Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014
|
|
- Norma Elliott
- 6 years ago
- Views:
Transcription
1 Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, , Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava Mika Meyers Beckett & Jones PLC 900 Monroe Avenue NW Grand Rapids, MI (616) jpuplava@mmbjlaw.com
2 Why Worry About Cybersecurity? Internet crime is increasing in frequency and severity. Daily business is increasingly being conducted via the internet. Companies want to take advantage of new technologies. Many fail to acknowledge, recognize, or keep pace with escalating cybersecurity risks.
3 Key Cybersecurity Worries Mobility. Cybercrime and cyber warfare. Social attacks. Attacks on PC, server and cloud. Big Data. Cross-border concerns. Uneducated use of technology.
4 Source of Threats Outsiders Hackers (looking for financial gain). Hacktivits (on ideological missions). Terrorists/organized crime. Competitors. Government.
5 Source of Threats Insiders Current/former employees. Current/former service providers, consultants, contractors. Suppliers/customers. Business partners. Information brokers. Different motivations: Disgruntled. Careless. Uneducated.
6 Range of Harms from Cybersecurity Breach Potential harm to business, consumers and the public. Loss of Integrity. Identity theft. Tainted data. Affected operations. Loss of Access/Availability. Loss of Confidence. Disclosure of Confidential Information. Compromised customer, user or employee records. Compromised trade secrets or other proprietary information. Third party liability. Regulatory action/enforcement.
7 Benefits of a Good Cybersecurity Program Protected data. Increased efficiency of operations and financial control. Minimize risk of damage caused by cybersecurity breach. Minimize risk of third party/regulatory action relating to cybersecurity breach. Protected reputation.
8 Cybersecurity Standards Cybersecurity regulations and laws are a moving target. Currently there is a patchwork quilt of federal and state laws addressing cybersecurity, but no broad federal cybersecurity legislation. It can be easy to get lost among the many standards purporting to govern cybersecurity.
9 Cybersecurity Standards Federal Laws Examples of Industry/Business-Specific Security Laws requiring protection of systems and information. Financial institutions (Financial Services Modernization Act of 1999, Gramm-Leach Bliley Act, Federal Financial Institutions Examination Council standards). Healthcare providers (HIPAA, HITECH). Federal agencies, or those who provide services on their behalf (Federal Information Security Management Act, Homeland Security Act). Family Educational Rights and Privacy Act (FERPA). Payment Card Industry Data Security Standards (PCI-DSS). SEC reporting requirements.
10 Cybersecurity Standards State Laws Trade secrets (e.g. Michigan Uniform Trade Secret Act) require reasonable security measures be taken. Social Security Number Privacy Act (in Michigan and other states). Data Breach Notification (e.g. Michigan Identity Theft Protection Act). Freedom of Information Act. Some state laws (e.g. California) require that businesses maintain a reasonable level of security.
11 Cybersecurity Standards International Laws More comprehensive guidance regarding security issues. Legislative development in several countries. European Union directives Data protection. E-privacy. Critical infrastructures. Commission on a Cybersecurity Strategy of the European Union. Commission Proposal for a Directive Concerning Measures to Ensure a High Common Level of Network and Information Security Across the Union.
12 Other Cybersecurity Standards and Resources Contractual requirements. Information security management system standards published by International Organization for Standardization and International Electrotechnical Commissions (e.g. ISO/IEC regarding Information security management systems). Information Security Forum Standards of Good Practice. Now available for sale to the general public. Comprehensive list of best practices for information security. Atlantic Council (cybersecurity resources focusing on international and state issues). SANS Institute computer security training programs.
13 Examples of the Alphabet Soup of Privacy Regulations Electronic Communications Privacy Act (ECPA). Critical Infrastructure Information Act (CIIA). Fair Credit Reporting Act (FCRA). Fair Debt Collection Practices Act (FDCPA). Children s Online Privacy Protection Act (COPPA). Computer Fraud and Abuse Act (CFAA). Telephone Consumer Protection Act (TCPA). The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).
