Cybersecurity It Matters to SMB

Size: px
Start display at page:

Download "Cybersecurity It Matters to SMB"

Transcription

1 Cybersecurity It Matters to SMB Kim Bilderback GSEC, CISSP Senior Director AT&T Cybersecurity Services

2

3 Theft & Loss of Brand Value Federal Sentencing Guidelines Criminal Negligence Prudent Man Rule Due Care Due Diligence Legally Defensible Security Criminal Negligence Provide Evidence Of Adequate Protection Data For Police Forensics (Logs) Regulatory Compliance & Penalties HIPPA/Hi-Trust PCI Gramm-Leach-Bliley Act (GLBA) Federal Financial Institutions Examination Council (FFIEC) Sarbanes Oxley (SOX) Wendy s was hit with two distinct groups of class action lawsuits, one filed by financial institutions seeking recovery for costs they incurred and other damages as a result of Wendy s data breach, and the other filed on behalf of Wendy s customers who claimed to have been harmed by the data breach at Wendy s. Law suits are based upon claims that Wendy executives breached their duties of loyalty, care and good faith by failing to implement and enforce a system of effective internal controls and procedures with respect to data security The consequences can be costly, as 80sTees.com of Pennsylvania discovered when someone believed to be a former high-ranking employee accessed the identities of customers all over the country, including in California. The retro shirt seller stopped accepting credit cards for four months, launched a new website and blocked all employees from accessing clients' financial information.

4 Security Consulting Strategy & vulnerability scanning Endpoint Mobile, IoT, Office/Fixed Connectivity Securing the network Data/Application Securing workloads/applications Threat Management Detection & response

5

6 A group called Shadow Brokers released software that looked like N.S.A. code designed to break through network firewalls and place implants in systems which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack. All firewall manufactures announced patches for the newly exposed vulnerability the following day. - August 16, 2016 An audacious ransomware cyberattack dubbed WannaCry cripples 200,000 computers in 150 countries. Exploiting $300 per computer, experts estimate the hackers could eventually pocket $1billion. The attack was thwarted preventing it from spreading worldwide when researchers discovered a kill switch late in the first day of attack. - May 12, 2107

7 Assess Risks & Identify Weaknesses Vulnerability Management as a Service (VMaaS) Vulnerability Scanning Vulnerability Management Remediation Guidance AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Proprietary (Internal Use Only). Not for use or disclosure outside the AT&T companies except under written agreement.

8 Educate Employees AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. AT&T Proprietary (Internal Use Only). Not for use or disclosure outside the AT&T companies except under written agreement.

9 1..

10 1..

11

12

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information

More information

PROFESSIONAL SERVICES (Solution Brief)

PROFESSIONAL SERVICES (Solution Brief) (Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard

More information

What is Penetration Testing?

What is Penetration Testing? What is Penetration Testing? March 2016 Table of Contents What is Penetration Testing?... 3 Why Perform Penetration Testing?... 4 How Often Should You Perform Penetration Testing?... 4 How Can You Benefit

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

Managing Cybersecurity Risk

Managing Cybersecurity Risk Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for

More information

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice

More information

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

IT Audit Process Prof. Liang Yao Week Two IT Audit Function Week Two IT Audit Function Why we need IT audit A Case Study What You Can Learn about Risk Management from Societe Generale? https://www.cio.com/article/2436790/security0/what-you-can-learn-about-risk-management-fromsociete-generale.html

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 1 Introduction to Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

Cyber Insurance: What is your bank doing to manage risk? presented by

Cyber Insurance: What is your bank doing to manage risk? presented by Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an

More information

Sarbanes-Oxley Act (SOX)

Sarbanes-Oxley Act (SOX) Sarbanes-Oxley Act (SOX) Introduction The Sarbanes-Oxley (SOX) Act was introduced in 2002 to protect shareholders and the general public from fraudulent accounting activities by bringing greater accountability

More information

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean? Cyber Security One of the Most Critical Risk Mitigation Efforts to Bridge the Gap Between Compliance and Ethics Charly Shugg, Brigadier General, USAF, Retired Partner Chief Operating Officer Sylint Group,

