Building Your Information Governance Framework
|
|
- Harvey Blair
- 8 years ago
- Views:
Transcription
1 Building Your Information Governance Framework Wisconsin Law & Technology Conference 2015 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL
2 Learning Objectives What is Information Governance? Information Governance Organization Scope and Guiding Principles Steps in Implementing an IG Program Sample Initiatives Resources
3 Offices UNITED STATES BOSTON, MA CHICAGO, IL DETROIT, MI JACKSONVILLE, FL LOS ANGELES, CA MADISON, WI MIAMI, FL MILWAUKEE, WI NEW YORK, NY ORLANDO, FL SACRAMENTO, CA SAN DIEGO, CA SAN FRANCISCO, CA SILICON VALLEY, CA TALLAHASSEE, FL TAMPA, FL WASHINGTON, D.C. EUROPE BRUSSELS ASIA SHANGHAI TOKYO 900 Attorneys Practice Areas BUSINESS LAW IP Litigation Government 3
4 What is Information Governance? Definition: Enterprise-wide approach to the management and protection of a law firm s client and business information assets. An effective IG program: Enables lawyers to meet their professional responsibility regarding client information; Recognizes an expanding set of regulatory and privacy requirements that apply to firm and client information; Relies upon a culture of participation and collaboration within the entire firm. Firms are better able to mitigate risk, improve client service and reduce cost.
5 What is Information Governance?
6 Foley & Lardner LLP Initial IG Framework in 2010 Triggers: The financial downturn The need to move beyond physical recordkeeping Compliance requirements Client Security Requirements
7 What Is The IG Framework? 1. Leadership The foundation of the IG program It gives the IG team Structure A benchmark It gives the firm A platform for awareness and change 2. Buy-In 3. Team 4. Plans 5. Policies 6. Change Management 7. Continuous Improvement 7
8 1. The IG Framework Requires A Leader An information management professional Generally at the C- or Director- Level A member of management COO General Counsel Member of management committee A partner or senior staff leader appointed by management Influence Leadership Strategic Planning Analytics Subject Matter Project Management Change Management 8
9 2. The IG Framework Requires Buy-In The key to successful leadership is influence, not authority Kenneth Blanchard You may not have the authority to mandate IG in your firm, but you can influence leaders to adopt it You can influence other influencers I Understand the Benefits of IG I Influence You You Influence Management Management Supports IG We Can Build the Framework Also see the article: How to Influence When You Don t Have Authority Forbes, 1/3/
10 3. The IG Framework Requires A Team Structure Formal or informal Components Governance Operations Governance Engaged Leadership Or Advisory? Considerations Maturity of programs Stakeholders Operations Active Builder Or Leader and Builder? 10
11 Information Governance Structure Organizational unit that bridges the gap across information silos and systems throughout the firm. Brings constituents together: Technology Litigation Support Information Security Records Management Knowledge Management Information Governance Advisory Board Operational Leaders
12 The Foley IG Structure Reports to the COO and General Counsel Led by Director, IG (DIG) Dotted line to CIO Governance = IG Advisory Board Operations = RIM + Security CIO COO Security DIG RIM GC IGAB Local Records 12
13 Members of Foley IG Advisory Board Executive sponsors GC and COO Leader Director of IG Members CIO CAO, CHRO, CFO, CMO Deputy GC Privacy partner 13
14 4. The IG Framework Requires A Plan A plan is A benchmark A roadmap Planning requires Strategic and tactical skills Think big and long Think components and now Definition Of IG Vision, Mission, Values Strategies Initiatives Roadmap Charter 14
