Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence

Size: px
Start display at page:

Download "Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence"

Transcription

1 Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence Presented by Keith Barger and Audra A. Dial March 19, Kilpatrick Townsend & Stockton LLP

2 Protection of IP Assets To qualify as a trade secret, an asset must derive economic value from not being generally known and be subject to reasonable degrees of protection. Securing confidential information is equally important. IP assets that do not rise to the level of trade secrets can still be protected as confidential information through NDAs and possibly through statutory protections. 2

3 Perceptions of the Current Threat The highly publicized stories of leaked or stolen personally identifiable information (PII) in the form of credit cards, Social Security numbers and so on. Increased awareness is resulting in the institution of laws, regulations and industry standards resulting in organizations investing millions in controls to prevent and detect hacks. 3

4 The Less Publicized Threat Cyber-criminals, state governments, organized crime and hackers have and increasingly continue to target IP. Estimates show that IP theft costs U.S. businesses billions of dollars a year, while robbing it of jobs and lost tax revenues. The threat from emerging economies is of particular concern, as laws in those jurisdictions can be lax and enforcement more difficult. 4

5 Awareness of Risks Competitors conducting corporate espionage Launching social engineering ploys Departing employees who remove IP Leaks through social media/ /mobile devices/ removable media Bribery of employees Hacking Dumpster diving 5

6 Increasing Awareness Economic espionage or IP theft conducted by insiders, competitors or combinations of the two are the most tangible, common, and destructive threats. Attacks originate from a variety of sources such as an employee, a member of the management team, a corporate board member, third-party contractors or a collaborative partner in a joint venture. 6

7 Securing Your Companies Intellectual Property Educate employees about what your organization considers its most valuable assets. Identifying what your valuable assets consist of and where they reside is no easy task and can be found in multiple forms: Structured and unstructured Amorphous and concrete Capture in whole or in part across multiple documents Entire databases As simple as a thought or idea discussed during meetings 7

8 Prioritize Then Act Conduct a risk and cost-benefit analysis. Map your company s assets and determine what information, if lost or stolen, would have the greatest impact. Then consider which of those assets are at highest risk of being stolen. Identify it: Label confidential information. If your company data is proprietary, put a note to that effect on every log-in screen. Take precautions to protect information before it is compromised. 8

9 Prioritize Then Act Secure your organization s valuable information: Physical and digital protection is a must. Control access where sensitive data is stored. Track and limit access. Monitor the movement and who has possession of valuable information throughout your organization--whether it s the server farm or the musty paper archive room. Educate your employees: Humans are often the weakest link in the defensive chain. Education must be ongoing and practical. 9

10 Prioritize Then Act Devise the appropriate level of protection: Inhibiting data and information sharing, critical to today s collaborative environments, can adversely affect your organization. Yes, having a small amount of the crown jewels trade secrets that are protected by encryption or data masking, two- or three-factor authentication and embedded access controls may be appropriate. Audit the protection of your information and protect the most valuable 1-2% at the highest level. 10

11 Protection Strategies Apply a range of technologies: An essential tool is data loss protection (DLP), which helps track, identify and protect confidential and sensitive information for data that is stored, in use or in motion. In addition to DLP, you need to be able to monitor your two biggest communications channels (Web and ) for outbound data and stop it in its tracks if necessary. Identity and access management tools are increasingly useful for ensuring that data doesn t fall into the wrong hands, and using security information and event management software with a solid log management tool can help you identify suspicious behavior and follow it all the way through to remediation of the threat. 11

12 Protection Strategies In terms of data, the highest risks to the loss or theft of trade secrets stem from mobile devices, cloud services and SSL traffic. SSL accounts for up to 50% of Web traffic, and criminals know that most IT security systems do not inspect it. Most anti-malware security solutions don t look out for such attacks decrypting SSL traffic coming into a network. This is also not something that s always covered by DLP. As services such as Gmail move to automatically send all traffic to SSL, this will only become more of an issue. Understand encryption and apply it judiciously. 12

13 Protection Strategies: USB Storage Risks: Low cost; easily concealed; portable; zero configuration; plug and play with any computer. Mitigation: Disconnect USB ports; confiscate keys and copiers; ban possession or limit to on-site use only. Monitor important file activity/transfers. 13

