Forensics & E-Discovery. Presented by the ASIS Information Technology Security Council
|
|
- Charity Kennedy
- 8 years ago
- Views:
Transcription
1 Forensics & E-Discovery Presented by the ASIS Information Technology Security Council 1
2 The Information Technology Security Council and its partners deliver a forum to enhance effectiveness and productivity of security practitioners through the development and delivery of educational material that addresses Information Technology security and risk topics. Outreach Research Education Page 2
3 Monday 11am (Session 2110): Cloud Computing for the Security Practitioner Monday 1:45PM (Session 2206): Current Trends in Identity & Access Management Monday 4:30pm (Session 2306): Forensics and e-discovery Tuesday 11am (Session 3112): Cyber Security Tuesday 1:45 (Session 3208): Utility & Smart Grid Security Tuesday 4:30pm (Session 3306): Federal Information Security Wednesday 11am (Session 4111/4184): Legal & Compliance Aspects of IT Page 3
4 Forensics & E-Discovery Research Team Andrew Neal, CISM,CRISC, CIFI, LPI Southwest Digital Laboratory Eric Sifford, CISSP United States Army KJ Kuchta, CPP, CFE Forensic Consulting Solutions Ben Greer, CISSP Cyber Security SME David Melnick, CIPP, CISSP, CISA Deloitte & Touche, LLP Jim Emerson Internet Crimes Group, Inc. Page 4
5 What is an ESD/ESI Incident? The differences between recovery, forensics and discovery. Basic steps & best practices for incident response. How organizations prepare for ESD/ESI incidents. What security practitioners need to know about ESD/ESI incident response. Ways incident response efforts can be countered or attacked. Future trends and problems for incident response. Page 5
6 Three Basic Flavors Data Recovery Digital Forensics E-Discovery (and composites) Page 6
7 Forensics & e-discovery Agenda Digital forensics considerations Jim Emerson for the private sector Internet Crimes Group, Inc Electronic Discovery Reference KJ Kuchta, CPP, CFE Model (edrm) Primer Forensic Consulting Solutions Organizational readiness David Melnick, CIPP,CISSP,CISA for e-discovery activity. Deloitte & Touche, LLP Evolution from the past: Andrew Neal, CISM, CRISC, LPI Future trends and problems. Southwest Digital Laboratory Page 7
8 for Private Sector Practitioners Jim Emerson Internet Crimes Group, Inc. Page 8
9 Maintaining Competent Digital Forensic Resources Maintaining Practical Digital Forensic Capabilities Digital Forensic Considerations for Emerging Technologies Page 9
10 Variety of Certification Standards? State Licensing Requirements? Accreditation of Diverse Tools and Infrastructure? Accreditation of Facility and Process? Examiner Experience with Diverse and Changing Technology? Page 10
11 Business, Legal, and Investigative Focused Process? Host, Appliance, and Network based Forensic Capabilities? Triage, Mass Storage, and Automated Examination Support? Remote Enterprise Solutions? Integration of Investigation and simple Data Recovery with ediscovery? Page 11
12 Cloud Computing and Virtualization SaaS, Social Networks and Business Integration of Public 3 rd Party Systems Increasingly Capable Wireless Devices and Appliances Smart Digital Systems and Vehicles Page 12
13 Is more or less Technical Competence required? Is more or less Investigative Competence required? Is more or less Ethical Integrity required? Page 13
14 KJ Kuchta, CPP, CFE Forensic Consulting Solutions Page 14
15 New and improved edrm FCS view of the edrm. IntraPrise & Extraprise Considerations for ediscovery & Informaton Governance. It costs about 20 cents to buy 1GB of storage; however, it costs around $3500 to review 1 GB of storage. AIIM International Management ROI Calculator Page 15
16 Data Data Data Data Data Data Data Data Custodian Source Page 16
17 Information Governance Search & Retrieval Production Identification Preservation & Collection Presentation Preprocessing & Analysis Processing Review Post Review Analysis
18 Identify a specific list of custodians that may have relevant information. Start with the most important and conduct sampling if there are many custodians. Preserve broadly, process and review narrowly. Just because you preserve does not mean you need to process. Determine whether you need bit-by-bit or logical acquisitions. Page 18
19 Must be tailored to the facts of the case. Should include at minimum: Name of the matter or individual involved; Warning of the importance of the hold and the consequences for not complying with it; Direction not to alter or destroy information/documents; Reason for the hold e.g., legal action; Reason the recipient is getting the hold notice; Types of information included in the hold and the applicable time period. Instructions for preserving information/documents; Suspension of any routine document retention/destruction policy The notice should be issued to any employees likely to have relevant information and copied to the employer IT department for them to implement on the backend. Page 19
20 Employers have a duty to preserve electronically stored information and paper documents that they know or should know would be relevant to a current or threatened legal action. Events which might trigger this duty could include: Any notice that the employer is a party to an administrative or a legal proceeding. An or letter threatening a claim on behalf of an applicant or current or former employee or client. A verbal threat or demand from an applicant or current or former employee or client relating to a legal claim. Anything that might realistically indicate an employee or client intends to pursue legal action. Page 20
