Security & Data Breach Prevention
|
|
- Jack Stephens
- 8 years ago
- Views:
Transcription
1 Security & Data Breach Prevention A Case Study ChoicePoint Inc (2005) Presenters: David T. Lee Robinson School of Business, Georgia State University Steve Travis - IBM 1
2 There are two types of Risk: - The risk you can afford not to take - The risk you cannot afford not to take Wisdom is knowing the Difference -Robert Holden British psychologist, author 2
3 Reminder of Risk Legal Risk (Criminal, Civil) Financial Risk (Revenues and Costs) Regulatory Risk Reputational Risk ChoicePoint suffered them all!! 3
4 Discussion Agenda ChoicePoint Overview Setting the Stage Defining the Risk The Incident (Fraudulent Data Breach) The Fall-Out The Remediation 4
5 The Headlines ChoicePoint toughens data security, CNN Report: Company will now electronically mask sensitive personal info in aftermath of data breach. ChoicePoint Settles with FTC, Wall Street Journal January 27, 2006, 8:31 AM ChoicePoint Settles Data Security, New York Times By REUTERS Published: June 1, 2007 SEC probing ChoicePoint stock sales, MSNBC Execs sold shares before ID thefts made public 5
6 The Headlines ChoicePoint Security Breach May Affect More Than 140,000 by JACKIE NORTHAM, NPR FTC looks for more victims of ChoicePoint breach JUNE 19, 2007, INFOWORLD FTC Launches Program for ChoicePoint Breach Victims, CIO Magazine The Five Most Shocking Things About the ChoicePoint Data Security Breach May 2005, Data Protection Magazine 6
7 7572/ns/business-us_business/t/secprobing-choicepointstocksales/#.T1zjwDF8DHE watch?v=vrlo8wtz-1y 7
8 Company Overview Publicly Traded (NYSE), sold to Reed Elsevier for $4.0b plus assumption of debt 1997 Spin-out of Equifax Information Services Industry $1.0B in Annual Revenues 3000 Employees - US, Europe CEO, President, CAO, CFO - Profiles 8
9 Setting the Stage Products Reports containing data from Client Files, Pubic Record Sources and 3 rd Parties (i.e. Credit Bureaus) Customers Insurance, Banking, Government, Collections, Private Investigators, Mortgage Cos Data Privacy - FCRA, GLB, DPPA, provider restrictions, Societal Standards Challenge: - Client acceptance (including brokers) - Client access (who could see what) 9
10 Existing Policies Client Acceptance Procedures defined by the Legal Department and Administered by BU Accounting Departments (credentialing dept, defined procedures) Customer Access policies were defined by Product Managers and approved by Legal Department (product audits) Strong Legal and Internal Audit Department, with good working relationship with the business units. 10
11 Defining the Risk How to verify applicant credentials is the represented client legit (St. Farm vs. Dave s Mortgage Co.?) is the applicant associated with the represented client? How to determine if customer use of the data is permissible under FCRA (Credit, Insurance, HR, Debts) How to determine if customer use of the data is for legitimate purposes Rogue users/password theft (Miami/Dade Police) 11
12 So, What Happened in 2005? Nigerian Fraud Ring used legit California business credentials to pass credentialing, gain access as Non- FCRA customer Over several months, ordered 163k reports Was opening and closing accounts customer service noticed suspicious activity Sting was set up, 41-year-old Nigerian citizen, Olatunji Oluwatosin, arrested with five cell phones and three credit cards that belonged to other people. Was later sentenced by the Los Angeles County Superior Court to 16 months in prison 12
13 The Fall-Out California Law called for Notification on Consumers - Media firestorm began (Feb 2005) Poster-Child for Security Breaches Customer demands for explanations were overwhelming Investigations by SEC, FTC, most state s attorneys general Congressional Hearings 3 rd Party data providers implemented contract audits 13
14 The Fall Out Cont. ChoicePoint paid a $15m dollar fine/redress to FTC Signed a Consent Decree with FTC (agreeing to a number of conditions) Signed Consent Decree s with over 40 States Lost over $50m in revenue over next two years SEC investigation revealed nothing 14
15 Immediate Reaction Developed Customer Notification Mgt. Plan Developed Affected Consumer Plan Turned off access to over 20k small business accounts in affected business unit. Evaluated existing credentialing procedures, made improvements, and began re-credentialing 135k customers. Any suspicious account was site visited. Confidential 15
16 Remediation Hired Chief Privacy Officer, reporting to Board, to oversee remediation efforts and address the public Set up a Board Committee on Privacy Centralized all Credentialing, rebuilt processes and automated the entire process (where IBM was helpful) Bolstered Intrusion detection processes Implemented transaction monitoring, with IP blocking 16
17 Remediation Developed a full Security Information Framework using GLB, ISO Standards (i.e. internal access, mobile risks, internet monitoring, physical security, executive security/disaster planning, segmentation of duties/communications, etc.) Proactive User/Password recycling and auto-canceling Bolstered protections in customer contracts, created zones of accountability (i.e. notification rules) Implemented Corporate-wide security training 17 program
