Out of the Breach and Into the Fire

Slides:

Advertisements

Similar presentations

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Advertisements

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

PERSONAL INFORMATION SWEEP Juliana Luna-Freire, Graduate Assistant David Reamer, Graduate Assistant Justin LeBreck, Applications Systems Analyst.

Customer confidential 1 Privilege Management Sean Moore Solutions Specialist.

Physical and Cyber Attacks1. 2 Inspirational Quote Country in which there are precipitous cliffs with torrents running between, deep natural hollows,

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,

H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Ferst Center Incident Incident Identification – Border Intrusion Detection System Incident Response – Campus Executive Incident Response Team Incident.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or

Outline  Company Profile  Services Provided  Assets  System Schema  Risk Categories  Technical Risks and Mitigation  Summary.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

Confidential and proprietary material for authorized Verizon Business personnel only. Use, disclosure or distribution of this material is not permitted.

Handling Sensitive Data: Security, Privacy, and Other Considerations Rodney Petersen Government Relations Officer Security Task Force Coordinator EDUCAUSE.

HIPAA COMPLIANCE WITH DELL

Dealing with Business Associates Business Associates Business Associates are persons or organizations that on behalf of a covered entity: –Perform any.

The Challenge and the Goal: Regaining the Custody/Control of Outpatient Medical Records.

Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Auditing Information Systems (AIS)

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

UWM CIO Office Institutional Data Privacy and Security Presenter: Steve Brukbacher, Information Security Architect Moderated by: Bruce Maas, CIO November.

Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

CU – Boulder Security Incidents Jon Giltner. Our Challenge.

Chapter 2 Securing Network Server and User Workstations.

Presentation to the CIO PREPARED BY: JOSHUA SMITH, GARY FAULKNER, BRANDON VAN GUILDER, AND ERIC RUSCH.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Site Security Policy Case 01/19/ : Information Assurance Policy Douglas Hines, Jr.

5/18/2006 Department of Technology Services Security Architecture.

Privacy Act United States Army (Managerial Training)

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

Computer Policy and Security Report to Faculty Council Jeanne Smythe ATN Director for Computing Policy March 26,2004.

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

CITY OF PHOENIX RECORDS MANAGEMENT AND E-PRIVACY Margie Pleggenkuhle City Clerk Department March 18, 2004.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Barracuda Networks. Safe Public Cloud Transitions Why Barracuda? The Challenge When organizations move workloads to the public cloud, data protection.

HR SECURITY  EGBERT PESHA  ALLOCIOUS RUZIWA  AUTHER MAKUVAZA  SAKARIA IINOLOMBO

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

City Services Auditor Charter Appendix F Discussion

Introduction to Barracuda IM Firewall

Performing Risk Analysis and Testing: Outsource or In-house

Cloud Firewall.

Security Standard: “reasonable security”

PENNSYLVANIA BAR ASSOCIATION PROFESSIONAL LIABILITY COMMITTEE

LAND RECORDS INFORMATION SYSTEMS DIVISION

A New Model for Managing Data Security and Privacy

UNIT V QUALITY SYSTEMS.

MEASURE I CITIZEN’S OVERSIGHT COMMITTEE MEETING

Information Security: Risk Management or Business Enablement?

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

IT Development Initiative: Status and Next Steps

Move this to online module slides 11-56

Computer-Based Processing: Developing an Audit Assessment Approach

General Counsel and Chief Privacy Officer

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

Securing and Protecting Citizens' Data

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Store Opening Management

IT Development Initiative: Status & Next Steps

DATABASE SECURITY For CSCL (BIM).

GDPR is here – are you ready?

Presentation transcript:

Out of the Breach and Into the Fire

Information security hinges on the people and procedures, not the technical settings.

Breach Commonalities and Distinctions Data Inventory Handling of PII and sensitive data moving forward Discovery of breach Number of compromised records Parties involved Notification

Notification Decision-making Arizona Georgetown UISO CIO University Counsel UISO Ad hoc committee

Notification Logistics Arizona Georgetown “unauthorized acquisition of and access to unencrypted or unredacted computerized data that materially compromises the security or confidentiality of personal information maintained by a person as part of a database of personal information regarding multiple individuals and that causes or is reasonably likely to cause substantial economic loss to an individual” Call Center Hotline in Office of Advancement Offered credit monitoring for one year

Fallout Management Arizona Georgetown Server Reduction and Consolidation Personnel Changes Creation of DSTF Data Inventory Policies Data Stewardship model Reporting Centers

Preventative Measures Arizona Georgetown Education Policies Procedures Personal Information Sweep (PI Sweep) Registration of Critical Devices Firewalls Web App and Network Scanning Community Education Stronger Policy Enforcement Enhanced Oversight Structure PI Sweep: Removal of data, secure what’s left, educate about records retention and so forth. See security.arizona.edu/pi for more Information. Firewall are central Cisco FSM – no cost to department.

Challenging the Status Quo Dynamic security environment Review of existing policies, practices and procedures Audit of data flow and security