21 Improper application of legal holds or simply not implementing legal holds can result in costly financial sanctions or the loss of a lawsuit for employers(millions of dollars). Smaller employers are not exempt due to size of company. Loss of data due to improper legal hold could lose the pertinent data that would have protected the employer in the lawsuit. Page 21
22 David Melnick, CIPP, CISSP, CISA Deloitte & Touche, LLP Page 22
23 Information Overload Security and Privacy Concerns Regulatory Trends Legal and Compliance Information Management Challenges High Operational Costs Risks of Noncompliance Page 23
24 Page 24
25 Developing an enterprise Information Management Program can help maximize the amount of value you achieve from different initiatives Each one of these areas reinforces the other, for example: Improved data classification can make ediscovery collection and processing processes faster Improved data protection can reinforce records management policies and processes Appropriate retention policies can reduce the volume of documents that can be presented for ediscovery A programmatic approach is required to ensure policies and processes in each area are mutually reinforcing to provide the greatest integration value to the company. Page 25
26 Page 26
27 Data Management addresses how an organization manages its data. It is a comprehensive set of capabilities that properly manages the data lifecycle requirements of an enterprise via the development and execution of policies, procedures, architectures, and use of technologies. Page 27
28 A disconnect between corporate policies, actual operational practices, and technology infrastructure reduces ability to implement changes into the business environment. Examples of activities related to privacy and data protection that led to enforcement actions, law suits, or monetary fines are as follows: Misrepresenting the purpose for collecting PII Failure to disclose the means used to collect PII (i.e., the use and/or duration of cookies, Web bugs, spyware, tracking technologies) Failure to adequately train personnel on privacy representations Disclosing, sharing, or selling PII to third parties contrary to the organization s privacy policy Exporting PII contrary to the privacy laws of the originating country Misrepresenting the security protection of PII Page 28
29 INFORMATION MANAGEMENT PROGRAM TOP DOWN BOTTOM UP PLANNING AND SCOPING INFORMATION GOVERNANCE STRUCTURE INFORMATION MANAGEMENT POLICY FRAMEWORK Data WAREHOUSING AND ELECTRONIC INFORMATION MANAGEMENT PRIVACY, SECURITY, IMPLEMENTATION AND TRAINING AND COMMUNICATION DISCOVERY/LITIGATION READINESS RECORD RETENTION SCHEDULES APPLICATION OF RECORD RETENTION SCHEDULES PROCESSES AND PROCEDURES RIM Department Headquarters Offices APPROACH FOR THE DISPOSITION OF HISTORICAL INFORMATION Hard Copy/Electronic Organizations must leverage a robust Information Management framework to organize its priorities and approaches around the components of the Information Life Cycle. Approaches may vary (either topdown or bottom-up) based upon the maturity of the component and the strategic value it represents to the organization. Page 29
30 Andrew Neal CISM, CRISC, CIFI, LPI Southwest Digital Laboratory Page 30
31 Watergate Enron Katrina BTK War on drugs Osama s myspace Page 31
32 Increase in areal density. New storage devices and media. Tools independent of data structure. Cloud integration into storage architecture. Issues created when physically recovering a drive from a large multi-tenant array. Regulatory and certification issues. Page 32
33 More & different target devices. Evolving licensing and regulation. Development of standards and frameworks. Reduced disruption during acquisition. Counter-Forensics and Anti-Forensics. Tool validation. Risk management for the forensic process. Page 33
34 More discoverable sources: Social media Portable devices Exponential growth in data storage. Evolving rules of evidence. Education of the judiciary. Development of smart tools for collection and processing. Professional training and standards. Page 34
35 Not a settled science or profession. Rapidly increasing crossover between technical and operational areas. Best results achieved with Established policy Prior planning Education of incident responders Established vendor relationships Page 35
36 Forensics & e-discovery Questions? KJ Kuchta, CPP, CFE Forensic Consulting Solutions David Melnick, CIPP,CISSP,CISA Deloitte & Touche, LLP Jim Emerson Internet Crimes Group, Inc Andrew Neal, CISM, CRISC, LPI Southwest Digital Laboratory Page 36
BDO CONSULTING FORENSIC TECHNOLOGY SERVICES
BDO CONSULTING FORENSIC TECHNOLOGY SERVICES MARCH 2013 AGENDA Introduction About BDO Consulting Computer Forensics & E-Discovery Practice Current Trends Case Studies Q&A Page 2 Michael Barba Managing Director,
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationCyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13
Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...