18 Considerations moving forward Selling Data is not like selling dresses know your risks and the consequences of the risks Continual evaluation of risks vs. costs of risk avoidance or risk reduction methods Strong working relationships with your business unit partners professional disagreement encouraged Standardization and automation are keys to understanding what happens in your business each day S#!t happens be ready to deal with it!! 18
19 IBM s Involvement Workflow Automation Tools Expertise in the Tools was critical to quickly implementing a new solution 19
20 Customer Credential Verification System Framework Application Studio Visibility Community Management Business Process Management Integration and Transformation Communications and Security 20
21 Customer Credentialing - Solution Footprint State-of-the-art architecture providing allowing a mix of automated and manual steps to verify the quality of new potential customers Data Sources for Validation) Phone Number Core Credentialing Application Suite Services > BPM-centric > Open Standards Support APPROVED Location Communications REJECTED Manual Verification/Phone Business License Owner/Sharholder Info Address IP Origination Faxes Process Flowl Modeler Credential Verification Engine Vendor Credential DB Additional Review FRAUD Suspects Applications On-site Verification Insurance Cetification) Tax ID /W-9 Exception Handling Web Screens for Manual Entry Clue CPS-ONE TWIST. Legal Name/ DBAt 21
22 Security Services Architecture Consistent policy enforcement from perimeter to back-end Provable regulatory compliance Protection of sensitive information Strong authentication of parties to transactions Perimeter Security Identity Management Secure Content Staging Encryption Transport Security Policy Enforcement Access Control Key\Certificate Management Secure Perimeter Services 22
23 Process Automation & Extensibility Business Process Models Graphical configuration of processes and services Version management AFTRouteFTPPUT.bp 23
24 Credentialing User Dashboard Each executive has customiized view into business unit credentialing status. Real-time visibility into transactions Visibility into all incoming and outgoing transactions 24
25 Visibility Drill-down to Detail Resolve Errors Detail to resolve the problem 25
26 best practices security model Business drivers measure value, risk, & economic costs that influence the approach to Security. IT drivers represent technical considerations that affect the trustworthiness of the IT environment. The IBM Security Framework Model comprehensively supports Business and IT drivers for file transfer security and performance. Business Business drivers IT drivers IT drivers IBM drivers IBM Security Security influencing influencing security influencing security influencing security Framework security Framework Model Model Correct & reliable operation Correct & reliable operation Service-level agreements Service-level agreements IT asset value(data) IT asset value(data) Protection of asset value or Protection of asset value or brand image brand image Legal & regulatory Legal & regulatory compliance compliance Contractual obligations Contractual obligations Financial loss and liability Financial loss and liability Critical infrastructure Critical infrastructure Internal and external threats Internal and external threats and threat agents and threat agents IT service management IT service management commitments commitments IT environment complexity IT environment complexity Business environment Business environment complexity complexity Audit and traceability Audit and traceability IT vulnerabilities: IT vulnerabilities: configuration, flaws, exploits configuration, flaws, exploits Security Governance, Risk Security Governance, Risk Management, and Management, and Compliance Compliance People and Identity People and Identity Data and Information Data and Information Application and Process Application and Process Network, Server and Network, Server and Endpoint Endpoint Physical Infrastructure Physical Infrastructure IBM has published a Redbook, Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security, available for download at: IBM Confidential - Internal Use Only
27 Thank you 27
A Database Security Management White Paper: Securing the Information Business Relies On. November 2004
A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationINVESTOR PRESENTATION NYSE:IDN. October 28, 2015
INVESTOR PRESENTATION NYSE:IDN October 28, 2015 Safe Harbor Statement Certain statements in this presentation constitute forward-looking statements within the meaning of the Private Securities Litigation
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationHOME DEPOT DATA BREACH
HOME DEPOT DATA BREACH This notice contains important information about the data breach announced by Home Depot, affecting some debit and credit cards used at Home Depot stores beginning April 2014. Data
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More informationData Privacy and Gramm- Leach-Bliley Act Section 501(b)
Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement
More informationThis notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen.
