21St CeNtUrY CrISIS: PREPARING FOR AND RESPONDING TO THE INEVITABLE DATA BREACH. A Step-by-Step Guide for Any Organization
|
|
- Lee Logan
- 7 years ago
- Views:
Transcription
1 21St CeNtUrY CrISIS: PREPARING FOR AND RESPONDING TO THE INEVITABLE DATA BREACH A Step-by-Step Guide for Any Organization
2 TABLE OF CONTENTS Foreword. Chapter 1: Introduction... Privacy and Data Security Best Practices... Costs of a Data Breach... Incident Preparedness Process Overview... Chapter 2: Getting the Board On Board... Enhancing the Board s Cyber Risk Oversight... Board Preparedness... Data Security Incident Preparedness Questionnaire... Chapter 3: Building an Incident Response Team... Internal Incident Response Team... Guidance for Selecting Internal IRT Members... Incident Response Teams for Small Organizations... Identifying Response Capabilities and the External Team... Establishing Relationships with Regulators and Law Enforcement... Chapter 4: Training Employees to Identify and Report Data Security Incidents... Types of Incidents to Report... Handling Initial Communications... Chapter 5: Preparing an Incident Response Plan... Purpose... Benefits... Response Plan Considerations... Components of an Effective Plan... Chapter 6: Incident Response Phases... Detection and Analysis... Incident Prioritization. Containment... 1 eplace Solutions, Inc. 2015
3 Eradication and Recovery... Preserving Evidence and Documenting an Incident... Post Incident Activity.. Chapter 7: Communication Plan... Communications Procedure... Audiences... Messaging... Spokesperson... Media Training... Collateral Material... Chapter 8: Notification Plan... State Regulatory Considerations... Federal, Contractual, and Industry-Specific Considerations... The Importance of a Breach Coach... The Notification Process... Notification Best Practices... Chapter 9: Call Center and Customer Support Plan... Considerations for Third Party Call Centers... Preparation of FAQs... Logistical Considerations... Chapter 10: Remediation Plan for Affected Persons... Determining Whether to Offer Protection to Affected Persons... Evaluating Appropriate Protection to Remediate Harm... Chapter 11: Testing the Plan... Preparation... Documenting Lessons Learned... Best Practices for an Effective Exercise... Sample Breach Scenarios... Healthcare-Specific Breach Scenarios... 2 eplace Solutions, Inc. 2015
4 Chapter 12: Utilizing Technology and Other Resources to Defend Against, Detect, and Recover from Incidents... Intrusion Detection Systems and Traffic Monitoring... Backup and Recovery. Information Sharing Resources... Chapter 13: Mitigating Risks with Cyber Insurance... Benefits of Cyber Insurance... Recommendations for Buying Cyber Insurance... Insurance Best Practices... Chapter 14: Industry-Specific Considerations... Retail and Organizations Accepting Payment Cards... Healthcare Organizations... Financial Institutions. Appendix A: Sample Information Security Incident Reporting Policy... Appendix B: Sample Incident Reporting Guidance for Supervisors and Managers... Appendix C: Information Security Incident Reporting Procedures... Appendix D: Sample Information Security Incident Response Policy... Appendix E: Sample Information Security Incident Response Plan... Exhibit A: Internal Incident Response Team Contacts... Exhibit B: External Incident Response Team and Resources... Exhibit C: Information Security Incident Response Checklist... Exhibit D: Information Security Incident Response Flowchart... Exhibit E: Information Security Incident Report Form... Appendix F: Sample Exercise Evaluation Form... Glossary... Additional Resources... 3 eplace Solutions, Inc. 2015
5 NOTICE: This work is protected by the copyright laws of the United States and foreign countries. No part of this work may be produced or used in any other format, in any other form, or by any other means than this printed publication without the express written permission of eplace Solutions, Inc. Additional copies are available from Advisen, Ltd. This publication is designed to provide general information in regard to the subject matter covered. This publication is provided with the understanding that the publisher is not engaged in rendering legal, accounting, insurance, or other professional services. If legal, accounting, insurance or other professional services are required, the services of an independent professional should be sought. NOTE: Nothing in this publication should be considered legal advice, and it is not a substitute for your own judgment and legal consultation. Privacy and data breach notification laws change frequently. Consult a qualified privacy and data security lawyer to assist with implementation. This book is provided as is, with all faults, without warranties of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. 4 eplace Solutions, Inc. 2015