15 At Foley Vision Foley IG promotes a culture in which all Personnel: Value information as a critical asset of the Firm and its clients. Understand the risks, responsibilities and legal requirements related to law firm client and business information. Manage information in ways that protect our clients, our colleagues and the Firm. Mission Protecting Critical Client And Firm Information Assets Values Stewardship Compliance Access Security 15
16 The Roadmap Supports The Strategies And the Initiatives Priorities Which strategies are most important Which initiatives in the top strategies are most important Timelines Project phasing and timing Funding Budgeting Resources Skills and personnel needed 16
17 5. The IG Framework Requires Policies And Principles Policies Align with IG scope, vision, mission and values Document desired behaviors Provide guidance for the development of IG systems and programs Principles Guidelines that derive from the policies Make it easy for users to understand IG goals and objectives 17
18 Foley IG Policies RIM Policies Management of Records Retention Policies & Schedules Mobility Policies Document Holds and Destruction Obligation Governing Policies Policy on Information Governance Policy on Confidentiality Security Policies Acceptable Use Information Security Access, Use & Disclosure of PII and PHI Third Party Access Policies Responding to Third Party Information Security Requests 18
19 Driving Change - Understand Your Firm Is it a Top Down organization? Can you mandate change? Or, is it a Grass Roots organization? Do you have to slowly grow change? 19
20 Branding Communications are recognizable and consistent 20
21 6. The IG Framework Requires A Strategy For Continuous Improvement Scanning and awareness Measure results Add and improve 21
22 Scanning And Industry Awareness What s happening in your firm? Expansion Added practice areas What s happening in the industry? New requirements for lawyers? What s happening in society New norms (i.e., social networking)? New laws 22
23 Measure Audit for compliance Gather data, indicators, ROI to demonstrate the impact of IG Examples Lowered storage cost Quicker access Better security Quicker response to client security questionnaires Coordinated response to a potential breach More efficient lateral integration processes 23
24 Increasing Concern about Law Firm Information Security Clients Demand Law Firm Cyber Audits (ABA, 2013) Law Firms Face Pressure From Clients on Data Security (Legal Intelligencer, Mar 2014) Citigroup Report Chides Law Firms for Silence on Hackings (NY Times, Mar 2015) Law Firms are Pressed on Security for Data (NY Times, Mar 2014) Clients Eye Law Firms as Security Weak Link (Recorder Feb, 2015 Law Firms to Form Cybersecurity Alliance (Am. Lawyer Mar, 2015)
25 The Quote Everyone is Using Essentially, data thieves consider law firms the soft underbelly [emph. added] of [security] as they attempt to illegally obtain information. Sharon D. Nelson & John W. Simek, Your Law Firm Has Been Breached! Now What? LAW PRAC., Sept./Oct. 2012, at 22
26 And The FBI Says We have hundreds of law firms that we see increasingly being targeted by hackers, said Mary Galligan, special agent in charge of cyber and special operations. LegalTech News 2013
27 Terabytes of Electronic Information This Includes: >Millions of Records in the DMS (>25% Documents) (>75% ) But that s only what we know about
28 And We Have Specific Requirements to Protect It Confidentiality The core requirement for lawyers and law firm staff Privacy Personally Identifiable Information (PII) A variety of federal and state regulations that apply to all business that store PII Personal Health Information (PHI) HIPAA We are Business Associates and are fully subject to HIPAA requirements and penalties
29 Our Data?
30 What s Our Risk? What can go wrong? How can our clients be harmed? How can our employees be harmed? How can the Firm be harmed?