14 Protection Strategies: Laptops Risks: Create immediate access outside company; physical removal not necessary; quick transaction; can make it look like normal online activity. Requires an accomplice (knowing or unwitting) person or machine to receive data; likely to leave audit trail. Mitigation: Use products to inspect and prevent transactions. Ban hard-to-control apps like IM (But some companies can easily ban IM; others will have a user revolt!). Monitor applications and file transfer activity. The challenge here isn t the mechanics of preventing or stopping the loss of trade secret theft, but the balance of productivity and openness with the need to secure. 14

15 Protection Strategies: Mobile Devices Risks: Pictures of notes, whiteboards, labs, other sensitive data. Discreet; can capture handwritten data; portable; concealable; physical removal unnecessary. Mitigation: Ban mobile device cameras from use on premises. Where appropriate, search bags upon entry and/or departure to sensitive areas. Employees should report unusual behavior involving mobile devices. Many companies already ban mobile device cameras, especially in research areas or at sensitive meetings. Searches should start with visitors and extend to employees working in high-risk environments. 15

16 Protection Strategies: Departing Employees Create mirror images of hard drives. Don t taint potential evidence. Don t redeploy too quickly. Prepare an incident instruction memo. Understand modern methods of trade secret misappropriation and build defenses against their abuse. Make sure employees understand that, on computers, delete doesn t actually mean delete. Create a litigation response team. Be ethical, no matter what. 16

17 Protection Strategies: The Exit Interview Remind employee of confidentiality agreements previously executed and explain that the obligations are ongoing. Use a checklist! Do you have any company documents or materials at home? Have you returned all flash drives that contain company information? If doubtful, consider requesting the employee sign affidavit or certification. Must have ability to inspect or wipe mobile devices before employee separates! 17

18 Contact Information Keith Barger, Managing Director BDO Consulting Audra A. Dial, Partner Kilpatrick Townsend 18

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155 THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION Session #155 David Forrestall, CISSP CISA SecurIT360 SPEAKERS Carl Scaffidi, CISSP, ISSAP, CEH, CISM Director of Information Security Baker Donelson AGENDA

More information

716 West Ave Austin, TX USA

716 West Ave Austin, TX USA Fundamentals of Computer and Internet Fraud GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA TABLE OF CONTENTS I. INTRODUCTION What Is Computer Crime?... 2 Computer Fraud

More information

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016 Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the

More information

CloudSOC and Security.cloud for Microsoft Office 365

CloudSOC and  Security.cloud for Microsoft Office 365 Solution Brief CloudSOC and Email Security.cloud for Microsoft Office 365 DID YOU KNOW? Email is the #1 delivery mechanism for malware. 1 Over 40% of compliance related data in Office 365 is overexposed

More information

The Impact of Cybersecurity, Data Privacy and Social Media

The Impact of Cybersecurity, Data Privacy and Social Media Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

2017 Annual Meeting of Members and Board of Directors Meeting

2017 Annual Meeting of Members and Board of Directors Meeting 2017 Annual Meeting of Members and Board of Directors Meeting Dan Domagala; "Cybersecurity: An 8-Point Checklist for Protecting Your Assets" Join this interactive discussion about cybersecurity trends,

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

DeMystifying Data Breaches and Information Security Compliance

DeMystifying Data Breaches and Information Security Compliance May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts

More information

Hacking and Cyber Espionage

Hacking and Cyber Espionage Hacking and Cyber Espionage September 19, 2013 Prophylactic and Post-Breach Concerns for In-House Counsel Raymond O. Aghaian, McKenna Long & Aldridge LLP Elizabeth (Beth) Ferrell, McKenna Long & Aldridge

More information

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS HOW SECURE IS YOUR VPN ACCESS? Remote access gateways such as VPNs and firewalls provide critical anywhere-anytime connections to the networks

More information

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation

More information

Red Flag Regulations

Red Flag Regulations Red Flag Regulations Identity Theft Put In Context Overview of Topics Red Flag Regulations Overview How UM Protects Information What is the Student Workers role in identity theft prevention? What s this

More information

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm Insider Threat Program: Protecting the Crown Jewels Monday, March 2, 2:15 pm - 3:15 pm Take Away Identify your critical information Recognize potential insider threats What happens after your critical