6 AUTHOR: eplace Solutions, Inc. WRITERS: Lara Forde, Esq. is a licensed attorney and Certified Information Privacy Professional (CIPP/US). As a Privacy and Data Security Advisor for eplace Solutions, Inc., Ms. Forde helps organizations mitigate risks through counseling regarding data breach prevention and response, employee training, and developing incident response plans designed to minimize the costs and harm from a data breach. Ms. Forde is also a frequent speaker on data breach preparedness and response. Prior to joining eplace, managed a data breach response team which handled many of the largest U.S. data breaches to date. Randall J. Krause, Esq. is the president and CEO of eplace Solutions, Inc., an attorney, and a Certified Information Privacy Professional (CIPP/US). Prior to co-founding eplace, Mr. Krause engaged in a national law practice. He is an active member of the California and Michigan bars. Mr. Krause is the co-founder and current partner of the Privacy Law Group, a boutique law firm that provides advice to clients throughout the United States on data privacy/security matters. A frequent speaker on data privacy and employment topics, Mr. Krause regularly conducts data breach workshops for large entities across the nation. William Ewy is a Certified Information Privacy Professional (CIPP/US). As the Privacy and Data Security Practice Manager at eplace Solutions, Inc., Mr. Ewy is responsible for the overall operation of eplace s cyber risk management services. A key part of his role is providing clients access to accurate and useful information that helps them prevent privacy and data security incidents. Prior to joining eplace, Mr. Ewy was an International Privacy Manager for a Fortune 500 company and gained significant international business experience during his twenty years working in Asia. eplace Solutions, Inc. Founded in 1999, eplace Solutions, Inc. delivers cyber security, human resources/employment practices liability, and director and officer risk management and loss mitigation services to over 50,000 organizations. eplace s pre-breach cyber risk management services are used by organizations of all sizes and industries, including Fortune 500 companies, healthcare organizations, financial institutions, educational institutions, and governmental entities. 5 eplace Solutions, Inc. 2015
7 ACKNOWLEDGMENTS eplace Solutions, Inc. extends its thanks and appreciation to Melis Jackob, Senior Cyber Security Consultant at eplace Solutions, and Suzzanne Ravitz, Marketing Manager at eplace Solutions. Mr. Jackob contributed to the technical content, and Ms. Ravitz provided significant editorial assistance. eplace Solutions would also like to thank David Bradford and Advisen Ltd. for their contributions and data regarding the costs of a data breach, and Alisa Schulz who edited the book. A special acknowledgement also goes to the following individuals who contributed to the book: Melanie Thomas, CEO and Managing Director of Inform, LLC, contributed to the communications chapter of the book. Ms. Thomas has over 25 years of experience in marketing and communications. Her experience transcends traditional communications, with expertise in strategy, media relations, crisis communications and integrating new media tools to leverage exposure for her clients. Ms. Thomas started Capitol Communications (now Inform) over a decade ago to meet the growing need for highly specialized public relations talent in Washington, D.C. The firm now has nearly a dozen communications veterans, each with over 20 years of experience. Melissa Ventrone, Chair of Wilson Elser s Data Privacy & Security practice, contributed to the notification chapter of the book. Ms. Ventrone advises a wide range of clients on identifying and managing risks associated with data privacy and security under federal, state and international laws. She also serves as a first responder for situations involving use or misuse of computers and other devices. When assisting a client with a potential breach, Ms. Ventrone and her team of first responders are able to quickly mobilize the assets necessary to effectively respond to the breach. Among her many leadership roles, she has served in several key positions in the Marine Corps Reserve, including Company Commander for a 200-person unit, Executive Officer for a 329-person company forward deployed to Afghanistan, and most recently Operations Officer for a 1,000-person motor transport battalion. 6 eplace Solutions, Inc. 2015