31 Real Risks and Challenges These Have Really Happened to Us Crypto Wall Virus Pay us $ or we won t decrypt your hard drive CEO spoof To: CFO From: CEO (lolarichards2000@yahoo.com) Re: Procedures to wire funds Departing attorney removes 1,000 s of documents from Firm systems Laptop left at the airport Unencrypted, no password and STILL RUNNING Records stolen from car Laptop, ipad, written records
32 Biggest Pressure is Coming From Clients Gramm-Leach-Bliley Requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data Multiple Client Security Requests Banks and financial institutions Address perceived gaps We expect these from pharm and healthcare clients soon (i.e., HIPAA)
33 What Clients Are Demanding Risk Area Implement Cost Culture 2 factor authentication LOW LOW LOW External Media (USB, Flash Drive, HDD) LOW LOW MED Disaster Recovery MED MED HIGH Access to Webmail, Social Media, Cloud Storage LOW LOW HIGH Data Loss Prevention (DLP) MED HIGH HIGH BYOD Controls (Mobile Device Management) MED MED HIGH Appropriate Access to Information MED MED HIGH Information Classification HIGH MED HIGH
34 Things We Are Doing Trying to balance Assessing client demands Raising security awareness Cyber Insurance and ISO Certification Information Governance program Ease of Use Protection of Information Assets
35 Security Awareness Distributing alerts, articles, news Social engineering test We sent three phony s to about 1,800 users They looked legitimate Intent was to see how many people would click on a malicious link How many clicked? 10% of the targets (180 individuals)
36 Information Governance Program Seeks to treat client and firm information as a valuable business asset Compliance Training & Awareness Information Security Information Management
37 IG Strategies Security Information Management Compliance Awareness Data Loss Protection Mobile Device Mgmt Access Mgmt E-Records Dark Data Info. Storage Audit Continual Improvement Public Awareness Training Third Party Access Industry Scanning Vulnerability Monitoring
38 WIIFM? ( What s In It For Me? ) Client retention Competitive advantage We could lead Or at least we could keep pace Better access to information for matter teams Adherence to ethical and legal responsibilities
39 10 Guiding IG Principles 1. Manage confidential, sensitive or Personal Information as required by law, agreement or Firm Policy 2. Understand third party access requirements 3. Respond promptly to IG Compliance notices 4. File records regularly 5. Maintain the Firm s Official Records in electronic form, unless hard copy is required 6. Store Official Records in an approved records repository 7. Organize Official Records by correct client/matter number 8. Retain and destroy records as permitted by Firm Policy 9. Avoid making multiple copies of records 10. Don t handle file transfers (in or out) on your own
40 Questions?
41 Resources Iron Mountain - Storage/Iron-Mountain-Connect.aspx IGI Initative - AIIM ARMA - NIST -
42 Building Your IG Framework Law and Technology Conference 2015 Randy Oppenborn Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL
Are Public/Private Collaborations Accelerating Innovation?
Are Public/Private Collaborations Accelerating Innovation? Presented at NutrEvent Lille, 18 th June 2015 R. Frederic Henschel rhenschel@foley.com Attorney Advertising Prior results do not guarantee a similar
More informationInformation Governance
Information Governance The New Records Management Rudy Moliere Director, Information Goverance & Records Management Terrence J. Coan, CRM Senior Director Information Management Practice Agenda Introductions
More informationBreaking Down the Silos: A 21st Century Approach to Information Governance. May 2015
Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information
More informationWater Technology U.S. Patent Landscape Annual Report
Water Technology U.S. Patent Landscape Annual Report December 2013 Preface Water is life s mater and matrix, mother and medium. There is no life without water. ~Albert Szent-Gyorgyi Water is central to
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationCompromises in Healthcare Privacy due to Data Breaches
Compromises in Healthcare Privacy due to Data Breaches S. Srinivasan, PhD Distinguished Professor of Information Systems Jesse H. Jones School of Business Texas Southern University, Houston, Texas, USA
More informationImplementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks
Implementing Information Governance: A Best Practice Approach to Enable Compliance and Reduce Costs & Risks July 23, 2015 2015 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationClick to edit Master title style
EVOLUTION OF CYBERSECURITY Click to edit Master title style IDENTIFYING BEST PRACTICES PHILIP DIEKHOFF, IT RISK SERVICES TECHNOLOGY THE DARK SIDE AGENDA Defining cybersecurity Assessing your cybersecurity
More informationUtica College. Information Security Plan
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationCybersecurity Framework: Current Status and Next Steps
Cybersecurity Framework: Current Status and Next Steps Federal Advisory Committee on Insurance November 6, 2014 Adam Sedgewick Senior IT Policy Advisor Adam.Sedgewick@nist.gov National Institute of Standards
