Data Breach Essentials



Similar documents
Performance Review Documentation for Duke University Employees

IT Service Desk Manual Ver Document Prepared By: IT Department. Page 1 of 12

BDO KNOWLEDGE Tax Webinar Series High Growth & Start-Up Companies: What You Need about the R&D Tax Credit from Day 1 Page 1

cyber liability insurance.

Florida Courts E-Filing Portal. E-service User Guide

Logging In: Auditing Cybersecurity in an Unsecure World

Quick Reference Guide for MyTrack.com Project Tracking Website Your Project is On TRACK!

Cognos 10 Getting Started with Internet Explorer and Windows 7

Guide for Instructors A how-to guide on managing accommodation information for students with disabilities.

Cybersecurity and internal audit. August 15, 2014

WebsiteAlive Operator Panel. A WebsiteAlive How-To Guide

Patient Portal Users Guide

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

TBR System Office Performance Management Employee s Guide

HOW TO ACCESS AND USE GET HELP

Google Docs, Sheets, and Slides: Share and collaborate

1 CoverMyMeds User s Guide User s Guide

Unanet User Guide: Timesheets & Expenses Getting Started Submitting Timesheets Submitting Expenses Contacts & Support

What You Need to Know About CELDT Security Forms

Thank you for visiting the Online Course Proposal Web Tutorial for new and existing courses for Brown University Faculty and Staff.

Directory and Messaging Services Enterprise Secure Mail Services

Welcome to Empower Software AG. All rights reserved.

Address Book. Store all of your contacts in your online Address Book.

USER GUIDE BroadData Conferencing Reservationless Audio Conferencing - Online Call Manager

Getting Started. Getting Started.

National Cyber Security Awareness Month. Week Two: Creating a Culture of Cybersecurity at Work

National Initiative for Cybersecurity Careers and Studies (NICCS) Webinar

AKCess Pro Server Acknowledge Alerts & Sensor Status Manual

Client Portal Training

Cyber Security Pr o t e c t i n g y o u r b a n k a g a i n s t d a t a b r e a c h e s

Quick Start Guide to Logging in to Online Banking

Working with the FBI

Client Search. Searching For Clients With or Without Addresses

PRELIMINARY MEETING PREPARATION For the best quality and experience during your WebEx Meeting, you should have the following:

HAIKU LMS PARENT MANUAL

Academic Senate Data Management System

1. Enter the patient s address in one of the following areas: a. Under Patient tab (see below) or b. Under Info tab under Other

Please let us know if you need anything. Our customer service number is We re always happy to help.

Schools CPD Online General User Guide Contents

Cyber Security Risks for Banking Institutions.

Voice Mail - Web PhoneManager (WPM) Rev. 8/4/15

DOT/TSI Online Training Center Student User Guide

Contents. Note: Feature commands and/or functionality may vary dependent on the telephone equipment you choose to use with this product.

CYBERSECURITY & EXPECTATIONS FOR INDEPENDENT GROCERS

Anonymous Call Rejection

Brief. The BakerHostetler Data Security Incident Response Report 2015

Business Procedures: Send Secure s Created: Updated:

Cloud Web Portal User Guide Version 2.0

Online Registration Instructions

Wentworth Institute of Technology Performance Management Employee s Guide

Drive. Etobicoke-Mimico Watershed Coalition

TRANS-VIDEO PHONE SERVICE

Accessing The Doctors Clinic Physician Connect

ACCESSING SINGLE NUMBER SERVICE FROM THE WEB PORTAL (FOR PHONE ADMINISTRATION SEE PAGE 6)

AUDIT TAX SYSTEMS ADVISORY

Features & Instructions Guide For Your New VoIP Services

Online Services through My Direct Care

Add Title. Electronic Services Verification Instructions

Messages Tab. Overview: The Messages Tab. Inbox: Viewing and Replying to Messages. Composing New Messages. Archiving Messages

Welcome to Today s NACUBO Webcast. Our program will begin shortly with a brief introduction on how to use the desktop interface.

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

LexisNexis Emerging Issues Analysis

2012 NCSA / Symantec. National Small Business Study

Data Breach Response Planning: Laying the Right Foundation

FILING REPRESENTATIVES TRAINING ONLINE COURSE SCHEDULING USER GUIDE

Privacy Rights Clearing House

Click to edit Master title style

Bb Collaborate Online Rooms Faculty Support Guide

eopf Release E Administrator Training Manual

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Creating a WebEx Event in the OnPoint LMS

Sage Estimating. Release Notes Version 13.1

University Performance Management Tool (for Managers)

Best Practices for Protecting Sensitive Data in an Oracle Applications Environment. Presented by: Jeffrey T. Hare, CPA CISA CIA

Welcome to ChiroCare s Fourth Annual Fall Business Summit. October 3, 2013

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Tips for Net Meeting and UNRI Webcast Presenters Using Microsoft Live Meeting

Document Services Online Customer Guide

Your Agency Just Had a Privacy Breach Now What?