14 Best Guidance To Date: NIST Framework NIST Framework for Improving Critical Infrastructure Cybersecurity. Voluntary set of standards. Good starting point for developing best practices. Aimed at reducing and better managing cybersecurity risks. Could be used as a standard for evaluating reasonableness of an organization s cybersecurity program.
15 NIST Framework Not a checklist. Contains suggested steps for establishing or improving a cybersecurity program. Offers a common set of activities to anticipate and mitigate against cyber attacks. Users can create a profile to describe their current and desired states. Framework Core includes Functions, Categories, Subcategories, and Informative References.
16 NIST Framework 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved
17 NIST Framework Informative References describe specific cybersecurity activities common across critical infrastructure sectors. Draws from a range of standards, guidelines and practices. Illustrates a method to achieve the outcomes associated with each Subcategory. More information regarding the Framework can be found at
18 Best Practices in Creating a Cybersecurity Program The process of creating a cybersecurity program will be different for each organization no one-size-fits-all approach. Involve all levels of authority in creating a cybersecurity program. IT staff cannot be alone in this effort. Organization should identify its business objectives and priorities.
19 Best Practices in Creating a Cybersecurity Program Identify and prioritize corporate information assets. Inventory: Where data resides; The type of data collected; Type and location of equipment and devices used; Who can access the data; How and what sensitive information is transmitted to third parties; What information is retained and for how long.
20 Best Practices in Creating a Cybersecurity Program Assess legal requirements regarding ability to: Collect and retain information from employees, customers, and third parties. Use and share collected information. Secure collected information. Dispose of collected information.
21 Best Practices in Creating a Cybersecurity Program Evaluate risk of data loss. Identify threats and vulnerabilities to corporate systems and assets. Follow organization s established risk management process. NIST Guide for Conducting Risk Assessments. FTC requires reasonable risk assessment. Evaluation should include assessment of cybersecurity risk of outsourced functions.
22 Best Practices in Creating a Cybersecurity Program Reacting to problems Identify gaps in protection or legal compliance. Create an action plan to address the gaps.
23 Best Practices in Creating a Cybersecurity Program Acting proactively Draft a security policy/plan. Address cybersecurity in vendor agreements. Consider cyber-insurance coverage. Accurately describe information sharing in customer Terms of Service and Privacy Policies. Implement technical, administrative, and physical controls using cost/benefit analysis. Train employees, and develop procedures for newly hired and exiting employees.
24 Contractual Approaches to Minimizing Liability Vendor Contracts: Agreement should describe the services to be provided by the vendor, and address the following: Requirements regarding use, disclosure, storage, protection and disposal/return of confidential, sensitive, and protected information. Clarify ownership of data and information. Responsibility for compliance with applicable laws and regulatory requirements. Reporting/notification obligations in the event of a breach, and who pays the cost of the breach. Right to direct, participate in, or receive updates regarding breaches. Indemnification, and other provisions addressing liability for damages caused by security breaches. Use of subcontractors. Vendor s business continuity/disaster recovery plans. Service levels.
25 Contractual Approaches to Minimizing Liability Customer Contracts: Agreement should describe the services to be provided by the company Services contract, EULA, Privacy Policy, etc. Address privacy. Clearly and conspicuously describe data collection and use practices. Give customers a choice about whether their data is collected and used. Address security standard of care for BOTH parties. Reserve the right to report/notify/make public statements regarding security breaches. Reserve the right to suspend services upon breach.
26 Additional Valuable Contract Terms Limitation of liability. to not exceed amount. excepting certain types of damages. Disclaimer of warranties. Jurisdiction. Statutes of Limitation. Alternative Dispute Resolution. Insurance coverage requirements.
27 Employment Agreements Commitment that employee with comply with company s security policy. Require protection of confidential, proprietary and other sensitive information. Address ownership of proprietary information. Communication with employees beyond the documents is important. Hiring and exit procedures. Employee training.
