REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE



Similar documents
Reclaiming your identity

State of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION OF A SECURITY BREACH

Identity Theft Repair Kit

Procedure for Managing a Privacy Breach

Privacy Breach Protocol

Identity Theft Repair Kit

PRIVACY BREACH MANAGEMENT POLICY

Administrative Procedures Memorandum A1452

Identity Theft Prevention Program

Covered Areas: Those EVMS departments that have activities with Covered Accounts.

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

As a precaution, we have arranged with AllClear ID to provide identity protection services to affected clients at no cost for a period of one year.

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Protection of Privacy

Information Technology Policy

THE UNIVERSITY OF NORTH CAROLINA AT GREENSBORO IDENTITY THEFT PREVENTION PROGRAM

Data Security Breach. How to Respond

HIPAA Security Alert

Important Customer Notice. Information Concerning Data Security Incident at Some Staples Stores

Data Security Incident Response Plan. [Insert Organization Name]

DATA BREACH POLICY IMPLENTATION GUIDE

SECURITY BREACH INCIDENT RESPONSE AND CONSUMER NOTIFICATION PLAN TABLE OF CONTENTS PROGRAM OVERVIEW... DEFINITIONS... REPORTING A SECURITY BREACH...

The City of West Linn Identity Theft Prevention Program

Personal Information Protection Policy

Protecting. Personal Information A Business Guide. Division of Finance and Corporate Securities

When Your Child s Identity Is Stolen

Wake Forest University. Identity Theft Prevention Program. Effective May 1, 2009

Your Agency Just Had a Privacy Breach Now What?

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Deterring Identity Theft. The Federal Trade Commission estimates that as many as 9 million Americans have their identities stolen each year.

SUBJECT: Identity Theft / Patient Misidentification POLICY NUMBER: Page 1 of 16 GENERATED BY: Integrity Compliance Office APPROVED BY:

IDENTITY THEFT PREVENTION PROGRAM

BOARD OF GOVERNORS MEETING JUNE 25, 2014

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc.

Cyber Risk in Healthcare AOHC, 3 June 2015

Presented by Dave Olsen, CPA, President

IDENTITY THEFT PREVENTION

CITY OF MARQUETTE, MICHIGAN CITY COMMISSION POLICY

erisks Policyholder s Guide to Privacy & Security Breach Response Planning

PERSONALLY IDENTIFIABLE INFORMATION (Pin BREACH NOTIFICATION CONTROLS

IDENTITY THEFT PROCEDURES

IDENTITY THEFT PREVENTION PROGRAM TRAINING MODULE February 2009

University of Alaska. Identity Theft Prevention Program

The University of North Carolina at Charlotte Identity Theft Prevention Program

Deluxe Provent : Protecting against expanded threats. Providing for expanded opportunities.

The Florida A&M University. Identity Theft Prevention Program. Effective May 1, 2009

Network Security & Privacy Landscape

Identity Theft Victim Packet

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Responding to New Identity Theft Laws

Standard: Information Security Incident Management

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

Identity Theft Victim Checklist


ACCG Identity Theft Prevention Program. ACCG 50 Hurt Plaza, Suite 1000 Atlanta, Georgia (404) (404)

Identity theft. A fraud committed or attempted using the identifying information of another person without authority.

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

POHATCONG TOWNSHIP POLICE DEPARTMENT

McLennan Community College

Identity Theft Prevention Program

Data Breach Notification Duty. Dr. Elisabeth Thole 31 October 2015 UIA Valencia

Aftermath of a Data Breach Study

HOME DEPOT DATA BREACH

Identity Theft Prevention Program

Village of Brockport Identity Theft Prevention Program Effective December 1, 2009 Confirmed 7/21/14

TABLE OF CONTENTS. Identity Theft Steps to take if you are a victim Page 3

I. Purpose. Definition. a. Identity Theft - a fraud committed or attempted using the identifying information of another person without authority.

Travis County Water Control & Improvement District No. 17. Identity Theft Prevention Program. Effective beginning November 20, 2008

IDENTITY THEFT PREVENTION (Red Flag) POLICY

Texas A&M University Commerce. Identity Theft Prevention Program Effective beginning May 1, 2009

Oklahoma State University Policy and Procedures. Red Flags Rules and Identity Theft Prevention

Z1.01 Guideline: Identity Theft Prevention Program

Protecting Yourself When You're a Victim of Identity Theft, Forgery or Fraud

DRAFT Template: Health Information Privacy and Security Breach Notification Letter

NEVADA SYSTEM OF HIGHER EDUCATION PROCEDURES AND GUIDELINES MANUAL CHAPTER 13 IDENTITY THEFT PREVENTION PROGRAM (RED FLAG RULES)

Texas A&M International University Identity Theft Prevention Program

Personal Information Protection Act Information Sheet 11

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

Legal Policy Manual - System

KEY STEPS FOLLOWING A DATA BREACH

CYBERSECURITY EXAMINATION SWEEP SUMMARY

UNIVERSITY OF MASSACHUSETTS IDENTITY THEFT PREVENTION PROGRAM

Detecting, Preventing, and Mitigating Identity Theft

City of Hercules Hercules Municipal Utility Identity Theft Prevention Program

We are writing to you because of a recent security incident which may have resulted in unauthorized access of your personal information.