8 FOREWORD I n recent years, privacy and data security breaches resulting from simple record exposure and stolen laptops have given way to complex, aggressive, and oftentimes sustained cyber attacks. Motivations range from criminal cyber gangs seeking identities to sell on the dark web, to geopolitical battles among nation-states looking for intelligence and a presence on utilities and banking networks to exact future war, and corporate espionage where intellectual property is the great currency. Data breach response procedures have become thoroughly developed, debated, rehearsed, branded, and marketed to businesses as a critical enterprise risk tool. But, as data breaches and cybersecurity attacks have grown in numbers and complexity, it has become obvious to many of us that many organizations lack basic data breach preparedness. Time and again, we have seen both large and small organizations bungle responses to data breaches and cybersecurity attacks. The problem is not lack of money, or intellectual capital, or access to the leading legal, forensics, communications, or notification experts. The problem is lack of advance planning. Data privacy, breach, and cybersecurity awareness must be enterprise-wide initiatives, from the boardroom to the mailroom, with deep, and thorough understanding among every employee, contractor, business partner, vendor, and intern. Begin with regular risk assessments that include actionable recommendations. Build the best security apparatus available on the market and continue to make improvements. Have outside experts assess and build a data privacy program, with procedures, roles, messaging, media training, and a contingency plan. Train your employees regularly so the response develops muscle memory. The success, maybe even the survival of your organization depends upon your data privacy program. You don t have to lead from behind. It is time to get ahead of the game. Melanie Dougherty-Thomas, Inform LLC 7 eplace Solutions, Inc. 2015
Data Privacy and Cybersecurity Task Force
Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,
More informationKeynote: FBI Wednesday, February 4 noon 1:10 p.m.
Keynote: FBI Wednesday, February 4 noon 1:10 p.m. Speaker: Leo Taddeo Special Agent in Change, Cyber/Special Operations Division Federal Bureau of Investigation Biography: Leo Taddeo Leo Taddeo is the
More informationwww.pwc.com Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response.
www.pwc.com Surviving Contact with Reality Crisis exercises as a key element of cyber incident and crisis management response. What Happened to the Dinosaurs Avoiding the Extinction- Level Event Corporations
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationCyber security: Are consumer companies up to the challenge?
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationNavigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh
Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh Presentation Format Four Key Questions How important is cyber risk and how should we view the cyber threat?
More informationCybersecurity: The Legal, Legislative and Regulatory Outlook
Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationNIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo
2014 Morrison & Foerster LLP All Rights Reserved mofo.com NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin,
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationL evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management
L evoluzione del Security Operation Center tra Threat Detection e Incident Response & Management Security Services Architect & Advisor, IBM Italia Intervento al Security Summit Milano 2016 15 aprile Autore
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More informationBeazley presentation master
The Art of Breach Management Beazley presentation master February 2008 A Brief Review of Data Breaches What is a Data Breach? Actual release or disclosure of information to an unauthorized individual/entity
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationPreventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014
Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationWorking with the FBI
Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement
More informationProtecting against cyber threats and security breaches
Protecting against cyber threats and security breaches IBM APT Survival Kit Alberto Benavente Martínez abenaventem@es.ibm.com IBM Security Services Jun 11, 2015 (Madrid, Spain) 12015 IBM Corporation So
More informationHealth Care Data Breach Discovery Strategies for Immediate Response
Health Care Data Breach Discovery Strategies for Immediate Response March 27, 2014 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Sarah Flanagan Partner
More informationFACT SHEET: Ransomware and HIPAA
FACT SHEET: Ransomware and HIPAA A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationerisks Policyholder s Guide to Privacy & Security Breach Response Planning
erisks Policyholder s Guide to Privacy & Security Breach Response Planning Professional Indemnity Financial Institutions Directors & Officers Management Liability Medical Malpractice Media Liability Level
More informationSenate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationProgram Overview. CDP is a registered certification designed and administered by Identity Management Institute (IMI).
