SlideShare uma empresa Scribd logo

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to Manage Cyber Risk

Shawn Tuma
Shawn Tuma

Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.

Direito
1 de 32
Baixar para ler offline
Spencer Fane LLP | spencerfane.com 1 CYBERSECURITY IS A TEAM SPORT Why Teams, Strategies, and Processes are Essential for Managing Cyber Risk Shawn E. Tuma Co-Chair, Data Privacy & Cybersecurity Practice Spencer Fane LLP
Spencer Fane LLP | spencerfane.com 2 You must take the poll to get credit for the CLE!
Spencer Fane LLP | spencerfane.com 3Credit: NASA’s Goddard Space Flight Center/Jeremy Schnittman
Spencer Fane LLP | spencerfane.com 4 Cybersecurity is a legal issue • Types – Security – Privacy – Unauthorized Access • International Laws – GDPR – Privacy Shield – China’s Cybersecurity Law • Federal Laws and Regs – FTC, SEC, HIPAA • State Laws – All 50 States – Privacy (50) + security (25+) – CCPA, NYDFS, Colo FinServ • Industry Groups – PCI – FINRA • Contracts – 3rd Party Bus. Assoc. – Privacy / Data Security / Cybersecurity Addendum
Spencer Fane LLP | spencerfane.com 5 Common business objections 1.We have an “IT Guy” 2.We have an “IT Company” 3.We are “compliant” 4.We have cyber insurance 5.We are not a large company (or, “tech” company) 6.Our data is not that valuable
Spencer Fane LLP | spencerfane.com 6
Spencer Fane LLP | spencerfane.com 7
Spencer Fane LLP | spencerfane.com 8
Spencer Fane LLP | spencerfane.com 9
Spencer Fane LLP | spencerfane.com 10
Spencer Fane LLP | spencerfane.com 11
Spencer Fane LLP | spencerfane.com 12 Takeaway: Cybersecurity is no longer just an IT issue – it is an overall business risk issue – indeed, the ONE risk...
Spencer Fane LLP | spencerfane.com 13 Since cyber is an overall business risk issue, who is on the team?
Spencer Fane LLP | spencerfane.com 14 Who is on the cyber risk team, and when? Internal team • CISO • IT • Information Security • Business • Risk • Legal • Privacy • CFO • COO • HR • Audit • Marketing External team • Legal • MSP / MSSP • Security Firm • Forensics Firm • Insurance • Cyber, etc. • Broker • Carrier • PR Firm • Notification Vendor • Law Enforcement
Spencer Fane LLP | spencerfane.com 15 Team considerations Questions to consider • Do you have a “cyber risk committee”? • Who is the “head coach”? • Who are the “coordinators”? • i.e., who takes the lead on and “owns”: • Proactive risk management • Incident response • Chain of command • Have you considered the team members’ personalities, experience, and other intangibles vis-à-vis the role they play? Planning considerations • Who is on the field during which situation? • Do the players know their role? • Are the players eligible to play? • i.e., pre-approval of vendors, engagements executed • Can they communicate? • Understand language • Logistics for communicating • How often do they practice? • Do you play scrimmages?
Spencer Fane LLP | spencerfane.com 16 Takeaway: It takes a team of many different stakeholders within and outside of the organization, working together as a team, to effectively manage cyber risk.
Spencer Fane LLP | spencerfane.com 17 What does the team do?
Spencer Fane LLP | spencerfane.com 18 Common cybersecurity best practices 1. Risk assessment. 2. Policies and procedures focused on cybersecurity. – Social engineering, password, security questions. 3. Training of all workforce on P&P, then security. 4. Phish all workforce (esp. leadership). 5. Multi-factor authentication. 6. Signature based antivirus and malware detection. 7. Internal controls / access controls. 8. No outdated or unsupported software. 9. Security patch updates management policy. 10. Backups segmented offline, cloud, redundant. 11. Incident response plan. 12. Encrypt sensitive and air-gap hypersensitive data. 13. Adequate logging and retention. 14. Third-party security risk management program. 15. Firewall, intrusion detection and prevention systems. 16. Managed services provider (MSP) or managed security services provider (MSSP). 17. Really top-notch battle-tested CISO. 18. Cyber risk insurance.
