Data Security Best Practices for In-House Counsel

Save this PDF as:

Size: px
Start display at page:

Download "Data Security Best Practices for In-House Counsel"

Transcription

1 Donna L. Wilson, Linda D. Kornfeld and Rebecca Perry Association of Corporate Counsel San Diego August 6, 2015

2 1 DONNA L. WILSON Tel: (310) Donna L. Wilson is co-chair of Manatt, Phelps & Phillips Privacy and Data Security and its Financial Services Litigation groups and is resident in the Litigation Division in the Los Angeles office. Donna advises clients with overall consumer protection-related and financial services disputes and compliance issues, and provides integrated advisory services to assist in the mitigation of the risks associated with data security, information governance and privacy issues. She has been recognized by the Daily Journal as one of the Top 100 Women Lawyers in California (2013), and as a Leading Attorney in Privacy and Data Security by the Legal 500 (2012, 2013). LINDA D. KORNFELD Tel: (424) Linda D. Kornfeld, the Managing Partner of Kasowitz, Benson, Torres & Friendman LLP s Los Angeles office, has dedicated her trial and appellate practice to representing companies in high-stakes insurance coverage litigation for over 20 years. She assists her clients in the recovery of hundreds of millions of dollars in insurance assets in a variety of complex insurance matters through settlements and trial. Her clients range from telecommunications companies, universities, and real estate developers to manufacturers and nonprofit organizations. She also provides strategic counseling to senior executives and in-house counsel on how to mitigate risk and maximize their insurance recoveries. REBECCA PERRY Tel: (636) Rebecca Perry is the Director of Professional Services at Jordan Lawrence, a leading solution provider for records retention, data privacy and information governance solutions. Rebecca advises in-house counsel, compliance and privacy professionals in the areas of records management, data privacy and e-discovery and the confluence of technology in these areas. She has 20 years of experience and plays a key role in the success and oversight of developing and enforcing effective, defensible and cost effective information governance programs that address information across all platforms and media.

3 Enterprise Exposure 2 Privacy Exposure Wrongful Use Wrongful Collection Physical Theft of Sensitive Information Non-Electronic Accidental Disclosure Electronic Accidental Disclosure Information Security Exposure Cyber Attacks

4 What s Your Biggest Exposure? 3 # 1 Lost Laptop # 2 Hacking # 3 Paper

5 What Keeps CIOs Up at Night? 4 Third party outsourcing of data 34 % Migration to new mobile platforms 56 % Temporary worker or contractor errors 59 % Not knowing where sensitive or confidential data is 64 % N=1587, Source: Ponemon Research, May 2014

6 Cybersecurity: Whose Responsibility Is It? 5 Not just IT s problem anymore! Office of the General Counsel Board of Directors and Independent Board Members (jointly and individually) Human Resources and Employee Relations Network Administration and Data Security Information Technology Privacy Intellectual Property Senior Management Records and Information Management

7 Proactive: Data Loss Prevention 6 Know your systems Reinforce encryption and security Coalesce multidisciplinary functions: IT, Records, IP, Legal, HR, Security Audit your information inventory (what data do you have?) Prepare an audit and assessment process and review procedure Review existing protocols Revisit processes for data and information access controls All vendor and service contracts should be assessed for determining where there is data access (requirement under card association rules) Strengthen and systematize a reporting process, chain of command and protocols

8 Employee Data 7 Increasing data privacy statutes globally impacting collection, maintenance, access and use of employee data How to handle nationwide/worldwide transfers Necessity of understanding and complying with EU Safe Harbor Access Controls: Who sees what data? Far-reaching implications of Civil Lawsuits Penalties Internal and Government Investigations Enforcement actions Sanctions against violators of these statutes

