Perspectives on Cyber Security & Digital Issues
|
|
- Philip Beasley
- 8 years ago
- Views:
Transcription
1 Perspectives on Cyber Security & Digital Issues Gary R. Bronstein June 12, Kilpatrick Townsend
2 Background Cyber security and prevention of data breaches are increasing in importance in the wake of the cyberattacks on Target, Neiman Marcus and other retailers. In the past, smaller community banks were not on the radar of these global cybergangs, but they are now, and because they have fewer resources to put into this area than their large commercial bank counterparts, they are deemed more attractive targets. The silver lining for banks is that the recent breaches have woken up their customer base to cybersecurity threats. 2
3 Cost on Community Banks Community banks have already reissued more than 4 million credit and debit cards at a total reissuance cost of more than $40 million following recent data breaches at major retailers (numbers are based on a sampling of community banks). Due to their quick action in reissuing affected cards, community banks initial fraud costs were relatively low, with less than 1 percent of community bank customers reporting fraud on their accounts following the breaches at Target and Neiman Marcus. 3
4 Best Practices Banks need to ensure that they implement holistic, risk-based programs that look beyond technology. Also consider the people and the process necessary for success. Banks need to focus on how to preserve their payments systems, insulating their organizations from credential theft and, most importantly, how to identify when a modern-day bank robber is already in the vault. Because the adversaries tend to have the advantage, banks should assume that the adversaries have gotten into their networks and establish active hunt capabilities to look for and mitigate attacks. 4
5 Gramm-Leach-Bliley Act Financial Services Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act, 15 U.S.C. section 6801 (the GLBA ), established guidelines for information security. Codified by the FDIC in the Code of Federal Regulations at 12 C.F.R. Part 364 Appendix B: Interagency Guidelines Establishing Information Security Standards. 5
6 Interagency Guidelines Establishing Information Security Standards The Interagency Guidelines establish standards relating to administrative, technical, and physical safeguards to ensure the security, confidentiality, integrity and the proper disposal of customer information. The Interagency Guidelines also address standards with respect to the proper disposal of consumer information pursuant to sections 621 and 628 of the Fair Credit Reporting Act. The Guidelines apply to customer information maintained by or on behalf of, and to the disposal of consumer information by or on behalf of, entities over which the Federal Deposit Insurance Corporation (FDIC) has authority. 6
7 Mandatory Information Security Program Each bank is required to implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the bank and the nature and scope of its activities. A bank s information security program must: Ensure the security and confidentiality of customer information Protect against any anticipated threats or hazards to the security or integrity of such information; Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer; and Ensure the proper disposal of customer information and consumer information. 7
8 Board Responsibilities under the GLBA In addition, the Interagency Guidelines require the board of directors or an appropriate committee of the board of each bank to: Approve the bank s written information security program; and Oversee the development, implementation, and maintenance of the bank's information security program, including assigning specific responsibility for its implementation and reviewing reports from management. 8
9 Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice Supplement A to the Interagency Guidelines provides guidance on response programs for unauthorized access to customer information. Every bank should develop and implement a risk-based response program to address incidents of unauthorized access to customer information in customer information systems. A response program should be a key part of an institution's information security program. The program should again be appropriate to the size and complexity of the institution and the nature and scope of its activities. 9
10 Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice cont d At a minimum, an institution s response program should contain procedures for the following: Assessing the nature and scope of an incident, and identifying what customer information systems and types of customer information have been accessed or misused; Notifying its primary federal regulator as soon as possible when the institution becomes aware of an incident involving unauthorized access to or use of sensitive customer information; Notifying appropriate law enforcement authorities; and Taking appropriate steps to contain and control the incident to prevent further unauthorized access to or use of customer information, for example, by monitoring, freezing, or closing affected accounts, while preserving records and other evidence; and Notifying customers when warranted. 10
11 Existing State Legislation The Internet is profoundly lawless. Currently, there is no uniform federal legislation relating to data breach notification that preempts state law. Creates headaches for institutions as they try to navigate various state s requirements. 46 of 50 states maintain security breach notification laws: Alabama, Kentucky, New Mexico, and South Dakota do not. In 2003, California was the first state to pass legislation. Generally, state laws contain timing and content requirements for notification. 11
