DaSy Conference Data Breach Exercise August 2016 [Logo]

Slides:

Advertisements

Similar presentations

School Tragedies A Perspective on Lessons Learned

Advertisements

Jennifer Painter, VP Housing Operations & Jennifer Rass, VP Communications.

Master Scenario Events List (MSEL) Conference DATE

Developing a Strategic Communications Plan. Overview This session will cover how to: Outline team functions and chain of command Identify key stakeholders.

Password District Data Breach Exercise [District Name] [Date] [Logo]

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

EPR-Public Communications L-05

Preventing and Managing a Crisis. Overview This session will cover how to: Develop a crisis communications plan Prevent crises Prepare for crises Implement.

There’s a Gun in my School: Helping Teachers Prevent and React to School Violence Dr. Amy Andersen Dr. Harry Hueston West Texas A&M University.

IAEA International Atomic Energy Agency EPR-Public Communications L-011 Good Practices for PIOs.

Intro to Positive Behavior Interventions & Supports (PBiS)

Critical Incident Response And CIRT Board of Education Report 2006 Dale R. Rauenzahn, Executive Director, Student Support Services.

Preparing and Budgeting for Communications. Overview This session will cover how to: Perform a “desk review” Conduct an environmental scan Develop a communications.

Unit 6: Unified Command. Unit Objectives  Define Unified Command.  List the advantages of Unified Command.  Identify the primary features of Unified.

Developing an Issues Management Plan Poor Crisis Management NEW YORK (AP) -- Lingering images of passengers stranded at sea for days as toilets back.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

NERT College Disaster Operations Task Force Response Plan Workshop NERT FOG Chapter 6.

Visual 6.1 Unified Command Unit 6: Unified Command.

Traditional Training Methods

Welcome 2011 California Statewide Medical and Health Exercise.

Crisis Management Planning. FYI… Today – section 6 due Today – section 6 due Exam Thursday Exam Thursday Multiple Choice (29 ?’s) Multiple Choice (29.

Annual Boys State Directors Conference Reviewing and Updating Crisis Management Plans Mike Bredeck Director of Minnesota.

Data Sharing: Federal TA Efforts, What We Know & What We Need to Know Improving Data Improving Outcomes Meeting September 2013 Washington, DC 1.

1 Crisis Management and Communication Dr. Joy Smith and Ms. Robin Denny.

FERPA & Data Security:FERPA & Data Security: Passwords and Authenticators.

2 United States Department of Education, Privacy Technical Assistance Center 1 Western Suffolk BOCES Data Breach Exercise.

19 November 2014 Pennsylvania Local School Districts: Regional Data Breach Exercise.

Response to an Emergency Training for 211 Staff in Ontario Updated September

Strategic Communications Training Crisis Communications X State MDA 1.

Summary of Major Points Quarantine / Isolation Planning Process Accomplishments Continuing Projects Where we go from here... SUMMARY Isolation / Quarantine.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Branch President’s Role

Roles & Responsibilities of an Impressive Program Governance Plan

KCSIE 2016: Ensuring implementation in your school or setting

Student Data Privacy and Security

Medina District Safety Plan.

Resolving Foster Parent Concerns

ACAA Summer Meeting Carrie O’Brien June 1, 2017

IRB reporting updates.

Responding to Intrusions

CRITICAL INCIDENT RESPONSE TRAINING FOR COMMANDERS: THE PROVISION OF PSYCHOLOGICAL & EMOTIONAL CARE TO SERVICEMEN & FAMILY FACILITATOR GUIDE INTRODUCTION:

Training Appendix for Adult Protective Services and Employment Supports June 2018.

Family Education Rights and Privacy Act

End of Year Performance Review Meetings and objective setting for 2018/19 This briefing pack is designed to be used by line managers to brief their teams.

Helpful Hints for action to prevent elder abuse

Negotiations – Communications and the Media

CEC’s Responsibilities to CAN Coordinators

Parent-Teacher Partnerships for Student Success

Click Training Agreements Module

Tips to Make Capitol Hill Days a Success!

Project Leadership: Chapter 7

Training Officers Consortium

Crisis Communications Plan

Judith Goetz Director of Marketing & Public Relations

Resolving Issues ADR, Due Process and CDE Complaints

Media Relations WVSAS School-Community Communications Panel Presentation December 6, 2018 Public sentiment is everything. With public sentiment, nothing.

Student Data & Privacy.