RECENT DATA BREACHES This notice contains important information about the data breaches announced by Home Depot, Kmart and Dairy Queen. Data security is a number one priority at Northwest. We take every
More informationREDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE
CYBER RISKS SECURITY BREACH CHECKLIST REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE STEP 1 UNDERTAKE PRELIMINARY ASSESSMENT OF THE INCIDENT A serious data security breach is described
More informationQuestions You Should be Asking NOW to Protect Your Business!
Questions You Should be Asking NOW to Protect Your Business! Angi Farren, AAP Senior Director Jen Wasmund, AAP Compliance Services Specialist 31 st Annual Conference SHAPE YOUR FUTURE April 23, 2013 Regional
More informationSpotting ID Theft Red Flags A Guide for FACTA Compliance. An IDology, Inc. Whitepaper
Spotting ID Theft Red Flags A Guide for FACTA Compliance An IDology, Inc. Whitepaper With a November 1 st deadline looming for financial companies and creditors to comply with Sections 114 and 315 of the
More informationIdentity Theft Prevention Program Red Flag Rules Policy P093.00 Issued: May 2009
Identity Theft Prevention Program Red Flag Rules Policy P093.00 Issued: May 2009 The Federal Trade Commission has issued a final rule (the Red Flag Rule) under the Fair and Accurate Credit Transactions
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationThe Home Depot Provides Update on Breach Investigation
The Home Depot Provides Update on Breach Investigation Breach confirmed Investigation focused on April forward No evidence of debit PIN numbers compromised No customers liable for fraudulent charges Customers
More informationSecuring Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group
Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability
More informationGuylyn Cummins, Esq. Elizabeth Balfour, Esq.
Privacy Law Perils in California, the Nation and Beyond: Securing Data, Responding to Theft of Data and Other Business Assets, Assessing Your Company s Privacy Policy, Evaluating Risks Presented by Your
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationINFORMATION FOR VICTIMS OF FRAUD CRIMES SCHERTZ POLICE DEPARTMENT
INFORMATION FOR VICTIMS OF FRAUD CRIMES SCHERTZ POLICE DEPARTMENT The following information is being provided to you as the result of you being the victim of a fraud crime. This information will provide
More informationSales Rep Frequently Asked Questions
V 02.21.13 Sales Rep Frequently Asked Questions OMEGA Processing Data Protection Program February 2013 - Updated In response to a national rise in data breaches and system compromises, OMEGA Processing
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationIBM QRadar Security Intelligence April 2013
IBM QRadar Security Intelligence April 2013 1 2012 IBM Corporation Today s Challenges 2 Organizations Need an Intelligent View into Their Security Posture 3 What is Security Intelligence? Security Intelligence
More information2008 NASCIO Award Submission. Utilizing PCI Compliance to Improve Enterprise Risk Management
Section A Cover Page 2008 NASCIO Award Submission Utilizing PCI Compliance to Improve Enterprise Risk Management Information Security and Privacy Michigan Section B - Executive Summary Michigan has implemented
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationInformation Technology Security Review April 16, 2012
Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA DATE: September 2001 LETTER NO.: 01-CU-09 TO: SUBJ: Federally Insured Credit Unions Identity Theft and
More informationTape Vaulting Audit And Encryption Usage Analysis
Tape Vaulting Audit And Encryption Usage Analysis Prepared for Public Presentation (includes SB 1386, Gramm Leach Bliley, and Personal Data Protection and Security Act of 2005 Customer Information Protection
More informationBest Practices in Data Protection Survey of U.S. IT & IT Security Practitioners
Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.