More information

Securing Office 365 with SecureCloud

Securing Office 365 with SecureCloud Securing Office 365 with SecureCloud 1 Introduction Microsoft Office 365 has become incredibly popular because of the mobility and collaboration it enables. With Office 365, companies always have the latest

More information

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW Janis Kestenbaum (Federal Trade Commission) John O Tuel (GlaxoSmithKline) Alfred Saikali (Shook Hardy & Bacon) Christopher

More information

Governance Ideas Exchange

Governance Ideas Exchange www.pwc.com.au Anatomy of a Hack Governance Ideas Exchange Robert Di Pietro October 2018 Cyber Security Anatomy of a Hack Cyber Security Introduction Who are the bad guys? Profiling the victim Insights

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.

More information

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW May 2018 Ed Plawecki General Counsel & Director of Government Relations UHY LLP Jamie See Manager UHY LLP Iowa Public

More information

Cyber-Threats and Countermeasures in Financial Sector

Cyber-Threats and Countermeasures in Financial Sector Michael Mavroforakis, PhD Group CISO & CDO SEV: Workshop on Digital Enablers (Cloud & Cybersecurity) 27th March 2018 Agenda: CYBERSECURITY Potential Targets Attack Examples Insider vs Outsider Threats

More information

Combating Cyber Risk in the Supply Chain

Combating Cyber Risk in the Supply Chain SESSION ID: CIN-W10 Combating Cyber Risk in the Supply Chain Ashok Sankar Senior Director Cyber Strategy Raytheon Websense @ashoksankar Introduction The velocity of data breaches is accelerating at an

More information

Reducing Cyber Risk in Your Organization

Reducing Cyber Risk in Your Organization Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than

More information

It s About the Data, Stupid.

It s About the Data, Stupid. Next Presentation Begins at 16:40 It s About the Data, Stupid. Salo Fajer, Chief Technology Officer It s About the Data, Stupid. Salo Fajer, Chief Technology Officer First, allow me to explain my session

More information

Dissecting Data Breaches. What Keeps Going Wrong?

Dissecting Data Breaches. What Keeps Going Wrong? Dissecting Data Breaches What Keeps Going Wrong? 02 WHO WE ARE Tom Stewart Uriah Robins Senior Manager IT Consulting Protiviti Senior Consultant IT Consulting Protiviti PRESENTATION AGENDA 3 START BREACH

More information

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018 Cyber fraud attacks happen; they can t all be stopped. The higher order question must be how can we, as fraud examiners and assurance professionals,

More information

How to Prepare a Response to Cyber Attack for a Multinational Company.

How to Prepare a Response to Cyber Attack for a Multinational Company. You Have Been Breached! How to Prepare a Response to Cyber Attack for a Multinational Company. Chayan Chakravarti, MBA, CISM, PMP Patrick Enyart, CISA, CISM, CRISC Presenters Chayan Chakravarti Manager,

More information

Mission Defense via Information-Centric Security

Mission Defense via Information-Centric Security Mission Defense via Information-Centric Security Overview It s About the Information Traditional CND Tools are Not Sufficient Not All Data is Created Equal "The views expressed in this presentation are

More information

Cyber Security Updates and Trends Affecting the Real Estate Industry

Cyber Security Updates and Trends Affecting the Real Estate Industry Cyber Security Updates and Trends Affecting the Real Estate Industry What, Why, and How? Agenda Cyber Security Today Changes to Security Standards and Trends Protecting Yourself and Your Organization Takeways

More information

Jeff Wilbur VP Marketing Iconix

Jeff Wilbur VP Marketing Iconix 2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online

More information

Information Security Is a Business

Information Security Is a Business Information Security Is a Business Continuity Issue: Are You Ready? Dr. Nader Mehravari Cyber Risk and Resilience Management Team CERT Division Software Engineering Institute Carnegie Mellon University

More information

How Cyber-Criminals Steal and Profit from your Data

How Cyber-Criminals Steal and Profit from your Data How Cyber-Criminals Steal and Profit from your Data Presented by: Nick Podhradsky, SVP Operations SBS CyberSecurity www.sbscyber.com Consulting Network Security IT Audit Education 1 Agenda Why cybersecurity