12 Developing Legislation and Regulations Congress recently held a series of high-profile hearings after the massive data breach at Target. Hearings resulted in little interest to create legislation on the subject. Many organizations, let alone legislators, have trouble agreeing on what type of cyber security regulation is necessary or even appropriate. However, currently in front of the Senate Banking Committee is a bill that would establish national standards for notifying customers about data breaches. The progress we are making is ultimately inadequate without Congressional action to enhance, facilitate, and protect threat information sharing across sectors and with government. - Doug Johnson, American Bankers Association 12
13 Developing Legislation and Regulations cont d Members of Congress are working on legislation that would preempt state data breach notification laws. Bill would likely include a role for state attorneys general to enforce violations of federal laws. Similar mechanism under the section 1042 of the Dodd-Frank Act Exercised by the New York Department of Financial Services in April 2014 for unfair, deceptive or abusive acts and practices claim 13
14 Developing Legislation and Regulations cont d California is once again leading the discussion on data security. Held hearings in late February on data security. No immediate signs of enacting legislation. California legislators are encouraging banks and other companies to take their own action. I kind of put the challenge out to the private sector, saying: If you guys don t want us to legislate a certain technology, if you don t want us to legislate a certain solution, then implement one immediately. - Sen. Lou Correa, California State Senate, Senate Banking Committee 14
15 Private Sector Developments Visa and MasterCard recently launched a crossindustry group to improve security for card transactions and press U.S. retailers and banks to meet a 2015 deadline to adopt technology that would make it safer to pay with plastic. 15
16 Private Sector Developments cont d The new group - which includes banks, credit unions, retailers and industry trade associations - will initially focus on the adoption of EMV chip technology. EMV cards, already used in Europe and Asia, store information on computer chips rather than on traditional magnetic strips, making them harder to counterfeit. The roadmap laid out by Visa and MasterCard would require banks to make certain upgrades by October
17 Private Sector Developments cont d Banks that make certain upgrades would face less liability for fraud losses than those that do not. Whichever company is the weakest link in the chain the card issuing bank, the retailer, or the retailer s bank would bear the responsibilities for the losses. 17
18 Private Sector Developments cont d MasterCard and Visa said the group would also address security issues with mobile and online transactions. One proposed solution is for traditional account numbers to be replaced by a unique digital payment code. In the aftermath of the Target breach, security is on the minds of executives in the way it hasn't been in a very long time. This is a classic example of trying to strike while the iron is hot. - David Robertson, The Nilson Report 18
19 Executive Order and NIST In February 2013, President Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity. The Order called for the development of a voluntary, risk-based cybersecurity framework: a set of existing standards, guidelines and practices to help organizations manage cyber risks. In February 2014, the Commerce Department s National Institute of Standards and Technology ( NIST ) released a framework for improving critical infrastructure cybersecurity. Provides a structure that organizations, regulators and customers can use to create, guide, assess or improve comprehensive cybersecurity programs. 19
20 NIST Framework The framework document is labeled Version 1.0 and is described as a living document that will need to be updated to keep pace with changes in cybersecurity. Organizations can use the framework to determine their current level of cybersecurity, set goals for cybersecurity that are in sync with their business environment, and establish a plan for improving or maintaining their cybersecurity. The voluntary framework will help organizations apply principles and best practices of risk management to improving the security and resilience of critical infrastructure. 20
21 FFIEC Focus on Cybersecurity On May 7, 2014, the Federal Financial Institutions Examination Council ( FFIEC ) announced plans to conduct cybersecurity vulnerability and risk-mitigation assessments to help smaller banking institutions address potential weaknesses. The assessments will be conducted in 2014 and will help the FFIEC member agencies make informed decisions about the state of cybersecurity across community institutions and address gaps and prioritize necessary actions to strengthen supervisory programs. 21
22 FFIEC Focus on Cybersecurity cont d FFIEC highlighted key focus areas for senior management and boards of directors of community institutions as they assess cybersecurity risks: Setting the tone from the top and building a security culture; Identifying, measuring, mitigating, and monitoring risks; Developing risk management processes commensurate with the risks and complexity of the institutions; Aligning cybersecurity strategy with business strategy and accounting for how risks will be managed both now and in the future; Creating a governance process to ensure ongoing awareness and accountability; and Ensuring timely reports to senior management that include meaningful information addressing the institution s vulnerability to cyber risks. 22