More informationReal World Strategies for Migrating and Decommissioning Legacy Applications
Real World Strategies for Migrating and Decommissioning Legacy Applications Final Draft 2014 Sponsored by: Copyright 2014 Contoural, Inc. Introduction Historically, companies have invested millions of
More informationAbout the Presenter About the Cloud Security Alliance Guidance 1.0 Getting Involved Call to Action
Governance, Risk Management, Compliance, & Audit An Overview of Cloud Security Alliance s Security Guidance for Critical Areas of Focus in Cloud Computing July 23, 2009 Agenda About the Presenter About
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationAdd the compliance and discovery benefits of records management to your business solutions. IBM Information Management software
Records-enable your applications, content, documents and e-mail IBM Information Management software Add the compliance and discovery benefits of records management to your business solutions. Records management
More informationDirector, Value Engineering
Director, Value Engineering April 25 th, 2012 Copyright OpenText Corporation. All rights reserved. This publication represents proprietary, confidential information pertaining to OpenText product, software
More informationReport on CAP Cybersecurity November 5, 2015
Agenda Number 7. Report on CAP Cybersecurity November 5, 2015 Phil Cook CISSP, CISM Manager, Information Technologies Risk #1 External Attacks PR 81 Protect and secure CAP's Information Technology assets
More informationCORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)
CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline) David J. Chavolla, Esq. and Gary L. Kemp, Esq. Casner & Edwards, LLP 303 Congress Street Boston, MA 02210 A. Document and Record Retention Preservation
More informationInformation Security, Privacy and Compliance Convergence
Information Security, Privacy and Compliance Convergence Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI Rebecca Herold & Associates, LLC April 2009 Agenda Information lifecycles Security and privacy challenges
More informationInformation Governance Challenges and Solutions
Challenges and Solutions In this modern information age, organizations struggle with two things: the problem of too much electronic data and how to govern the data. Each year, the speed of information
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:
More informationESI Risk Assessment: Critical in Light of the new E-discovery and notification laws
ESI Risk Assessment: Critical in Light of the new E-discovery and notification laws Scott Bailey, CISM Christopher Sobota, J.D. Enterprise Risk Management Group Disclaimer This presentation is for informational
More informationNERC Cyber Security. Compliance Consulting. Services. HCL Governance, Risk & Compliance Practice
NERC Cyber Security Compliance Consulting Services HCL Governance, Risk & Compliance Practice Overview The North American Electric Reliability Corporation (NERC) is a nonprofit corporation designed to
More informationDOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS
Overview. DOCUMENT RETENTION STRATEGIES FOR HEALTHCARE ORGANIZATIONS A comprehensive and consistently applied document retention policy is necessary to reduce the risk of being charged with spoliation
More information10 Steps to Establishing an Effective Email Retention Policy
WHITE PAPER: 10 STEPS TO EFFECTIVE EMAIL RETENTION 10 Steps to Establishing an Effective Email Retention Policy JANUARY 2009 Eric Lundgren INFORMATION GOVERNANCE Table of Contents Executive Summary SECTION
More informationBreaking Down the Silos: A 21st Century Approach to Information Governance. May 2015
Breaking Down the Silos: A 21st Century Approach to Information Governance May 2015 Introduction With the spotlight on data breaches and privacy, organizations are increasing their focus on information
More informationEmail Management Trends, Troubles, and Solutions
Email Management Trends, Troubles, and Solutions Kevin O Connor General Manager, Content Management & Archiving 1 Information Challenges Lead to Archiving Data Growth Digital Proliferation Cost Escalating
More informationFacilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services
Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 1 Today s Agenda Structure of Today s Discussion Set Objectives General overview of DR/BCP Exercise Assumptions Scenarios
More informationThe President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808
More informationThe Next Generation of Security Leaders
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationBreaking down the barriers to cloud-based records management
Breaking down the barriers to cloud-based records management About the Presenters Alan Weintraub Principal Analyst at Forrester Research, Inc. Expert on Enterprise Information Management (EIM) Earned a