SBA Cybersecurity for Small Businesses. 1.1 Introduction. 1.2 Course Objectives. 1.3 Course Topics

Probationary Teacher Continuing Teacher Summary of Instrument changes from School Year

Skype for Business User Guide

Customizing Confirmation Text and s for Donation Forms

U.S. Online Banking & Bill Pay Frequently Asked Questions

AUDITVIEW USER INSTRUCTIONS

Current Accounting and Reporting Developments Webcast Series Third Quarter 2015

1. Introduction. 2. Reporting a Fault, Ask a Question or Make a Suggestion. 3. Accessing Go To Assist. 4. The Knowledge Catalog.

Tuskegee University Performance Management Philosophy and Key Components Performance management is an ongoing, continuous process of communicating

WebEx Virtual Office Hours

Help Desk Web User Guide

Protecting the Information of Clients, Donors, the Organization, Oh MY! Stacey Keegan November 14, 2012

Identity Finder Quick Start Guide for Windows

Certification Candidate Handbook

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

v6 Preferences Webinar

Perform this procedure when you need to add a recurring payment option, or when you need to change or withdraw it.

Integrated Warning System

Plan of Attack 5 Step Plan

Miscellaneous IT Equipment Florida Contract # 250-WSCA-10-ACS

Inventory Management and Reporting Instructions

Transcription:

BDO KNOWLEDGE WEBINAR SERIES Data Breach Essentials June 2014 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. Page 1 CPE AND SUPPORT CPE Participation Requirements To receive CPE credit for this webcast: You ll need to actively participate throughout the program. Be responsive to at least 75% of the participation pop-ups. Certificate of Attendance: If you are logged in the entire time and respond to all participation pop-ups, you will be able to print your certificate from the Participation section at the end of the webcast. If you log out before printing your certificate: BDO USA professionals CPE will automatically be issued in CPE Tracking & Reporting at the end of every week. A copy of your certificate will be sent after you have been issued credit. Clients and Contacts and all other individual participants You will be emailed instructions on how to access your certificate. Page 2 1

CPE AND SUPPORT (CONTINUED) Group Participation To receive credit: Sign-in sheets must list a Proctor name and CPA license number. Clients and contacts Email sign-in sheets to cpe@bdo.com within 24 hours of the webcast. BDO USA professionals Submit your sign-in sheets using a General Training & Development Request in BDO Service Now found at: BDOWorld > Applications & Resources > BDO Service Now > Click Service Catalog in the left menu, then under Training & Development, Make a Request. Alliance Firm Members Should proctor their own group participants. This process is detailed in the LearnLive Participant Guide, which can be found by searching LearnLive Participant Guide on the Alliance Portal. Call LearnLive Support below for questions. International Firm Members Unfortunately, we cannot currently support group CPE for International Firms. Those wanting CPE must register and log in on their own computer. Handouts: Handouts, including group CPE sign-in sheets, may be accessed from the Handouts tab at the bottom of your screen Q&A: Submit all questions using the Q&A feature on the lower right corner of the screen. At the end of the presentation, the presenter(s) will review and answer all questions submitted. Technical Support: If you should have technical issues, please contact LearnLive: Click on the Live Chat icon under the Support tab, OR Call: 1-888-228-4088 Page 3 LEARNING OBJECTIVES Upon completion of this course participants will be able to: Apply the key elements required to prepare for and respond to a data breach Recognize certain data breach indicators, including but not limited to internal threats, external threats and other risk factors Identify activities necessary to determine the extent of a data breach and methodologies to contain the breach Identify appropriate personnel, both internally and externally, to involve in the cyber investigation and notification processes Recognize methods that allow for monitoring and detection of potential future breach events Page 4 2

PRESENTERS Dean Irwin, Principal, BDO USA, LLP dirwin@bdo.com Amy Rojik, Director BDO USA, LLP arojik@bdo.com Rick Sanders, Attorney, Aaron & Sanders, PLLC Rick@aaronsanderslaw.com Karen Schuler, Managing Director, BDO USA, LLP kschuler@bdo.com Greg Shrader, Information Technology Executive Greg_shrader@hotmail.com Page 5 AGENDA Data Breaches in the Headlines Managing Data Environments Creating an Environment that Promotes Strong Internal Controls Developing Unified Threat Management System and Protocols to Recognize Threats Elements of a Cyber Investigation and Incident Response Ability to Respond Elements of a Cyber Investigation Victim Notification Requirements and Reporting Monitoring and Preventative Steps Page 6 3

DATA BREACHES IN THE HEADLINES Selected losses greater than 30,000 records Page 7 Source: Information is Beautiful.net MANAGING DATA ENVIRONMENTS Page 8 4

