Lessons Learned from a Breach Eric van Wiltenburg University of

Slides:

Advertisements

Similar presentations

Contract Review Process Round Table Corporate Counsel Section April 11, 2007.

Advertisements

Cash Collection and Deposit Training Financial Services.

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

Clover Park School District Board of Directors 1.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Budget Execution; Key Issues

Board of Trustees Roles & Responsibilities During a Disaster Multi-hazard approach.

National Incident Management System (NIMS)  Part of Homeland Security Presidential Directive-5, February 28,  Campuses must be NIMS compliant in.

YOUR ROLE AS A COUNCILLOR And achieving good governance

Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.

Legal Responsibilities for Board Members of Nonprofit Organizations Or…all you need to know to stay out of trouble. Presented: July 2007 Prepared by: Elsbeth.

 Act as Executive Officer of the chapter;  Assist the chapter to meet the goals of ANAC and the chapter;  Facilitate communication and a collaborative.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

UPDATE OF GUIDELINES FOR PUBLIC DEBT MANAGEMENT Sudarshan Gooptu Sector Manager PREM Economic Policy and Debt, World Bank MDB Meetings, Washington DC May.

Presentation by Mark Grady Vancouver Island University June 13, 2012.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

Management Control Systems

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

Iowa Administrator of the. Executive President ( aka Affiliate Director ) Vice President ( aka Co-Affiliate Director ) Executive Committee Treasurer Secretary.

ICPL Institute for Computer Policy & Law H. David Lambert Vice President for Information Services and Chief Information Officer Georgetown University e-Discovery:

Preventing and Managing a Crisis. Overview This session will cover how to: Develop a crisis communications plan Prevent crises Prepare for crises Implement.

National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Department of Finance & Administration Organization Chart as of January 23, 2014.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Michael Mardis, University of Louisville Kevin Bailey, University of West Florida Jen Day Shaw, University of Florida Guy Sims, Virginia Tech June 14,

Purpose A crisis communication plan coordinates the communication within the organization, as well as between the organization and the media and the public.

Pennsylvania Association of School Business Officials Annual Conference Seminar Topic: Investment: Assessing Risk and Maximizing Returns in the Current.

Federal Government Lobbying Act September 2008 Office of the Executive Director Government Relations.

Statewide Academic Relations in the 2011 Legislative Session Office of State Relations And Office of University Academic Planning & Policy.

Advocacy and Grassroots What You Can and Can’t do as a Public Health Advocate Steven R. Wermuth Chief Operating Officer Ohio Department of Health Ohio.

Establishing A Compliance Program: It Makes Sense

September 14, David A. Reed Attorney at Law Reed & Jolly, PLLC (703)

Minimizing Risk Relating to Sensitive Data Team Members Lori Rounds - CIO Aaron Brown – Network Security James Beasley – Infrastructure Architect Wendell.

New Identity Theft Rules Rodney J. Petersen, J.D. Government Relations Officer Security Task Force Coordinator EDUCAUSE.

UNIT 15 WEEK 9 CLASS 1 LESSON OVERVIEW Pete Lawrence BTEC National Diploma Organisational System Security.

Pablo Javier Mayordomo Signes European Union Economics.

The Privacy Symposium – Summer 2008 Identity Theft Resource Center Jay Foley, Executive Director Presents: Privacy: Pre- and Post-Breach © Aug 2007.

Addressing Unauthorized Release of Personal Information at UC Davis August 12, 2003.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

MF Policy Compliance Review Rural Bankers Association of the Philippines- Microenterprise Access to Banking Services (RBAP-MABS) Supervisors Training Course.

By Liam Wright Manga comic group Japan SAFETY on your computer.

Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.

INTERNAL CONTROLS What are they? Why should I care?

Managing Chapter Funds Brent Woods, Esq., CAE, SPHR NIGP Executive Director for Business Operations and Finance.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Talking With The Boss About Security Darlene Quackenbush, James Madison University Shirley Payne, University of Virginia EDUCAUSE Security Professionals.

