Privacy, Cyber Threats and Risk Mitigation Mitigating Liability Through the SAFETY Act
|
|
- Louise Rich
- 5 years ago
- Views:
Transcription
1 Privacy, Cyber Threats and Risk Mitigation Mitigating Liability Through the SAFETY Act Joe DePaul, Senior Vice President Brian Finch, Partner April 9, 2015 Pillsbury Winthrop Shaw Pittman LLP
2 The Threat From Cyber Attacks Exposure of corporate secrets, trade secrets, and other proprietary information Exposure of personally identifiable information (employees and customers), including health information Disruption/destruction of operations Attacks are cheap: ($2 for crashing a website; $30 for malware verification; $5,000 for zero day ) Malware now tends to be one time use 1 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
3 Many Theories of Liability for Cyber Attacks Shareholder claims/sec Disclosures Loss of IP/trade secret claims Negligent selection, design or contracting Failure to take reasonable security measures for threats that a company knew or should have known about Strict liability 2 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
4 Who Is Attacking? 3 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
5 Post-Terrorist Attack Litigation Courts have found that terrorist attacks are reasonably foreseeable, and a duty is owed to plaintiffs (victims) The danger of a plane crashing as a result of a hijacking was the very risk that Boeing should reasonably have foreseen Other 9/11 cases: Negligence/Negligent selection Res Ipsa Loquitor Strict liability Negligent design and/or manufacture 4 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
6 What Would Cyber Litigation Look Like? FTC allegations in Wyndham lawsuit Wyndham failed to: remedy known security vulnerabilities such as allowing insecure server/network connections employ commonly used methods to require user IDs and passwords that are difficult for hackers to guess adequately inventory computers in order to manage network devices employ reasonable measures to detect and prevent unauthorized access or to conduct security investigations follow proper incident response procedures, including failing to monitor computer network for malware used in a previous intrusion adequately restrict 3d party vendor access share threat information/act upon shared information The key question: how can you make sure you are taking reasonable cyber security measures? 5 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
7 Recent Decisions Choice Escrow & Land Title, LLC v. BancorpSouth Bank, 754 F.3d 611 (8th Cir. 2014) A bank customer, a real estate escrow service provider, brought action against its bank, after $440,000 was stolen from the customer's bank account through fraudulent wire transfer requests. The United States District Court for the Western District of Missouri, John T. Maughmer, United States Magistrate Judge, 2013 WL , granted summary judgment to the bank. Both parties appealed. 6 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
8 Recent Decisions Patco Const. Co. v. People's United Bank, 684 F.3d 197 (1st Cir. 2012) Commercial customer filed action in diversity against bank, alleging negligence, breach of contract, breach of fiduciary duty, unjust enrichment, conversion, and that bank's security system was not commercially reasonable and that it had not consented to security procedures, after thieves had electronically stolen hundreds of thousands of dollars from its accounts 7 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
9 Cyber Product Developer Loss Scenarios Scenario 1: The product is represented to have specific capabilities and associated services (regular updates, upgrades, etc.): Product manufacturer could be liable for losses suffered by its customer, Product manufacturer could be liable for 3d party losses if they are intended beneficiaries or creates unreasonable risk of harm. Gross negligence or intentional misconduct? All bets are off. Scenario 2: The product is used at a facility storing highly dangerous materials: Could be held liable for a design defect, If the product is specifically designed to protect that type of facility, liability is more likely. The big point: Get ready for litigation. 8 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
10 FTC v. Wyndham FTC v. Wyndham decided on April 7, 2014 Facts: Federal Trade Commission sues Wyndham Hotels following a series of cyber attacks/data breaches affecting its customers. Wyndham claimed that it protected customers information by using standard industry practices. The FTC, argues otherwise, saying that Wyndham failed to provide reasonable and appropriate security for the information it collected and maintained. Claim: Wyndham claimed that the FTC had no authority to pursue enforcement actions related to data security Ruling: Court affirmed that the FTC has the authority to pursue corporate cybersecurity weaknesses under its existing regulatory powers (Section 5 of the FTC Act) to address unfair or deceptive acts or practices affecting commerce. Significance: Only a Motion to Dismiss Not a Ruling on Wyndham s Liability The FTC can act on unreasonable cybersecurity practices under existing laws without further legislation 9 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
11 Who Is To Blame? 10 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