More information

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016 Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice

More information

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach

More information

DeMystifying Data Breaches and Information Security Compliance

DeMystifying Data Breaches and Information Security Compliance May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts

More information

Credit Card Data Compromise: Incident Response Plan

Credit Card Data Compromise: Incident Response Plan Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,

More information

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview

Overview: Compliance and Security Management PCI-DSS Control Compliance Suite Overview PCI DSS stands for Payment Card Industry Data Security Standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card

More information

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule

More information

GLBA, information security and incident response a compliance perspective

GLBA, information security and incident response a compliance perspective GLBA, information security and incident response a compliance perspective Introductions How many have experience with IT? How many have responsibilities involving IT? How many have responsibilities involving

More information

Demonstrating Compliance in the Financial Services Industry with Veriato

Demonstrating Compliance in the Financial Services Industry with Veriato Demonstrating Compliance in the Financial Services Industry with Veriato Demonstrating Compliance in the Financial Services Industry With Veriato The biggest challenge in ensuring data security is people.

More information

University of Pittsburgh Security Assessment Questionnaire (v1.7)

University of Pittsburgh Security Assessment Questionnaire (v1.7) Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided

More information

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media

More information

Risk Management in the Energy Sector: Evolving Cybersecurity Risks & Strategies

Risk Management in the Energy Sector: Evolving Cybersecurity Risks & Strategies Risk Management in the Energy Sector:. Evolving Cybersecurity Risks & Strategies Joseph R. Dancy Director, The University of Oklahoma College of Law Oil and Gas, Natural Resources, and Energy Center (ONE

More information

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Service SM Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution Product Protecting sensitive data is critical to being

More information

Security Terminology Related to a SOC

Security Terminology Related to a SOC Security Terminology Related to a SOC Cybersecurity literacy is crucial for practicing proper security hygiene. As business leaders develop fluency in the language of information security (infosec), they

More information

Oracle Database Vault

Oracle Database Vault An Oracle White Paper July 2009 Oracle Database Vault Introduction... 3 Oracle Database Vault... 3 Oracle Database Vault and Regulations... 4 Oracle Database Vault Realms... 5 Oracle Database Vault Command

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented

More information

SARBANES-OXLEY (SOX) ACT

SARBANES-OXLEY (SOX) ACT SARBANES-OXLEY (SOX) ACT Table of Contents Introduction 03 Who is affected by SOX? 05 Why should my organization 05 comply with SOX? What does SOX require for email 06 compliance? How can my organization

More information

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud

Tackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security

More information

Post-Secondary Institution Data-Security Overview and Requirements

Post-Secondary Institution Data-Security Overview and Requirements Post-Secondary Institution Data-Security Overview and Tiina K.O. Rodrigue, EdDc, CISSP, CISM, PMP, CSM, CEA, ITIL, ISC2 Compliance Mapper, A+ Senior Advisor Cybersecurity - 2017 Agenda Who needs to worry

More information

Building a Case for Mainframe Security

Building a Case for Mainframe Security Building a Case for Mainframe Security Dr. Paul Rohmeyer, Ph.D. Stevens Institute of Technology Hoboken, New Jersey June 13-15, 2010 1 AGENDA - Problem Statement - Defining Security - Understanding Mainframe

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010

SAS 70 Audit Concepts. and Benefits JAYACHANDRAN.B,CISA,CISM. August 2010 JAYACHANDRAN.B,CISA,CISM jb@esecurityaudit.com August 2010 SAS 70 Audit Concepts and Benefits Agenda Compliance requirements Overview Business Environment IT Governance and Compliance Management Vendor

More information

Compliance in 5 Steps

Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches

Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Today s Security Threats: Emerging Issues Keeping CFOs Up at Night Understanding & Protecting Against Information Security Breaches Chris Bucolo, PCIP, MBA Today s Speaker Chris Bucolo Sr. Manager, Sikich