More informationWhite Paper Achieving GLBA Compliance through Security Information Management. White Paper / GLBA
White Paper Achieving GLBA Compliance through Security Information Management White Paper / GLBA Contents Executive Summary... 1 Introduction: Brief Overview of GLBA... 1 The GLBA Challenge: Securing Financial
More informationIdentity Theft YOUR LEGAL RIGHTS. Professor Katherine Porter UC Irvine School of Law
Identity Theft YOUR LEGAL RIGHTS Professor Katherine Porter UC Irvine School of Law First Steps Do not panic. Do NOT pay for help. Get an action plan. Visit a reliable government run site. www.identitytheft.gov
More informationMASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009
MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 Current Laws: Identity Crime: A person is guilty of identity
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationTHE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK
THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.
More informationHORRY COUNTY PRIVACY AND IDENTITY THEFT PREVENTION POLICY
HORRY COUNTY PRIVACY AND IDENTITY THEFT PREVENTION POLICY STEPS FOR YOUR DEPARTMENT TO COMPLY WITH POLICY AND THE LAW WHAT IS THE PURPOSE OF THIS POLICY? TO PROTECT THE PRIVACY OF RESIDENTS UTILIZING COUNTY
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationReclaiming your identity
Reclaiming your identity A resource for victims of identity theft If you think you are the victim of identity theft, use this resource guide to assist you in reclaiming your identity. You will find a checklist
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationFranchise Data Compromise Trends and Cardholder. December, 2010
Franchise Data Compromise Trends and Cardholder Security Best Practices December, 2010 Franchise Data Security Agenda Cardholder Data Compromise Overview Breach Commonalities Hacking Techniques Franchisee
More informationFACTA Identity Theft Red Flags Program. www.chs.acfei.com
1 FACTA Identity Theft Red Flags Program Module 1 Fair and Accurate Credit Transactions Act Overview Identity thieves use individual s personal identifiable information to open new accounts and misuse
More informationSafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)
SafeBiz Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB) 1 About Us Since 2003 we have helped victims of identity theft recover fully from this devastating crime, and continue
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationKANSAS STATE UNIVERISTY
KANSAS STATE UNIVERISTY DISCLOSURE AND AUTHORIZATION [IMPORTANT PLEASE READ CAREFULLY BEFORE SIGNING AUTHORIZATION] DISCLOSURE REGARDING BACKGROUND INVESTIGATION PER 59(1/2013) Kansas State University
More informationTop Five Things You Need to Know About Cybersecurity. Larry Mattox, VC3 Session #7
Top Five Things You Need to Know About Cybersecurity Larry Mattox, VC3 Session #7 Cyber breaches are more sophisticated and can happen to any size organization. Victims of Cyber-espionage CNN, Washington
More informationACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.
ACCG Identity Theft Prevention Program ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia 30303 (404)522-5022 (404)525-2477 www.accg.org July 2009 Contents Summary of ACCG Identity Theft Prevention Program...
More informationSUITE SOLUTIONS MEMBERSHIP GUIDELINES Clients using EZ-Filing Inc. Software
SUITE SOLUTIONS MEMBERSHIP GUIDELINES Clients using EZ-Filing Inc. Software The following procedures are needed to establish your account in order to download three bureau credit reports into your bankruptcy
More informationI know what is identity theft but how do I know if mine has been stolen?