28 Because Breaches of Security Happen... Develop procedures to stop the breach and remediate damaged functionality. Identify legal requirements relating reporting/notification in the event of a security breach. Draft a written computer incident response/data breach policy, and be prepared to mitigate an incident. Monitor and be prepared to respond to breaches. Regularly evaluate the above.
29 General Rules for Cybersecurity Be proactive rather than just reactive. Maintain reasonable procedures to protect sensitive information and comply with applicable law. Do not misrepresent your practices.
30 Questions? Jennifer Puplava (616) Disclaimer: This presentation is to assist in a general understanding of some of the legal issues involved, and is not intended as legal advice. Persons with particular questions should seek the advice of counsel.
Cyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationData Privacy and Cybersecurity
Data Privacy and Cybersecurity Key Contacts Timothy C. Blank Boston +1 617 728 7154 Dr. Olaf Fasshauer National Munich +49 89 21 21 63 28 Joshua H. Rawson New York +1 212 698 3862 Translate Page In an
More informationU.S. Private-sector Privacy Certification
1 Page 1 of 5 U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US ) I. Introduction to the U.S. Privacy
More informationKeeping It Under Wraps: Personally Identifiable Information (PII)
Keeping It Under Wraps: Personally Identifiable Information (PII) Will Robinson Assistant Vice President Information Security Officer & Data Privacy Officer Federal Reserve Bank of Richmond March 14, 2018
More informationCyber Attacks and Data Breaches: A Legal and Business Survival Guide
Cyber Attacks and Data Breaches: A Legal and Business Survival Guide August 21, 2012 Max Bodoin, Vince Farhat, Shannon Salimone Copyright 2012 Holland & Knight LLP. All Rights Reserved What this Program
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationThe Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationIntegrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel
Presenting a live 90-minute webinar with interactive Q&A Integrating Information Security Protections In Supplier Agreements: Guidance for Business and Technology Counsel Evaluating Data Security Risks
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationHacking and Cyber Espionage
Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge
More informationLegal, Ethical, and Professional Issues in Information Security
Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN
More informationAutomotive Privacy. A discussion of privacy and security legal compliance for the automotive industry
Automotive Privacy A discussion of privacy and security legal compliance for the automotive industry 2014 Foley & Lardner LLP Attorney Advertising Prior results do not guarantee a similar outcome Models
More informationLegal Considerations and Case Studies
Cybersecurity for Small & Mid-Size Businesses Phil Schenkenberg, J.D., CIPP/US Cyrus Malek, J.D., Certification in Cybersecurity and Privacy Law Legal Considerations and Case Studies Copyright, Briggs
More informationWhat To Do When Your Data Winds Up Where It Shouldn t
What To Do When Your Data Winds Up Where It Shouldn t Don M. Blumenthal Defcon 16 Las Vegas, Nevada August 9, 2008 Disclaimer Opinions expressed are my own and intended for informational purposes. They
More informationWhy you MUST protect your customer data
Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationencrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information
More informationData Compromise Notice Procedure Summary and Guide
Data Compromise Notice Procedure Summary and Guide Various federal and state laws require notification of the breach of security or compromise of personally identifiable data. No single federal law or
More informationGramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
More informationGLBA, information security and incident response a compliance perspective
GLBA, information security and incident response a compliance perspective Introductions How many have experience with IT? How many have responsibilities involving IT? How many have responsibilities involving
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationAn Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule
An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule Legal Disclaimer: This overview is not intended as legal advice and should not be taken as such. We recommend that you consult legal
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationData Security Standards
Data Security Standards Overall guide The bigger picture of where the standards fit in 2018 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a
More informationSecurity Awareness Compliance Requirements. Updated: 11 October, 2017
Security Awareness Compliance Requirements Updated: 11 October, 2017 Executive Summary The purpose of this document is to identify different standards and regulations that require security awareness programs.
More informationVERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT
VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT 84095-9998 SNOWFLY PRIVACY POLICY This Privacy Policy describes Snowfly s practices regarding the
More informationTop Five Privacy and Data Security Issues for Nonprofit Organizations
Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationCRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised
CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised TUESDAY, MAY 24, 2011 Alston & Bird LLP PricewaterhouseCoopers Silverpop www.pwc.com Data
More informationHIMSS 15 Doing Better Business in the Era of Data Security and Privacy
HIMSS 15 Doing Better Business in the Era of Data Security and Privacy Michael D. Stovsky, Esq. Partner and Chair, Innovations, Information Technology and IP Group Cleveland Columbus Indianapolis Philadelphia
More informationI GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE
I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE By Clyde Vanel, NYS Assemblyman, Chair, Subcommittee on Internet & New Technologies HELP, I GOT ROBBED! I felt like screaming that line
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationSEC Issues Updated Guidance on Cybersecurity Disclosure
February 27, 2018 SEC Issues Updated Guidance on Cybersecurity Disclosure On February 21, 2018, the Securities and Exchange Commission (the SEC ) issued an interpretive release providing Commission-level
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationAll 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17
2 All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17 4 John Chambers, former CEO and Chairman of the Board of Cisco Systems, Inc. 5 / 6 2017 State of Cybersecurity in Small and
More informationNCSF Foundation Certification
NCSF Foundation Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity
More informationSYSTEM SECURITY PLAN (SSP) [Official Company Name]
SYSTEM SECURITY PLAN (SSP) [Official Company Name] TABLE OF CONTENTS PREPARED BY & RECORD OF CHANGES 5 PREPARED BY 5 REVISION HISTORY 5 OWNERSHIP & CYBERSECURITY OVERVIEW 6 CONTRACTS CONTAINING CUI 6 CUI
More informationPost-Secondary Institution Data-Security Overview and Requirements
Post-Secondary Institution Data-Security Overview and Tiina K.O. Rodrigue, EdDc, CISSP, CISM, PMP, CSM, CEA, ITIL, ISC2 Compliance Mapper, A+ Senior Advisor Cybersecurity - 2017 Agenda Who needs to worry
More informationPlaying in the Big (Data) Leagues: Consumer Data Mining Data Privacy and Compliance
Playing in the Big (Data) Leagues: Consumer Data Mining Data Privacy and Compliance Presented by Charlie Bingham, Legal and Corporate Affairs -Enterprise Partner Group, Microsoft Corporation Rachel Reid,
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationInformation Security Risk Strategies. By
Information Security Risk Strategies By Larry.Boettger@Berbee.com Meeting Agenda Challenges Faced By IT Importance of ISO-17799 & NIST The Security Pyramid Benefits of Identifying Risks Dealing or Not
More informationDepartment of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY
Department of Veterans Affairs VA DIRECTIVE 6502.3 Washington, DC 20420 Transmittal Sheet WEB PAGE PRIVACY POLICY 1. REASON FOR ISSUE: To establish policy for the Department of Veterans Affairs (VA) for
More informationCertified Information Privacy Professional/United States
Certified Information Privacy Professional/United States The Certified Information Privacy Professional (CIPP) helps organizations around the world bolster compliance and risk mitigation practices, and
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More information20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics
Global Privacy and Data Protection: Practical Risk Assessment and Governance 9 October 2013 Robert Bond, BA, CCEP, HonMIEx Head of Data Protection and Info Security, Speechly Bircham Marti Arvin, CHC-F,
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationSage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
More informationOverview Bank IT examination perspective Background information Elements of a sound plan Customer notifications
Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information
More information2017 RIMS CYBER SURVEY
2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the
More informationBrian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center
Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center What to expect from today: The ugly truth about planning Why you need a plan that works Where
