input. More important, you will have missed the opportunity to understand the reasoning behind the policy and the security procedures adopted in the policy. Be on the Security Policy Planning Committee Talk to your CISO regularly. Identify the other critical managers involved in security planning. Ask whether anyone else should be involved. Bring these people together as the Security Policy Planning Committee and be on that committee from the start. Too many lawyers avoid the IT team because they think the subject matter is too technical. Of course, the mechanics involved in securing data and critical infrastructure can be technical. However, much of the material is highly accessible to non-technical people, including lawyers. You can teach yourself a lot of technical concepts, but your role should focus on the big picture policy issues concerning the company s security, including the costs and benefits involved, and the statutes and regulations governing the company s security. If you cannot understand the security policy, or do not understand how it was developed or may be modified, then you have a major problem. If you are in this situation, go back to step one: Talk to your CISO. What are the controls on your data? Almost 10 percent of all cyber attacks against companies last year were committed by insiders employees within the organization intent on engaging in crime, sabotage and other malicious activities. 2 It is not enough to keep the intruders out; you need to address the threat within. Establishing controls on data is key in this regard. For example, data should be compartmentalized, and multiple approvals should be required to access highly sensitive data. The critical issues to address in your data control policy include: What is the data? Where is the data? Who controls the data? How is the data accessed? Are you protecting the right data? How digital materials are secured may be within the scope of work for the security team (i.e., the technical IT staff), but it is important for in-house counsel to also understand and monitor the data controls. An audit can help you determine the data available and the access rights provided to employees. Be sure your internal personnel and security policies specifically provide that the legal and IT departments may audit employee access to data, including during an internal audit or investigation as well as in response to a cyber attack. Your policies also should clearly specify who owns the data within the organization s control. The audit will also provide your legal team with valuable insights on the type of data your company maintains, where it is stored (including in the cloud off-site servers typically owned and operated by third parties), where and how it is transferred, and what is considered most important. You likely will discover that the legal department was unaware of some data or projects. Use this newfound discovery as an opportunity to assess your intellectual property portfolio and confirm that you are properly protecting the legal rights to the information in addition to the security of the data. Include a review of your contracts that govern the storage and transfer of data, and be mindful of the differences in legal requirements across various jurisdictions (including outside the United States). The security community has many different models for back-up systems, ranging from full redundancy to restoring only critical systems. Know which type of system your company has chosen and why. How will the security plan limit disruption to operations? In-house counsel must know what operations are critical for the company to remain functional and how long they can be disrupted without longterm ramifications. For example, if a hacktivist group launches a Distributed Denial of Service (DDOS) attack that floods your systems with disruptive requests, you need to understand how this will affect operations. The security community has many different models for back-up systems, ranging from full redundancy to restoring only critical systems. Know which type of system your company has chosen and why. This awareness will help your legal department provide support to the most critical services and understand the impact of a disruption to operations. Use the security plan as an opportunity to also develop your procedures for communicating with law enforcement. Determine who in law enforcement is most likely to be of assistance. Local police seldom have the advanced skills to respond to a data breach. Federal law enforcement also varies in capabilities. Start by contacting your local FBI office before you face the pressure of a cyber attack, and update your contact information on a regular basis. Discuss the plan for how you will notify the local FBI office, how and when law enforcement will be included in your investigations, how information will be preserved and disclosed, and other details on the process. This 40 ASSOCIATION OF CORPORATE COUNSEL