12 The In-Law Problem 11 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
13 The SAFETY Act Support Anti-Terrorism by Fostering Effective Technologies Act Part of the Homeland Security Act of 2002 Eliminates or minimizes tort liability for sellers of DHS-approved technologies should suits arise after an attack (physical or cyber), including: SAFETY Act protections obtained by submitting an application to DHS Applies to services, products, policies This includes self-deployed programs Protections apply even if the attack originates from abroad so long as US interests implicated (i.e., economic losses) Protections apply to cyber attacks unrelated to terrorism 12 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
14 Act of Terrorism What is an act of terrorism? (i) is unlawful; (ii) causes harm, including financial harm, to a person, property, or entity, in the United States, or in the case of a domestic United States air carrier or a United States-flag vessel in or outside the United States; and (iii) uses or attempts to use instrumentalities, weapons or other methods designed or intended to cause mass destruction, injury or other loss to citizens or institutions of the United States. Definition is read to include events that impact the United States. 13 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
15 Designation vs. Certification Two levels of protection under the SAFETY Act Under Designation : Claims may only be filed in Federal court Damages are capped at a level set by DHS Bar on punitive damages and prejudgment interest Under Certification sellers also receive a presumption of immediate dismissal In both circumstances claims against CUSTOMERS are to be immediately dismissed 14 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
16 Act of Terrorism = Cyber Attack Any cyber security product, service, and/or policy is eligible for SAFETY Act protections Cyber attacks are encompassed under this definition There is NO requirement that the attacker s identity or motivation be identified/proven: Only mention of intent potentially relates to intent to cause injury or loss, NOT traditional terrorist intent This means that ANY cyber attack could potentially trigger SAFETY Act liability protections 15 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
17 SAFETY Act Evaluation Criteria What are you seeking coverage for? How does the product or service work/how is it provided? How do you know it works? How will you make sure it continues to work? Can you show your product/service is repeatable (e.g., documented policies and procedures)? Is it safe? Quality control, quality assurance, written policies, and evidence of effectiveness are key data points. It is not necessary to meet all of the evaluation criteria in order to obtain SAFETY Act protections. 16 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
18 Information Needed Data and documentation is critical to application process. Key information required for submission includes: Documented processes and procedures. Evidence of management chain/quality control. Audits/effectiveness reports.. Points of contact with local law enforcement. DHS requires records demonstrating utility, effectiveness, and quality control. Gathering and interpreting information is typically the most time consuming part of the process. 17 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
19 Firewalls Antivirus System Forensic Investigation SAFETY Act BYOD Policies SAFETY Act Customer suffers loss/damage s SAFETY Act Breach Response Plan SAFETY Act APT Defense Systems Malware Protection Programs General Cybersecurity Policies and Procedures 18 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
20 Antivirus System Firewalls Forensic Investigation BYOD Policies APT Defense Systems Customer suffers loss/damages Malware Protection Programs Breach Response Plan General Cybersecurity Policies and Procedures 19 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
21 The Application Process 20 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
22 Key Questions and How To Use Any costs for filing a SAFETY Act application? No. What kind of security products are eligible for SAFETY Act protections? All products, services, and/or policies, including internal policies, whether physical or cyber. What is the practical effect of obtaining SAFETY Act protections? A cap on damages or immunity from damages arising out of or related to cyber attacks or acts of terrorism. 21 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
23 Key Questions and How To Use Cont. Can I realize SAFETY Act benefits just by purchasing and using SAFETY Act approved cyber security solutions? Yes. Can I require SAFETY Act approval in procurements? Yes. What kind of claims will this help mitigate/eliminate? Negligence, third party liability, failure to take reasonable mitigation steps, D&O claims. 22 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
24 SAFETY Act vs. Cyber/Terrorism Insurance SAFETY Act Jurisdictional defenses (Exclusive Federal jurisdiction, no punitive damages, no prejudgment interest) Cap on 3d party damages Possible immunity Government endorsement of security plans and technologies Cyber/Terrorism insurance Reimbursement for damages, but no cap No jurisdictional defenses No government sanction of security plans and technologies Less certainty as to coverage Tying SAFETY Act to cyber insurance can result in reduced premiums 23 Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