9 Vendor Management 8 In-house counsel should consider being engaged in the vetting process and procurement of outside information and data management vendors solely to the IT department or other groups Stipulations for the management of company data, legal data, customer data and legacy data ought to be in a documented set of protocols and set forth in contracts Policies and procedures for managing data (confidential versus protected health, payments, and/or nonpublic information) Company policies with respect to privacy and data security need to set the security posture; do not rely on vendor policies for security Contract management and review, responsibility for data security, and compliance with privacy statutes should reside with the law department and outside counsel

10 Breach Notification and Response 9 Information compromise assessment Response plan and crisis management Attorney-directed incident response (outside counsel preserve attorneyclient privilege) Notification Remediation and risk mitigation Credit monitoring, repair Investigations, litigation: civil, class, FTC, FCC, attorneys general, internal investigation, third-party (e.g., banks and payment processors) litigation Public relations and control U.S. Securities & Exchange Commission offers notification requirements 47 U.S. states include provisions for data breach notification California has statutes ranging from protection of student data to consumer protection statutes that are far-reaching

11 Data Breach Response Checklist 10 Know your systems Have a team in place Determine whether notification is required if an information compromise has occurred * Be aware of the timing of notifications and various jurisdictional requirements Determine a duty to self-report (i.e., to a payment card network or others) Post-incident recovery: reputation management and ongoing communications

12 Risk Management, Privacy and Data Security 11 Website Review and Audit Privacy Policy Gap Analysis Geolocation and Consumer Information Collection Advice Review of Digital Media Policies Review for COPPA, VPPA, HIPAA/HITECH Review of Mobile apps Privacy Compliance and Counseling Data Security Privacy and network policy security development and review Incident response Gap analysis and audit review of policies and practices Legal advice on compliance with HIPAA/HITECH Litigation Defense Insurance Coverage Crisis Management Litigation Avoidance Class Action Defense Coverage Defense Analysis of applicable notice obligations Risk Management Information Governance Coordination of Privacy and Data Security Policies Compliance with state and federal regulations Advice on policy development and implementation Advice on Board recommendations Federal cyberrisk business development Advocacy and public policy

13 Simplified Anatomy of a Breach 12 In-house counsel s responsibilities to manage, oversee and coordinate remediation Prepare and Planning Detection Reporting Risk Mitigation Containment Remediation and Recovery

14 Standards, Cybersecurity Requirements 13 There are no standards for securing GENERAL electronic data, but health, payment and financial information do have requirements. In the absence of standards, companies should consider developing and adhering to enforceable data security policies that are documented and regularly reviewed Cyberrisk insurance policies can form a foundation for basic requirements of compliance to safe standards U.S. federal standards by the National Institute of Standards and Technology (NIST) offer excellent guidelines Technology standards for data security include ISO27001, but it is a lengthy and expensive process for compliance and accreditation

15 Implications of Privacy on Security 14 Use and application of data and information What are the practicalities? Is there a schedule for retention and safe disposition? What are the cloud policies? Who governs access controls? Privacy statutes range across industries, geographies, and demographics Use Collection Security

16 15 1 YOU HAVE TO KNOW WHAT YOU HAVE IN ORDER TO PROTECT IT. 2 IF YOU DON T NEED IT, GET RID OF IT... BUT DO SO DEFENSIBLY.

17 Where Do You Start? 16 RETENTION WHAT SENSITIVITY RECORDS INVENTORY WHERE BUSINESS BUSINESS PROCESSES PROCESSESS

18 Cyber or Privacy Liability Policies: 17 May cover: First party costs Forensic Examination/PCI/PFI Audits Privacy Notification Costs Privacy Counsel Mailing Notification Credit Monitoring/Call Center Services Public Relations Extortion May Not Cover: Third Party Costs Claims by Private Litigants Consumers Other businesses Claims by State Attorneys General Claims by FTC Regulatory Fines & Penalties PCI Fines & Penalties Loss of Business Damage to Reputation Variation in products in the marketplace; each policy is subject to its own terms, conditions, limitations and exclusions.

