Presentation is loading. Please wait.

Presentation is loading. Please wait.

Basic Data Safety Practices That Can Prevent Malpractice Claims & Ethics Violations Grant County Bar Association June 14, 2011 Kim J. Brand PresidentFounder.

Published byErika Pope Modified over 9 years ago

Similar presentations

Presentation on theme: "Basic Data Safety Practices That Can Prevent Malpractice Claims & Ethics Violations Grant County Bar Association June 14, 2011 Kim J. Brand PresidentFounder."— Presentation transcript:

1 Basic Data Safety Practices That Can Prevent Malpractice Claims & Ethics Violations Grant County Bar Association June 14, 2011 Kim J. Brand PresidentFounder

2 1. Threats vs Risks

3 The ‘Bad’ things that can happen. vs. How much does it cost?

4 1. Threats vs Risks 2. Acts of God Acts of Violence Acts of Stupidity

5 1. Threats vs Risks 2. Acts of God Acts of Violence Acts of Stupidity 3. Defenses: Backups Systems Policies Training Audits

6 4. The ‘Backup’ Goals Recovery Point Objective - RPO Recovery Time Objective - RTO Saving the right stuff Keeping backups safe

7 4. The ‘Backup’ Goals Recovery Point Objective - RPO Recovery Time Objective - RTO Saving the right stuff Keeping backups safe Balance... Peace of mind Responsibility Economy

8

9

10

11

12

13

14 Viruses, Trojans and Malware – Oh my!

15

16

17

18 5. Where is your data?

19 Office? PC Server Copier Laptop? Mobile device? Cloud?

20 6. Security vs Safety…

21 Intentional Acts vs. Unintentional Acts

22 6. Security and Safety… Passwords? Encryption? At rest In transit Wireless Access Retention Policies? Remote Access?

23 6. Security and Safety… Recommended password policies: 8+ characters Letters & Numbers Mixed case: A-Z, a-z Special characters: $@*&! Changed 4x year No repeats for 1+ year

24 6. Security and Safety… Recommended password policies: 8+ characters Letters & Numbers Mixed case: A-Z, a-z Special characters: $@*&! Changed 4x year No repeats for 1+ year Security ‘tokens’

25 Why is Backup hard? Lots more stuff in more places Different threats – different defenses Backup software is complicated Backup media is a security risk Bad organization habits Restore is needed infrequently;... practice is risky!

26 Why is Backup hard? Lots more stuff in more places Different threats – different defenses Backup software is complicated Backup media is a security risk Bad organization habits Restore is needed infrequently;... practice is risky! Remember: Backup is boring, Restore is EXCITING!

27 A special case: Laptops 65% of PCs sold last year were laptops 1:10 Lost or stolen Confidential information on the loose Difficult to sync with office servers Portable = Abused (dropped, kicked) No user serviceable parts inside Security policies difficult to enforce

28 Backup System Elements... Automated Regular (daily, weekly, continuous?) Tested: Right Stuff, Valid, Monitored Accessible: Offsite vs Onsite, Credentials, Encryption Keys Granular: Ability to recovery a single file Portable: Software, Hardware, Skills Someone MUST CARE!

29 A “Simple System”... doesn't exist! Consider data size, type & location: Docs, Databases, E-Mail, PCs, Laptops Servers, Smartphones, ‘Open Files’ Backup generations & retention issues Compliance & discovery issues Media life & custody Offsite: Cost & confidentiality issues Documentation & Support Test, Train, Review, Repeat

30 Disaster Recovery Must be able to duplicate the “Value Stack” Hardware OS & Updates (Licenses) Configuration: Users, Groups, etc. Software & Services (Licenses) Data Disaster Recovery is not Backup!

