New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

Slides:

Advertisements

Similar presentations

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Advertisements

© Peter Readings Data Leakage Pete Readings CISSP.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.

Computer Fraud Chapter 5.

Computer Fraud Chapter 5.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Network security policy: best practices

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

General Awareness Training

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Basics of OHSAS Occupational Health & Safety Management System

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

Protecting Your Organization Identity Theft and Data Breach.

Developing Plans and Procedures

© MISHCON DE REYA MAY 2014 RECRUITMENT INTERNATIONAL FINANCIAL DIRECTORS’ FORUM Protecting your business from unlawful competition.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

13-1 Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter 13 Information Technology for Business.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Eleventh National HIPAA Summit 5.04 Security Incident Response – What to do if a breach occurs and how to mitigate damages Chris Apgar, CISSP.

CU – Boulder Security Incidents Jon Giltner. Our Challenge.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Engineering and Management of Secure Computer Networks School of Engineering © Steve Woodhead 2009 Corporate Governance and Information Security (InfoSec)

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.

Welcome to the ICT Department Unit 3_5 Security Policies.

Protection of CONSUMER information

Managing a Data Breach Prevention-Detection-Mitigation

Cyber Insurance – FFs & CHBs

Information Technology Sector

Data protection headaches: GDPR, brexit AND perimeter risk

Responding to Intrusions

Microsoft 365 Get help with regulatory compliance

GDPR – What’s it all about???

Information Security Awareness

Managing a Data Breach Prevention-Detection-Mitigation

Chapter 3: IRS and FTC Data Security Rules

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Andy Hall – Cyber & Tech INSURANCE Specialist

Reporting personal data breaches to the ICO

How we’ll prepare for the General Data Protection Regulation (GDPR)

Detecting, reporting & investigating data breaches under GDPR

Neil Kirton and Zoë Newman

Neopay Practical Guides #2 PSD2 (Should I be worried?)

General Data Protection Regulation “11 months in”

Presentation transcript:

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th 2016

New EU General Data Protection Regulation Conference Overview 1.What is a “Data Breach” 2.Prevention Exercise 1 3.Detection Exercise 2 4.Mitigation Exercise 3 5.Summary

New EU General Data Protection Regulation Conference What is a “Data Breach? Data that you are “controlling” is accessed / viewed by unauthorised persons. Data could be: Personal Identifiable Information (PII) Trade Secrets Intellectual Property Cause of Breach Could be intentional, criminal Could be accidental

New EU General Data Protection Regulation Conference Risk Assessment Documented Policy Incident Response Data Breach Unauthorised Access Prevention Detection Mitigation

New EU General Data Protection Regulation Conference Exercise 1 What are the threats and what can you do to prevent them? Think Who How What

New EU General Data Protection Regulation Conference Risk Controls – Data Breach Employee - Intentional Unauthorised Access Employee - Unintentional Data Breach IT Glitch Policy Procedures Training & Education Checks Intrusion Prevention Strong Access Control Encryption Anti-Virus Software Data Classification

New EU General Data Protection Regulation Conference Why Detection is Important Fines imposed will be proportional to the “Dwell Time” The longer the theft is going on the more data gets stolen The quicker the breach is detected the quicker action can be taken to mitigate the impact.

New EU General Data Protection Regulation Conference Exercise 2 How would you know you have a breach? Think Who would recognise it first? (You, your customer…) What the signs might be Service delivery, how might that be affected

New EU General Data Protection Regulation Conference Risk Controls – Data Breach Employee - Intentional Unauthorised Access Employee - Unintentional Data Breach IT Glitch Policy Procedures Training & Education Checks Intrusion Prevention Strong Access Control Encryption Anti-Virus Software Data Classification Customer Feedback Service Impacted Unusual Traffic CC Company Contact Corrupted Data IP Published / Copied

New EU General Data Protection Regulation Conference Mitigation – Be Ready to Respond Incident Response Plan More about this in a moment Things you can do beforehand Restrict “lateral movement” in the Network (IT) Identify an individual to take charge Identify partners (3 rd party) that you might need Legal counsel IT Forensics After the Incident – Review your policies and procedures

New EU General Data Protection Regulation Conference Exercise 3 What should be in an Incident Response Plan? Think Who do you call? What do you do, in what order? Who does what?

New EU General Data Protection Regulation Conference Response Plan Incident Lead Incident Team Individual Roles and Responsibilities Protocols During a Breach How to assess scope of breach How to stop the Data Loss Forms to Record Details Contact List of People that might need to be involved Communications (Internal, Customers, DPC, Press) Review – Learn from the Incident

New EU General Data Protection Regulation Conference Risk Controls – Data Breach Employee - Intentional Unauthorised Access Employee - Unintentional Data Breach IT Glitch Policy Procedures Training & Education Checks Intrusion Prevention Strong Access Control Encryption Anti-Virus Software Data Classification Customer Feedback Service Impacted Unusual Traffic CC Company Contact Corrupted Data IP Published / Copied Response Plan Privacy Impact Notification Plan Communications Plan Restrict Lateral Mvmnt Review Controls

New EU General Data Protection Regulation Conference Summary Identify the Information that is precious to you Prevent Make sure it is encrypted at rest and in transit Make sure access to it is restricted on a needs must basis Detect Know asap if it has been compromised Mitigate Have a Plan Plan now for a Breach

New EU General Data Protection Regulation Conference Thank You