5 CYBERSECURITY: HOW TO PREPARE FOR AND RESPOND TO CYBER ATTACKS ACC EXTRAS ON Cybersecurity Quick Reference Data Breaches and Cyber Risk Update: This Can Mean You, Too! (Jan. 2012). www. acc.com/quickref/databreach_jan12 Top Tens Top Ten Things You Should Know About NIST s Preliminary Cybersecurity Framework (Jan. 2014). www. acc.com/topten/nistframework_jan14 Top Ten Tips for Companies Buying Cybersecurity Insurance Coverage (Dec. 2012). cybersecurity-insurance_ dec12 Presentation Global Cyber Risks: Why Your Entire In-house Legal Department Should Pay Attention (Oct. 2013). ACC HAS MORE MATERIAL ON THIS SUBJECT ON OUR WEBSITE. VISIT WHERE YOU CAN BROWSE OUR RESOURCES BY PRACTICE AREA OR SEARCH BY KEYWORD. will save you large amounts of time and confusion during the stress of a cyber attack. Be smart with your money The National Security Agency (NSA) invested billions in advanced security, but apparently failed to compartmentalize data and implement dual access controls. These are basic, inexpensive steps that could likely have denied Edward Snowden easy access to large amounts of data that he should not have been able to obtain and publicly disseminate. Implement easy, low-cost solutions first. Deploying low-cost encryption technology can eliminate data loss by ensuring that any lost data is not readable. Ask your security team to verify that easy solutions like encryption are being considered. Other low-cost solutions include disabling the ability to download data, copying data, and closing unused ports that can allow unauthorized access to your system (including through removable media such as thumb-drives). Additionally, commercial services can monitor open source materials and provide a list of likely threats. These types of services reduce overall costs and improve security by helping company staff focus on fewer threats. These are typically the same services that monitor for trademark abuse online. Sharing costs for these services with the security team may be an opportunity to improve security and protect your company s brand at the same time. Good security needs good intelligence Many industry groups now promote data sharing of threat intelligence to identify potential attacks before they occur. In past years, these were informal groups that loosely shared data without adequate security. These insecure information sharing efforts should no longer be a problem. Many platforms now exist that provide secure effective data sharing among industry members or law enforcement. These groups help your company focus on likely threats and cooperate with law enforcement. Too often, lawyers are wary of data sharing proposals. This is an out-dated way of thinking. If your CISO proposes data sharing, you should welcome the idea. Take the time to understand the different platforms available and suggest the best internal safeguards to make data sharing an effective tool. As in-house counsel, you also can help identify any potential legal pitfalls with the proposed platforms, and what those pitfalls might mean for the company and its business. Should you transfer the risk? Do you have insurance coverage for a cyber attack? Few CISOs consider the risk management element of cybersecurity beyond the technical safeguards. Most standard liability insurance policies do not cover data breaches, cyber attacks or the responses to them. But an increasing number of insurance products addressing cyber attacks and responses are available on the market. Conduct a risk assessment comparing the loss expectancy of a cyber attack multiplied by the expected rate of occurrence to determine whether you should purchase additional liability coverage. Your CISO should be able to help you analyze the risk exposure, but the legal department should review the liability coverage available to confirm that it is adequate. You ve been hacked. Now what? Whom are you going to call? In a cyber attack, do you first call the technical investigators or the law firm? It should probably be a law firm. A law firm can help protect the entire investigation process under the attorneyclient privilege. Some boutique law firms have created a hybrid-consulting model with forensic investigation capabilities. This provides the best protection for limiting the scope of discovery in future litigation. The CISO almost never considers calling lawyers first. However, doing so, and having the right law firm ready, may not only quickly advance your investigation, but also protect your company from liability exposure. Use the attorneyclient privilege to protect your sensitive investigation from the start. Be aware that the attorney-client privilege, as applied to in-house counsel, has been narrowly interpreted by some states. The privilege is unlikely to apply to communications based on on-going business activities. To avoid risking loss of this important protection privilege, in-house counsel 42 ASSOCIATION OF CORPORATE COUNSEL