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

Automating the Top 20 CIS Critical Security Controls

Automating the Top 20 CIS Critical Security Controls 20 Automating the Top 20 CIS Critical Security Controls SUMMARY It s not easy being today s CISO or CIO. With the advent of cloud computing, Shadow IT, and mobility, the risk surface area for enterprises

More information

Tracking and Reporting

Tracking and Reporting Secure File Transfer Tracking and Reporting w w w. b i s c o m. c o m 321 Billerica Road, Chelmsford, MA phone: 978-250-1800 email: sales@biscom.com EXECUTIVE SUMMARY The Internet has made it easier than

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 1 Introduction to Security Security+ Guide to Network Security Fundamentals, Third Edition Chapter 1 Introduction to Security Objectives Describe the challenges of securing information Define information security and explain why

More information

Is Your Compliance Strategy Putting Your Business at Risk?

Is Your Compliance Strategy Putting Your Business at Risk? Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business

More information

Cyber Attack: Is Your Business at Risk?

Cyber Attack: Is Your Business at Risk? 15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry

More information

It Takes the Village to Secure the Village SM

It Takes the Village to Secure the Village SM It Takes the Village to Secure the Village SM Stan Stahl, Ph.D. President Information Systems Security Association Los Angeles Chapter September 30, 2013 2 Online Bank Fraud is Major Challenge. Victim

More information

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17 2 All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17 4 John Chambers, former CEO and Chairman of the Board of Cisco Systems, Inc. 5 / 6 2017 State of Cybersecurity in Small and

More information

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction.... 3 Positive versus Negative Application Security....

More information

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide

Cyber Attacks and Data Breaches: A Legal and Business Survival Guide Cyber Attacks and Data Breaches: A Legal and Business Survival Guide August 21, 2012 Max Bodoin, Vince Farhat, Shannon Salimone Copyright 2012 Holland & Knight LLP. All Rights Reserved What this Program

More information

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide

PCI DSS. Compliance and Validation Guide VERSION PCI DSS. Compliance and Validation Guide PCI DSS VERSION 1.1 1 PCI DSS Table of contents 1. Understanding the Payment Card Industry Data Security Standard... 3 1.1. What is PCI DSS?... 3 2. Merchant Levels and Validation Requirements... 3 2.1.

More information

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results.

REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES. Dynamic Solutions. Superior Results. REGULATORY COMPLIANCE REGULATORY COMPLIANCE SERVICES Dynamic Solutions. Superior Results. PERSONALIZED HELP THAT RELIEVES THE BURDEN OF MANAGING COMPLIANCE The burden of managing risk and compliance is

More information

June 2 nd, 2016 Security Awareness

June 2 nd, 2016 Security Awareness June 2 nd, 2016 Security Awareness Security is the degree of resistance to, or protection from, harm. if security breaks down, technology breaks down Protecting People, Property and Business Assets Goal

More information

Onapsis: The CISO Imperative Taking Control of SAP

Onapsis: The CISO Imperative Taking Control of SAP Onapsis: The CISO Imperative Taking Control of SAP Cyberattacks @onapsis 2016 Key SAP Cyber-Security Trends Over 95% of the SAP systems we have assessed, were exposed to vulnerabilities that could lead

More information

Reducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat?

Reducing Liability and Threats through Effective Cybersecurity Risk Measurement. Does Your Security Posture Stand Up to Tomorrow s New Threat? Reducing Liability and Threats through Effective Cybersecurity Risk Measurement Does Your Security Posture Stand Up to Tomorrow s New Threat? Christopher Strand Security Compliance and Risk Officer 1 The

More information

Regulation P & GLBA Training

Regulation P & GLBA Training Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed

More information

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts SAP Cybersecurity Solution Brief Objectives Solution Benefits Quick Facts Secure your SAP landscapes from cyber attack Identify and remove cyber risks in SAP landscapes Perform gap analysis against compliance