Spencer Fane LLP | spencerfane.com 19 Canary in the coal mine • What is your role? • How does your company (or others) handle: – P&P + Training – MFA – Phishing – Backups – IRP & IR Team – Cyber Insurance
Spencer Fane LLP | spencerfane.com 20
Spencer Fane LLP | spencerfane.com 21 How mature is the company’s cyber risk management program? • “GMR Transcription Services, Inc. . . . Shall . . . establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.” In re GMR Transcription Svcs, Inc., Consent Order (Aug. 14, 2014) • “We believe disclosures regarding a company’s cybersecurity risk management program and how the board of directors engages with management on cybersecurity issues allow investors to assess how a board of directors is discharging its risk oversight responsibility in this increasingly important area.” SEC Statement and Guidance (Feb. 21, 2018) • “Each Covered Entity shall maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of the Covered Entity’s Information Systems.” NYDFS Cybersecurity Regulations § 500.02 • “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including …” GDPR, Art. 32 “A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business.” – Ken Paxton
Spencer Fane LLP | spencerfane.com 22 What is reasonable cybersecurity? Too little – “just check the box” Too much – “boiling the ocean”
Spencer Fane LLP | spencerfane.com 23 Reasonable cybersecurity is a process, not a definition
Spencer Fane LLP | spencerfane.com 24 Takeaway: Reasonable cybersecurity is a process, not a definition: it includes understanding your risks, prioritizing your efforts, and executing your priorities in a systematic manner.
Spencer Fane LLP | spencerfane.com 25 Once you have your team in place and understand what your risks are that you’re trying to manage, what do you do?
Spencer Fane LLP | spencerfane.com 26 What do you think? What do you think is the most glaring thing missing when I look at substantial incidents and data breaches I have handled over the past 20 years? 1. Lack of hardware, services, gadgets, and gizmos? 2. Lack of support from management? 3. Lack of funding? 4. Lack of talent? 5. Lack of skills and knowledge? 6. Lack of strategy?
Spencer Fane LLP | spencerfane.com 27
Spencer Fane LLP | spencerfane.com 28
Spencer Fane LLP | spencerfane.com 29 Strategic leadership and planning “Strategy without tactics is the slowest route to victory, tactics without strategy is the noise before defeat.” – Sun Tsu What does strategy consider? • Risk analysis – present and future • Resources – present and future • Who is on your team? • For different situations, understand team capabilities – internal and external • How is your team executing? • Don’t forget 3rd and Nth party risk! • Prioritize and execute for evolving threats • Objectives – what is a “win”?
Spencer Fane LLP | spencerfane.com 30 What is a “win”?
Spencer Fane LLP | spencerfane.com 31 Takeaway: Winning is withstanding the attacks so your company can stay focused on its primary mission. Winning comes from preparation, resilience, and continuously learning and adapting.
Spencer Fane LLP | spencerfane.com 32 Shawn Tuma Co-Chair, Cybersecurity & Data Privacy Spencer Fane LLP 972.324.0317 stuma@spencerfane.com • 20+ Years of Cyber Law Experience • Practitioner Editor, Bloomberg BNA – Texas Cybersecurity & Data Privacy Law • Council Member, Southern Methodist University Cybersecurity Advisory • Board of Advisors, North Texas Cyber Forensics Lab • Policy Council, National Technology Security Coalition • Board of Advisors, Cyber Future Foundation • Cybersecurity & Data Privacy Law Trailblazers, National Law Journal (2016) • SuperLawyers Top 100 Lawyers in Dallas (2016) • SuperLawyers 2015-20 • Best Lawyers in Dallas 2014-20, D Magazine • Chair-Elect, Computer & Technology Section, State Bar of Texas • Privacy and Data Security Committee of the State Bar of Texas • College of the State Bar of Texas • Board of Directors, Collin County Bench Bar Conference • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science & Technology Committee of the American Bar Association • North Texas Crime Commission, Cybercrime Committee & Infragard (FBI) • International Association of Privacy Professionals (IAPP)

Recomendados

Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...
Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...
Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...Amazon Web Services
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ryan Boyles
 

Recomendados

Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
 
The Dark Side of Digital Engagement
The Dark Side of Digital EngagementThe Dark Side of Digital Engagement
The Dark Side of Digital EngagementShawn Tuma
 
The Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachThe Role of Contracts in Privacy, Cybersecurity, and Data Breach
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
 
Lawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityLawyers' Ethical Obligations for Cybersecurity
Lawyers' Ethical Obligations for CybersecurityShawn Tuma
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...
Cybersecurity | Fraud 2.0 Presentation to the Association of Certified Fraud ...Shawn Tuma
 
Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...
Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...
Using AWS to Meet Requirements for HIPAA, FERPA, and CJIS | AWS Public Sector...Amazon Web Services
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ryan Boyles
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
Influencer terms & value prop
Influencer terms & value propInfluencer terms & value prop
Influencer terms & value propCraig Rennick
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Brian honan ipexpo keynote
Brian honan ipexpo keynoteBrian honan ipexpo keynote
Brian honan ipexpo keynoteBrian Honan
 
Protecting Your Child
Protecting Your ChildProtecting Your Child
Protecting Your ChildMatthew Irvine
 
Online Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementOnline Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementTiffany Xingyu Wang
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Designing for Trust – Presentation at Interact 2011, Lisbon, Portugal
Designing for Trust – Presentation at Interact 2011, Lisbon, PortugalDesigning for Trust – Presentation at Interact 2011, Lisbon, Portugal
Designing for Trust – Presentation at Interact 2011, Lisbon, PortugalAndreas Woelk
 
The Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudThe Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudFraudBusters
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
Top Tips For E-safety
Top Tips For E-safetyTop Tips For E-safety
Top Tips For E-safetyTj Falls
 
ClientConnection2015-08
ClientConnection2015-08ClientConnection2015-08
ClientConnection2015-08Vic Hemard
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 

Mais conteúdo relacionado

Mais procurados

Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Shawn Tuma
 
Influencer terms & value prop
Influencer terms & value propInfluencer terms & value prop
Influencer terms & value propCraig Rennick
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Brian honan ipexpo keynote
Brian honan ipexpo keynoteBrian honan ipexpo keynote
Brian honan ipexpo keynoteBrian Honan
 
Online Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementOnline Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementTiffany Xingyu Wang
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossShawn Tuma
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsShawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseShawn Tuma
 
Designing for Trust – Presentation at Interact 2011, Lisbon, Portugal
Designing for Trust – Presentation at Interact 2011, Lisbon, PortugalDesigning for Trust – Presentation at Interact 2011, Lisbon, Portugal
Designing for Trust – Presentation at Interact 2011, Lisbon, PortugalAndreas Woelk
 
The Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudThe Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudFraudBusters
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
Top Tips For E-safety
Top Tips For E-safetyTop Tips For E-safety
Top Tips For E-safetyTj Falls
 
ClientConnection2015-08
ClientConnection2015-08ClientConnection2015-08
ClientConnection2015-08Vic Hemard
 

Mais procurados (18)

Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
 
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasGet the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las Vegas
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
Cyber Risk Presentation to Murphy Chamber of Commerce (5.28.15)
 
Influencer terms & value prop
Influencer terms & value propInfluencer terms & value prop
Influencer terms & value prop
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Brian honan ipexpo keynote
Brian honan ipexpo keynoteBrian honan ipexpo keynote
Brian honan ipexpo keynote
 
Protecting Your Child
Protecting Your ChildProtecting Your Child
Protecting Your Child
 
Online Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time EngagementOnline Trust and Safety, A New Dimension for Real-Time Engagement
Online Trust and Safety, A New Dimension for Real-Time Engagement
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
 
Designing for Trust – Presentation at Interact 2011, Lisbon, Portugal
Designing for Trust – Presentation at Interact 2011, Lisbon, PortugalDesigning for Trust – Presentation at Interact 2011, Lisbon, Portugal
Designing for Trust – Presentation at Interact 2011, Lisbon, Portugal
 
The Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding FraudThe Power of Benford's Law in Finding Fraud
The Power of Benford's Law in Finding Fraud
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messenger
 
Top Tips For E-safety
Top Tips For E-safetyTop Tips For E-safety
Top Tips For E-safety
 
ClientConnection2015-08
ClientConnection2015-08ClientConnection2015-08
ClientConnection2015-08
 