19 What to Purchase? 18 What is your risk of exposure? Involve privacy and other in-house counsel, CIO, CTO, in the purchase/renewal process. Policies are complex with multiple definitions carefully review to confirm that definitions match business risks. Sony ruling, new ISO exclusions, evolving risk and associated expenses mean companies need to think about buying specialty coverage. Are limits/sub-limits adequate? Does the policy provide adequate notification, credit monitoring, consultant, lawyer, public relation, and other mitigation cost coverage. Does the policy contain exclusions that gut coverage for possibly largest data breach exposures: fines/penalties exclusions? Terrorism exclusions? Have you reviewed your trading partners coverage?

20 Minimum Security Requirements 19 Many Cyber Liability Policies may require the insured to follow minimum required practices spelled out in an endorsement to ensure network security. Exclusion does not necessarily apply to negligent circumvention of controls. In a suit filed in May 2015, CNA seeks a ruling that it is not obligated to pay a $4.1 million settlement pursuant due to an insured s failure to meet the minimum required practices the insured said it followed in its cyber insurance application. Columbia Casualty Co. v. Cottage Health System, No. 2:15-CV (C.D. Cal.). CNA alleges that that stored medical records were fully accessible to the internet, but the insured failed to encrypt the records or take other security measures.

21 Case Study Area Representatives 17 Subject Matter Experts 110 Departments 5 Countries 60,995 Data Points 45 Days

22 Engage The Business 21 Accident/Incident Records Advertising Records Benefit Records Budget Records Contracts & Agreements Credit Approvals Customer Orders Customer Payment Records Employee Medical Files Engineering Records Marketing Records Research & Development Sales Receipts

23 Understand Business Practices

24 Identify Requirements for Protection & Retention 23 BUSINESS NEEDS SENSITIVITY Corporate Sensitive Customer Data Intellectual Property PII Bio Metric Patient Health Info. Personal Financial Sensitive EU DL # SS# Passport # Veteran ID Name Physical Address Telephone Veteran Status

25 Identify Requirements for Protection & Retention 24 BUSINESS NEEDS SENSITIVITY REQUIREMENTS Corporate Sensitive Customer Data Intellectual Property PII Bio Metric Patient Health Info. Personal Financial Sensitive EU FIPA GLB HIPAA PCI SEC State Privacy Laws Risk Management, Privacy and Data Security Manatt, Phelps & Phillips, LLP

26 Benefit Enrollment & Participation 25 Distribution Centers HR -Benefits HR Canada HR -Regional HR Compensation Human Resources Health Information Beneficiary # FMLA Dates of Service Patient Name Patient Address Personal Information Age Name Address Marriage Status Physical Address Telephone # 3rd Party, Cognos, Microsoft Outlook, Microsoft SharePoint, PDF Applications Government ID s National ID Card # Partial Social Security # Social Security # Financial Information Insurance Information Retirement Account Archive, Desktop Hard Drive, Inbox, Laptops, Printed Hard Copies, Shared Drives Box Warehouse, Department File Cabinet, Secure File Cabinet Paper Employment Information Employment ID Employment Status Handicapped Status Medical Conditions Other Corp - Legal Actions EU -Health Status CDDVD, Laptops, Shared Drives Unstructured

27 26

28 27

29 28

30 29

31 30 Reporting Findings & Risks to Senior Management

32 Lack of Critical Policy Awareness 31 Only 44% Trained 37% Never Dispose of Records

33 Redundancy Creates Risk UNIQUE RECORD TYPES 47% TAGGED WITH PERSONAL INFORMATION 1,302 DEPARTMENT VERSIONS 3,128 VERSIONS ACROSS MEDIA [Paper, , File Shares, Applications]

34 Movement Outside the Firewall 20% Save to Flash Drives or DVDs 84% Save to Laptops or Tablets 33 6% Forward to Personal 18% Save to Cloud Storage

35 Over Retention is a Substantial Cause of Risk to Sensitive Information 34 71% of Records Retained Longer than Best Practices 48% Tagged with Sensitive Information