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationReduce Cost, Time, and Risk ediscovery and Records Management in SharePoint
Reduce Cost, Time, and Risk ediscovery and Records Management in SharePoint David Tappan SharePoint Consultant C/D/H davidt@cdh.com Twitter @cdhtweetstech Don Miller Vice President of Sales Concept Searching
More informationSECURITY CONSIDERATIONS FOR LAW FIRMS
SECURITY CONSIDERATIONS FOR LAW FIRMS Enterprise Risk Management Professional consulting firm that specializes in cyber security Founded in 1998 in Miami, Florida Serves more than 150 clients, locally,
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationUnderstanding ediscovery and Electronically Stored Information (ESI)
Copyright The information transmitted in this document is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination
More informationSecuring The Cloud With Confidence. Opinion Piece
Securing The Cloud With Confidence Opinion Piece 1 Securing the cloud with confidence Contents Introduction 03 Don t outsource what you don t understand 03 Steps towards control 04 Due diligence 04 F-discovery
More informationOCCUPATIONAL GROUP: Information Technology. CLASS FAMILY: Security CLASS FAMILY DESCRIPTION:
OCCUPATIONAL GROUP: Information Technology CLASS FAMILY: Security CLASS FAMILY DESCRIPTION: This family of positions provides security and monitoring for the transmission of information in voice, data,
More information10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)
1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction
More informationHow to protect yourself against cyber crime in 7 practical steps
How to protect yourself against cyber crime in 7 practical steps Fox Harbour, NS Presented by: Date: Scott Crowley, Regional Managing Partner, MNP Ken Taylor, President, ICSPA Stephen Warden, Partner,
More informationPresentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J.
Presentation to ACC Charlotte Data Security & Privacy Presented by: November 2, 2011 William J. Cook C. Andrew Konia Mark J. Maier www.mcguirewoods.com Agenda Identifying the Issues/Concerns Current State/Impact
More informationKeeping watch over your best business interests.
Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation
More informationDeveloping an Integrated e-discovery and Corporate Records Management Program. Presented by: Janeine Charpiat Information Security Professional
Developing an Integrated e-discovery and Corporate Records Management Program Presented by: Janeine Charpiat Information Security Professional What is ediscovery? any process in which electronic data is
More informationCloudy Privacy Computing
Cloudy Privacy Computing Rebecca Herold, CIPP, CISSP, CISA, CISM, FLMI Final Draft for December 2008 CSI Alert Is cloud computing cumulous or cirrus? At Thanksgiving dinner, some of my relatives (none
More informationData Security Breach. How to Respond
Data Security Breach How to Respond About ERM About The Speaker Information Security Director at ERM CISSP, CISA, CRISC, PCIP, PCI-QSA Core Experience: Information Assurance Computer Forensics Penetration
More informationHow To Prepare For A Disaster
Building an effective Tabletop Exercise Presented by: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 3/26/2013 #1 Continuity Plan Testing Flowchart 3/26/2013 #2 1 Ongoing Multi-Year
More informationPrivacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies. Privacy Committee Web 2.0/Cloud Computing Subcommittee
Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies Privacy Committee Web 2.0/Cloud Computing Subcommittee August 2010 Introduction Good privacy practices are a key
More information3 "C" Words You Need to Know: Custody - Control - Cloud
3 "C" Words You Need to Know: Custody - Control - Cloud James Christiansen Chief Information Security Officer Evantix, Inc. Bradley Schaufenbuel Director of Information Security Midland States Bank Session
More informationDatosphere Platform Product Brief
Datosphere Platform Product Brief No organization is immune to the explosive growth in the volume of electronically stored information (ESI). The rapid growth of ESI is having a tangible impact upon organizations
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationSecurity Transcends Technology
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com
More informationMike Smart Cyber Strategist & Enterprise Security Solutions, EMEA. Cyber: The Catalyst to Transform the Security Program
Cyber: The Catalyst to Transform the Security Program Mike Smart Cyber Strategist & Enterprise Security Solutions, EMEA A Common Language? Hyper Connected World Rapid IT Evolution Agile Targeted Threat
More informationCOBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.
COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that
More informationGlobal Information Governance: Cross-border Records Management the Hard [copy] Way
Global Information Governance: Cross-border Records Management the Hard [copy] Way A case study on new technology applied to persistent global records management challenges Hard copy records continue to
More informationArchiving and The Federal Rules of Civil Procedure: Understanding the Issues
Archiving and The Federal Rules of Civil Procedure: Understanding the Issues An ArcMail Technology Research Paper ArcMail Technology, Inc. 401 Edwards Street, Suite 1620 Shreveport, Louisiana 71101 www.arcmailtech.com
More informationIn ediscovery and Litigation Support Repositories MPeterson, June 2009
XAM PRESENTATION (extensible TITLE Access GOES Method) HERE In ediscovery and Litigation Support Repositories MPeterson, June 2009 Contents XAM Introduction XAM Value Propositions XAM Use Cases Digital
More informationInformation Security Program Management Standard
State of California California Information Security Office Information Security Program Management Standard SIMM 5305-A September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF CHANGES
More informationIBM ediscovery Identification and Collection
IBM ediscovery Identification and Collection Turning unstructured data into relevant data for intelligent ediscovery Highlights Analyze data in-place with detailed data explorers to gain insight into data
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationNonprofit Organizations Committee Legal Quick Hit:
Nonprofit Organizations Committee Legal Quick Hit: Privacy and Data Security for Your Nonprofit: Understanding Your Client s Legal Obligations and Minimizing Legal Risk MODERATOR: JEFFREY S. TENENBAUM,
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationService Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard
Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationM E M O R A N D U M. Definitions
M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice
More informationIntegrating Pandemic Readiness into Your Organization's Resiliency Model.
Integrating Pandemic Readiness into Your Organization's Resiliency Model. David M. Sarabacha Senior Manager MBCP, MBCI, CISSP, CISA, CISM Deloitte & Touche LLP Agenda TOPIC SCHEDULE Session Overview Introduction
More informationInformation Governance 2.0 A DOCULABS WHITE PAPER
Information Governance 2.0 A DOCULABS WHITE PAPER Information governance is the control of an organization s information to meet its regulatory, litigation, and risk objectives. Effectively managing and
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationBOARD OF GOVERNORS MEETING JUNE 25, 2014
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationInformation Governance Manage in Place Use Cases Workshop
Information Governance Manage in Place Use Cases Workshop James Seeley Vice President, Governance Sales threat protection compliance archiving & governance secure communication Information Governance -
More informationLong Term Record Retention and XAM
Long Term Record Retention and XAM Wayne M. Adams Chair Emeritus, SNIA www.snia.org Agenda Market Trends and Drivers SNIA Survey SNIA XAM Standard SNIA Meta Data Work Summary Information Challenge Escalating
More informationInformation Governance, Risk, Compliance
Information Governance, Risk, Compliance April White Paper By Galaxy Consulting A At Your Service Today Tomorrow We Appreciate The Privilege Of Serving You! Abstract May 2014 Information is the lifeblood
More informationStrategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013
Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5
More informationManaging Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal
Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationFrom Information Management to Information Governance: The New Paradigm
From Information Management to Information Governance: The New Paradigm By: Laurie Fischer Overview The explosive growth of information presents management challenges to every organization today. Retaining
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Online File Storage BACKGROUND Online file storage services offer powerful and convenient methods to share files among collaborators, various computers, and mobile
More informationSocial Networking and its Implications on your Data Security
Social Networking and its Implications on your Data Security Canadian Chamber of Commerce of the Philippines June 8, 2011 Warren R Bituin Partner -SGV & Co. About the Speaker Warren R. Bituin SGV & Co./Ernst
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More informationIncident Management & Forensics Working Group. Charter