Hands-On: FSA Assessments For Foreign Schools

H. Implementation Plan.

IS-907 – Active Shooter: What You Can Do

INCIDENT RESPONSE PLAN

Public Safety and Title IX Administrators: Working Together

Unit 1.01 Apply verbal skills to obtain and convey information

Using Tabletop Exercises

For Stake Emergency Communication Specialists

Presentation transcript:

DaSy Conference Data Breach Exercise August 2016 [Logo]

Data Breach Exercise Table top exercise that simulates a data breach within a complex organization. Intended to put you in the shoes of critical decision makers who have just experienced a data breach. This is a REAL-LIFE data breach that happened in the last 30 days in the education world. IT CAN HAPPEN TO YOU!! 2

Data Breach Exercise You will be divided into teams to react and respond to the scenario. Over time, the scenario will be more fully revealed and you will discover more about what happened. 3

Be Prepared for the Unexpected! 4

Suggestions Think about each of the roles needed in your organization (e.g., public information officer, data system leadership, attorney, auditors, etc.). The full extent or impact of a data breach is rarely known up front. Do your best to anticipate what might happen, but don’t get ahead of yourself. 5

Data Breach Exercise Each team will develop two key products: 1.Public and Internal Communications/ Messaging – Develop the message(s) you will deliver to your staff, students, parents, the media, and the public. 6 During the event, you will be asked to participate in press conferences about the scenario. Be prepared to respond to members of the media about what is happening and how your organization is responding.

Data Breach Exercise (cont.) 2.Response Plan – Outline how your agency will approach the scenario and what resources you will mobilize. Describe who will compose your response team. Identify goals and a timeline for your response. 7

Background Confidential: Will be provided at session! 8

Background (cont.) Confidential: Will be provided at session! 9

Scenario Confidential: Will be provided at session! 10

Data Breach Exercise 1.Gather with your team. 2.Go over the scenario carefully. What do you know? What don’t you know? 3.Begin building your response. Elect a team member to take notes. 11

Data Breach Exercise (cont.) 4.During the scenario, you will receive additional information about the breach. Read each of these updates as the scenario unfolds. 5.We will occasionally pause to discuss where we are, and eventually give a press statement. 12 This exercise works best if approached as a “murder mystery” game. The more you synthesize the information and role play, the more useful the exercise becomes.

Questions? 13

ACME District Data Breach Exercise Minutes

Questions to consider… Is there evidence of an actual breach? Do you have any legal responsibilities at this point? How do you respond to the findings? Acknowledge? Remain mute? Aggressively investigate? 15

Scenario Update Confidential: Will be provided at session! 16

Scenario Update How do you respond to your leadership? What information do you plan to provide? What are the assumptions you are making about the situation? 17

Data Breach Exercise 18 End 10 Minutes

Scenario Update Confidential: Will be provided at session! 19

Questions to Consider… How does this change your approach? Do you notify parents at this point? Are you required to by law? If so How? Does this event change your approach to the response activities? How? 20

ACME District Data Breach Exercise Minutes

Next Assignment Red Team: Press Conference – You decide to take your response activities to the streets and hold a press conference where you will inform the public what is going on, how it happened and what you are currently doing to respond to the situation. Each group will select a “spokesperson” who will answer questions from the crowd. Green Team: Staff Training – Provide a summary of potential internal trainings needed to mitigate future incidents from occurring. Include specific topics that you plan to include in your training plan. 22

ACME District Data Breach Exercise Minutes

Develop Incident Response Plan Use your notes from the scenario discussion. Identify an incident response team (e.g., CIO, Data Coordinator, IT Manager, legal counsel). Outline the steps to identify the source of the breach, catalog the data affected, and identify how it occurred. Should you involve law enforcement? When? What legal requirements exist? What preventative corrective actions should you implement? 24

ACME District Data Breach Exercise Minutes

Unveil Your Response Plan Take us through your response plan. Include the who, what, when, and how of your activities. What were the driving factors in your decision- making process? Did your plan evolve as the scenario became more clear? How? How should you prepare to enable a prompt reaction to a potential breach? 26

Wrap-up Lessons learned from press conference. Incident Response Plans – what might work for us? What have you learned? Will it affect your behavior? How could this exercise be more useful to you? 27

Related PTAC Resources Contractor Responsibilities Under FERPA Training videos for district staff & to share with parents Training videos for district staff & to share with parents Data Breach Checklist & Activity Downloads 28

Contact Information Family Policy Compliance Office Telephone:(202) FAX:(202) Website: 29 Privacy Technical Assistance Center Telephone:(855) FAX:(855) Website: