SlideShare uma empresa Scribd logo

Data breach presentation

Transferir como PPTX, PDF
B
Bradford Bach

Minimizing the Risk of a Data Breach in the Workplace

Tecnologia
1 de 27
Minimizing the Risk of a Data Breach in the Workplace December 8, 2015 Bradford Bach BradfordBach| bbach@titan-ca.com | 213.784.3070
High profilesecuritybreaches make news BradfordBach | bbach@titan-ca.com | 213.784.3070
Cyber thieves target smaller companies! • They are not prepared • They don’t understand their legal obligations • They have financial liability • They are the nexus for larger company breaches BradfordBach | bbach@titan-ca.com | 213.784.3070
Cyber attacksare on the rise • Nations, groups & individuals are targeting – Institutions – Financial services agencies – Utilities – Consumers • 43 percent of US firms have experienced a data breach in the past year (survey of 735 businesses) Source: Pew Research Centerand Ponemon Institute BradfordBach | bbach@titan-ca.com | 213.784.3070
What are the hackers looking for? • Credit card details • Bank account numbers and PIN’s • Social security numbers • Passport numbers • Drivers licenses • Usernames and passwords • Birthdays and anniversaries BradfordBach | bbach@titan-ca.com | 213.784.3070
Management’sconcern about data breach Percentage concern level on 10-point scale Source: Ponemon Institute BradfordBach| bbach@titan-ca.com | 213.784.3070
Key steps companieshave taken • Recognizedtheneedfor a strongercyberdefenseposture • Allocatedresourcesto preventing,detectingandresolvingdata breaches • Developedoperationsandcomplianceprocedures • EstablishedComputerSecurityIncidentResponseTeams(SIRT) BradfordBach| bbach@titan-ca.com | 213.784.3070
Investments in response to databreaches Source: Ponemon Institute BradfordBach | bbach@titan-ca.com | 213.784.3070
What constitutesan incident? • Report of a physical or criminal act (e.g.:theft of a computer, laptop, tablet or PDA) • Suspicion that a device has been compromised to allow access to sensitive data • Security issue with a person using equipment • Other circumstances that warrant investigation include disruptive viruses, denial of service attacks, malware, phishing scams, spam etc. BradfordBach| bbach@titan-ca.com | 213.784.3070
Are youprepared? • Are you working with your IT team to ensure that you have appropriate security controls in place? • Do you have a SIRT team in place including general counsel, executives, key personnel & IT? • Have you implemented best practices policies and procedures to secure your network? • How are you funded to cover the legal compliance and costs associated with a breach? • Do you know what laws impact your industry? BradfordBach| bbach@titan-ca.com | 213.784.3070
Cybercrime example BradfordBach| bbach@titan-ca.com | 213.784.3070
SIRT response teams andplan minimums 1. Planning: Have shared goals and describe them in detail 2. TheTeam: Identify, inform and train those you expectto take action BradfordBach| bbach@titan-ca.com | 213.784.3070
SIRT response teams andplan minimums 3. Incident identification methods and triggers Define events and mechanisms that mighttrigger a security incident investigation. Provide examples to help othersunderstand what to look for and how to respond. • Theft or loss ofan unencrypted device • Hacking ofa system containing protected data • Employee snooping • Malwarecapable ofdata exfiltration BradfordBach| bbach@titan-ca.com | 213.784.3070
SIRT response teams andplan minimums 4. Breach determination methodology How will youdetermine if protected data was likelyto havebeen compromised based on the attack, data classification, jurisdiction andparticular regulations? Usethe four factor risk assessment methodology required for healthcaredata. If thereis a probability of compromise, then you have suffered a breach. Thefour factors are: • Thenatureandextentoftheprotectedinformationinvolved,includingthetypesofidentifiersandthelikelihoodofre- identification; • Theunauthorizedpersonwhousedtheprotectedinformationortowhomthedisclosurewasmade; • Whethertheprotectedinformationwasactuallyacquiredorviewed; • Theextenttowhichtherisktotheprotectedinformationhasbeenmitigated. BradfordBach| bbach@titan-ca.com | 213.784.3070
SIRT response teams andplan minimums 5. Breach response team activation This will includemembers of the CIRTbut those that are normallynot included in incidents that do not convert to a breach. Theycan be both internaland external including: • Technical • Executive • Legal andcompliance • Public relations • Security vendors, etc. BradfordBach| bbach@titan-ca.com | 213.784.3070
SIRT response teams andplan minimums 6. Notification actions Notification requirements vary by statute, state and data class. It is important to know the requirements for each class of data youpossess. 7. Reporting and documentation It is critical that youproduce accurateand complete documentation of the events, actions, and results that occuras the result of a security incident. Besure to spend the time requiredto accuratelyportray what happened, who did what, to what and with what? Keep copies of all communications, notifications and any and all activity. BradfordBach| bbach@titan-ca.com | 213.784.3070
SIRT response teams andplan minimums 8. Policy and procedural ortechnological improvement After a significant security incident and breach is a great opportunity to improveupon the policies and procedures to prevent another breach in the futureand how to respond if it happens again. Takethis opportunity to consider what happened and how youreacted. Thenconsider and documentways to improveon both. BradfordBach| bbach@titan-ca.com | 213.784.3070
Trainingand updating staff Onceyou have createdyour Computer Security Incident Response Plan and when you use the plan to respond; you should then train your staff effectively and consistently. BradfordBach| bbach@titan-ca.com | 213.784.3070
Trainingand updating staff • Having plans for which staff are either unaware of or are not familiar with when it is time to act is much like having no plans at all. • A lack of training can lead to inaction, delays and mistakes which are avoidable and canbe incredibly costly. Empoweryour employees to beconfident and ready to act when the inevitable occurs. BradfordBach| bbach@titan-ca.com | 213.784.3070
BradfordBach | bbach@titan-ca.com | 213.784.3070
Breakdown of Events Impacting Security Source: Pew Research Center and Ponemon Institute Bradford Bach | bbach@titan-ca.com | 213.784.3070
Socialnetworking scams Source: Ponemon Institute BradfordBach | bbach@titan-ca.com | 213.784.3070
Understandyour specificlegal obligations • Health InformationPortability& AccountabilityAct(HIPAA) • Health InformationTechnologyforEconomicandClinical Health Act (HITECH) • Customs-TradePartnershipAgainstTerrorism(C-TPAT) • FairandAccurateCreditTransactionAct(FACTA) includesRedFlagsRule • NorthAmerican Electric ReliabilityCorp.(NERC) • CriticalInfrastructureProtection(CIP) • InternationalTraffickingin Arm Regulation(ITAR) • Criminal JusticeInformationServices (CJIS) • FederalInformationProcessingStandards(FIPS) • FederalInformationSecurityManagement Act(FISMA) • TheChildren’sOnlinePrivacyProtectionAct(COPPA) BradfordBach| bbach@titan-ca.com | 213.784.3070
Be prepared! • Addressing regulatory issuesshould go beyond meeting minimum requirements. It should also introduce efficiencies and processes that improve your overall business. BradfordBach| bbach@titan-ca.com | 213.784.3070
Areas of focus tobe defensible in2016 1. Do a vulnerability or security assessment 2. Conduct patching for software security updates 3. Implement e-mail spam/malware filtering with link reputation checking 4. Set up a network security policy 5. Antivirus/malware 6. Cultivate a culture of safety with end-usertraining • Source:: LeadingSecurityExpertsAlvakaNetworks BradfordBach| bbach@titan-ca.com | 213.784.3070
Areas of focus tobe defensiblein 2016 7. Implement backupand disaster recovery/business continuity 8. Network monitoring is an important function 9. Utilize the full security potential of VLAN and VPN 10. Gofor an up-to-date firewall/UTM technology, IPS/IDS 11. Dual factor authentication provides greater security 12. Makesureyou do your budgeting and ROI on security measures Source:: Leading Security Experts Alvaka Networks BradfordBach| bbach@titan-ca.com | 213.784.3070
BradfordBach | bbach@titan-ca.com | 213.784.3070

Recomendados

Data breach
Data breachData breach
Data breachBurhan Ahmed
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 

Recomendados

Data breach
Data breachData breach
Data breachBurhan Ahmed
 
The Anatomy of a Data Breach
The Anatomy of a Data BreachThe Anatomy of a Data Breach
The Anatomy of a Data BreachDavid Hunt
 
Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Cyber Security and Cyber Awareness
Cyber Security and Cyber Awareness Jay Nagar
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringCyber Agency
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Presentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human HackingPresentation of Social Engineering - The Art of Human Hacking
Presentation of Social Engineering - The Art of Human Hackingmsaksida
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Social engineering
Social engineeringSocial engineering
Social engineeringVishal Kumar
 
Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Hovhannes Aghajanyan
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
HACKING
HACKINGHACKING
HACKINGD's Surti
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Social engineering
Social engineering Social engineering
Social engineering Abdelhamid Limami
 
Hacking
HackingHacking
HackingAsma Khan
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecuritydivyanshigarg4
 
Social engineering
Social engineeringSocial engineering
Social engineeringankushmohanty
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessEversheds Sutherland
 

Mais conteúdo relacionado

Mais procurados

Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecuritysommerville-videos
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptxkishore golla
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness Net at Work
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0DallasHaselhorst
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Social engineering
Social engineeringSocial engineering
Social engineeringRobert Hood
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awarenessPhishingBox
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awarenessMichel Bitter
 

Mais procurados (20)

Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015Social Engineering | #ARMSec2015
Social Engineering | #ARMSec2015
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
HACKING
HACKINGHACKING
HACKING
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
Incident response
Incident responseIncident response
Incident response
 
Social engineering
Social engineering Social engineering
Social engineering
 
Hacking
HackingHacking
Hacking
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0Cybersecurity Awareness Training Presentation v1.0
Cybersecurity Awareness Training Presentation v1.0
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.
 
Phishing awareness
Phishing awarenessPhishing awareness
Phishing awareness
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness14 tips to increase cybersecurity awareness
14 tips to increase cybersecurity awareness
 

Destaque

Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessEversheds Sutherland
 
Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...
Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...
Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...DATAVERSITY
 
Group 3 presentation
Group 3 presentationGroup 3 presentation
Group 3 presentationZack T
 
FOSDEM 2016: The State of XMPP and Instant Messaging, The Awakening
FOSDEM 2016: The State of XMPP and Instant Messaging, The AwakeningFOSDEM 2016: The State of XMPP and Instant Messaging, The Awakening
FOSDEM 2016: The State of XMPP and Instant Messaging, The AwakeningNyco
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
8 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 20158 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 2015Identacor
 
Leveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team ProductivityLeveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team ProductivityJustin Denton
 
Slack presentation
Slack presentationSlack presentation
Slack presentationblevz
 
inventory control & ABC analysis ppt
inventory control & ABC analysis pptinventory control & ABC analysis ppt
inventory control & ABC analysis ppthyderali123
 
Slack's Ali Rayl on Scaling Support for User Growth
Slack's Ali Rayl on Scaling Support for User GrowthSlack's Ali Rayl on Scaling Support for User Growth
Slack's Ali Rayl on Scaling Support for User GrowthHeavybit
 
A SaaS Metric designed to Increase Free Trial Conversions
A SaaS Metric designed to Increase Free Trial ConversionsA SaaS Metric designed to Increase Free Trial Conversions
A SaaS Metric designed to Increase Free Trial ConversionsLincoln Murphy
 
How (and When) to Hire a Great VP of Customer Success Management CSM
How (and When) to Hire a Great VP of Customer Success Management CSMHow (and When) to Hire a Great VP of Customer Success Management CSM
How (and When) to Hire a Great VP of Customer Success Management CSMGainsight
 
How to Drive Growth with Customer Success Metrics
How to Drive Growth with Customer Success MetricsHow to Drive Growth with Customer Success Metrics
How to Drive Growth with Customer Success MetricsGainsight
 
SaaS Accounting: The blueprint to understanding and optimizing
SaaS Accounting: The blueprint to understanding and optimizingSaaS Accounting: The blueprint to understanding and optimizing
SaaS Accounting: The blueprint to understanding and optimizingPrice Intelligently
 
9 Worst Practices in SaaS Metrics
9 Worst Practices in SaaS Metrics9 Worst Practices in SaaS Metrics
9 Worst Practices in SaaS MetricsChristoph Janz
 

Destaque (20)

Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples Story
 
Data Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your businessData Security Breach – knowing the risks and protecting your business
Data Security Breach – knowing the risks and protecting your business
 
Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...
Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...
Big Challenges in Data Modeling Webinar: Data Security, Data Breaches – Data ...
 
Group 3 presentation
Group 3 presentationGroup 3 presentation
Group 3 presentation
 
FOSDEM 2016: The State of XMPP and Instant Messaging, The Awakening
FOSDEM 2016: The State of XMPP and Instant Messaging, The AwakeningFOSDEM 2016: The State of XMPP and Instant Messaging, The Awakening
FOSDEM 2016: The State of XMPP and Instant Messaging, The Awakening
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
8 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 20158 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 2015
 
Leveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team ProductivityLeveraging Cloud Based Technologies for Increased Team Productivity
Leveraging Cloud Based Technologies for Increased Team Productivity
 
Inventory Control
Inventory ControlInventory Control
Inventory Control
 
abc analysis and eoq
abc analysis and eoq abc analysis and eoq
abc analysis and eoq
 
wendy's presentation
wendy's presentationwendy's presentation
wendy's presentation
 
Slack presentation
Slack presentationSlack presentation
Slack presentation
 
inventory control & ABC analysis ppt
inventory control & ABC analysis pptinventory control & ABC analysis ppt
inventory control & ABC analysis ppt
 
Inventory control techniques
Inventory control techniquesInventory control techniques
Inventory control techniques
 
Slack's Ali Rayl on Scaling Support for User Growth
Slack's Ali Rayl on Scaling Support for User GrowthSlack's Ali Rayl on Scaling Support for User Growth
Slack's Ali Rayl on Scaling Support for User Growth
 
A SaaS Metric designed to Increase Free Trial Conversions
A SaaS Metric designed to Increase Free Trial ConversionsA SaaS Metric designed to Increase Free Trial Conversions
A SaaS Metric designed to Increase Free Trial Conversions
 
How (and When) to Hire a Great VP of Customer Success Management CSM
How (and When) to Hire a Great VP of Customer Success Management CSMHow (and When) to Hire a Great VP of Customer Success Management CSM
How (and When) to Hire a Great VP of Customer Success Management CSM
 
How to Drive Growth with Customer Success Metrics
How to Drive Growth with Customer Success MetricsHow to Drive Growth with Customer Success Metrics
How to Drive Growth with Customer Success Metrics
 
SaaS Accounting: The blueprint to understanding and optimizing
SaaS Accounting: The blueprint to understanding and optimizingSaaS Accounting: The blueprint to understanding and optimizing
SaaS Accounting: The blueprint to understanding and optimizing
 
9 Worst Practices in SaaS Metrics
9 Worst Practices in SaaS Metrics9 Worst Practices in SaaS Metrics
9 Worst Practices in SaaS Metrics
 

Semelhante a Data breach presentation

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingJoe Nathans
 
Cybersecurity digital marketing plan
Cybersecurity digital marketing planCybersecurity digital marketing plan
Cybersecurity digital marketing planRohit Philips
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsSkoda Minotti
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityJoel Cardella
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Item46763
Item46763Item46763
Item46763madunix
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurityIT Governance Ltd
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxJkYt1
 
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?BGA Cyber Security
 

Semelhante a Data breach presentation (20)

Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Cybersecurity digital marketing plan
Cybersecurity digital marketing planCybersecurity digital marketing plan
Cybersecurity digital marketing plan
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
New Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law RequirementsNew Ohio Cybersecurity Law Requirements
New Ohio Cybersecurity Law Requirements
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
 
Item46763
Item46763Item46763
Item46763
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 
Is it time for an IT Assessment?
Is it time for an IT Assessment?Is it time for an IT Assessment?
Is it time for an IT Assessment?
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
CSIRT_16_Jun
CSIRT_16_JunCSIRT_16_Jun
CSIRT_16_Jun
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptx
 
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?
BGA SOME/SOC Etkinliği - Kurumsal SOME’ler için SOC Modeli Nasıl Olmalı?
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Data breach presentation

  • 1. Minimizing the Risk of a Data Breach in the Workplace December 8, 2015 Bradford Bach BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 2. High profilesecuritybreaches make news BradfordBach | bbach@titan-ca.com | 213.784.3070
  • 3. Cyber thieves target smaller companies! • They are not prepared • They don’t understand their legal obligations • They have financial liability • They are the nexus for larger company breaches BradfordBach | bbach@titan-ca.com | 213.784.3070
  • 4. Cyber attacksare on the rise • Nations, groups & individuals are targeting – Institutions – Financial services agencies – Utilities – Consumers • 43 percent of US firms have experienced a data breach in the past year (survey of 735 businesses) Source: Pew Research Centerand Ponemon Institute BradfordBach | bbach@titan-ca.com | 213.784.3070
  • 5. What are the hackers looking for? • Credit card details • Bank account numbers and PIN’s • Social security numbers • Passport numbers • Drivers licenses • Usernames and passwords • Birthdays and anniversaries BradfordBach | bbach@titan-ca.com | 213.784.3070
  • 6. Management’sconcern about data breach Percentage concern level on 10-point scale Source: Ponemon Institute BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 7. Key steps companieshave taken • Recognizedtheneedfor a strongercyberdefenseposture • Allocatedresourcesto preventing,detectingandresolvingdata breaches • Developedoperationsandcomplianceprocedures • EstablishedComputerSecurityIncidentResponseTeams(SIRT) BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 8. Investments in response to databreaches Source: Ponemon Institute BradfordBach | bbach@titan-ca.com | 213.784.3070
  • 9. What constitutesan incident? • Report of a physical or criminal act (e.g.:theft of a computer, laptop, tablet or PDA) • Suspicion that a device has been compromised to allow access to sensitive data • Security issue with a person using equipment • Other circumstances that warrant investigation include disruptive viruses, denial of service attacks, malware, phishing scams, spam etc. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 10. Are youprepared? • Are you working with your IT team to ensure that you have appropriate security controls in place? • Do you have a SIRT team in place including general counsel, executives, key personnel & IT? • Have you implemented best practices policies and procedures to secure your network? • How are you funded to cover the legal compliance and costs associated with a breach? • Do you know what laws impact your industry? BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 12. SIRT response teams andplan minimums 1. Planning: Have shared goals and describe them in detail 2. TheTeam: Identify, inform and train those you expectto take action BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 13. SIRT response teams andplan minimums 3. Incident identification methods and triggers Define events and mechanisms that mighttrigger a security incident investigation. Provide examples to help othersunderstand what to look for and how to respond. • Theft or loss ofan unencrypted device • Hacking ofa system containing protected data • Employee snooping • Malwarecapable ofdata exfiltration BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 14. SIRT response teams andplan minimums 4. Breach determination methodology How will youdetermine if protected data was likelyto havebeen compromised based on the attack, data classification, jurisdiction andparticular regulations? Usethe four factor risk assessment methodology required for healthcaredata. If thereis a probability of compromise, then you have suffered a breach. Thefour factors are: • Thenatureandextentoftheprotectedinformationinvolved,includingthetypesofidentifiersandthelikelihoodofre- identification; • Theunauthorizedpersonwhousedtheprotectedinformationortowhomthedisclosurewasmade; • Whethertheprotectedinformationwasactuallyacquiredorviewed; • Theextenttowhichtherisktotheprotectedinformationhasbeenmitigated. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 15. SIRT response teams andplan minimums 5. Breach response team activation This will includemembers of the CIRTbut those that are normallynot included in incidents that do not convert to a breach. Theycan be both internaland external including: • Technical • Executive • Legal andcompliance • Public relations • Security vendors, etc. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 16. SIRT response teams andplan minimums 6. Notification actions Notification requirements vary by statute, state and data class. It is important to know the requirements for each class of data youpossess. 7. Reporting and documentation It is critical that youproduce accurateand complete documentation of the events, actions, and results that occuras the result of a security incident. Besure to spend the time requiredto accuratelyportray what happened, who did what, to what and with what? Keep copies of all communications, notifications and any and all activity. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 17. SIRT response teams andplan minimums 8. Policy and procedural ortechnological improvement After a significant security incident and breach is a great opportunity to improveupon the policies and procedures to prevent another breach in the futureand how to respond if it happens again. Takethis opportunity to consider what happened and how youreacted. Thenconsider and documentways to improveon both. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 18. Trainingand updating staff Onceyou have createdyour Computer Security Incident Response Plan and when you use the plan to respond; you should then train your staff effectively and consistently. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 19. Trainingand updating staff • Having plans for which staff are either unaware of or are not familiar with when it is time to act is much like having no plans at all. • A lack of training can lead to inaction, delays and mistakes which are avoidable and canbe incredibly costly. Empoweryour employees to beconfident and ready to act when the inevitable occurs. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 21. Breakdown of Events Impacting Security Source: Pew Research Center and Ponemon Institute Bradford Bach | bbach@titan-ca.com | 213.784.3070
  • 22. Socialnetworking scams Source: Ponemon Institute BradfordBach | bbach@titan-ca.com | 213.784.3070
  • 23. Understandyour specificlegal obligations • Health InformationPortability& AccountabilityAct(HIPAA) • Health InformationTechnologyforEconomicandClinical Health Act (HITECH) • Customs-TradePartnershipAgainstTerrorism(C-TPAT) • FairandAccurateCreditTransactionAct(FACTA) includesRedFlagsRule • NorthAmerican Electric ReliabilityCorp.(NERC) • CriticalInfrastructureProtection(CIP) • InternationalTraffickingin Arm Regulation(ITAR) • Criminal JusticeInformationServices (CJIS) • FederalInformationProcessingStandards(FIPS) • FederalInformationSecurityManagement Act(FISMA) • TheChildren’sOnlinePrivacyProtectionAct(COPPA) BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 24. Be prepared! • Addressing regulatory issuesshould go beyond meeting minimum requirements. It should also introduce efficiencies and processes that improve your overall business. BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 25. Areas of focus tobe defensible in2016 1. Do a vulnerability or security assessment 2. Conduct patching for software security updates 3. Implement e-mail spam/malware filtering with link reputation checking 4. Set up a network security policy 5. Antivirus/malware 6. Cultivate a culture of safety with end-usertraining • Source:: LeadingSecurityExpertsAlvakaNetworks BradfordBach| bbach@titan-ca.com | 213.784.3070
  • 26. Areas of focus tobe defensiblein 2016 7. Implement backupand disaster recovery/business continuity 8. Network monitoring is an important function 9. Utilize the full security potential of VLAN and VPN 10. Gofor an up-to-date firewall/UTM technology, IPS/IDS 11. Dual factor authentication provides greater security 12. Makesureyou do your budgeting and ROI on security measures Source:: Leading Security Experts Alvaka Networks BradfordBach| bbach@titan-ca.com | 213.784.3070