More information

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Q3 2016 Security Matters Forum Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide Alan Calder Founder & Executive Chair IT Governance Ltd July 2016 www.itgovernance.co.uk Introduction

More information

Cyber Security Issues

Cyber Security Issues RHC Summit 6/9/2017 Cyber Security Issues Dennis E. Leber CISO CHFS Why is it Important? Required by Law Good Business Strategy Right Thing to Do Why is it Important? According to Bitglass' 2017 Healthcare

More information

Oracle Data Cloud ( ODC ) Inbound Security Policies

Oracle Data Cloud ( ODC ) Inbound Security Policies Oracle Data Cloud ( ODC ) Inbound Security Policies Contents Contents... 1 Overview... 2 Oracle Data Cloud Security Policy... 2 Oracle Information Security Practices - General... 2 Security Standards...

More information

Leading Authority Doug Kaminski On 3 Key Ways To Protect Your IP. #FearlessLaw on High Performance Counsel

Leading Authority Doug Kaminski On 3 Key Ways To Protect Your IP. #FearlessLaw on High Performance Counsel Leading Authority Doug Kaminski On 3 Key Ways To Protect Your IP #FearlessLaw on High Performance Counsel #BakersDozen is a series of interviews with leading professionals in the fields of law, consulting,

More information

Cyber Security and Project Planning: How to Bake It In

Cyber Security and Project Planning: How to Bake It In Cyber Security and Project Planning: How to Bake It In Tim Jacks, PhD, CMIS, SIUE Bruce Tons, VP, Security Officer, IT Privacy Advisor, Rabo AgriFinance Doug Ascoli, Sr. Project Manager, Ameren Tonya Munger,

More information

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS 10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND

More information

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa

Evolution of Cyber Security. Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Evolution of Cyber Security Nasser Kettani Chief Technology Officer Microsoft, Middle East and Africa Nasser.Kettani@microsoft.com @nkettani MODERN SECURITY THREATS THERE ARE TWO KINDS OF BIG COMPANIES:

More information

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016 Panelists Beverly J. Jones, Esq. Senior Vice President and Chief Legal Officer ASPCA Christin S. McMeley, CIPP-US

More information

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Data Theft Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response playbook guide. This guide has been created especially for you for use in within your security

More information

The Cyber War on Small Business

The Cyber War on Small Business The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber

More information

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government

More information

McAfee Total Protection for Data Loss Prevention

McAfee Total Protection for Data Loss Prevention McAfee Total Protection for Data Loss Prevention Protect data leaks. Stay ahead of threats. Manage with ease. Key Advantages As regulations and corporate standards place increasing demands on IT to ensure

More information

Cybersecurity for Health Care Providers

Cybersecurity for Health Care Providers Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact

More information

THE ACCENTURE CYBER DEFENSE SOLUTION

THE ACCENTURE CYBER DEFENSE SOLUTION THE ACCENTURE CYBER DEFENSE SOLUTION A MANAGED SERVICE FOR CYBER DEFENSE FROM ACCENTURE AND SPLUNK. YOUR CURRENT APPROACHES TO CYBER DEFENSE COULD BE PUTTING YOU AT RISK Cyber-attacks are increasingly

More information

Internet of Things Toolkit for Small and Medium Businesses

Internet of Things Toolkit for Small and Medium Businesses Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors

More information

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

10 Cybersecurity Questions for Bank CEOs and the Board of Directors 4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors

More information

Critical Information Infrastructure Protection Law

Critical Information Infrastructure Protection Law Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.

More information

Legal Considerations and Case Studies

Legal Considerations and Case Studies Cybersecurity for Small & Mid-Size Businesses Phil Schenkenberg, J.D., CIPP/US Cyrus Malek, J.D., Certification in Cybersecurity and Privacy Law Legal Considerations and Case Studies Copyright, Briggs

More information

The security challenge in a mobile world

The security challenge in a mobile world The security challenge in a mobile world Contents Executive summary 2 Executive summary 3 Controlling devices and data from the cloud 4 Managing mobile devices - Overview - How it works with MDM - Scenario

More information

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. Intelligence-driven security STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions. BETTER INTELLIGENCE. BETTER DEFENSE. The

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

Office 365 Buyers Guide: Best Practices for Securing Office 365

Office 365 Buyers Guide: Best Practices for Securing Office 365 Office 365 Buyers Guide: Best Practices for Securing Office 365 Microsoft Office 365 has become the standard productivity platform for the majority of organizations, large and small, around the world.