Overview Certified in Data Protection (CDP) is a comprehensive global training and certification program which leverages international security standards and privacy laws to teach candidates on how to
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationSEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02
Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance
More informationUpdates within Network Security and Privacy Risk Management
Updates within Network Security and Privacy Risk Management RIMS Minneapolis Meeting Melissa Krasnow, Partner, Dorsey & Whitney LLP (Minneapolis, MN) Mario Paez, Midwest Practice Leader for Tech., Privacy,
More informationDiscussion on Network Security & Privacy Liability Exposures and Insurance
Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter
More informationHIPAA Breach Issues... Lessons from the Trenches. Reducing Risk Through Proper Nursing Documentation April 8 - Pat Iyer, RN, MSN, LNC
presents... The 2014 Spring Loss Prevention Webinars offered to KaMMCO Members HIPAA Breach Issues... Lessons from the Trenches April 2 - Michelle M. Watson, JD Reducing Risk Through Proper Nursing Documentation
More informationAnatomy of a Hotel Breach
Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationwww.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse PwC Finland Forensic Services
www.pwc.fi We believe successful global organisations can confront fraud, corruption and abuse Finland Who are we? Bring a robust forensics team to the table to support your organisation Our practice can
More informationThe Role of the General Counsel in Corporate Strategy. Moderated by, Stephanie C. Evans May 19, 2016
The Role of the General Counsel in Corporate Strategy Moderated by, Stephanie C. Evans May 19, 2016 Agenda Overview Corporate Strategy Role of the Lawyer in Corporate Strategy Key Legal Inputs in Corporate
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationKEY STEPS FOLLOWING A DATA BREACH
KEY STEPS FOLLOWING A DATA BREACH Introduction This document provides key recommended steps to be taken following the discovery of a data breach. The document does not constitute an exhaustive guideline,
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationTHE AMERICAN LAW INSTITUTE Continuing Legal Education
1 THE AMERICAN LAW INSTITUTE Continuing Legal Education Mobile Technology, Health Care, and Data Security: Minimizing the Risks and Leveraging the Benefits June 26, 2014 Telephone Seminar/Audio Webcast
More informationRethinking contingency planning for an integrated world
Business Continuity* January 2010 Rethinking contingency planning for an integrated world Highlights: Increased supply chain complexities require broadened scope of contingency planning. Increasing outsourcing
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationData Security Breach. How to Respond
Data Security Breach How to Respond About ERM About The Speaker Information Security Director at ERM CISSP, CISA, CRISC, PCIP, PCI-QSA Core Experience: Information Assurance Computer Forensics Penetration
More informationSponsored By: Privacy Issues of Big Data 6.27.2013
Sponsored By: Privacy Issues of Big Data 6.27.2013 1 About Advisen is a privately-owned, independent and unbiased provider of news, data and risk analytics to the commercial insurance industry. Advisen
More informationOpening Remarks. David Bradford President, Research & Editorial Division Advisen
Welcome! Opening Remarks David Bradford President, Research & Editorial Division Advisen Thank you to our sponsors Keynote Address Summer Fowler Deputy Technical Director of the CERT Cyber Security Solutions
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationThe Role of the Board and GC in Corporate Strategy. Thomas White July 17, 2014
The Role of the Board and GC in Corporate Strategy Thomas White July 17, 2014 Overview The Organization for Economic Cooperation and Development provides the following broad description of the responsibilities
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationwww.bonddickinson.com Cyber Risks October 2014 2
www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime
More informationReputation Impact of a Data Breach Executive Summary
Reputation Impact of a Data Breach Executive Summary Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research
More informationTexas Medical Records Privacy Act
A COALFIRE PERSPECTIVE Texas Medical Records Privacy Act Texas House Bill 300 (HB 300) Rick Dakin, CEO & Co-Founder Rick Link, Director Andrew Hicks, Director Overview The State of Texas has pushed ahead