What is identity theft? You might hear stories on the news about stolen identities, but what is identity theft? When someone uses the personal information that identifies you, like your name, credit card
More informationStrengthen security with intelligent identity and access management
Strengthen security with intelligent identity and access management IBM Security solutions help safeguard user access, boost compliance and mitigate insider threats Highlights Enable business managers
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationCybersecurity Assessment
Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today
More informationWhat s happening in the area of E-security for the Financial Transactions in China
What s happening in the area of E-security for the Financial Transactions in China Dr. Wang Jun Head of E-banking Division, Bank of China Sep. 26, 2002 A Tremendous Potential E-financing Market is is coming
More informationProtecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)
Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationFamily Protection Plan
Providing Customizable Products & Services Family Protection Plan The Most Comprehensive Discount Legal Product Available Legal Care Identity Theft Solutions Free & Discounted Legal Care Legal Club of
More informationTransforming the Customer Experience When Fraud Attacks
Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking
More informationONLINE CREDIT REPORTING S SUITE SOLUTIONS MEMBERSHIP GUIDELINES
ONLINE CREDIT REPORTING S SUITE SOLUTIONS MEMBERSHIP GUIDELINES The following procedures are needed to establish your account in order to download three bureau credit reports into your bankruptcy software.
More informationSecurity within a development lifecycle. Enhancing product security through development process improvement
Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web
More informationBUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports
BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationPolicy Considerations for Securing Electronic Data
Policy Considerations for Securing Electronic Data CYBER SECURITY INDUSTRY ALLIANCE APRIL 2005 A firestorm of reaction to recent breaches of security at data brokers, universities, and other entities that
More informationPrevent Security Breaches by Protecting Information Proactively
Prevent Security Breaches by Protecting Information Proactively John Reichard, Senior Systems Engineer New York, NY November 17 th, 2011 1 Agenda 1 Causes of a Data Breaches 2 Breaches are Preventable
More informationCyber Security Risk Management
Cyber Security Risk Management For November 6, 2014 Jim Halpert Co-Chair Global Privacy & Security Practice jim.halpert@dlapiper.com Trends Point of Sale Attacks Malware Skimming Industrial Control Systems
More informationThe Home Depot 2455 Paces Ferry Road Atlanta, GA 30339
Processing Center P.O. Box 3825 Suwanee, GA 30024 John Q. Sample February 7, 2014 123 Fake St. Apt. 99 Austin, TX 77022 AllClear ID Redemption Code: [REDEMPTION_CODE] Dear John Q. Sample, Please read this
More informationWhite Paper. FFIEC Authentication Compliance Using SecureAuth IdP
White Paper FFIEC Authentication Compliance Using SecureAuth IdP September 2015 Introduction Financial institutions today face an important challenge: They need to comply with guidelines established by
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationReverse Mergers: Beauty or Beast?
Reverse Mergers: Beauty or Beast? By Valerio L. Giannini Principal NewCap Partners, Inc. 2005 5777 WEST CENTURY BOULEVARD, SUITE 1135 LOS ANGELES, CALIFORNIA 90045 TEL: 310-645-7900 FAX: 310-215-1025 LOS
More informationCITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY
CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY Policy Number: 2008-02 Date Adopted: October 27, 2008 Department: Administrative SUBJECT: IDENTITY THEFT PREVENTION PROGRAM I. OBJECTIVE: A. To protect
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationInformation Security & Privacy Solutions Enabling Information Governance
Information Security & Privacy Solutions Enabling Information Governance LYNDA KEITANY IM SALES SPECIALIST July 11, 2012 What s at Stake? Damage to company reputation Brand equity damage; negative publicity
More informationBenefits of LifeLock Ultimate Plus. About LifeLock. 3 Layers of Protection DETECT ALERT RESTORE FACT SHEET LIFELOCK ULTIMATE PLUS
FACT SHEET LIFELOCK ULTIMATE PLUS Your bank accounts and credit are a gold mine for identity thieves. LifeLock Ultimate Plus service gives you some peace of mind knowing you have LifeLock s most comprehensive
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationWhite Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationIdentity Theft Repair Kit
Identity Theft Repair Kit The Identity Theft Repair Kit contains a resolution checklist and resolution worksheets. The checklist will help you keep track of the companies and organizations you should contact
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationGlobal Privacy Japan Sets its Rules for Personal Data
Global Privacy Japan Sets its Rules for Personal Data Global companies must comply with differing privacy rules. The great divide between the EU and the USA is well-known. See Global Privacy Protection
More informationData Management Policies. Sage ERP Online
Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...