6 HAVE A COMMENT ON THIS ARTICLE? VISIT ACC S BLOG AT should avoid personally directing any investigation and should instead appoint outside counsel to take on this leadership role. A significant related concern arises when the general counsel manages the CISO or has been heavily involved in oversight of the security team. This reporting structure is likely to be interpreted as an on-going business relationship outside the scope of the attorney-client privilege. The privilege is most clearly protected when the CISO role is removed from the legal department s direct management chain and when outside counsel are managing the investigation. Preserve evidence Evidence preservation creates two issues: a technical concern and a legal concern. In-house counsel can help with both. One of the most common technical problems that investigators face is incident responders who do not understand digital evidence preservation. For example, an IT person might isolate a computer or server that has been infected by a hacker and is being used to penetrate the company networks, and then copy the hard drive and remove it from the network. Sounds good, right? Wrong! Isolation might stop the problem in the shortterm, but once the machine is removed from the network, it will be difficult for investigators to track the hacker s behavior that caused the attack in the first place. The opportunity to observe and record prefatory activity has been destroyed and with it, your opportunity to understand how the hacker gained access to your system and, more important, how you could prevent a similar attack in the future. From a legal perspective, the physical evidence on the isolated machine is now unlikely to be helpful for use in later court proceedings. Forensic investigators are subject to a higher standard for handling digital evidence than incident responders. A copy of a drive must be verified using a forensic algorithm to make sure it is accurate. Your IT person may have also ruined any chance for a later forensic examiner to verify the evidence in court. In-house counsel can and should make sure that the security team understands how to secure and preserve digital evidence in a manner that preserves it for later use in legal proceedings. Balance disclosure with accuracy Almost all US states now have data breach notification laws. These laws generally require issuing timely data breach notifications. However, rushing to disclose data leaks before finishing an investigation may cause your company more problems. For example, overestimating the scope of the breach and over-reporting the size of data lost will increase costs. At an average cost of $159 USD per compromised record, this excessive disclosure can be a costly mistake. Before jumping the proverbial gun, verify that the data lost is legally defined as personal information that requires disclosure. As in-house counsel, you can help navigate the legal and regulatory requirements governing the scope of notification, and when and how it should be given. If breach notification is required, then it should be clear and unambiguous. The lawyer can help here, too, by ensuring that language used is clear and unambiguous, satisfies applicable statutory and regulatory requirements, and does not provide extraneous information that might expose the company to additional liability. Finally, a company may consider offering public assistance along with notification, such as providing internet links to credit check services or identity theft watch providers. Offering public assistance may help retain customer goodwill and even prevent additional litigation spurred on by a victim s discontent. In-house counsel should be attuned to the company s business needs and the importance of maintaining customer relationships. At the same time, the lawyer can help manage the company s potential legal exposure if too much data is disclosed to customers. Conclusion To be effective in responding to a cyber attack, you need persistence and an adaptable plan. Be diligent in monitoring your security controls and in learning about technology. Technology is the frame on which your company operations work. You do not need a computer science degree to gain a basic understanding of cyber issues. Learn enough to understand the basic issues and possible solutions. Much of this education can be self-taught. When you understand and can communicate the issues, your security team will respect your input and ideas. You will also sleep better at night, confident that you understand your company s security plan and how to respond if there is a major incident. The time to dust off your plan and find an answer is not when an attack occurs and your CEO is on the phone asking for advice. If you follow the suggestions in this article, then you will be involved in the plan from the start, understand how to respond, be able to confidently assure your CEO that the situation is under control, and in the process, become the new inhouse legal hero. ACC NOTES 1 Ponemon Institute Report May 2013 ( US and UK companies received the greatest reduction in Symantec Internet Security Threat Report (ISTR) Symantec Internet Security Threat Report (ISTR). 44 ASSOCIATION OF CORPORATE COUNSEL

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Five keys to a more secure data environment

Five keys to a more secure data environment Five keys to a more secure data environment A holistic approach to data infrastructure security Compliance professionals know better than anyone how compromised data can lead to financial and reputational

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

Cloud Computing Contract Clauses

Cloud Computing Contract Clauses Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security

More information

KEY STEPS FOLLOWING A DATA BREACH

KEY STEPS FOLLOWING A DATA BREACH KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