25 Thank You for Participating! Joe DePaul Senior Vice President FINEX North American Cyber and E&O Team Willis Americas Administration, Inc. Phone: Brian E. Finch Partner, Public Policy Pillsbury Winthrop Shaw Pittman LLP Phone: Privacy, Cyber Threats and Risk Mitigation Preparing for and Handling Data Breaches
by Fernando M. Pinguelo, Angelo A. Stio III, Suzanne M. Noyes and Daniel Sodroski
NIST Cybersecurity Framework Not a Guarantee, But Still a Good Bet Against FTC Action by Fernando M. Pinguelo, Angelo A. Stio III, Suzanne M. Noyes and Daniel Sodroski Businesses today have their work
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationIncident Response and Cybersecurity: A View from the Boardroom
IT, Privacy & Data Security Webinar Incident Response and Cybersecurity: A View from the Boardroom Gerard M. Stegmaier, Reed Smith Partner IT, Privacy & Data Security Samuel F. Cullari, Reed Smith Counsel
More informationANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW
ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW Janis Kestenbaum (Federal Trade Commission) John O Tuel (GlaxoSmithKline) Alfred Saikali (Shook Hardy & Bacon) Christopher
More informationPROVIDING INVESTIGATIVE SOLUTIONS
PROVIDING INVESTIGATIVE SOLUTIONS Experienced Professionals Northeast Intelligence Group, Inc. (NEIG) has been helping clients meet challenges for more than twenty years. By providing meaningful and timely
More informationLegal Considerations and Case Studies
Cybersecurity for Small & Mid-Size Businesses Phil Schenkenberg, J.D., CIPP/US Cyrus Malek, J.D., Certification in Cybersecurity and Privacy Law Legal Considerations and Case Studies Copyright, Briggs
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationHacking and Cyber Espionage
Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge
More informationCYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018
CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,
More informationData Breach Preparation and Response. April 21, 2017
Data Breach Preparation and Response April 21, 2017 King & Spalding Data, Privacy & Security King & Spalding s 60 plus lawyer Data, Privacy & Security ( DPS ) Practice is best known for: Experienced crisis
More informationDATA BREACH PREVENTION, RESPONSE & MANAGEMENT
Dominik T. Hochlenert Sebastian Feik DATA BREACH PREVENTION, RESPONSE & MANAGEMENT The road to reasonable security U.S. Data Privacy Regulation 2 Currently no single, comprehensive federal data protection
More information2017 Data Security Incident Response Report. Be Compromise Ready: Go Back to the Basics
2017 Data Security Incident Response Report Be Compromise Ready: Go Back to the Basics May 9, 2017 Contact Information Theodore J. Kobus, III Leader, Privacy and Data Protection Practice New York 212.271.1504
More informationStephanie Zierten Associate Counsel Federal Reserve Bank of Boston
Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston Cybersecurity Landscape Major Data Breaches (e.g., OPM, IRS) Data Breach Notification Laws Directors Derivative Suits Federal Legislation
More informationCase 3:08-cv G Document 74 Filed 04/20/2009 Page 1 of 9 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF TEXAS DALLAS DIVISION
Case 3:08-cv-00340-G Document 74 Filed 04/20/2009 Page 1 of 9 UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF TEXAS DALLAS DIVISION T-MOBILE USA, INC., a Delaware Corporation, VS. Plaintiff, WIRELESS
More informationAdvising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015
Advising the C-Suite and Boards of Directors on Cybersecurity February 11, 2015 Agenda Introductions / Administrative Cybersecurity risk legal landscape Cyber threats Legal risks in the aftermath of a
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationA Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016
A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US
More information2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action
2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Casie D. Collignon Partner Denver 303.764.4037 ccollignon@bakerlaw.com
More informationThe Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
More informationUPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA
UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA ljohnson@ffalaw.com INTRODUCTION Cyber attacks increasing Liability/actions resulting
More information716 West Ave Austin, TX USA
Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud
More informationBuilding a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity
Building a Business Case for Cyber Threat Intelligence 5Reasons Your Organization Needs a Risk-Based 5Approach to Cybersecurity 5 Reasons for a Risk-Based Approach to Cybersecurity The Bad Guys are Winning
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationData Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)
Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001) Speakers: James T. McIntyre Partner McIntyre & Lemon, PLLC Janice Ochenkowski International Director