Semelhante a Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to Manage Cyber Risk

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales DeckEvan Francen
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20Marc S. Sokol
 
SucessfulInsiderThreat
SucessfulInsiderThreatSucessfulInsiderThreat
SucessfulInsiderThreatHammerNJ
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...Gary Allen
 
Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021KharimMchatta
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitKevin Duffey
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 

Semelhante a Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to Manage Cyber Risk (20)

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Cybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and ClientsCybersecurity: Cyber Risk Management for Lawyers and Clients
Cybersecurity: Cyber Risk Management for Lawyers and Clients
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
 
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 
SucessfulInsiderThreat
SucessfulInsiderThreatSucessfulInsiderThreat
SucessfulInsiderThreat
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
The Story of a Lean Law Firm: Escaping the Overhead Swamp, Surviving Disrupti...
 
Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021Enhancing Cyber threat hunting for your team | 2021
Enhancing Cyber threat hunting for your team | 2021
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 

Mais de Shawn Tuma

Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene ChecklistShawn Tuma
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response ChecklistShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity UpdateShawn Tuma
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesShawn Tuma
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
 
Cybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsCybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsShawn Tuma
 

Mais de Shawn Tuma (18)

Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackIncident Response Planning - Lifecycle of Responding to a Ransomware Attack
Incident Response Planning - Lifecycle of Responding to a Ransomware Attack
 
Cyber Hygiene Checklist
Cyber Hygiene ChecklistCyber Hygiene Checklist
Cyber Hygiene Checklist
 
Cyber Incident Response Checklist
Cyber Incident Response ChecklistCyber Incident Response Checklist
Cyber Incident Response Checklist
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)Cybersecurity Fundamentals for Legal Professionals (and every other business)
Cybersecurity Fundamentals for Legal Professionals (and every other business)
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
Cybersecurity Update
Cybersecurity UpdateCybersecurity Update
Cybersecurity Update
 
Effective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businessesEffective cybersecurity for small and midsize businesses
Effective cybersecurity for small and midsize businesses
 
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitThe Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk Summit
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!
 
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...
 
Cybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber AttackCybersecurity: How to Protect Your Firm from a Cyber Attack
Cybersecurity: How to Protect Your Firm from a Cyber Attack
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory Realm
 
Cybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal ProfessionalsCybersecurity Fundamentals for Legal Professionals
Cybersecurity Fundamentals for Legal Professionals
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry ExpertsThe Essentials of Cyber Insurance: A Panel of Industry Experts
The Essentials of Cyber Insurance: A Panel of Industry Experts
 

Último

ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.tanughoshal0
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategyJong Hyuk Choi
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdfSUSHMITAPOTHAL
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptxPamelaAbegailMonsant2
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...SUHANI PANDEY
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理e9733fc35af6
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理Airst S
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书irst
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.pptseri bangash
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteDeepikaK245113
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentationKhushdeep Kaur
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理A AA
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理e9733fc35af6
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理Airst S
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for projectVarshRR
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Nilendra Kumar
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargainingbartzlawgroup1
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理Airst S
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 

Último (20)

ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.ARTICLE 370 PDF about the indian constitution.
ARTICLE 370 PDF about the indian constitution.
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
一比一原版(OhioStateU毕业证书)美国俄亥俄州立大学毕业证如何办理
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书一比一原版(USC毕业证书)南加州大学毕业证学位证书
一比一原版(USC毕业证书)南加州大学毕业证学位证书
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
一比一原版(UM毕业证书)美国密歇根大学安娜堡分校毕业证如何办理
 
一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理一比一原版悉尼科技大学毕业证如何办理
一比一原版悉尼科技大学毕业证如何办理
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
Interpretation of statute topics for project
Interpretation of statute topics for projectInterpretation of statute topics for project
Interpretation of statute topics for project
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to Manage Cyber Risk