More informationTopic Overview Responding to Identity Theft: Civil Rights & Remedies
Topic Overview Responding to Identity Theft: Civil Rights & Remedies Suzanne Begnoche, Attorney at Law Chapel Hill, North Carolina suzanne.begnoche@begnochelaw.com (919) 960-6108 Client Screening Initial
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationCorona Police Department
By Detective John Alvarez Corona Police Department High Technology Crimes Unit California Penal Code 530.5(a) defines Identity Theft: Every person who willfully obtains personal identifying information,
More informationTwo Approaches to PCI-DSS Compliance
Disclaimer Copyright Michael Chapple and Jane Drews, 2006. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes,
More informationPolicies and Procedures: IDENTITY THEFT PREVENTION
Policies and Procedures: IDENTITY THEFT PREVENTION Section: Chapter: Policy: Compliance Administration Identity Theft Prevention I. PURPOSE The purpose of this policy is to protect patients and West Virginia
More informationRed Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program
Red Flag Rules: A Step by Step Guide to Developing a Prevention & Training Program A Case Study of Sam Houston State University s Red Flag Program Dr. Kristy L. Vienne Objective Participants will: Understand
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationPrevention is Better than Cure: Protect Your Medical Identity
Prevention is Better than Cure: Protect Your Medical Identity Center for Program Integrity Centers for Medicare & Medicaid Services Shantanu Agrawal, MD, MPhil Medical Director Washington State Medical
More informationAn Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules
An Overview of the Identity Theft Red Flags and Address Discrepancies under the Fair and Accurate Credit Transactions Act of 2003 Final Rules By: Andrea J. Shaw, Esq., Compliance Officer, Gorham Savings
More informationYork County Sheriff's Office Identity Theft Victim s Packet
York County Sheriff's Office Identity Theft Victim s Packet Information and Instructions This packet should be completed once you have received a copy of your police report from the York County Sheriff's
More informationThe Cost of Payment Card Data Theft and Your Business. Aaron Lego Director of Business Development
The Cost of Payment Card Data Theft and Your Business Aaron Lego Director of Business Development Presentation Agenda Items we will cover: 1. Background on Payment Card Industry Data Security Standards
More informationWASHINGTON ASSOCIATION OF SHERIFFS AND POLICE CHIEFS Model Policy on Identity Theft Policy, Procedures, and Victim Referral Information
WASHINGTON ASSOCIATION OF SHERIFFS AND POLICE CHIEFS Model Policy on Identity Theft Policy, Procedures, and Victim Referral Information Definition - Identity theft is the wrongful appropriation of an individual
More informationRichard Swed. CEO- The Risk Management Group
Richard Swed CEO- The Risk Management Group Richard is a recognized expert in the field of identity theft, with 14 years of experience, and speaks to groups of all sizes on identity theft & identity theft
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationInformation Protection
Information Protection Security is Priority One InfoArmor solutions are created to be SSAE 16, ISO 27001 and DISA STIG compliant, requiring adherence to rigorous data storage practices. We not only passed
More informationDHHS POLICIES AND PROCEDURES
DHHS POLICIES AND PROCEDURES Section VIII: Privacy and Security Identity Theft Policies, Identity Theft Red Flags and Address Discrepancy Identity Theft Policies Current Effective 2/1/16, 10/1/15 Date:
More informationSubscribe to Credit Monitoring and/or Submit a Claim Form to get benefits. EXCLUDE YOURSELF
SUPERIOR COURT OF THE STATE OF CALIFORNIA, COUNTY OF ORANGE If you applied for health insurance through WellPoint / Anthem Blue Cross before March 10, 2010, you could get benefits from a class action settlement.
More informationAUTOMATED PENETRATION TESTING PRODUCTS
AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for an automated penetration testing product and demonstrate
More information