23 New York Focus on Cybersecurity NY Governor Cuomo issued a report directing the NY Department of Financial Services ( NYDFS ) to conduct new, regular, targeted cybersecurity preparedness assessments of the banks NYDFS regulates. NYDFS will begin including a targeted assessment of each bank s cyber security preparedness as part of the regular examination process. 23
24 New York Focus on Cybersecurity cont d The revised examination procedures will include additional questions in the areas: IT management and governance; incident response and event management; access controls; network security; vendor management; and disaster recovery. NYDFS also recommended that all NY Statechartered depository institutions become members of the Financial Services-Information Sharing and Analysis Center. 24
25 Cyber-Insurance Nuts and Bolts Coverage for Breaches of Privacy and Security 3rd Party Coverage Claims by Individuals Injured by Privacy Breach Claims by Third Party Entities Injured by Privacy Breach Regulatory Claims Media Liability 1st Party Coverage (NOT Universal) Privacy Notification Forensic Investigation Data Restoration/Repair Cyber-extortion Business Interruption Crisis Management (PR) 25
26 Cyber-Insurance Where Found? Maybe... But Often Not: CGL "Personal Injury" Coverage D&O Bankers Professional Liability Fidelity Bond Property/BI Specialty Cyber Policies 26
27 Specialty Cyber Policies NO Standard T&C Gaps/Concurrencies Not All 1 st Party Coverages Offered By All Carriers Often Opt-in "Old School" Privacy Breaches? Coverage for Third Party Acts Limits, and Most Importantly Sublimits 27
28 Sample Bank Cyber Limits/Sublimits ~ Bank Asset Size Aggregate Limits Regulatory Claim Crisis Management Security Breach Remediation and Notification Data Restoration Business Interruption Cyber Extortion $608M $1,000,000 $500,000 $250,000 $250,000 $0 $250,000 $0 $1B $5,000,000 $500,000 $1,000,000 $0 $0 $3,000,000 $3,000,000 $2.3B $1,000,000 N/A $100,000 $100,000 $100,000 $100,000 $1,000,000 $2.4B $2,000,000 $1,000,000 $500,000 $500,000 $0 $0 $0 $4.5B $3,000,000 $500,000 $1,000,000 $1,000,000 $1,000,000 $1,000,000 $3,000,000 28
29 Gary R. Bronstein ATLANTA AUGUSTA CHARLOTTE DENVER LOS ANGELES NEW YORK RALEIGH SAN DIEGO SAN FRANCISCO SEATTLE SHANGHAI SILICON VALLEY STOCKHOLM TOKYO WALNUT CREEK WASHINGTON D.C. WINSTON-SALEM Kilpatrick Townsend & Stockton LLP (202)
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationCybersecurity Issues for Community Banks
Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street
More informationDiane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899
Submitted via email: cyberframework@nist.gov April 8, 2013 Diane Honeycutt National Institute of Standards and Technology (NIST) 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 Re: Developing a Framework
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationPACB One-Day Cybersecurity Workshop
PACB One-Day Cybersecurity Workshop WHAT IS CYBERSECURITY? PRESENTED BY: JON WALDMAN, SBS CISA, CRISC 1 Contact Information Jon Waldman Partner, Senior IS Consultant CISA, CRISC Masters of Info Assurance
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationTESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the
For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,
More informationGovernment Focus on Cybersecurity Elevates Data Breach Legislation. by Experian Government Relations and Experian Data Breach Resolution
Government Focus on Cybersecurity Elevates Data Breach Legislation by Experian Government Relations and Experian Data Breach Resolution Will Congress pass data breach legislation in 2015/2016? Recent high-profile
More informationThe FDIC s Supervisory Approach to Cyberattack Risks
Why We Did The Evaluation Executive Summary Information is one of a financial institution s (FI) most important assets. Protection of information is critical to establishing and maintaining trust between
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationData Privacy & Security: Essential Questions Every Business Must Ask
Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business
More informationInstructions for Completing the Information Technology Officer s Questionnaire
Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationCybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues
Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationSECTION-BY-SECTION ANALYSIS
INTRODUCED BY CONGRESSMAN RANDY NEUGEBAUER (R-TX) AND CONGRESSMAN JOHN CARNEY (D-DE) SECTION-BY-SECTION ANALYSIS Section 1: Short Title The Data Security Act of 2015. Section 2: Purposes The purposes of
More informationMay 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association
Statement for the Record On behalf of the American Bankers Association Consumer Bankers Association Credit Union National Association Independent Community Bankers of America National Association of Federal
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationDATA SECURITY: EVERYTHING YOU NEED TO KNOW
DATA SECURITY: EVERYTHING YOU NEED TO KNOW! Data Breaches: Where, What and Why! Federal and State Regulations to Protect Data! EMV Chip Technology! PIN or Signature?! Existing and Emerging Security Options!