10 Smart Ideas for. Keeping Data Safe. From Hackers

10 Smart Ideas for. Keeping Data Safe. From Hackers 0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000

More information

Insurance for Data Breaches in the Hospitality Industry

Insurance for Data Breaches in the Hospitality Industry The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem. Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

IDENTIFYING AND RESPONDING TO DATA BREACHES

IDENTIFYING AND RESPONDING TO DATA BREACHES IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW

More information

Global Corporate IT Security Risks: 2013

Global Corporate IT Security Risks: 2013 Global Corporate IT Security Risks: 2013 May 2013 For Kaspersky Lab, the world s largest private developer of advanced security solutions for home users and corporate IT infrastructures, meeting the needs

More information

Cyber Security Strategy

Cyber Security Strategy NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use

More information

Standard: Information Security Incident Management

Standard: Information Security Incident Management Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of

More information

Brief. The BakerHostetler Data Security Incident Response Report 2015

Brief. The BakerHostetler Data Security Incident Response Report 2015 Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Protecting against cyber threats and security breaches

Protecting against cyber threats and security breaches Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Stay ahead of insiderthreats with predictive,intelligent security

Stay ahead of insiderthreats with predictive,intelligent security Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER

More information

Managing IT Security with Penetration Testing

Managing IT Security with Penetration Testing Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to

More information

Information Security Services

Information Security Services Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

The Importance of Cybersecurity Monitoring for Utilities

The Importance of Cybersecurity Monitoring for Utilities The Importance of Cybersecurity Monitoring for Utilities www.n-dimension.com Cybersecurity threats against energy companies, including utilities, have been increasing at an alarming rate. A comprehensive

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015

Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence. AIBA Quarterly Meeting September 10, 2015 Who Drives Cybersecurity in Your Business? Milan Patel, K2 Intelligence AIBA Quarterly Meeting September 10, 2015 The Answer 2 Everyone The relationship between the board, C-suite, IT, and compliance leaders

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate

More information

Cybersecurity and internal audit. August 15, 2014

Cybersecurity and internal audit. August 15, 2014 Cybersecurity and internal audit August 15, 2014 arket insights: what we are seeing so far? 60% of organizations see increased risk from using social networking, cloud computing and personal mobile devices

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT) INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015

More information

Data Breach Response Planning: Laying the Right Foundation

Data Breach Response Planning: Laying the Right Foundation Data Breach Response Planning: Laying the Right Foundation September 16, 2015 Presented by Paige M. Boshell and Amy S. Leopard babc.com ALABAMA I DISTRICT OF COLUMBIA I FLORIDA I MISSISSIPPI I NORTH CAROLINA

More information

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013 1 AGENDA Why Cybersecurity? A Few Helpful Cybersecurity Concepts Developing Expertise:

More information

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised

How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released June 24, 2010 How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior Vice President, ACE North America Marketing

More information

Anatomy of a Cloud Computing Data Breach

Anatomy of a Cloud Computing Data Breach Anatomy of a Cloud Computing Data Breach Sheryl Falk Mike Olive ACC Houston Chapter ITPEC Practice Group September 18, 2014 1 Agenda Ø Cloud 101 Welcome to Cloud Computing Ø Cloud Agreement Considerations

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS

HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY CONTROLS Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HEALTH INSURANCE MARKETPLACES GENERALLY PROTECTED PERSONALLY IDENTIFIABLE INFORMATION BUT COULD IMPROVE CERTAIN INFORMATION SECURITY

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Application Intrusion Detection

Application Intrusion Detection Application Intrusion Detection Drew Miller Black Hat Consulting Application Intrusion Detection Introduction Mitigating Exposures Monitoring Exposures Response Times Proactive Risk Analysis Summary Introduction

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

Incident Response 101: You ve been hacked, now what?