  • 1. Spencer Fane LLP | spencerfane.com 1 CYBERSECURITY IS A TEAM SPORT Why Teams, Strategies, and Processes are Essential for Managing Cyber Risk Shawn E. Tuma Co-Chair, Data Privacy & Cybersecurity Practice Spencer Fane LLP
  • 2. Spencer Fane LLP | spencerfane.com 2 You must take the poll to get credit for the CLE!
  • 3. Spencer Fane LLP | spencerfane.com 3Credit: NASA’s Goddard Space Flight Center/Jeremy Schnittman
  • 4. Spencer Fane LLP | spencerfane.com 4 Cybersecurity is a legal issue • Types – Security – Privacy – Unauthorized Access • International Laws – GDPR – Privacy Shield – China’s Cybersecurity Law • Federal Laws and Regs – FTC, SEC, HIPAA • State Laws – All 50 States – Privacy (50) + security (25+) – CCPA, NYDFS, Colo FinServ • Industry Groups – PCI – FINRA • Contracts – 3rd Party Bus. Assoc. – Privacy / Data Security / Cybersecurity Addendum
  • 5. Spencer Fane LLP | spencerfane.com 5 Common business objections 1.We have an “IT Guy” 2.We have an “IT Company” 3.We are “compliant” 4.We have cyber insurance 5.We are not a large company (or, “tech” company) 6.Our data is not that valuable
  • 6. Spencer Fane LLP | spencerfane.com 6
  • 7. Spencer Fane LLP | spencerfane.com 7
  • 8. Spencer Fane LLP | spencerfane.com 8
  • 9. Spencer Fane LLP | spencerfane.com 9
  • 10. Spencer Fane LLP | spencerfane.com 10
  • 11. Spencer Fane LLP | spencerfane.com 11
  • 12. Spencer Fane LLP | spencerfane.com 12 Takeaway: Cybersecurity is no longer just an IT issue – it is an overall business risk issue – indeed, the ONE risk...
  • 13. Spencer Fane LLP | spencerfane.com 13 Since cyber is an overall business risk issue, who is on the team?
  • 14. Spencer Fane LLP | spencerfane.com 14 Who is on the cyber risk team, and when? Internal team • CISO • IT • Information Security • Business • Risk • Legal • Privacy • CFO • COO • HR • Audit • Marketing External team • Legal • MSP / MSSP • Security Firm • Forensics Firm • Insurance • Cyber, etc. • Broker • Carrier • PR Firm • Notification Vendor • Law Enforcement
  • 15. Spencer Fane LLP | spencerfane.com 15 Team considerations Questions to consider • Do you have a “cyber risk committee”? • Who is the “head coach”? • Who are the “coordinators”? • i.e., who takes the lead on and “owns”: • Proactive risk management • Incident response • Chain of command • Have you considered the team members’ personalities, experience, and other intangibles vis-à-vis the role they play? Planning considerations • Who is on the field during which situation? • Do the players know their role? • Are the players eligible to play? • i.e., pre-approval of vendors, engagements executed • Can they communicate? • Understand language • Logistics for communicating • How often do they practice? • Do you play scrimmages?
  • 16. Spencer Fane LLP | spencerfane.com 16 Takeaway: It takes a team of many different stakeholders within and outside of the organization, working together as a team, to effectively manage cyber risk.
  • 17. Spencer Fane LLP | spencerfane.com 17 What does the team do?
  • 18. Spencer Fane LLP | spencerfane.com 18 Common cybersecurity best practices 1. Risk assessment. 2. Policies and procedures focused on cybersecurity. – Social engineering, password, security questions. 3. Training of all workforce on P&P, then security. 4. Phish all workforce (esp. leadership). 5. Multi-factor authentication. 6. Signature based antivirus and malware detection. 7. Internal controls / access controls. 8. No outdated or unsupported software. 9. Security patch updates management policy. 10. Backups segmented offline, cloud, redundant. 11. Incident response plan. 12. Encrypt sensitive and air-gap hypersensitive data. 13. Adequate logging and retention. 14. Third-party security risk management program. 15. Firewall, intrusion detection and prevention systems. 16. Managed services provider (MSP) or managed security services provider (MSSP). 17. Really top-notch battle-tested CISO. 18. Cyber risk insurance.
  • 19. Spencer Fane LLP | spencerfane.com 19 Canary in the coal mine • What is your role? • How does your company (or others) handle: – P&P + Training – MFA – Phishing – Backups – IRP & IR Team – Cyber Insurance
  • 20. Spencer Fane LLP | spencerfane.com 20