More informationSummary Comparison of Current Data Security and Breach Notification Bills
Topic S. 117 (Nelson) S. (Carper/Blunt) H.R. (Blackburn/Welch) Comments Data Security Standards The FTC shall promulgate regulations requiring information security practices that are appropriate to the
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationNOOTRY TERMS OF SERVICE
NOOTRY TERMS OF SERVICE Nootry LLC ( Nootry ), a Delaware limited liabilities company, provides access to and use of the services, including our website, APIs, email notifications, and application (the
More informationSecurity and Privacy-Aware Cyber-Physical Systems: Legal Considerations. Christopher S. Yoo University of Pennsylvania July 12, 2018
Security and Privacy-Aware Cyber-Physical Systems: Legal Considerations Christopher S. Yoo University of Pennsylvania July 12, 2018 Overview of Research Tort and products liability for CPS Privacy and
More informationSECURITY CODE. Responsible Care. American Chemistry Council. 7 April 2011
American Chemistry Council Responsible Care SECURITY CODE 7 April 2011 Debra Phillips Managing Director, Responsible Care American Chemistry Council Why develop a Separate Security Code? Need for a clearly
More informationSecurity Standards for Electric Market Participants
Security Standards for Electric Market Participants PURPOSE Wholesale electric grid operations are highly interdependent, and a failure of one part of the generation, transmission or grid management system
More informationEntrust SSL Web Server Certificate Subscription Agreement
Entrust SSL Web Server Certificate Subscription Agreement ATTENTION - READ CAREFULLY: THIS SUBSCRIPTION AGREEMENT (THIS "AGREEMENT") IS A LEGAL CONTRACT BETWEEN THE PERSON, ENTITY, OR ORGANIZATION NAMED
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationHow will cyber risk management affect tomorrow's business?
How will cyber risk management affect tomorrow's business? The "integrated" path towards continuous improvement of information security Cyber Risk as a Balance Sheet Risk exposing Board and C-Levels 2018
More informationU.S. Private-sector Privacy Certification
1 Page 1 of 5 U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US ) I. Introduction to the U.S. Privacy
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationencrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information
More informationThe Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches
The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches Edward McNicholas Global Co-Leader, Privacy, Data Security and Information Law Sidley Austin LLP The cyber threat is one of the most
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons
More informationMedical Device Cybersecurity: FDA Perspective
Medical Device Cybersecurity: FDA Perspective Suzanne B. Schwartz MD, MBA Associate Director for Science and Strategic Partnerships Office of the Center Director (OCD) Center for Devices and Radiological
More informationCLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016
CLE Alabama Banking Law Update Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016 Best Practices on Managing Cyber-Security Risks J.T. Malatesta III and Sarah S. Glover Maynard Cooper
More informationEnd User License Agreement
End User License Agreement Kyocera International, Inc. ( Kyocera ) End User License Agreement. CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS ( AGREEMENT ) BEFORE USING OR OTHERWISE ACCESSING THE SOFTWARE
More informationCybersecurity: Pre-Breach Preparedness and Post-Breach Duties
Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties Thursday, October 5, 2017 Presented by: Gerrit Nel, Senior Manager, Cyber Security, KPMG Sunny Handa, Partner, Montreal Cathy Beagan Flood,
More informationHealthfirst Website Privacy Policy
Healthfirst Website Privacy Policy We value your relationship with us and have detailed our privacy objectives for our website below. Please be sure to read this notice as it covers the terms and conditions
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationSEC Issues Updated Guidance on Cybersecurity Disclosure
February 27, 2018 SEC Issues Updated Guidance on Cybersecurity Disclosure On February 21, 2018, the Securities and Exchange Commission (the SEC ) issued an interpretive release providing Commission-level
More informationMYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414
MYTH vs. REALITY The Revised Cybersecurity Act of 2012, S. 3414 The Cybersecurity Act of 2012, S. 3414, has not been the subject of a legislative hearing and has skipped regular order. HSGAC has not marked
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationNERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS
NERC CIP VERSION 6 COMPLIANCE BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements
More informationCYBERSECURITY IN THE POST ACUTE ARENA AGENDA
CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities
More informationData Privacy & Protection
Data Privacy & Protection March 10, 2016 Data Breach Notification and Cybersecurity Developments in 2016 Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US This
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationSecurity Takes Center Stage