More informationPRIVACY POLICY VANTAGE HOMES
State of Colorado PRIVACY POLICY VANTAGE HOMES Rev. 133C579 Version Date: April 01, 2017 GENERAL Vantage Homes LLC ( Company or we or us or our ) respects the privacy of its users ( user or you ) that
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationWhat to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationRegulation P & GLBA Training
Regulation P & GLBA Training Overview Regulation P governs the treatment of nonpublic personal information about consumers by the financial institution. (Gramm-Leach-Bliley Act of 1999) The GLBA is composed
More informationElements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
More informationData Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory
Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationDATA BREACH NUTS AND BOLTS
DATA BREACH NUTS AND BOLTS Your Company Has Been Hacked Now What? January 20, 2016 Universal City, California Sponsored by Hogan Lovells Moderator: Stephanie Yonekura, Hogan Lovells #IHCC16 Panelists:
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationSecurity Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationU.S. Corporate Privacy Certification
U.S. Corporate Privacy Certification Program Introduction The IAPP is proud to offer the privacy profession s foremost credential, the Certified Information Privacy Professional ( CIPP ). The CIPP is the
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationDETAILED POLICY STATEMENT
Applies To: HSC Responsible Office: HSC Information Security Office Revised: New 12/2010 Title: HSC-200 Security and Management of HSC IT Resources Policy POLICY STATEMENT The University of New Mexico
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationEnterprise SM VOLUME 1, SECTION 5.7: SECURE MANAGED SERVICE
VOLUME 1, SECTION 5.7: SECURE MANAGED EMAIL SERVICE 5.7 SECURE MANAGED EMAIL SERVICE (SMES) [C.2.10.8] The Level 3 Team s (SMES) will meet or exceed the Government s requirements for SMES, as defined in
More informationPROFESSIONAL SERVICES (Solution Brief)
(Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationMobile Device policy Frequently Asked Questions April 2016
Mobile Device policy Frequently Asked Questions April 2016 In an attempt to help the St. Lawrence University community understand this policy, the following FAQ document was developed by IT in collaboration
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationSTATEMENT SECURITIES INDUSTRY AND FINANCIAL MARKETS ASSOCIATION ( SIFMA ) BEFORE THE
STATEMENT OF SECURITIES INDUSTRY AND FINANCIAL MARKETS ASSOCIATION ( SIFMA ) BEFORE THE UNITED STATES SENATE COMMITTEE ON BANKING, HOUSING, AND URBAN AFFAIRS CYBERSECURITY AND DATA PROTECTION IN THE FINANCIAL
More informationHIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp
HIPAA Compliance: What it is, what it means, and what to do about it. Adam Carlson, Security Solutions Consultant Intapp Agenda Introductions HIPAA Background and History Overview of HIPAA Requirements
More informationManagement guide for fighting cyber predators
Management guide for fighting cyber predators 2017 all rights reserved Nagan Research Group LLC Table of Contents Introduction... 3 Existing Cyber Security Efforts... 4 Strategic Segmentation... 5 Managing
More informationData Breach Trends: What Local Government Lawyers Need to Know
REUTERS / Firstname Lastname Data Breach Trends: What Local Government Lawyers Need to Know IMLA Annual Conference San Diego, California September 30, 2016 Presenters: Mel Gates, Senior Legal Editor, Privacy
More informationBeam Technologies Inc. Privacy Policy
Beam Technologies Inc. Privacy Policy Introduction Beam Technologies Inc., Beam Dental Insurance Services LLC, Beam Insurance Administrators LLC, Beam Perks LLC, and Beam Insurance Services LLC, (collectively,
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationSEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks
SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks By Richard A. Blunk (Thermopylae Ventures, LLC) and Apprameya Iyengar (Morrison Cohen LLP) The SEC has continued
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationProtecting vital data with NIST Framework
Protecting vital data with NIST Framework About me Patrick Kerpan CEO at Cohesive Networks @pjktech BANKS About Cohesive Networks 2,000+ customers protect cloudbased applications User-controlled security
More information