  • 21. Spencer Fane LLP | spencerfane.com 21 How mature is the company’s cyber risk management program? • “GMR Transcription Services, Inc. . . . Shall . . . establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers.” In re GMR Transcription Svcs, Inc., Consent Order (Aug. 14, 2014) • “We believe disclosures regarding a company’s cybersecurity risk management program and how the board of directors engages with management on cybersecurity issues allow investors to assess how a board of directors is discharging its risk oversight responsibility in this increasingly important area.” SEC Statement and Guidance (Feb. 21, 2018) • “Each Covered Entity shall maintain a cybersecurity program designed to protect the confidentiality, integrity and availability of the Covered Entity’s Information Systems.” NYDFS Cybersecurity Regulations § 500.02 • “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including …” GDPR, Art. 32 “A business shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect from unlawful use or disclosure any sensitive personal information collected or maintained by the business in the regular course of business.” – Ken Paxton
  • 22. Spencer Fane LLP | spencerfane.com 22 What is reasonable cybersecurity? Too little – “just check the box” Too much – “boiling the ocean”
  • 23. Spencer Fane LLP | spencerfane.com 23 Reasonable cybersecurity is a process, not a definition
  • 24. Spencer Fane LLP | spencerfane.com 24 Takeaway: Reasonable cybersecurity is a process, not a definition: it includes understanding your risks, prioritizing your efforts, and executing your priorities in a systematic manner.
  • 25. Spencer Fane LLP | spencerfane.com 25 Once you have your team in place and understand what your risks are that you’re trying to manage, what do you do?
  • 26. Spencer Fane LLP | spencerfane.com 26 What do you think? What do you think is the most glaring thing missing when I look at substantial incidents and data breaches I have handled over the past 20 years? 1. Lack of hardware, services, gadgets, and gizmos? 2. Lack of support from management? 3. Lack of funding? 4. Lack of talent? 5. Lack of skills and knowledge? 6. Lack of strategy?
  • 27. Spencer Fane LLP | spencerfane.com 27
  • 28. Spencer Fane LLP | spencerfane.com 28
  • 29. Spencer Fane LLP | spencerfane.com 29 Strategic leadership and planning “Strategy without tactics is the slowest route to victory, tactics without strategy is the noise before defeat.” – Sun Tsu What does strategy consider? • Risk analysis – present and future • Resources – present and future • Who is on your team? • For different situations, understand team capabilities – internal and external • How is your team executing? • Don’t forget 3rd and Nth party risk! • Prioritize and execute for evolving threats • Objectives – what is a “win”?
  • 30. Spencer Fane LLP | spencerfane.com 30 What is a “win”?
  • 31. Spencer Fane LLP | spencerfane.com 31 Takeaway: Winning is withstanding the attacks so your company can stay focused on its primary mission. Winning comes from preparation, resilience, and continuously learning and adapting.
  • 32. Spencer Fane LLP | spencerfane.com 32 Shawn Tuma Co-Chair, Cybersecurity & Data Privacy Spencer Fane LLP 972.324.0317 stuma@spencerfane.com • 20+ Years of Cyber Law Experience • Practitioner Editor, Bloomberg BNA – Texas Cybersecurity & Data Privacy Law • Council Member, Southern Methodist University Cybersecurity Advisory • Board of Advisors, North Texas Cyber Forensics Lab • Policy Council, National Technology Security Coalition • Board of Advisors, Cyber Future Foundation • Cybersecurity & Data Privacy Law Trailblazers, National Law Journal (2016) • SuperLawyers Top 100 Lawyers in Dallas (2016) • SuperLawyers 2015-20 • Best Lawyers in Dallas 2014-20, D Magazine • Chair-Elect, Computer & Technology Section, State Bar of Texas • Privacy and Data Security Committee of the State Bar of Texas • College of the State Bar of Texas • Board of Directors, Collin County Bench Bar Conference • Past Chair, Civil Litigation & Appellate Section, Collin County Bar Association • Information Security Committee of the Section on Science & Technology Committee of the American Bar Association • North Texas Crime Commission, Cybercrime Committee & Infragard (FBI) • International Association of Privacy Professionals (IAPP)