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationNAVIGATING THE MAZE. 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona. 2013 CIO Roundtable Retreat
NAVIGATING THE MAZE 2013 LEGAL CIO ROUNDTABLE RETREAT March 3-5, 2013 The Boulders Hotel Carefree, Arizona Information Governance Define your Process and Framework Agenda Information Governance Defined
More informationSecurely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com
Securely Yours LLC IT Hot Topics Sajay Rai, CPA, CISSP, CISM sajayrai@securelyyoursllc.com Contents Background Top Security Topics What auditors must know? What auditors must do? Next Steps [Image Info]
More informationChanges of Ownership by Northwest Community Day Surgery
STATE OF ILLINOIS HEALTH FACILITIES AND SERVICES REVIEW BOARD 5 525 WEST JEFFERSON ST. SPRINGFIELD, ILLINOIS 62761 (217) 782-3516 FAX: 217) 785-4111 DOCKET ITEM: BOARD MEETING: EXEMPTION NUMBER: C-01 November
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationDATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE
DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next
More informationTrust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits
HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)
More informationCyberSecurity for Law Firms
CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a
More information2010 AICPA Top Technology Initiatives. About the Presenter. Agenda. Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP
2010 AICPA Top Technology Initiatives Presenter: Dan Schroeder, CPA/CITP Habif, Arogeti, & Wynne, LLP Georgia Society of CPAs Annual Convention June 16, 2010 About the Presenter Partner-in-Charge, Habif,
More informationHEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES
HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare
More informationCybersecurity Strategy
SYSTEM SOFT TECHNOLOGIES Cybersecurity Strategy Overview With the exponential growth of cyberspace over the past two decades has come increasing risk of data security breaches involving sensitive and private
More informationExecutive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014
Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework September 23, 2014 Executive Order: Improving Critical Infrastructure Cybersecurity It is the policy of the United States to
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationPractical Storage Security With Key Management. Russ Fellows, Evaluator Group
Practical Storage Security With Key Management Russ Fellows, Evaluator Group SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationNIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo
2014 Morrison & Foerster LLP All Rights Reserved mofo.com NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin,
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationDATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH
DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and
More informationCloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC Disclaimer THIS PRESENTATION IS TO ASSIST IN A GENERAL
More informationAPPENDIX 1: SURVEY. Copyright 2010 Major, Lindsey & Africa, LLC. All rights reserved.
APPENDIX 1: SURVEY Major, Lindsey & Africa Partner Compensation Survey (2010) Dear : Major, Lindsey & Africa invites you to participate in our 2010 MLA Partner Compensation Survey. This Survey, which is
More informationALERT. FDA Guidance for Industry and FDA Staff: Mobile Medical Applications. Health & FDA Business November 2013
ALERT Health & FDA Business November 2013 FDA Guidance for Industry and FDA Staff: Mobile Medical Applications On September 25, 2013, the Food and Drug Administration (the FDA ) released final guidance
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationISE Northeast Executive Forum and Awards
ISE Northeast Executive Forum and Awards October 3, 2013 Company Name: Project Name: Presenter: Presenter Title: University of Massachusetts Embracing a Security First Approach Larry Wilson Chief Information
More informationBuilding the Case for Information Governance in Healthcare
Building the Case for Information Governance in Healthcare Lesley Kadlec MA RHIA Director, HIM Practice Excellence AHIMA #IG NOW @l_kadlec ahima.org/infogov Objectives Define information governance and
More informationFrom Information Management to Information Governance: The New Paradigm
From Information Management to Information Governance: The New Paradigm By: Laurie Fischer Overview The explosive growth of information presents management challenges to every organization today. Retaining
More informationComprehensive Course Schedule
Comprehensive Course Schedule The following designation and certificate courses are sponsored by BOMI International and BOMA Local Associations. Note that all BOMI International courses are also available
More informationTop Ten Technology Risks Facing Colleges and Universities
Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationHow to get from laws to technical requirements
How to get from laws to technical requirements And how the OPM hack relates technology, policy, and law June 30, 2015 Isaac Potoczny-Jones ijones@galois.com www.galois.com Galois, Inc. Overview Outline!
