Presentation is loading. Please wait.

Presentation is loading. Please wait.

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

Published byElvin Gray Modified over 9 years ago

Similar presentations

Presentation on theme: "New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th."— Presentation transcript:

1 New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th 2016

2 New EU General Data Protection Regulation Conference 2016 2 Overview 1.What is a “Data Breach” 2.Prevention Exercise 1 3.Detection Exercise 2 4.Mitigation Exercise 3 5.Summary

3 New EU General Data Protection Regulation Conference 2016 3 What is a “Data Breach? Data that you are “controlling” is accessed / viewed by unauthorised persons. Data could be: Personal Identifiable Information (PII) Trade Secrets Intellectual Property Cause of Breach Could be intentional, criminal Could be accidental

4 New EU General Data Protection Regulation Conference 2016 4 Risk Assessment Documented Policy Incident Response Data Breach Unauthorised Access Prevention Detection Mitigation

5 New EU General Data Protection Regulation Conference 2016 5 Exercise 1 What are the threats and what can you do to prevent them? Think Who How What

6 New EU General Data Protection Regulation Conference 2016 6 Risk Controls – Data Breach Employee - Intentional Unauthorised Access Employee - Unintentional Data Breach IT Glitch Policy Procedures Training & Education Checks Intrusion Prevention Strong Access Control Encryption Anti-Virus Software Data Classification

7 New EU General Data Protection Regulation Conference 2016 7 Why Detection is Important Fines imposed will be proportional to the “Dwell Time” The longer the theft is going on the more data gets stolen The quicker the breach is detected the quicker action can be taken to mitigate the impact.

8 New EU General Data Protection Regulation Conference 2016 8 Exercise 2 How would you know you have a breach? Think Who would recognise it first? (You, your customer…) What the signs might be Service delivery, how might that be affected

9 New EU General Data Protection Regulation Conference 2016 9 Risk Controls – Data Breach Employee - Intentional Unauthorised Access Employee - Unintentional Data Breach IT Glitch Policy Procedures Training & Education Checks Intrusion Prevention Strong Access Control Encryption Anti-Virus Software Data Classification Customer Feedback Service Impacted Unusual Traffic CC Company Contact Corrupted Data IP Published / Copied

10 New EU General Data Protection Regulation Conference 2016 10 Mitigation – Be Ready to Respond Incident Response Plan More about this in a moment Things you can do beforehand Restrict “lateral movement” in the Network (IT) Identify an individual to take charge Identify partners (3 rd party) that you might need Legal counsel IT Forensics After the Incident – Review your policies and procedures

11 New EU General Data Protection Regulation Conference 2016 11 Exercise 3 What should be in an Incident Response Plan? Think Who do you call? What do you do, in what order? Who does what?

12 New EU General Data Protection Regulation Conference 2016 12 Response Plan Incident Lead Incident Team Individual Roles and Responsibilities Protocols During a Breach How to assess scope of breach How to stop the Data Loss Forms to Record Details Contact List of People that might need to be involved Communications (Internal, Customers, DPC, Press) Review – Learn from the Incident

13 New EU General Data Protection Regulation Conference 2016 13 Risk Controls – Data Breach Employee - Intentional Unauthorised Access Employee - Unintentional Data Breach IT Glitch Policy Procedures Training & Education Checks Intrusion Prevention Strong Access Control Encryption Anti-Virus Software Data Classification Customer Feedback Service Impacted Unusual Traffic CC Company Contact Corrupted Data IP Published / Copied Response Plan Privacy Impact Notification Plan Communications Plan Restrict Lateral Mvmnt Review Controls

14 New EU General Data Protection Regulation Conference 2016 14 Summary Identify the Information that is precious to you Prevent Make sure it is encrypted at rest and in transit Make sure access to it is restricted on a needs must basis Detect Know asap if it has been compromised Mitigate Have a Plan Plan now for a Breach

15 New EU General Data Protection Regulation Conference 2016 15 Thank You gjoyce@calqrisk.com

Download ppt "New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th."

Similar presentations

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
© Peter Readings 2007 1 Data Leakage Pete Readings CISSP.

© Peter Readings Data Leakage Pete Readings CISSP.
IAPP 2004. 2 CONFIDENTIAL Insider Leakage Threatens Privacy.

IAPP CONFIDENTIAL Insider Leakage Threatens Privacy.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
Computer Fraud Chapter 5.

Computer Fraud Chapter 5.
1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.

1© Copyright 2011 EMC Corporation. All rights reserved. Anatomy of an Attack.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.

© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.

SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.
Www.encase.com Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,

Mel Pless, Sr. Director, Solutions Consulting Guidance Software, Inc. Let’s Get Right To The Endpoint Leveraging Endpoint Data to Expose,
Network security policy: best practices

Network security policy: best practices
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
General Awareness Training

General Awareness Training
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

ISO27001 Introduction to Information Security. Who has day-to-day responsibility? All of us! Why Information Security? Control risk, limit liability What.

Similar presentations

Ads by Google