More informationData Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States
Data Breach Reporting: Summary of Governing Bodies with Reporting Requirements in the United States Introduction When it comes to Personally Identifiable Information (PII), privacy laws and regulations
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationVendor Management. Outsourcing Technology Services
Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring
More informationCybersecurity and Corporate America: Finding Opportunities in the New Executive Order
Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses
More informationTrends in Data Breach and CybersecurityRegulation, Legislation and Litigation. Part I
Trends in Data Breach and CybersecurityRegulation, Legislation and Litigation Part I March 20, 2014 Speakers John J. Sullivan, Partner, rejoined Mayer Brown after serving as General Counsel at the US Department
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationRe: Big Data Request for Information
March 31, 2014 Attn: Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 1650 Pennsylvania Avenue NW Washington, D.C. 20502 Ladies and Gentlemen: Re: Big Data Request
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationProtecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00)
Protecting Personal Information: The Massachusetts Data Security Regulation (201 CMR 17.00) May 15, 2009 LLP US Information Security Framework Historically industry-specific HIPAA Fair Credit Reporting
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationCybersecurity. Regional and Community Banks. Inherent Risks and Preparedness. www.bostonfed.org
Cybersecurity Inherent Risks and Preparedness Regional and Community Banks www.bostonfed.org Disclaimer The opinions expressed in this presentation are intended for informational purposes, and are not
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationAuditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP
Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements
More informationCybersecurity and the Threat to Your Company
Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September
More informationCorporation, Limited Liability Company, or Partnership: What Type of Business Entity Should I Form?
Corporation, Limited Liability Company, or Partnership: What Type of Business Entity Should I Form? Kandace P. Watson, Partner Kilpatrick Townsend & Stockton LLP kwatson@ktslaw.com February 27, 2013 2012
More informationBig Data and Cybersecurity: Standards for Safeguarding Personal Information
White Paper Big Data and Cybersecurity: Standards for Safeguarding Personal Information Domestic and multinational companies are increasingly focused on safeguarding personal information due largely to
More informationCybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE
More informationStatement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the
Statement of Carlos Minetti Discover Financial Services Before the Subcommittee on Oversight and Investigations of the Committee on Financial Services United States House of Representatives July 21, 2005
More informationCybersecurity: Emerging Exposures for Technology Companies. October 7, 2010
Cybersecurity: Emerging Exposures for Technology Companies October 7, 2010 Your panelists David Allred, Head of the Technology Segment for North America Commercial at Zurich Liesyl Franz, Vice President
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationPrepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc.
Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc. Before the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Committee on
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationCyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014
Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava
More informationInteragency Guidelines Establishing Information Security Standards. Small-Entity Compliance Guide
Interagency Guidelines Establishing Information Security Standards Small-Entity Compliance Guide I. INTRODUCTION Purpose and Scope of the Guide This Small-Entity Compliance Guide (footnote 1) is intended
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationSubject: Safety and Soundness Standards for Information
OFHEO Director's Advisory Policy Guidance Issuance Date: December 19, 2001 Doc. #: PG-01-002 Subject: Safety and Soundness Standards for Information To: Chief Executive Officers of Fannie Mae and Freddie
More informationSTATEMENT OF DELARA DERAKHSHANI CONSUMERS UNION BEFORE THE UNITED STATES SENATE COMMITTEE ON THE JUDICIARY
STATEMENT OF DELARA DERAKHSHANI CONSUMERS UNION BEFORE THE UNITED STATES SENATE COMMITTEE ON THE JUDICIARY ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2013
More informationGlobal Privacy Japan Sets its Rules for Personal Data
Global Privacy Japan Sets its Rules for Personal Data Global companies must comply with differing privacy rules. The great divide between the EU and the USA is well-known. See Global Privacy Protection
More informationNIST Cybersecurity Framework & A Tale of Two Criticalities
NIST Cybersecurity Framework & A Tale of Two Criticalities Vendor Management & Incident Response Presented by: John H Rogers, CISSP Advisory Services Practice Manager john.rogers@sagedatasecurity.com Presented
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationThe Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant
THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationINFORMATION SECURITY. Additional Oversight Needed to Improve Programs at Small Agencies
United States Government Accountability Office Report to Congressional Requesters June 2014 INFORMATION SECURITY Additional Oversight Needed to Improve Programs at Small Agencies GAO-14-344 June 2014 INFORMATION
More informationThe NIST Cybersecurity Framework
View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the
More informationBefore the FEDERAL TRADE COMMISSION Washington, DC 20580. In re Maricopa Community College District
Before the FEDERAL TRADE COMMISSION Washington, DC 20580 In the Matter of ) ) Maricopa County Community College District ) ) ) Complaint, Request for Investigation, Injunction, and Other Relief Submitted
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationCybersecurity Awareness. Part 2
Part 2 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationNATIONAL CYBERSECURITY PROTECTION ACT OF 2014
PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128
More informationSenate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationTestimony of. Doug Johnson. New York Bankers Association. New York State Senate Joint Public Hearing:
Testimony of Doug Johnson On behalf of the New York Bankers Association before the New York State Senate Joint Public Hearing: Cybersecurity: Defending New York from Cyber Attacks November 18, 2013 Testimony
More informationSummary. Background and Justification
Supporting Statement for the Recordkeeping and Disclosure Requirements Associated with the Guidance on Response Programs for Unauthorized Access to Customer Information (FR 4100; OMB No. 7100-0309) Summary
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationCYBERSECURITY HOT TOPICS
1 CYBERSECURITY HOT TOPICS Secure Banking Solutions 2 Presenter Chad Knutson VP SBS Institute Senior Information Security Consultant Masters in Information Assurance CISSP, CISA, CRISC www.protectmybank.com
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More information2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP
2015 CEO & Board University Cybersecurity on the Rise Matthew J. Putvinski, CPA, CISA, CISSP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2011 Wolf & Company, P.C. About Wolf
More informationPayment Card Industry Update and Cyber Risk Management
Payment Card Industry Update and Cyber Risk Management CRAIG A. HOFFMAN, ESQ. BAKERHOSTETLER ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE, ARTHUR J GALLAGHER & CO. OCTOBER 22, 2015 2014 ARTHUR
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT is made and entered into as of the day of, 2013 ( Effective Date ), by and between [Physician Practice] on behalf of itself and each of its
More informationCybersecurity Awareness
Awareness Objectives Discuss the Evolution of Data Security Define Review Threat Environment Discuss Information Security Program Enhancements for Cyber Risk Threat Intelligence Third-Party Management
More informationOne Hundred Thirteenth Congress of the United States of America
S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationIAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope
IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationTHE EVOLUTION OF CYBERSECURITY
THE EVOLUTION OF CYBERSECURITY Identifying Best Practices June 2, 2015 Cerone F. Cy Sturdivant Managing Consultant Nashville, TN 1 TO RECEIVE CPE CREDIT Participate in entire webinar Answer polls when
More informationA Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014
A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,
More informationCyber Liability Insurance: It May Surprise You
Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,
More informationPrivacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec
Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,
More informationLegislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence
Legislative Proposals for the Maryland Commission on Cyber Security Innovation and Excellence December 6, 2012 Michael Greenberger Professor of Law Founder and Director, CHHS Legislative Proposals Maryland
More informationBUSINESS ASSOCIATE AGREEMENT ( BAA )
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
More informationA Privacy and Data Security Checklist for All
July 2015 Many companies know they have to follow privacy and data security rules. Companies in the health care industry know about Health Insurance Portability and Accountability Act (HIPAA). Financial
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More information