31 Let's Review The Goals RPO RTO

32 Let's Review The Goals RPO RTO Right Stuff Safe & Secure Value Stack

33 Let's Review The Goals RPO RTO Right Stuff Safe & Secure Value Stack Balance Economy Responsibility Peace of Mind

34 Kim recommends: ► Image hard drives: Symantec, Acronis, Comodo ► Offsite storage: Mozy, SugarSync, FileSafe! ► Written policies: P/W, retention, backup, Internet ► De-Crapify: Current, Archive, Media, E-Mail, etc. ► Encrypt laptop hard drives: Winmagic, TruCrypt ► Document: P/W, providers, licenses, network, etc. ► Update versions: OS, AV, Browser, Software ► Malwarebytes, OpenDNS, LastPass, LoJack Visit: ILTSO.ORG

35 Pop Quiz! 5 – 4 – 3 – 2 – 1

36 Quiz questions: What are the five levels of the Value Stack?

37 Quiz questions: What are the five levels of the Value Stack? Hardware OS & Updates (Licenses) Configuration: Users, Groups, etc. Software & Services (Licenses) Data

38 Quiz questions: Four simple questions to ask to perform your own backup audit.

39 Quiz questions: Four simple questions to ask to perform your own backup audit. 1. What programs do you use? 2. Where does that program store its data? 3. When/Where does that data get backed up? 4. If you discovered missing or corrupted data, what would you do?

40 Quiz questions: The 'Three Threats' data safety model

41 Quiz questions: The 'Three Threats' data safety model 1. Acts of God 2. Acts of Violence 3. Acts of Stupidity

42 Quiz questions: The difference between ‘Safety’ and ‘Security’?

43 Quiz questions: The difference between ‘Safety’ and ‘Security’? Safety regards unintentional acts Security regards intentional acts

44 Quiz questions: The one Most Important Thing you can do to keep your data safe:

45 Quiz questions: The one Most Important Thing you can do to keep your data safe: Put Someone in charge of Data Safety & Security!

46 These slides and other resources are available online at: www.FileSafeServer.com Thank You!

Download ppt "Basic Data Safety Practices That Can Prevent Malpractice Claims & Ethics Violations Grant County Bar Association June 14, 2011 Kim J. Brand PresidentFounder."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University.

Data Storage & Security Dr Alastair F. Brown Head of Computing MRC Human Genetics Unit MRC Institute of Genetics and Molecular Medicine The University.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
GRAD 521, Research Data Management Winter 2014 – Lecture 7 Amanda L. Whitmire, Asst. Professor.

GRAD 521, Research Data Management Winter 2014 – Lecture 7 Amanda L. Whitmire, Asst. Professor.
Thoughts on Technology Issues for Small Business Data Security for Mobile Access Devices.

Thoughts on Technology Issues for Small Business Data Security for Mobile Access Devices.
Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.

Backup and Disaster Recovery (BDR) A LOGICAL Alternative to costly Hosted BDR ELLEGENT SYSTEMS, Inc.
Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.

Data Storage and Security Best Practices for storing and securing your data The goal of data storage is to ensure that your research data are in a safe.
AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.

AmadeusCybersecurity: the essentials12 th November 2014 Alex van Someren Family Office Forum 12 th November 2014, Zurich Cybersecurity: the essentials.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Policies.
Data Lost. What’s the cost? How to get your data back: Disaster Planning and Recovery Prevent losing data in the first place : Data Protection Go Virtual.

Data Lost. What’s the cost? How to get your data back: Disaster Planning and Recovery Prevent losing data in the first place : Data Protection Go Virtual.
IT’s Gone Mobile: How to do your Job Anywhere Jason Hand IT Specialist, Central NM Electric Cooperative Jason Hand Cell: 505-803-4944

IT’s Gone Mobile: How to do your Job Anywhere Jason Hand IT Specialist, Central NM Electric Cooperative Jason Hand Cell:
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Steps to Compliance: Electronic Devices Overview PRESENTED BY.

Steps to Compliance: Electronic Devices Overview PRESENTED BY.
Back Up and Recovery Sue Kayton February 2013.

Back Up and Recovery Sue Kayton February 2013.
AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.

AgVantage IT Services Systems Management Team Partnered with You and IBM® Agenda Disaster Recovery Service Disaster Recovery Service IT Visors IT Visors.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Information Security Information Technology and Computing Services Information Technology and Computing Services

Information Security Information Technology and Computing Services Information Technology and Computing Services

Similar presentations

Ads by Google