More information

Why you MUST protect your customer data

Why you MUST protect your customer data Why you MUST protect your customer data If you think you re exempt from compliance with customer data security and privacy laws because you re a small business, think again. Businesses of all sizes are

More information

50+ Incident Response Preparedness Checklist Items.

50+ Incident Response Preparedness Checklist Items. 50+ Incident Response Preparedness Checklist Items Brought to you by: Written by: Buzz Hillestad, Senior Information Security Consultant at SBS, LLC 1 and Blake Coe, Vice President, Network Security at

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018

DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL. June 14, 2018 DIRECTIVE ON INFORMATION TECHNOLOGY SECURITY FOR BANK PERSONNEL June 14, 2018 A. Overriding Objective 1.1 This Directive establishes the rules and instructions for Bank Personnel with respect to Information

More information

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity

Building a Business Case for Cyber Threat Intelligence. 5Reasons Your. Organization Needs a Risk-Based 5Approach to Cybersecurity Building a Business Case for Cyber Threat Intelligence 5Reasons Your Organization Needs a Risk-Based 5Approach to Cybersecurity 5 Reasons for a Risk-Based Approach to Cybersecurity The Bad Guys are Winning

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

Security Issues and Best Practices for Water Facilities

Security Issues and Best Practices for Water Facilities Security Issues and Best Practices for Water Facilities Standards Certification Jeff Hayes Business Development Manager Beijer Electronics Education & Training Publishing Conferences & Exhibits 2013 ISA

More information

IS Today: Managing in a Digital World 9/17/12

IS Today: Managing in a Digital World 9/17/12 IS Today: Managing in a Digital World Chapter 10 Securing Information Systems Worldwide losses due to software piracy in 2005 exceeded $34 billion. Business Software Alliance, 2006 Accessories for war

More information

Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN

More information

Bring Your Own Device (BYOD)

Bring Your Own Device (BYOD) Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner

Is your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial

More information

The CERT Top 10 List for Winning the Battle Against Insider Threats

The CERT Top 10 List for Winning the Battle Against Insider Threats The CERT Top 10 List for Winning the Battle Against Insider Threats Dawn Cappelli CERT Insider Threat Center Software Engineering Institute Carnegie Mellon University Session ID: STAR-203 Session Classification:

More information

PCI Compliance. What is it? Who uses it? Why is it important?

PCI Compliance. What is it? Who uses it? Why is it important? PCI Compliance What is it? Who uses it? Why is it important? Definitions: PCI- Payment Card Industry DSS-Data Security Standard Merchants Anyone who takes a credit card payment 3 rd party processors companies

More information

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic

More information

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time

Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:

More information

Big data privacy in Australia

Big data privacy in Australia Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that

More information

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented

More information

Certified Cyber Security Specialist

Certified Cyber Security Specialist Certified Cyber Security Specialist Page 1 of 7 Why Attend This course will provide participants with in-depth knowledge and practical skills to plan, deliver and monitor IT/cyber security to internal

More information

Compliance in 5 Steps

Compliance in 5 Steps Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential

More information

What FinAid offices need to know about cyberattacks. Presented by: Chris Chumley, COO at CampusLogic Thursday, March 31, EST

What FinAid offices need to know about cyberattacks. Presented by: Chris Chumley, COO at CampusLogic Thursday, March 31, EST What FinAid offices need to know about cyberattacks Presented by: Chris Chumley, COO at CampusLogic Thursday, March 31, 2016 @12pm EST BY 2014, OVER 1 BILLION PERSONAL DATA RECORDS HAD BEEN COMPROMISED

More information

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory Audience: NDCBF IT Security Team Last Reviewed/Updated: March 2018 Contact: Henry Draughon hdraughon@processdeliveysystems.com Overview... 2 Sensitive Data Inventory and Classification... 3 Applicable

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

CipherCloud CASB+ Connector for ServiceNow

CipherCloud CASB+ Connector for ServiceNow ServiceNow CASB+ Connector CipherCloud CASB+ Connector for ServiceNow The CipherCloud CASB+ Connector for ServiceNow enables the full suite of CipherCloud CASB+ capabilities, in addition to field-level