Security Takes Center Stage Rajesh De Partner Chair, Global Cybersecurity & Data Privacy Practice +1 202 263 3366 rde@mayerbrown.com June 7, 2016 Cyber Attacks Are Increasing in Cost and Frequency Breaches
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationPOSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS
POSTMARKET MANAGEMENT OF CYBERSECURITY IN MEDICAL DEVICES FINAL GUIDANCE MARCH 29, 2017 14TH ANNUAL MEDICAL DEVICE QUALITY CONGRESS 1 Fact vs. Myth Let s Play: Fact vs. Myth The FDA is the federal entity
More informationCybersecurity Overview
Cybersecurity Overview DLA Energy Worldwide Energy Conference April 12, 2017 1 Enterprise Risk Management Risk Based: o Use of a risk-based approach for cyber threats with a focus on critical systems where
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationTechnology Security Failures Common security parameters neglected. Presented by: Tod Ferran
Technology Security Failures Common security parameters neglected Presented by: Tod Ferran October 31 st, 2015 1 HALOCK Overview Founded in 1996 100% focus on information security Privately owned Owned
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationHow to Establish Security & Privacy Due Diligence in the Cloud
How to Establish Security & Privacy Due Diligence in the Cloud Presentation: Cloud Computing Expo 2015, Santa Clara, California Maria C. Horton, CISSP, ISSMP, Cloud Essentials, IAM CEO, EmeSec Incorporated
More informationTHE WHITE HOUSE. Office of the Press Secretary EXECUTIVE ORDER
THE WHITE HOUSE Office of the Press Secretary FOR IMMEDIATE RELEASE May 11, 2017 EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationCybersecurity and Data Breach Issues AN OVERVIEW
Cybersecurity and Data Breach Issues AN OVERVIEW October 4, 2017 Download Slides http://jeremydrucker.com/download/taps2017 What is Cybersecurity? Measures taken to protect a computer or computer system
More information2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly
2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/incident 2017 Cyber Incident & Breach Readiness Webinar Craig Spiezle Executive Director
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationTHE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER
FOR IMMEDIATE RELEASE May 11, 2017 THE WHITE HOUSE Office of the Press Secretary EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority
More informationCritical Security Controls. COL Stef Horvath MNARNG Oct 21, 2015
Critical Security Controls COL Stef Horvath MNARNG Oct 21, 2015 Agenda Security Controls the Good, the Bad, the Ugly Emerging Security Controls Critical Security Controls Methodology and Contributors Supporting
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationSEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks
SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks By Richard A. Blunk (Thermopylae Ventures, LLC) and Apprameya Iyengar (Morrison Cohen LLP) The SEC has continued
More informationCybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City
1 Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City The opinions expressed are those of the presenters and are not those of the Federal Reserve Banks, the
More informationSecurity Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
More informationPresidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure EXECUTIVE ORDER [13800] - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS
More informationHF Markets SA (Pty) Ltd Protection of Personal Information Policy
Protection of Personal Information Policy Protection of Personal Information Policy This privacy statement covers the website www.hotforex.co.za, and all its related subdomains that are registered and
More informationWhat to do if your business is the victim of a data or security breach?
What to do if your business is the victim of a data or security breach? Introduction The following information is intended to help you decide how to start preparing for and some of the steps you will want
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationSAFETY Act AAPA Port Security Seminar July 19, 2012 Miami, FL. Washington, D.C
SAFETY Act AAPA Port Security Seminar July 19, 2012 Miami, FL Akmal Ali, J.D. akmal.ali@catalystdc.com Principal, Catalyst Partners 1250 Connecticut Ave. NW www.catalystdc.com Washington, D.C. 20036 World
More informationInside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.
Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D. HIPAA GENERAL RULE PHI may not be disclosed without patient authorization
More informationCyber Attacks and Data Breaches: A Legal and Business Survival Guide
Cyber Attacks and Data Breaches: A Legal and Business Survival Guide August 21, 2012 Max Bodoin, Vince Farhat, Shannon Salimone Copyright 2012 Holland & Knight LLP. All Rights Reserved What this Program
More informationHIPAA Privacy, Security and Breach Notification
HIPAA Privacy, Security and Breach Notification HCCA East Central Regional Annual Conference October 2013 Disclaimer The information contained in this document is provided by KPMG LLP for general guidance
More informationBuilding Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust
Building Privacy into Cyber Threat Information Sharing Cyber Security Symposium Securing the Public Trust Jamie Danker Director, Senior Privacy Officer National Protection and Programs Directorate, U.S.