36 Understanding Practices & Vulnerabilities 35 STORAGE LOCATIONS 20% ANNUALGROWTHRATE CENTRAL ARCHIVE RETAINED INDEFINITELY USERS CREATING PERSONAL ARCHIVES

37 Identify Risks Across File Shares 36 [Word Documents, Power Points, PDFs, Excel Spreadsheets, Images, etc.] 50% of Information on File Shares was Created in Last 3 Years ACTIVE ENVIRONMENT 20,000 GIGABYTES 50% ANNUAL GROWTH RATE PII ON SHARED DRIVES (2+ ELEMENTS IDENTIFIED) 59 AREAS 206 RECORD TYPE PROFILES

38 37 Final Thoughts

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015 Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Information Governance Roadmap

Information Governance Roadmap Information Governance Roadmap Mitigating Privacy Risks, Reducing Costs And Meeting Obligations Speakers Heather Buchta Quarles & Brady Partner Rebecca Perry Jordan Lawrence CIPP/US/G Director of Professional

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

Managing Cyber & Privacy Risks

Managing Cyber & Privacy Risks Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past

More information

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Jefferson Glassie, FASAE Whiteford, Taylor & Preston Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements

More information

Cyber, PrivaCy. & Data SeCurity. www.mpplaw.com

Cyber, PrivaCy. & Data SeCurity. www.mpplaw.com Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP

More information

PREPARING FOR THE NEW PCI DATA SECURITY STANDARDS

PREPARING FOR THE NEW PCI DATA SECURITY STANDARDS PREPARING FOR THE NEW PCI DATA SECURITY STANDARDS Vita Zeltser Locke Lord Louis Dienes Locke Lord Pat Hatfield Locke Lord Rebecca Perry Jordan Lawrence Associate Partner Partner Director Professional Services

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner

More information

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK

THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

Law Firm Cyber Security & Compliance Risks

Law Firm Cyber Security & Compliance Risks ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP

More information

Rogers Insurance Client Presentation

Rogers Insurance Client Presentation Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)

More information

Understanding the Business Risk

Understanding the Business Risk AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information

More information

DEFENSIBLY DOWNSIZING YOUR DATA: WHERE TO BEGIN WITH RECORDS RETENTION AND MAINTAINING COMPLIANCE. June 5, 2015

DEFENSIBLY DOWNSIZING YOUR DATA: WHERE TO BEGIN WITH RECORDS RETENTION AND MAINTAINING COMPLIANCE. June 5, 2015 DEFENSIBLY DOWNSIZING YOUR DATA: WHERE TO BEGIN WITH RECORDS RETENTION AND MAINTAINING COMPLIANCE June 5, 2015 1 Joshua J. Death TD Bank Group John Beardwood Fasken Martineau LLP Robert Fowler Jordan Lawrence

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)

Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting

More information

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements

More information

Clients Legal Needs in HIPAA Security Compliance

Clients Legal Needs in HIPAA Security Compliance Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance

More information

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Data Privacy & Security: Essential Questions Every Business Must Ask

Data Privacy & Security: Essential Questions Every Business Must Ask Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.

3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem. Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot

More information

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider 1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices

Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

Data Privacy, Security, and Risk Management in the Cloud

Data Privacy, Security, and Risk Management in the Cloud Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,

More information

Cyberinsurance: Insuring for Data Breach Risk

Cyberinsurance: Insuring for Data Breach Risk View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL

More information

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance

More information

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev

Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms. v2.18.11, rev Legal Ethics in the Information Age: Unique Data Privacy Issues Faced by Law Firms v2.18.11, rev 1 Presenters Joseph DeMarco, Partner DeVore & DeMarco, LLP Lauren Shy, Assistant General Counsel Fragomen,

More information

Discussion on Network Security & Privacy Liability Exposures and Insurance

Discussion on Network Security & Privacy Liability Exposures and Insurance Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

2014: A Year of Mega Breaches

2014: A Year of Mega Breaches 2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A