More information

PROVIDING INVESTIGATIVE SOLUTIONS

PROVIDING INVESTIGATIVE SOLUTIONS PROVIDING INVESTIGATIVE SOLUTIONS Experienced Professionals Northeast Intelligence Group, Inc. (NEIG) has been helping clients meet challenges for more than twenty years. By providing meaningful and timely

More information

Data Breach Preparedness & Response

Data Breach Preparedness & Response Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication

More information

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH Data Breach Preparedness & Response April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH 2015 Armstrong Teasdale 6 Stages of a Data Breach Response Preparation Identification Containment Eradication

More information

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Elements of a Swift (and Effective) Response to a HIPAA Security Breach Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information

More information

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean? Cyber Security One of the Most Critical Risk Mitigation Efforts to Bridge the Gap Between Compliance and Ethics Charly Shugg, Brigadier General, USAF, Retired Partner Chief Operating Officer Sylint Group,

More information

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016

Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations. Arkansas Joint Committee on Energy March 16, 2016 Cyber Security Panel Discussion Gary Hayes, SVP & CIO Technology Operations Arkansas Joint Committee on Energy March 16, 2016 CenterPoint Energy, Inc. (NYSE: CNP) Regulated Electric and Natural Gas Utility

More information

COMPUTER FORENSICS (CFRS)

COMPUTER FORENSICS (CFRS) Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics

More information

2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT Research Conducted by Research Analyzed by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security GLOBAL EDITION #2015InsiderThreat EXECUTIVE PERSPECTIVE 1 INSIDER THREATS:

More information

Changing face of endpoint security

Changing face of endpoint security Changing face of endpoint security S A N T H O S H S R I N I V A S A N C I S S P, C I S M, C R I S C, C E H, C I S A, G S L C, C G E I T D I R E C T O R S H A R E D S E R V I C E S, H C L T E C H N O L

More information

MIS5206-Section Protecting Information Assets-Exam 1

MIS5206-Section Protecting Information Assets-Exam 1 Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines

More information

Introduction to Ethical Hacking. Chapter 1

Introduction to Ethical Hacking. Chapter 1 Introduction to Ethical Hacking Chapter 1 Definition of a Penetration Tester Sometimes called ethical hackers though label is less preferred Pen testers are: People who assess security of a target Specially

More information

Best Practices for a Successful DLP Deployment

Best Practices for a Successful DLP Deployment Best Practices for a Successful DLP Deployment TITUS White Paper Information in this document is subject to change without notice. Complying with all applicable copyright laws is the responsibility of

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

GDPR: The Day After. Pierre-Luc REFALO

GDPR: The Day After. Pierre-Luc REFALO GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal

More information

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse.

Sobering statistics. The frequency and sophistication of cybersecurity attacks are getting worse. Sobering statistics The frequency and sophistication of cybersecurity attacks are getting worse. 146 >63% $500B $3.8M The median # of days that attackers reside within a victim s network before detection

More information

Protecting from Attack in Office 365

Protecting  from Attack in Office 365 A hacker only needs one person to click on their fraudulent link to access credit card, debit card and Social Security numbers, names, addresses, proprietary information and other sensitive data. Protecting

More information

ROADMAP TO DFARS COMPLIANCE

ROADMAP TO DFARS COMPLIANCE ROADMAP TO DFARS COMPLIANCE ARE YOU READY FOR THE 12/31/17 DEADLINE? In our ebook, we have answered the most common questions we receive from companies preparing for DFARS compliance. Don t risk terminated

More information

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

Securing Office 365 with MobileIron

Securing Office 365 with MobileIron Securing Office 365 with MobileIron Introduction Office 365 is Microsoft s cloud-based productivity suite. It includes online versions of Microsoft s most popular solutions, like Exchange and SharePoint,

More information

KuppingerCole Whitepaper. by Dave Kearns February 2013

KuppingerCole Whitepaper. by Dave Kearns February 2013 KuppingerCole Whitepaper by Dave Kearns February 2013 KuppingerCole Whitepaper Using Information Stewardship within by Dave Kearns dk@kuppingercole.com February 2013 Content 1. Summary... 3 2. Good information

More information