More informationOHSU s Alumni Relations Program (housed at the OHSU Foundation): 1121 SW Salmon Street, Suite #100 Portland, OR
OHSU Email Address for Life Terms and Conditions These terms and conditions govern your registering, receipt, and use of an @alumni.ohsu.edu email account. Registering for an @alumni.ohsu.edu email account
More informationTackling Cybersecurity with Data Analytics. Identifying and combatting cyber fraud
Tackling Cybersecurity with Data Analytics Identifying and combatting cyber fraud San Antonio IIA iheartaudit Conference February 24, 2017 What We ll Cover + Current threat landscape + Common security
More informationCYBERCRIME The Legal Issues
The IBIA Annual Convention Cancun 3-5 November, 2015 CYBERCRIME The Legal Issues J. Stephen Simms jssimms@simmsshowers.com +1.410.783.5795 Welcome to Cyber-Holics Anonymous Group Therapy To Start our meeting:
More informationTaming the Data Breach Beast... because we all know it will happen. John Tomaszewski Seyfarth Shaw January 2015
Taming the Data Breach Beast... because we all know it will happen John Tomaszewski Seyfarth Shaw January 2015 Data Breaches Scope of the Problem 2015 Seyfarth Shaw LLP 2 What Causes Breaches? Glitch or
More informationWhat It Takes to be a CISO in 2017
What It Takes to be a CISO in 2017 Doug Copley Deputy CISO Sr. Security & Privacy Strategist February 2017 IMAGINE You re the CISO In Bangladesh Of a bank On a Friday when you re closed You realize 6 huge
More informationHealthcare Privacy and Security:
Healthcare Privacy and Security: Breach prevention and mitigation/ Insuring for breach Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com www.securityprivacyandthelaw.com Boston Bar Association
More information10 We prohibit crawling, scraping, caching or otherwise accessing any content on the Service via automated means, including but not limited to, user
Terms of Use By accessing or using the Trainzzz website and/or the Trainzzz application, you agree to be bound by these terms of use ("Terms of Use"). The Service is owned or controlled by Trainzzz. These
More informationLET S ENCRYPT SUBSCRIBER AGREEMENT
Page 1 of 7 LET S ENCRYPT SUBSCRIBER AGREEMENT This Subscriber Agreement ( Agreement ) is a legally binding contract between you and, if applicable, the company, organization or other entity on behalf
More informationSOLUTIONS BRIEFS. ADMINISTRATION (Solutions Brief) KEY SERVICES:
(Solutions Brief) An integrated cybersecurity Administration solution for securing any Large Enterprise. The Industry s most complete protection for the Large Enterprise and Cloud Deployments. KEY SERVICES:
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA ) is entered into between: A. The company stated in the Subscription Agreement (as defined below) ( Data Controller ) and B. Umbraco A/S Haubergsvej
More informationStandards, Patents, and Antitrust: Year in Review
Standards, Patents, and Antitrust: Year in Review Practising Law Institute 11 th Annual Patent Law Institute San Francisco, California April 27, 2017 Gil Ohana, Senior Director, Antitrust and Competition
More informationInvestigating Insider Threats
Investigating Insider Threats February 9, 2016 Jonathan Gannon, AT&T Brenda Morris, Booz Allen Hamilton Benjamin Powell, WilmerHale 1 Panelist Biographies Jonathan Gannon, AT&T, Executive Director & Senior
More informationPLAINSCAPITAL BANK SAMSUNG PAY TERMS AND CONDITIONS - PERSONAL
PLAINSCAPITAL BANK SAMSUNG PAY TERMS AND CONDITIONS - PERSONAL Last Modified: 3/12/2018 These terms and conditions ( Terms and Conditions ) are a legal agreement between you and PlainsCapital Bank that
More informationTHE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, December 29, 2003
THE CAN-SPAM ACT OF 2003: FREQUENTLY ASKED QUESTIONS EFFECTIVE JANUARY 1, 2004 This FAQ is not intended to provide specific advice about individual legal, business, or other questions. It was prepared
More information