Incident Response 101: You ve been hacked, now what? Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape

More information

GEARS Cyber-Security Services

GEARS Cyber-Security Services Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments

More information

Working with the FBI

Working with the FBI Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement

More information

2012 Endpoint Security Best Practices Survey

2012 Endpoint Security Best Practices Survey WHITE PAPER: 2012 ENDPOINT SECURITY BEST PRACTICES SURVEY........................................ 2012 Endpoint Security Best Practices Survey Who should read this paper Small and medium business owners

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

Presentation Objectives

Presentation Objectives Gerry Cochran, IT Specialist Jennifer Van Tassel, Associate Examiner Office of the State Comptroller Thomas P. DiNapoli State & Local Government Accountability Andrew A. SanFilippo Executive Deputy Comptroller

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

defending against advanced persistent threats: strategies for a new era of attacks agility made possible defending against advanced persistent threats: strategies for a new era of attacks agility made possible security threats as we know them are changing The traditional dangers IT security teams have been

More information

2012 Bit9 Cyber Security Research Report

2012 Bit9 Cyber Security Research Report 2012 Bit9 Cyber Security Research Report Table of Contents Executive Summary Survey Participants Conclusion Appendix 3 4 10 11 Executive Summary According to the results of a recent survey conducted by

More information

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised

Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised ACE USA Podcast Released February 3, 2010 Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Limiting the Damage from a Denial of Service Attack

Limiting the Damage from a Denial of Service Attack April 25, 2014 Limiting the Damage from a Denial of Service Attack From the Experts Andrew M. Hinkes, Corporate Counsel In early 2013, a wave of denial of service (DoS) attacks reportedly caused U.S. banks

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

Incident Response. Proactive Incident Management. Sean Curran Director

Incident Response. Proactive Incident Management. Sean Curran Director Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013

More information

A Simple Guide to Successful. Penetration Testing

A Simple Guide to Successful. Penetration Testing A Simple Guide to Successful Penetration Testing Table of Contents Penetration Testing, Simplified. Scanning is Not Testing. Test Well. Test Often. Pen Test to Avoid a Mess. Six-phase Methodology. A Few

More information

www.pwc.com Developing a robust cyber security governance framework 16 April 2015

www.pwc.com Developing a robust cyber security governance framework 16 April 2015 www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October

More information

Law Firm Cyber Security & Compliance Risks

Law Firm Cyber Security & Compliance Risks ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014

More information

Plan of Attack 5 Step Plan

Plan of Attack 5 Step Plan Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 CIP Supply Chain Risk Management (RM15 14 000) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016 My name is Jacob Olcott and I am pleased to share some observations on

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

What is Penetration Testing?

What is Penetration Testing? White Paper What is Penetration Testing? An Introduction for IT Managers What Is Penetration Testing? Penetration testing is the process of identifying security gaps in your IT infrastructure by mimicking

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC. October 2014. Sponsored by:

CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC. October 2014. Sponsored by: CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC October 2014 Cyber Exposures of Small and Midsize Businesses A digital pandemic Executive Summary Gone are the days when data breaches,

More information

Priority III: A National Cyberspace Security Awareness and Training Program

Priority III: A National Cyberspace Security Awareness and Training Program Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.

More information

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide

The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide SOLUTION BRIEF NIST FRAMEWORK FOR IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY The NIST Framework for Improving Critical Infrastructure Cybersecurity - An Executive Guide SOLUTION BRIEF CA DATABASE

More information

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord

Building The Human Firewall. Andy Sawyer, CISM, C CISO Director of Security Locke Lord Building The Human Firewall Andy Sawyer, CISM, C CISO Director of Security Locke Lord Confidentiality, Integrity, Availability Benchmarks of Cybersecurity: Confidentiality Information is protected against

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Practical Lessons Learned: An Overview of Cybersecurity Law & Information Governance

Practical Lessons Learned: An Overview of Cybersecurity Law & Information Governance Baltimore Chapter Practical Lessons Learned: An Overview of Cybersecurity Law & Information Governance presented by Howard R. Feldman S. Keith Moulsdale hfeldman@wtplaw.com kmoulsdale@wtplaw.com 410.347.8793

More information

THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED

THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat

More information