Green University. Identity Theft Prevention Program. Effective beginning October 31, 2008

II. F. Identity Theft Prevention

identity Theft Prevention and Identification Requirements For Utility

Privacy and Security Incident Management Protocol

STATEMENT OF DELARA DERAKHSHANI CONSUMERS UNION BEFORE THE UNITED STATES SENATE COMMITTEE ON THE JUDICIARY

HIPAA. New Breach Notification Risk Assessment and Sanctions Policy. Incident Management Policy. Focus on: For breaches affecting 1 3 individuals

DOYLESTOWN FAMILY MEDICINE, P.C. IDENTITY THEFT PREVENTION PROGRAM TEMPLATE ADOPTED AND EFFECTIVE: APRIL 15, 2009 UPDATED:

Chatsworth Water Works Commission. Identity Theft Prevention Program. Effective beginning December 1, 2008

Common Data Breach Threats Facing Financial Institutions

IDENTITY THEFT PREVENTION PROGRAM (RED FLAGS)

IDENTITY THEFT PREVENTION PROGRAM

University of North Dakota. Identity Theft Prevention Program

Information Security Incident Management Guidelines

Transcription:

CYBER RISKS SECURITY BREACH CHECKLIST REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE STEP 1 UNDERTAKE PRELIMINARY ASSESSMENT OF THE INCIDENT A serious data security breach is described in the Data Breach GPN as a breach: - that could cause significant threat of harm to individuals; - where large volumes of data are involved (generally 1000 people); - where sensitive data is involved, such as financial or medical records or unencrypted personal data. When and the location where the security breach occurred? How is it suspected that the breach occurred? Description of devices, paperwork or electronic data that was lost, stolen or breached? If devices were stolen, were they immediately reported to law enforcement? What personal data might be involved? - An individual s name - Identification Number - Financial Data - Driver s License Number - Credit Card Information - Health Information - Any other specific information that might identify an individual Can the data be used for fraudulent or other purposes? (for what might the electronic data be used?) What is the value of the electronic data? Is there further information at risk? Estimate of how many individuals / services (exchange/financial services etc.) were affected by the security breach? THE POWER OF KNOWLEDGE AUTHORISED FINANCIAL SERVICES PROVIDER, LICENSE NUMBER: 6344. APPROVED LLOYD S COVERHOLDER PIN: 107824DRW Camargue Underwriting Managers (Pty) Ltd. Co. Reg. No. 2000/028098/07. DIRECTORS: MG Marescia (Managing), V Hayter, A Mullins, GJ de Bruin, LM Carciumaru. 33 Glenhove Road, Melrose Estate, 2196. Postnet Suite 250, Private Bag X4, Bedfordview, 2008 Telephone: 011 778 9140, Facsimile: 011 778 9199, E-mail: camargue@camargueum.co.za, Website: www.camargueum.co.za

STEP 2 INVESTIGATION STEPS Ensure that there is a security response team with an identified team leader and deputy leaders if the team leader is not available. The nature and cause of the breach. Asses if the data breach is still active and stop it. The extent of the damage or harm that results or could result from the breach. Identify and institute immediate action to stop the source or entity responsible for incident. Identify system, application, or electronic device compromised and begin identification process to determine whose information was compromised and what data elements were included. Determine need to notify key internal stakeholders not represented on the team. Determine if the response team has enough knowledge / experience to rectify the problem if not hire external assistance. Identify the source or suspects involved in the event: - Is the source of data breach an external vendor or business associate. - Is the source of the breach a current employee establish existence of criminal record, privacy and security education and training. - Is the source of the breach external involve law enforcement agency to determine appropriate action. Institute computer forensic investigation to gather evidence and determine course of events as well as determine and identify electronic device compromised. Determine need to notify external entities: - Legal Counsel - IT Forensic Support - Law Enforcement Agency - Victims - Media Determine likelihood of harm and possible recipient of information, if known. Requirements of regulatory reporting and disclosure. STEP 3 NOTIFY APPROPRIATE PEOPLE WITHIN THE ENTITYS Other data controllers. If there are other data controllers of the personal data in question, you may want to notify them. Insurers. Notification of potential claims may be an insurance policy requirement. Data subjects. In the Data Breach GPN, the Information Commissioner cautions that data subjects should not be notified of a data security breach unless there is a reason for doing so. Data controllers should instead consider whether the data subject will benefit from knowing about the data security breach, involving their personal data, for example, by being able to change passwords or bank accounts to help prevent potential fraudulent use of the data. The Information Commissioner also suggests that data controllers may wish to consider providing data subjects, whose personal data security is at risk, with assistance in dealing with practical issues, such as identity fraud checking services. 2 SECURITY BREACH CHECKLIST