More informationHIPAA Compliance: Efficient Tools to Follow the Rules
Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability
More informationSummary of the State of Security
Summary of the State of Security Tram Jewett, CISA CliftonLarsonAllen LLP Virginia GFOA Annual Spring Conference, 2016 1 1 Summary of the State of Security Tram Jewett, MS., CISA, 11 years IT audit and
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationData Privacy & Security: Essential Questions Every Business Must Ask
Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationCybersecurity: What In-House Counsel Needs to Know
Cybersecurity: What In-House Counsel Needs to Know November 19, 2013 Vivian A. Maese vivian.maese@dechert.com 2013 Dechert LLP So what does all of the legal activity in cybersecurity mean to you? The top
More informationMeeting the Information Security Management Challenge in the Cyber-Age
Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights
More informationDecrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use
Click to edit Master title style Decrypting the Security Risk Assessment (SRA) Requirement for Meaningful Use Andy Petrovich, MHSA, MPH M-CEITA / Altarum Institute April 8, 2015 4/8/2015 1 1 Who is M-CEITA?
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationwww.sharedassessments.org 2015 The Shared Assessments Program - All Rights Reserved 2
The Significance of Information Security and Privacy Controls on Law Firms as Third Party Service Providers and Collaborative Opportunities for Resolution April 2015 Abstract As regulators increase pressure
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationHIPAA Security Rule Compliance
HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA
More informationGetting Hip to the HIPAA and HITECH Act Compliance
Getting Hip to the HIPAA and HITECH Act Compliance NaNotchka M. Chumley, D.O., M.P.H. Family Medicine Physician Los Angeles, CA Integrating Global Trade & Logistic and Cybersecurity Westin St. Francis,
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationComputer Security Incident Response Plan. Date of Approval: 23- FEB- 2015
Name of Approver: Mary Ann Blair Date of Approval: 23- FEB- 2015 Date of Review: 22- FEB- 2015 Effective Date: 23- FEB- 2015 Name of Reviewer: John Lerchey Table of Contents Table of Contents... 2 Introduction...
More informationImplementation of the Cybersecurity Executive Order
Implementation of the Cybersecurity Executive Order November 13 th, 2013 Ben Beeson, Partner, Lockton Companies Gerald J. Ferguson, Partner, BakerHostetler Mark Weatherford, Principal, The Chertoff Group
More informationHOW SECURE IS YOUR PAYMENT CARD DATA?
HOW SECURE IS YOUR PAYMENT CARD DATA? October 27, 2011 MOSS ADAMS LLP 1 TODAY S PRESENTERS Francis Tam, CPA, CISA, CISM, CITP, CRISC, PCI QSA Managing Director PCI Practice Leader Kevin Villanueva,, CISSP,
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationSecuring your Corporate Infrastructure What is really needed to keep your assets protected
Securing your Corporate Infrastructure What is really needed to keep your assets protected Joseph Burkard CISA, CISSP October 3, 2002 1 Securing your Corporate Infrastructure Management Dilemma or Technical
More informationJefferson Glassie, FASAE Whiteford, Taylor & Preston
Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements
More information5 Tips to Prevent BYOD Security Breaches at Your Firm
5 Tips to Prevent BYOD Security Breaches at Your Firm By Jason Bramwell To eliminate redundancy and reduce costs, many companies have implemented a bring your own device (BYOD) policy for their employees.
More informationAdopting a Cybersecurity Framework for Governance and Risk Management
The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance
More information2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage
2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage Chris Reese Vice President, Director of Underwriting Connie Rivas Asst. Vice President, Contracts and
More informationSafeguard Your Hospital. Six Proactive Best Practices to Improve Healthcare Data Security
Safeguard Your Hospital Six Proactive Best Practices to Improve Healthcare Data Security April 2015 A Piece of Paper Can t Cause that Much Harm. Or Can It? Imagine a piece of paper arriving at ABC Hospital
More informationFundamentals of Information Governance:
Fundamentals of Information Governance: More than just records management PETER KURILECZ CRM CA IGP Hard as I try, I simply cannot make myself understand how Information Governance isn t just a different
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationIntelligent Vendor Risk Management
Intelligent Vendor Risk Management Cliff Baker, Managing Partner, Meditology Services LeeAnn Foltz, JD Compliance Resource Consultant, WoltersKluwer Law & Business Agenda Why it s Needed Regulatory Breach
More informationEmail Data Security. The dominant business communication tool
Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools
More informationMobile Medical Devices and BYOD: Latest Legal Threat for Providers
Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationGlobal Benefits & Compensation
ALBANY AMSTERDAM ATLANTA AUSTIN BOSTON CHICAGO DALLAS DELAWARE DENVER FORT LAUDERDALE HOUSTON LAS VEGAS LONDON* LOS ANGELES MIAMI NEW JERSEY NEW YORK ORANGE COUNTY ORLANDO PALM BEACH COUNTY PHILADELPHIA
More informationCyber Security and Information Assurance Controls Prevention and Reaction NOVEMBER 2013
Cyber Security and Information Assurance Controls Prevention and Reaction 1 About Enterprise Risk Management Capabilities Cyber Security Risk Management Information Assurance Strategic Governance Regulatory
More informationCyber Security. John Leek Chief Strategist
Cyber Security John Leek Chief Strategist AGENDA The Changing Business Landscape Acknowledge cybersecurity as an enterprise-wide risk management issue not just an IT issue How to develop a cybersecurity
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationCyber Liability Insurance Who Pays When Your Data Goes Missing?
