Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incident Response Comes of Age

Published byBuddy Barrett Modified over 7 years ago

Similar presentations

Presentation on theme: "Incident Response Comes of Age"— Presentation transcript:

1 Incident Response Comes of Age
Daily Journal Professional Education Cyber Boot Camp, January 12, 2017 Sarah Bruno, Arent Fox LLP Patrick Hynes, PwC John Mullen, Redacted, Inc. Tracy L. Wilkison, Assistant United States Attorney, Chief, Cyber and Intellectual Property Crimes Section, National Security Division Moderator: Tanya Forsheit

2 Agenda A Brief History of Breach Notification Laws
Preventative Medicine Evolving Threat Vectors After an Incident

3 A Brief History of Breach Notification Laws
Breach Notification Laws Enter the Teen Years

4 Data Breach Notification Laws
Beginning in 2002, legislators across the country began passing laws requiring consumer notification when there is a security breach involving private information. Forty-seven states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands have passed security breach notification laws affecting private entities. Most follow California’s lead, but with some key differences (e.g., “material” breach requirement; expanded definition of “personal information”; breach involving non-computerized data; notification procedures; requirement to notify consumer reporting and/or law enforcement agencies; exemptions from mandatory notification (e.g., encryption); penalties)

5 Preventative Medicine

6 “Reasonable Security”
Floor, not a ceiling State Data Security Laws Federal Trade Commission Section 5 authority and enforcement actions/consent decrees California Attorney General 2016 Annual Data Security Breach Report Dual Factor Authentication Center for Internet Security Controls

7 Service Provider Oversight and Contracts
Due Diligence RFPs Contract Negotiation “Reasonable Security” Controls (again) Indemnification and Limitations on Liability Insurance Audits

8 Practice, Practice, Practice
While data breaches are inevitable, the company can take measures to be ready for the next breach. The Team Internal Stakeholders External Vendors Legal Forensics Mailing and Call Center Remediation Crisis Communications The Incident Response Plan Drills/Tabletop Exercises

9 Evolving Threat Vectors

10 Evolving Threat Vectors
Copyright: <a href=' / 123RF Stock Photo</a>

11 After an Incident

12 First and Foremost

13 Evaluate Risks State Breach Notification Laws
State Attorney General Enforcement and Guidance FTC Enforcement and Guidance Reputational Damage International Issues

14 Investigate, Contain & Respond
Investigate! (Remember Forensics 101 from this morning) Contain! Notify (as applicable and pursuant to statute): Internal Stakeholders and affected Business Partners/Vendors Affected Individuals Regulators Card companies Law enforcement Auditors Others? Remediation Services? Communications Strategy?

Download ppt "Incident Response Comes of Age"

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1.

Information Security in 2015 What to Expect Presented by: Noor Aarohi Senior Risk and Compliance Analyst GW Division of Information Technology 1.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
BITS Proprietary and Confidential © BITS 2003. Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.

Similar presentations

Ads by Google