Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lessons Learned from a Breach Eric van Wiltenburg University of

Published bySibyl Nelson Modified over 9 years ago

Similar presentations

Presentation on theme: "Lessons Learned from a Breach Eric van Wiltenburg University of"— Presentation transcript:

1 Lessons Learned from a Breach Eric van Wiltenburg University of Victoria @e_vanwiltenburg

2 Let’s start with some exercise

3 Hey Eric, aren’t you embarrassed?

4 “Transparency is an asset.” Eric van Wiltenburg, January 31, 2012

5 OK, so what happened anyway?

6

7

8 +

9

10 +

11

12 =

13

14

15

16

17

18

19

20

21

22

23 11845

24 employee names employee numbers Social Insurance Numbers bank account employee classification code amount of last deposit

25 January 2010 January 2012

26

27 Lesson Having good policies in place is very important, even if nobody reads them

28 UVic Privacy Policy

29 Privacy Breach Response Team

30

31 University Secretary Vice President Finance and Operations Manager Privacy, Access and Policy University Legal Counsel Information Security Manager Director, Communications Associate Vice-President Human Resources Associate Vice-President Faculty Relations Assistant Director, Campus Security Executive Director, Government Relations Vice-President External Relations Assistant Treasurer Risk Analyst

32 FIPPA OIPC

33

34 Lesson Effective external communication to {organization, staff, community} is important for {salvaging reputation, reassuring affected individuals, ensuring resolution}, even if the internal politics, communications and logistics cause friction.

35

36

37

38

39 250-472-4333 privacyinfo@uvic.ca

40

41 uvic.ca/infobreach

42

43

44 Regular bulletin updates Information sent to current and former UVic employees, Jan. 9, 2012 Letter from Vice-president Finance and Operations Gayle Gorrill, Jan. 10, 2012 A message from President David Turpin, Jan. 11, 2012 Jan. 12, 2012 update Jan. 13, 2012 update Jan. 19, 2012 update Jan. 20, 2012 update - Launch of review Jan. 23, 2012 update - Phishing attacks & fraud investigation Jan. 25, 2012 update - Preliminary report to board Jan. 27, 2012 update - Agreement reached on Credit Monitoring Service Jan. 26, 2012 update - Saanich police release info Feb. 3, 2012 update - Credit monitoring service available Monday Feb. 6, 2012 update - Credit monitoring instructions

45 Lesson Bad guys and gals know how to read the news

46

47

48

49 Lesson Understand what “reasonable security arrangements” are

50

51

52 Lesson If you don’t need it, get rid of it (or don’t collect it). Data minimization

53

54 Lesson Effective project management helps ensure the last mile is completed.

55 Lesson Keeping momentum once the storm blows over can be difficult

56 Lesson Centralized command and control for privacy and security is necessary, even in a decentralized environment

57 Lesson A crisis can be a platform for change

58 Lesson Having good policies in place is very important, and everybody should read them

59 Remember… It’s not IF you’re going to have a breach, it’s WHEN you’ll have a breach and HOW you respond to it and what you LEARN from it that really matters.

Download ppt "Lessons Learned from a Breach Eric van Wiltenburg University of"

Similar presentations

Contract Review Process Round Table Corporate Counsel Section April 11, 2007.

Contract Review Process Round Table Corporate Counsel Section April 11, 2007.
Cash Collection and Deposit Training Financial Services.

Cash Collection and Deposit Training Financial Services.
The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.

The Compliance & Risk Functions In Credit Unions What Supervisors need to know? Michael Mullen ILCU Learning Advisor.
Clover Park School District Board of Directors 1.

Clover Park School District Board of Directors 1.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Budget Execution; Key Issues

Budget Execution; Key Issues
Board of Trustees Roles & Responsibilities During a Disaster Multi-hazard approach.

Board of Trustees Roles & Responsibilities During a Disaster Multi-hazard approach.
National Incident Management System (NIMS)  Part of Homeland Security Presidential Directive-5, February 28, 2003.  Campuses must be NIMS compliant in.

National Incident Management System (NIMS)  Part of Homeland Security Presidential Directive-5, February 28,  Campuses must be NIMS compliant in.
YOUR ROLE AS A COUNCILLOR And achieving good governance

YOUR ROLE AS A COUNCILLOR And achieving good governance
Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.

Lessons Learned Data and Asset Security FOCUS Spring 2006 Chuck Banner UVA-Wise.
Legal Responsibilities for Board Members of Nonprofit Organizations Or…all you need to know to stay out of trouble. Presented: July 2007 Prepared by: Elsbeth.

Legal Responsibilities for Board Members of Nonprofit Organizations Or…all you need to know to stay out of trouble. Presented: July 2007 Prepared by: Elsbeth.
 Act as Executive Officer of the chapter;  Assist the chapter to meet the goals of ANAC and the chapter;  Facilitate communication and a collaborative.

 Act as Executive Officer of the chapter;  Assist the chapter to meet the goals of ANAC and the chapter;  Facilitate communication and a collaborative.
Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.

Data Incident Notification Policies and Procedures Tracy Mitrano Steve Schuster.
UPDATE OF GUIDELINES FOR PUBLIC DEBT MANAGEMENT Sudarshan Gooptu Sector Manager PREM Economic Policy and Debt, World Bank MDB Meetings, Washington DC May.

UPDATE OF GUIDELINES FOR PUBLIC DEBT MANAGEMENT Sudarshan Gooptu Sector Manager PREM Economic Policy and Debt, World Bank MDB Meetings, Washington DC May.
Presentation by Mark Grady Vancouver Island University June 13, 2012.

Presentation by Mark Grady Vancouver Island University June 13, 2012.
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Management Control Systems

Management Control Systems
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.

The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Iowa Administrator of the. Executive President ( aka Affiliate Director ) Vice President ( aka Co-Affiliate Director ) Executive Committee Treasurer Secretary.

Iowa Administrator of the. Executive President ( aka Affiliate Director ) Vice President ( aka Co-Affiliate Director ) Executive Committee Treasurer Secretary.

Similar presentations

Ads by Google