Make the following Executive Officer s contacts: Make the following internal contacts: - The Chief Executive Officer - Chief Information Security Officer (CISO) - Head Internal Audit Officer - Head of Forensic Department - Head of IT - Management responsible for the business area - Management responsible for Administration - Chief Information Officer - Information Security Officer - Legal Office STEP 4 EVALUATION OF THE SCOPE OF THE INCIDENT Does there appear to be evidence of suspicious behavior or negligence by an employee? Type of incident targeted theft of data or incidental as part of a crime of opportunity (ie. laptop left unaccompanied). Was there criminal intent by an employee? Determine who needs to conduct interview of employee? Has the entity completed an IT security incident form? Does a backup of the system/data exist? Is there a similar functioning device that needs to be analyzed to help determine the risk? Does the Human Resource department need to be involved? If there was physical damage to a building, should the entity hire security guards? Do the access codes for the building need to be changed or updated? Were users ID and passwords disabled that might have been associated with the stolen or lost devices? Should the entities employees be briefed on the situation? Has a key person within the entity been identified to monitor the progress and communicate the actions to the appropriate people identified in Step 3 of this checklist? STEP 5 DETERMINE NEED TO NOTIFY PUBLIC Do employees need to be informed of the incident? Should the public be notified of the incident? If so, consider the following: 1 Develop talking points 3 Press Conference. - What will be the Key Message communicated? 4 Contact other provinces. - What will the next steps be? 5 Any public organizations that could assist in 2 Press Release. communicating the information to the public. If law enforcement was involved, did the entity consult with them to determine the timing of what and when details of the security breach could be released to the public? Has a spokesman or public relations official been designated as the contact person for releasing information? Have the communication messages regarding the security breach been coordinated? When does the entity need to notify affected citizens? 3 SECURITY BREACH CHECKLIST

What types of services need to be purchased for affected individuals in order to mitigate the data breach? - Does a contract need to be setup with one of the credit bureaus (e.g. Equifax, Experian or TransUnion) to provide free credit monitoring for affected individuals? - How often should the credit bureau track statistics and report any identity thefts to the entity? - If a contract is established with one of the credit bureaus, how will the information be communicated to the individuals? - Does a reminder letter on the credit services need to be sent to the citizens? - When the credit bureau is unable to locate a credit file for an individual, should a notification be sent? STEP 7 ANALYZE NEED TO ADDRESS DATA SECURITY WEAKNESSES Did the entity have full disk encryption on the hardware devices? Was the security software up-to-date? Did the entity employ other local security measures outside of encryption (ie. password protected files, multiple factor authentication, etc.)? Did the entity have security procedures in place? If so, were the procedures followed? If not, do procedures need to be implemented? Does the entity need to conduct a security assessment? Should this type of sensitive data be stored in the current location? Does the access to the data need to be restricted? Was the data being saved to the network and not to the local hard drives? If the data should be stored in that particular location, is there a way to truncate the information? If the entity has branch offices with similar security, should the alarms be tested? Does the entity need to conduct a risk analysis and security threat assessment if items were stolen from the building? STEP 8 FOLLOW-UP PROTOCOL IDENTIFYING OPPORTUNITIES FOR IMPROVEMENT 1 Evaluation of Security Incident Response Identify actions: - Identification measures (incident verified, assessed, options evaluated) - Evidence collected - Eradication measures - Recovery measures 4 SECURITY BREACH CHECKLIST

CYBER RISKS Determine: - How well did the forensic team members respond to the event? - Were documented procedures followed and were they adequate? - What information was needed sooner? - Were there any steps or actions that might have inhibited recovery? - What could the forensic team do differently the next time an incident occurs? - What corrective actions can prevent similar events in the future? - What additional resources are needed to detect, analyze and mitigate future incidents? - Can missing electronic data be recreated to provide continuity of services? - What external resources and contacts proved helpful? - Other conclusions or recommendations 2 FOLLOW-UP Security incident response form completed and supporting documentation made part of form or filed as attachments. Policy and process review completed and all necessary changes made based on the shortcomings identified through managing the event. Training, education, and awareness carried out (balancing need for awareness with disclosure of event). Event documented as educational case study for internal use. Contact Cyanre on 012 644 0066 or 082 7812078 for immediate security and forensic assistance when a breach is detected. Adopted from various Internet and academic sources THE POWER OF KNOWLEDGE AUTHORISED FINANCIAL SERVICES PROVIDER, LICENSE NUMBER: 6344. APPROVED LLOYD S COVERHOLDER PIN: 107824DRW Camargue Underwriting Managers (Pty) Ltd. Co. Reg. No. 2000/028098/07. DIRECTORS: MG Marescia (Managing), V Hayter, A Mullins, GJ de Bruin, LM Carciumaru. 33 Glenhove Road, Melrose Estate, 2196. Postnet Suite 250, Private Bag X4, Bedfordview, 2008 Telephone: 011 778 9140, Facsimile: 011 778 9199, E-mail: camargue@camargueum.co.za, Website: www.camargueum.co.za

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information