Educause Live! August 3, USA PATRIOT Act and Beyond: How Higher Education Institutions and Libraries are Cooperating and Coping Marilu Goodyear CIO.

Recent Institutional Crises and Lessons for General Counsel C. Peter Magrath, PhD Former President of State University of New York at Binghamton José D.

 How well is your organisation prepared for internal or external emergency situations? ◦ Do you consult with relevant emergency agencies? ◦ Do you.

1 Crisis Management and Communication Dr. Joy Smith and Ms. Robin Denny.

AGC Presentation: Student Policy. Reason for Policy Cost savings Timely delivery of important information Assurance of delivery (sending & receiving)

An Overview THE AUDIT PROCESS. MAJOR PHASES IN AN AUDIT Client acceptance and retention Establish terms of the engagement Plan the audit Consider internal.

Honolulu Zoo Crisis Management Plan (Revised December 3, 2013)

FDIC Perspective on Environmental Risk Presented by: Gordon Stoner Legal Division Federal Deposit Insurance Corporation May 6, 2008.

PRESENTATION ON: HRM HRMTOPIC: EMPLOYEE SERVICES EMPLOYEE SERVICES PRESENTED TO: SIR AHMED TISMAN PASHA SIR AHMED TISMAN PASHA PRESENTED.

Information Security Program

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Red Flags Rule An Introduction County College of Morris

Retirement Plan Tune Up

Bank Lending: Policies & Procedures

MOF Update Community Design

INTRODUCTION PART – 4 CHAPTER 1.

Scouting Ireland Corporate Governance

Position descriptions

Anatomy of a Common Cyber Attack

Presentation transcript:

Lessons Learned from a Breach Eric van Wiltenburg University of

Let’s start with some exercise

Hey Eric, aren’t you embarrassed?

“Transparency is an asset.” Eric van Wiltenburg, January 31, 2012

OK, so what happened anyway?

+

+

=

11845

employee names employee numbers Social Insurance Numbers bank account employee classification code amount of last deposit

January 2010 January 2012

Lesson Having good policies in place is very important, even if nobody reads them

UVic Privacy Policy

Privacy Breach Response Team

University Secretary Vice President Finance and Operations Manager Privacy, Access and Policy University Legal Counsel Information Security Manager Director, Communications Associate Vice-President Human Resources Associate Vice-President Faculty Relations Assistant Director, Campus Security Executive Director, Government Relations Vice-President External Relations Assistant Treasurer Risk Analyst

FIPPA OIPC

Lesson Effective external communication to {organization, staff, community} is important for {salvaging reputation, reassuring affected individuals, ensuring resolution}, even if the internal politics, communications and logistics cause friction.

uvic.ca/infobreach

Regular bulletin updates Information sent to current and former UVic employees, Jan. 9, 2012 Letter from Vice-president Finance and Operations Gayle Gorrill, Jan. 10, 2012 A message from President David Turpin, Jan. 11, 2012 Jan. 12, 2012 update Jan. 13, 2012 update Jan. 19, 2012 update Jan. 20, 2012 update - Launch of review Jan. 23, 2012 update - Phishing attacks & fraud investigation Jan. 25, 2012 update - Preliminary report to board Jan. 27, 2012 update - Agreement reached on Credit Monitoring Service Jan. 26, 2012 update - Saanich police release info Feb. 3, 2012 update - Credit monitoring service available Monday Feb. 6, 2012 update - Credit monitoring instructions

Lesson Bad guys and gals know how to read the news

Lesson Understand what “reasonable security arrangements” are

Lesson If you don’t need it, get rid of it (or don’t collect it). Data minimization

Lesson Effective project management helps ensure the last mile is completed.

Lesson Keeping momentum once the storm blows over can be difficult

Lesson Centralized command and control for privacy and security is necessary, even in a decentralized environment

Lesson A crisis can be a platform for change

Lesson Having good policies in place is very important, and everybody should read them

Remember… It’s not IF you’re going to have a breach, it’s WHEN you’ll have a breach and HOW you respond to it and what you LEARN from it that really matters.