More informationBSA GLOBAL CYBERSECURITY FRAMEWORK
2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationYOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance
YOUR TRUSTED PARTNER IN A DIGITAL AGE A guide to Hiscox Cyber and Data Insurance 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and
More informationCybersecurity: Emerging Exposures for Technology Companies. October 7, 2010
Cybersecurity: Emerging Exposures for Technology Companies October 7, 2010 Your panelists David Allred, Head of the Technology Segment for North America Commercial at Zurich Liesyl Franz, Vice President
More informationCyber Security Incident Response High-level Maturity Assessment Tool
Cyber Security Incident Response High-level Maturity Assessment Tool Introduction Overview Many organisations are extremely concerned about potential and actual cyber security attacks, both on their own
More informationDon t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
More informationMAKING THE RIGHT CHOICE
MAKING THE RIGHT CHOICE How to select a data breach response remediation provider in either a pre-breach or post-breach situation by Shawn Melito, NPC, Inc. Integrated Print & Digital Solutions In cooperation
More informationUnderstanding the Business Risk
AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationPrivacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec
Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,
More informationCRISIS MANAGEMENT: Practice Series. The Economy, Security and Coping with the Unexpected. Anton R. Valukas. Robert R. Stauffer. Thomas P.
Practice Series CRISIS MANAGEMENT: The Economy, Security and Coping with the Unexpected Anton R. Valukas Robert R. Stauffer Thomas P. Monroe 2002 JENNER & BLOCK, LLC ALL RIGHTS RESERVED Offices One IBM
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationJOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.
JOB ANNOUNCEMENT Chief Security Officer, Cheniere Energy, Inc. Position Overview The Vice President and Chief Security Risk Officer (CSRO) reports to the Chairman, Chief Executive Officer and President
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationINFOCUS. Five Questions to Guide Cybersecurity Risk Management BY EARL CRANE
promontory.com INFOCUS JUNE 3, 2015 BY EARL CRANE Five Questions to Guide Cybersecurity Risk Management The quick transformation of cybersecurity risk management from obscure specialty to top-of-thehouse
More informationStanding together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015
Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report November 23, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario
More informationSafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)
SafeBiz Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB) 1 About Us Since 2003 we have helped victims of identity theft recover fully from this devastating crime, and continue
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Managing risk associated with third-party outsourcing
More informationA NEW APPROACH TO CYBERSECURITY LEVERAGING TRADITIONAL RISK MANAGEMENT METHODS
Financial Services POINT OF VIEW A NEW APPROACH TO CYBERSECURITY LEVERAGING TRADITIONAL RISK MANAGEMENT METHODS AUTHORS David X Martin Senior Advisor Raj Bector Partner 1. INTRODUCTION Businesses must
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationBuilding Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program. A Shared Assessments Briefing Paper
Building Best Practices for Effective Monitoring of a Third Party s Incident Event Management Program A Shared Assessments Briefing Paper Abstract Just 43% of incident management professionals report their
More informationInterpreting the HIPAA Audit Protocol for Health Lawyers
Interpreting the HIPAA Audit Protocol for Health Lawyers This webinar is brought to you by the Health Information and Technology Practice Group (HIT), and is co-sponsored by the Business Law and Governance
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationWhere insights lead Cybersecurity and the role of internal audit: An urgent call to action
Where insights lead Cybersecurity and the role of internal audit: An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationPreparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised
ACE USA Podcast Released February 3, 2010 Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior
More information