More information

Cybersecurity: The Legal, Legislative and Regulatory Outlook

Cybersecurity: The Legal, Legislative and Regulatory Outlook Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE

More information

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection

More information

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies

More information

Perspectives on Cybersecurity and Its Legal Implications

Perspectives on Cybersecurity and Its Legal Implications Survey Results 2015 Perspectives on Cybersecurity and Its Legal Implications a 2015 survey of corporate executives The National Institute of Standards and Technology (NIST), a non-regulatory agency of

More information

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics

More information

Hot Topics and Trends in Cyber Security and Privacy

Hot Topics and Trends in Cyber Security and Privacy Hot Topics and Trends in Cyber Security and Privacy M. Darren Traub March 13, 2015 Cyber Attacks Ranked Top 5 Most Likely Risks in 2015 - The World Economic Forum Recent Global Headlines Include: 1 Where

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

Privacy Risk Assessments

Privacy Risk Assessments Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

The Age of Data Breaches:

The Age of Data Breaches: The Age of Data Breaches: HOW TO AVOID BEING THE NEXT HEADLINE MARCH 24, 2015 2015 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com This presentation has been provided for informational purposes

More information

Cyber and data Policy wording

Cyber and data Policy wording Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and

More information

GALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions

GALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions GALLAGHER CYBER LIABILITY PRACTICE Cyber Risk Exposures and Solutions Cyber Risk Exposures and Solutions Arthur J. Gallagher & Co. s Cyber Liability Practice has the expertise and the desire to deliver

More information

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015 CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

CyberSecurity for Law Firms

CyberSecurity for Law Firms CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a

More information

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes

More information

Information Security Program Management Standard

Information Security Program Management Standard State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES

More information

Mastering Data Privacy, Protection, & Forensics Law

Mastering Data Privacy, Protection, & Forensics Law Mastering Data Privacy, Protection, & Forensics Law April 15, 2015 Data Breach Notification and Cybersecurity Developments in 2015 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Privacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships. Ann Killilea, Andrew C. Liazos, and Amy C.

Privacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships. Ann Killilea, Andrew C. Liazos, and Amy C. VOL. 28, NO. 2 SUMMER 2015 BENEFITS LAW JOURNAL Privacy and Security Concerns for Employee Benefit Plans with Service Provider Relationships Ann Killilea, Andrew C. Liazos, and Amy C. Pimentel Recent cyber-attacks

More information

Privacy & Data Security

Privacy & Data Security Privacy & Data Security May 9, 2014 Presented at: SWBA 39 TH ANNUAL CONFERENCE by: James E. Prendergast, Esq. Overview Data Privacy Concerns: Unauthorized access, use, acquisition or disclosure of information

More information

Mastering Data Privacy, Social Media, & Cyber Law

Mastering Data Privacy, Social Media, & Cyber Law Mastering Data Privacy, Social Media, & Cyber Law October 22, 2014 Data Breach Notification and Cybersecurity Developments in 2014 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy

More information

www.sharedassessments.org 2015 The Shared Assessments Program - All Rights Reserved 2

www.sharedassessments.org 2015 The Shared Assessments Program - All Rights Reserved 2 The Significance of Information Security and Privacy Controls on Law Firms as Third Party Service Providers and Collaborative Opportunities for Resolution April 2015 Abstract As regulators increase pressure

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently

More information

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37. Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

IDENTIFYING AND RESPONDING TO DATA BREACHES

IDENTIFYING AND RESPONDING TO DATA BREACHES IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs

Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs Bloomberg BNA Professional Learning Legal Course Catalog OnDemand Programs *This is a sample course catalog. BBNA is in the process of moving all of our recorded content on to our new platform. Not all

More information

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

Information Security Policy and Handbook Overview. ITSS Information Security June 2015 Information Security Policy and Handbook Overview ITSS Information Security June 2015 Information Security Policy Control Hierarchy System and Campus Information Security Policies UNT System Information

More information

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information