Cyber Liability Insurance Who Pays When Your Data Goes Missing? JAKE KOUNS Markel Corporation Session ID: GRC-201 Insert presenter logo here on slide master. See hidden slide 4 for directions Session Classification:
More informationData Breaches and Trade Secrets: What to Do When Your Client Gets Hacked
Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked R. Mark Halligan, FisherBroyles, LLP Andreas Kaltsounis, Stroz Friedberg Amy L. Carlson, Stoel Rives LLP Moderated by David A. Bateman,
More informationLaw Firm Cyber Risk Conference: Addressing the Issues from the Top Down
Program Organizer: Please join us for a NEW Invitation Only Law Firm Cyber Risk Conference: Addressing the Issues from the Top Down Role of Firm Leadership, IT, COO, General Counsel Data Breaches Identification
More informationSomansa Data Security and Regulatory Compliance for Healthcare
Somansa White Paper Somansa Data Security and Regulatory Compliance for Healthcare How Somansa can protect ephi- electronic patient health information and meet the requirements for healthcare compliances,
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More information2014 NACo National Cyber Symposium April 10, 2014
2014 NACo National Cyber Symposium April 10, 2014 Chief Information Security and Privacy Officer King County Washington Governance Board President Holistic Information Security Practitioner Institute (HISPI)
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationPCI Compliance Just the Facts. Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001
PCI Compliance Just the Facts Rick Dakin President Rick.dakin@CoalfireSystems.com 303.554.6333 ext. 7001 Agenda Regulatory Landscape Scary Bedtime Stories What went wrong? PCI Compliance Process o What
More informationAdditional Requirements for Lenders and Mortgage Servicers
ALERT Financial Services Litigation July 2013 Florida s New Fast Track Foreclosure Law Creates Additional Requirements for Lenders and Mortgage Servicers According to the Florida House of Representatives,
More informationThe CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).
Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of
More informationHow To Protect Your Data From Theft
Understanding the Effectiveness of a Data Protection Program IIA: Almost Free Seminar 21 June 2011 Agenda Data protection overview Case studies Ernst & Young s point of view Understanding the effectiveness
More informationA PRACTICAL GUIDE TO INFORMATION GOVERNANCE PROVEN PRACTICES. NEW THINKING. ALL IN ONE RESOURCE. WHITE PAPER
A PRACTICAL GUIDE TO INFORMATION GOVERNANCE PROVEN PRACTICES. NEW THINKING. ALL IN ONE RESOURCE. WHITE PAPER CONTENTS 3 Why Read This Document 4 Introduction Methodology 5 Information Governance Definition
More informationChief Information Officer
Chief Information Officer The CIO leads the Information Technology Department maintaining the function of SETMA s electronic health record. The CIO is responsible for: 1. Maintaining the functions of SETMA
More informationLaw Firms and Cyber Security
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Law Firms and Cyber Security A hacker s dream and a lawyer s nightmare About Delta Risk is a global provider of strategic
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationIT Trends and the Cyber Security Agenda
State of the States: IT Trends and the Cyber Security Agenda Executive Policy Forum on Cyber and Electronic Crime NGA Center for Best Practices September 9, 2008 Doug Robinson Executive Director NASCIO
More information