DEVELOPING UNIFIED THREAT MANAGEMENT SYSTEM AND PROTOCOLS TO RECOGNIZE THREATS Setting Tone Establish Risk Committee Risk Policies and Procedures Identify the data and (IT) Systems Page 9 CREATING AN ENVIRONMENT THAT PROMOTES STRONG INTERNAL CONTROLS Safeguarding of assets Customer Data is an Asset! Controls over customer data Authorizations/access Adequacy of controls being maintained by third party outsourcers Continuous monitoring Real-time/Manual Performing regular assessments on up-to-date software Offer regularly scheduled training Documentation Page 10 5

ELEMENTS OF A CYBER INVESTIGATION AND INCIDENT RESPONSE Page 11 WHAT, WHEN AND HOW DID THIS HAPPEN? YOUR ABILITY TO RESPOND IS CRITICAL Incidents may be the result of one or more factors Response plans are critical don t wait until something happens Forming a response team can save you time and money Response teams may include your personnel, attorneys, outside consultants that specialize in cyber investigations and incident response Potential Causes of a Breach Page 12 6

WHAT, WHEN AND HOW DID THIS HAPPEN? THE ELEMENTS OF A CYBER INVESTIGATION Identification Containment Eradication Recovery Lessons Learned Location of the incident How was it discovered? Other areas compromised? Scope of the impact Have sources been identified? Business impact Short-term containment (is problem isolated / are systems isolated?) System-backup (evidence collection, imaging) Long-term containment (system off-line) Re-image and update patches, harden system(s) Removal of malware and artifacts from system(s) When can system(s) come back online? Have systems been prepared to thwart future attacks? What testing, monitoring solutions are going to be used for future? How can we prevent this in the future? Incident Report Who? What? Why? How? Where? When? Prevention CYBER INVESTIGATION Page 13 VICTIM NOTIFICATION REQUIREMENTS AND REPORTING All data breach statutes require the custodian of consumer data to notify the consumer if the consumer s personal information has been subject to a breach, but they vary markedly along several axes: 1. How broadly personal information is defined. Does it include information beyond SSN, DLN & financial info? 2. What triggers the duty to notify? Mere access? Something more? 3. Whether there are exceptions to the duty to notify. 4. How quickly notification must be given. 5. Who, if anyone, must be notified in addition to the affected consumer, such as the attorney general or consumer protection agency. 6. The effect, if any, of encryption. 7. What must be included in the notification? 8. How notification must be given? 9. Whether there are private causes of action for failure to given notice and/or failure to protect data. 10. Whether the statute also protects hard documents? Page 14 7

RESOURCES The National Conference of State Legislatures maintains links to every state s data protection statutes: http://www.ncsl.org/research/telecommunications-andinformation-technology/security-breach-notificationlaws.aspx The law firm of Baker Hostetler maintains a constantly updated data privacy blog and other resources: http://www.dataprivacymonitor.com Page 15 MONITORING AND PREVENTATIVE STEPS Page 16 8

DETERRING FUTURE DATA BREACHES Identification and measurement of risk Security initiatives (and ROI) Executive participation/oversight Education Communication Plan Page 17 SUMMARY: NEXT STEPS Recognize data breach indicators internal/external Identify activities necessary to determine the extent of a data breach and methodologies to contain the breach Identify appropriate personnel, both internally and externally, to involve in the cyber investigation and notification processes Recognize methods that allow for monitoring and detection of potential future breach events Page 18 9

ADDITIONAL WEBINARS BDO Knowledge Webinar Archives: Managing Risk in Cyberspace http://www.bdo.com/acsense/archive.aspx BDO Knowledge Upcoming Webinars: Technical Update Q2 2014 July 9, 10 and 11 Revenue Recognition: Overview of ASU 2014-09 July 14 and 15 http://www.bdo.com/acsense Page 19 Page 19 BDO BOARD REFLECTIONS Additional resources accessible via the BDO Board Reflections: http://www.bdo.com/library/boardreflections.aspx Recent BDO Publications: Cybersecurity Its Impact on the External Audit and Other Recent Developments Cybersecurity A Board Primer For a complete listing of publications, refer to: http://www.bdo.com/publications/assurance/ Page 20 Page 20 10

EVALUATION We continually try and improve our programming and appreciate constructive feedback. Following the program, we will be sending out a thank you e-mail that contains a link to a brief evaluation. Thank you in advance for your participation! Page 21 CONCLUSION THANK YOU FOR YOUR PARTICIPATION! Certificate Availability If you participated the entire time and responded to at least 75% of the polling questions, click the Participation tab to access the print certificate button. Group Participation Reminder to receive credit: Sign-in sheets must list a Proctor name and CPA license number. Clients and Contacts email sign-in sheets to bdoevents@bdo.com within 24 hours of the webcast. BDO USA professionals Submit your sign-in sheets using BDO Service Now. Alliance Firm Members Should proctor their own group participants. This process is detailed in the LearnLive Participant Guide on Alliance Portal > Resource Center. Call LearnLive Support for questions 1-888-228-4088. International Firm Members - Unfortunately, we cannot currently support group CPE for International Firms. Those requesting CPE must have registered and participated from their own computer. Please exit the interface by clicking the red X in the upper right hand corner of your screen. Page 22 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information