Incident Response Comes of Age

Slides:

Advertisements

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Advertisements

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Recent Trends and Insurance Considerations March 2015

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Cyber Security Nevada Businesses Overview June, 2014.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Chapter 4: Laws, Regulations, and Compliance

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.

© 2012 Cengage Learning. All Rights Reserved. Objective 2.05 Understand responsible actions for conducting business. SLIDE 1 Objective 2.00 Understand.

Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Liability Insurance for an unsecure world

Effective Damage Prevention Programs

Cyber Insurance Risk Transfer Alternatives

DOL Employee Benefit Plan Audits & How to Prepare

Hot Topics in the Financial Industry: Cybersecurity

E&O Risk Management: Meeting the Challenge of Change

Managing a Cyber Event Steven P. Gibson President

Responding to Intrusions

Microsoft 365 Get help with regulatory compliance

Handling a Security Incident with a Small Law Department How to Build a Critical Incident Response Plan.

Introduction to the Federal Defense Acquisition Regulation

International Regulatory Trends

What Business Owners Need to Know About Data Privacy

Contract Review and Processing

Preparing for a Security Incident Response: Are You Compromise Ready?

Cyber Insurance Overview

Chapter 3: IRS and FTC Data Security Rules

David Axtell Todd Martin Stinson Leonard Street, LLP

Cyber Issues Facing Medical Practice Managers

General Counsel and Chief Privacy Officer

The State of Cybersecurity and

DATA BREACHES & PRIVACY Christine M

By Joseph Carnevale, CIP Partner & Director of Sales

Cybersecurity compliance for attorneys

Information Security Law Update

Legal Aspects of Data Security and Breach Response

Neil Kirton and Zoë Newman

Forensic and Investigative Accounting

Bachelor Degree Programs

National HIPAA Audioconferences

Cyber Security: What the Head & Board Need to Know

Texas Assisted Living Association 2019 Conference

Welcome to the NC-SARA Webcast SARA Notification Requirements

Privacy Update John L. Wood – Egerton, McAfee, Armistead & Davis, P.C.

Anatomy of a Common Cyber Attack

How International Law Enforcement Is Addressing Cyber Threats

Presentation transcript:

Incident Response Comes of Age Daily Journal Professional Education Cyber Boot Camp, January 12, 2017 Sarah Bruno, Arent Fox LLP Patrick Hynes, PwC John Mullen, Redacted, Inc. Tracy L. Wilkison, Assistant United States Attorney, Chief, Cyber and Intellectual Property Crimes Section, National Security Division Moderator: Tanya Forsheit

Agenda A Brief History of Breach Notification Laws Preventative Medicine Evolving Threat Vectors After an Incident

A Brief History of Breach Notification Laws Breach Notification Laws Enter the Teen Years

Data Breach Notification Laws Beginning in 2002, legislators across the country began passing laws requiring consumer notification when there is a security breach involving private information. Forty-seven states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have passed security breach notification laws affecting private entities. Most follow California’s lead, but with some key differences (e.g., “material” breach requirement; expanded definition of “personal information”; breach involving non-computerized data; notification procedures; requirement to notify consumer reporting and/or law enforcement agencies; exemptions from mandatory notification (e.g., encryption); penalties)

Preventative Medicine

“Reasonable Security” Floor, not a ceiling State Data Security Laws Federal Trade Commission Section 5 authority and enforcement actions/consent decrees California Attorney General 2016 Annual Data Security Breach Report Dual Factor Authentication Center for Internet Security Controls

Service Provider Oversight and Contracts Due Diligence RFPs Contract Negotiation “Reasonable Security” Controls (again) Indemnification and Limitations on Liability Insurance Audits

Practice, Practice, Practice While data breaches are inevitable, the company can take measures to be ready for the next breach. The Team Internal Stakeholders External Vendors Legal Forensics Mailing and Call Center Remediation Crisis Communications The Incident Response Plan Drills/Tabletop Exercises

Evolving Threat Vectors

Evolving Threat Vectors Copyright: <a href='http://www.123rf.com/profile_leolintang'>leolintang / 123RF Stock Photo</a>

After an Incident

First and Foremost

Evaluate Risks State Breach Notification Laws State Attorney General Enforcement and Guidance FTC Enforcement and Guidance Reputational Damage International Issues

Investigate, Contain & Respond Investigate! (Remember Forensics 101 from this morning) Contain! Notify (as applicable and pursuant to statute): Internal Stakeholders and affected Business Partners/Vendors Affected Individuals Regulators Card companies Law enforcement Auditors Others? Remediation Services? Communications Strategy?