Incident Management & Forensics Working Group Charter February 2013 2013 Cloud Security Alliance All Rights Reserved All rights reserved. You may download, store, display on your computer, view, print,
More informationARMA: Information Governance: A Revenue Source Potential
ARMA: Information Governance: A Revenue Source Potential Presenter: Martin Tuip Executive Director for IG Products ARMA International Agenda About ARMA International What is Information Governance? Generally
More informationAssessing the strength of your security operating model
www.pwc.com Assessing the strength of your security operating model May 2014 Assessing the strength of your security operating model Retail stores, software companies, the U.S. Federal Reserve it seems
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationThe evolution of data archiving
The evolution of data archiving 1 1 How archiving needs to change for the modern enterprise Today s enterprises are buried by data, and this problem is being exacerbated by the unfettered growth of unstructured
More informationBest Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
More informationDOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents
WhitePaper Concise Guide to E-discovery Contents i. Overview ii. Importance of e-discovery iii. How to prepare for e-discovery? iv. Key processes & issues v. The next step vi. Conclusion Overview E-discovery
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationSAVE OFTEN. Many new electronic records laws are forcing companies to rethink how they archive and protect data or risk stiff penalties
Many new electronic records laws are forcing companies to rethink how they archive and protect data or risk stiff penalties SAVE OFTEN By Courtney Macavinta 12 DELL INSIGHT JANUARY 2005 Save [ Cutting
More informationSecurity in the Cloud an end to end Problem
ID WORLD Abu Dhabi 18-19 March 2012 Cloud Computing & Mobile Applications Dr. Andrew Jones Programme Chair for Information Security Khalifa University of Science, Technology and Research, Abu Dhabi Security
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationDocument Type Doc ID Status Version Page/Pages. Policy LDMS_001_00161706 Effective 2.0 1 of 7 Title: Corporate Information Technology Usage Policy
Policy LDMS_001_00161706 Effective 2.0 1 of 7 AstraZeneca Owner Smoley, David Authors Buckwalter, Peter (MedImmune) Approvals Approval Reason Approver Date Reviewer Approval Buckwalter, Peter (MedImmune)
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationTask Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare
CIO-SP 3 Task Areas Ten task areas constitute the technical scope of this contract: Task Area 1: IT Services for Biomedical Research, Health Sciences, and Healthcare The objective of this task area is
More informationThe cyber security imperative. Protect your organization from cyber threats
The cyber security imperative Protect your organization from cyber threats Contents Cyber threats are real and growing... 1 A full range of cyber security solutions... 2 Managed Security Services (MSS)...
More informationwww.pwc.com/us/cyber Statement of Qualifications Cybercrime & data breach
www.pwc.com/us/cyber Statement of Qualifications Cybercrime & data breach Contents Countering cyber threats and fraud Cyber forensics and investigative services Cyber forensics and investigations Past
More informationInformation in the Cloud: What s in the Future
Information in the Cloud: What s in the Future Cloud Computing: Opportunities, Advantages, Disadvantages for Federal Agencies Melvin Greer Chief Strategist, Author, Educator SOA / Cloud Computing / Cyber
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationInformation Security Specialist Training on the Basis of ISO/IEC 27002
Information Security Specialist Training on the Basis of ISO/IEC 27002 Natalia Miloslavskaya, Alexander Tolstoy Moscow Engineering Physics Institute (State University), Russia, {milmur, ait}@mephi.edu
More informationRecords Management and SharePoint 2013
Records Management and SharePoint 2013 SHAREPOINT MANAGEMENT, ARCHITECTURE AND DESIGN Bob Mixon Senior SharePoint Architect, Information Architect, Project Manager Copyright Protected by 2013, 2014. Bob
More informationWHITE PAPER. Deficiencies in Traditional Information Management
WHITE PAPER Deficiencies in Traditional Information Management Table of Contents 3 Abstract 3 Information Management Defined 7 Problems with Traditional Approaches 8 Conclusion Table of Figures 5 Figure
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationCorporate IT Forensics in the New Decade. Hong Kong March 2010 Bruce Nikkel
Corporate IT Forensics in the New Decade Hong Kong March 2010 Bruce Nikkel Presentation Overview The growth and evolution of digital forensics Pre-Y2K computer forensics Post-Y2K digital forensics Factors
More information