More information

Defense in Depth Security in the Enterprise

Defense in Depth Security in the Enterprise Defense in Depth Security in the Enterprise Mike Mulville SAIC Cyber Chief Technology Officer MulvilleM@saic.com Agenda The enterprise challenge - threat; vectors; and risk Traditional data protection

More information

A Comprehensive Guide to Remote Managed IT Security for Higher Education

A Comprehensive Guide to Remote Managed IT Security for Higher Education A Comprehensive Guide to Remote Managed IT Security for Higher Education About EventTracker EventTracker enables its customers to stop attacks and pass IT audits. EventTracker s award-winning product suite

More information

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,

More information

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ

Operations & Technology Seminar. Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Seminar Tuesday, November 8, 2016 Crowne Plaza Monroe, Monroe Township, NJ Operations & Technology Roundtable Crowne Plaza Monroe, Monroe Township, NJ Tuesday, November 8, 2016

More information

The Impact of Cybersecurity, Data Privacy and Social Media

The Impact of Cybersecurity, Data Privacy and Social Media Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus

More information

SOC for cybersecurity

SOC for cybersecurity April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory

More information

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule Legal Disclaimer: This overview is not intended as legal advice and should not be taken as such. We recommend that you consult legal

More information

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018

Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018 Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo University of Pennsylvania July 12, 2018 Overview of Research Tort and products liability for CPS Privacy and

More information

Security Breach Notification Reflections on the U.S. Experience

Security Breach Notification Reflections on the U.S. Experience Compliance & Regulatory Matters Data Privacy Security Breach Notification Reflections on the U.S. Experience Bojana Bellamy Director of Data Privacy Accenture Brief History of Breach Notification Laws

More information

Annual Report on the Status of the Information Security Program

Annual Report on the Status of the Information Security Program October 2, 2014 San Bernardino County Employees Retirement Association 348 W. Hospitality Lane, Third Floor San Bernardino, CA 92415-0014 1 Table of Contents I. Executive Summary... 3 A. Overview... 3

More information

Keeping It Under Wraps: Personally Identifiable Information (PII)

Keeping It Under Wraps: Personally Identifiable Information (PII) Keeping It Under Wraps: Personally Identifiable Information (PII) Will Robinson Assistant Vice President Information Security Officer & Data Privacy Officer Federal Reserve Bank of Richmond March 14, 2018

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,

More information

Information Security Incident Response Plan

Information Security Incident Response Plan Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,

More information

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation

More information

The Convergence of Security and Compliance

The Convergence of Security and Compliance ebook The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction....3 Positive versus Negative Application Security....3

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

SYNACK PCI DSS PENETRATION TESTING TECHNICAL WHITE PAPER

SYNACK PCI DSS PENETRATION TESTING TECHNICAL WHITE PAPER W H I T E P A P E R SYNACK PCI DSS PENETRATION TESTING TECHNICAL WHITE PAPER J O EL D U BIN CI SSP, Q S A, P A- Q S A B H AV N A S O N D HI CISA, Q S A ( P2 P E), PA- Q S A ( P 2 P E) TABLE OF CONTENTS

More information

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives

AuthAnvil for Retail IT. Exploring how AuthAnvil helps to reach compliance objectives AuthAnvil for Retail IT Exploring how AuthAnvil helps to reach compliance objectives AuthAnvil for Retail IT Exploring how AuthAnvil helps to reach compliance objectives As companies extend their online

More information

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager

IT Audit and Risk Trends for Credit Union Internal Auditors. Blair Bautista, Director Bob Grill, Manager David Dyk, Manager IT Audit and Risk Trends for Credit Union Internal Auditors Blair Bautista, Director Bob Grill, Manager David Dyk, Manager 1 AGENDA Internet Banking Authentication ATM Security and PIN Compliance Social

More information

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Technology Risk Management in Banking Industry Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited Change in Threat Landscape 2 Problem & Threats faced by Banking Industry

More information

The Honest Advantage

The Honest Advantage The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents

More information

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:

More information

Teradata and Protegrity High-Value Protection for High-Value Data

Teradata and Protegrity High-Value Protection for High-Value Data Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:

More information

Securing Information Systems

Securing Information Systems Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value

More information

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center What to expect from today: The ugly truth about planning Why you need a plan that works Where

More information

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director /

Security and Compliance Powered by the Cloud. Ben Friedman / Strategic Accounts Director / Security and Compliance Powered by the Cloud Ben Friedman / Strategic Accounts Director / bf@alertlogic.com Founded: 2002 Headquarters: Ownership: Houston, TX Privately Held Customers: 1,200 + Employees:

More information

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions Meeting PCI DSS 3.2 Compliance with Solutions Platform the industry s most comprehensive, intelligent platform for managing cyber risk. 2018, Inc. What s Changing with PCI DSS? Summary of PCI Business

More information

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY THE INTERSECTION OF COMPLIANCE AND DIGITAL DATA Organizations of all sizes and shapes must comply with government and industry regulations.

More information

McAfee Database Security

McAfee Database Security McAfee Database Security Sagena Security Day 6 September 2012 September 20, 2012 Franz Hüll Senior Security Consultant Agenda Overview database security DB security from McAfee (Sentrigo) VMD McAfee Vulnerability

More information

SECURITY STATE OF THE INDUSTRY

SECURITY STATE OF THE INDUSTRY SECURITY STATE OF THE INDUSTRY An Interview with Stephen Treglia JD, HCISPP, HIPAA Compliance Officer, Investigations Section, Absolute OVERVIEW The health sector is rapidly adopting new technologies,

More information

From Russia With Love

From Russia With Love #ARDAWorld From Russia With Love Is your technology vulnerable to data theft? Do you know your own security protocols? Learn about auditing cyber-security processes and discover how to stay compliant and

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Complete document security

Complete document security DOCUMENT SECURITY Complete document security Protect your valuable data at every stage of your workflow Toshiba Security Solutions DOCUMENT SECURITY Without a doubt, security is one of the most important

More information

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy

Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy Orus Dearman, Director, Business Advisory Services, Grant Thornton Johanna Terronez, Senior Manager, Business Advisory

More information

Cybersecurity Today Avoid Becoming a News Headline

Cybersecurity Today Avoid Becoming a News Headline Cybersecurity Today 2017 Avoid Becoming a News Headline Topics Making News Notable Incidents Current State of Affairs Common Points of Failure Three Quick Wins How to Prepare for and Respond to Cybersecurity

More information

Cyber Due Diligence: Understanding the New Normal in Corporate Risk

Cyber Due Diligence: Understanding the New Normal in Corporate Risk Cyber Due Diligence: Understanding the New Normal in Corporate Risk Gillian Stacey, Davies Ward Phillips & Vineberg LLP Donald Good, Navigant Consulting Peter Gronvall, Navigant Consulting 8:30 to 10:00

More information

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE

SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,

More information

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing

PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing PCI DSS 3.1 is here. Are you ready? Mike Goldgof Sr. Director Product Marketing 1 WhiteHat Security Application Security Company Leader in the Gartner Magic Quadrant Headquartered in Santa Clara, CA 320+

More information

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT

IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT IT SECURITY FOR LIBRARIES PART 1: SECURING YOUR LIBRARY BRIAN PICHMAN EVOLVE PROJECT AGENDA A high level overview of what to implement in your library to make it secure. With the rise of data breaches,

More information

Security of Personal and Financial Information.

Security of Personal and Financial Information. Security of Personal and Financial Information Randy Marchany Chief IT Security Officer Director, IT Security Lab VA Tech IT Security Office & Lab www.security.vt.edu 5 Things You Need To Know What/Where

More information

Background FAST FACTS

Background FAST FACTS Background Terra Verde was founded in 2008 by cybersecurity, risk and compliance executives. The founders believed that the market needed a company that was focused on using security, risk and compliance

More information

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:

SOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES: (Solutions Brief) An integrated cybersecurity Administration solution for securing any Large Enterprise. The Industry s most complete protection for the Large Enterprise and Cloud Deployments. KEY SERVICES:

More information

Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN

More information