Financial Poise, profile picture
Uploaded byFinancial Poise
99 views

How to Build and Implement your Company's Information Security Program

This webinar educates attorneys, business owners, and executives on building and implementing information security programs to protect their data from unauthorized access and comply with various laws. It outlines essential elements of an effective information security program, such as risk assessment, access control policies, and compliance with state and federal regulations like Massachusetts and New York laws. The series emphasizes the importance of safeguarding personal identifiable information and discusses best practices for responding to data breaches.

Education
Related topics:
Information Security

Embed presentation

2 Practical and entertaining education for attorneys, accountants, business owners and executives, and investors.
Disclaimer The material in this webinar is for informational purposes only. It should not be considered legal, financial or other professional advice. You should consult with an attorney or other appropriate professional to determine what may be best for your individual needs. While Financial Poise™ takes reasonable steps to ensure that information it publishes is accurate, Financial Poise™ makes no guaranty in this regard. 3
Meet the Faculty MODERATOR: Kathryn Nadro – Sugar, Felsenthal, Grais & Helsinger LLP PANELISTS: J. Eduardo Campos – Embedded-Knowledge, Inc. Anna Mercado Clark – Phillips Lytle LLP 5
About This Webinar- How to Build and Implement your Company's Information Security Program Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure? An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place. This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data. 6
About This Series Cyber Security & Data Privacy 2021 Cybersecurity and data privacy are critical topics of concern for every business in today’s environment. Data breaches are a threat to every business and can cause both direct losses from business interruption and loss of data to indirect losses from unwanted publicity and damage to your business’s reputation. Compliance with a patchwork of potentially applicable state and federal laws and regulations may cost your business in terms of money and time. This series discusses the various laws and regulations that affect businesses in the United States and in Europe, as well as the best practices to use in creating an information security program and preparing for and responding to data breaches. Each Financial Poise Webinar is delivered in Plain English, understandable to investors, business owners, and executives without much background in these areas, yet is of primary value to attorneys, accountants, and other seasoned professionals. Each episode brings you into engaging, sometimes humorous, conversations designed to entertain as it teaches. Each episode in the series is designed to be viewed independently of the other episodes so that participants will enhance their knowledge of this area whether they attend one, some, or all episodes. 7
Episodes in this Series #1 Introduction to US Privacy and Data Security: Regulations and Requirements Premiere date: 08/04/21 #2: Introduction to EU General Data Protection Regulation: Planning, Implementation, and Compliance Premiere date: 9/01/21 #3: How to Build and Implement your Company's Information Security Program Premiere date: 10/06/21 #4: Data Breach Response: Before and After the Breach Premiere date: 11/03/21 8
Episode #3: How to Build and Implement your Company's Information Security Program 9
Introduction • Information security programs are a documented set of a company or agency’s information security policies, guidelines and procedures • Majority of security programs aim to assess risk, monitor threats, and mitigate cyber security attacks • Massachusetts and New York are currently the only states with strict information security requirements √ Other states starting to implement similar laws • Implemented in any industry that deals with personally identifiable information
Information Security Programs – Then and Now • Early information security efforts identified confidentiality, integrity, and availability (“CIA Triad”) as primary security factors • The rise of information security programs - √ 1967 - military computers were hacked and CIA Triad found to be inadequate - not much was changed √ 1970s - “phreakers” exploit vulnerabilities in telephone network to make free long- distance calls √ 1980s - First National Bank of Chicago hacked for $70 million √ 1990s & 2000s - computers become targets as more people provide personal information online
Information Security Programs – Then and Now • Today, the CIA Triad eventually evolved into “Parkerian Hexad” √ Parkerian Hexad factors – o Confidentiality/control o Information integrity o Authenticity o Availability o Utility
What is Information Security? • Information security refers to processes and methodologies designed and implemented to protect print, electronic, or any other form of information or data, including – √ Confidential, private, and sensitive information; or √ Data derived from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption
Information Security vs. Computer Security vs. Information Assurance • Share the common goals of protecting confidentiality, integrity, and availability of information • Terms used interchangeably but do not have the exact same meaning √ Differences lie in the approach to subject, methodologies used, and areas of concentration • Information security is concerned with the protection of the CIA Triad regardless of the form the data may take: print, electronic, or other
What Information is Protected? • Personally identifiable information (PII) or sensitive personal information √ Home address √ Social security # √ Credit card # √ Date birth √ Username or account number with password and/or access code
What Information is Protected? (cont’d) • Health information √ Medical records • Other proprietary information √ Financial data • Trade secrets
Key Elements of an Effective Information Security Program (ISP) • Purpose • Scope • Information security objectives √ CIA Triad • Authority and access control policy • Classification of data • Data support and operations • Security awareness sessions • Responsibilities and duties of personnel • Relevant laws
The Purpose • Different institutions may create ISPs for various reasons, but they generally share few similarities, including - √ Establish a general approach to information security √ Detect and forestall the compromise of information security • o i.e. misuse of data, networks, computer systems and applications √ Protect reputation of the company with respect to its ethical and legal obligations √ Recognize the rights of customers o i.e. providing effective mechanism for responding to complaints
The Scope • Generally, ISPs address: √ All data √ Programs √ Systems √ Facilities √ Other tech infrastructure
Information Security Objectives • An organization looking to implement ISP needs to have well-defined objectives • Information security systems are deemed to safeguard 3 main objectives - √ Confidentiality √ Integrity √ Availability
The CIA Triad • Confidentiality √ Controlling who gets to read information √ Ensuring only individuals who need access to this information to do their jobs get to see it √ Access restricted to only authorized individuals • Integrity √ Ensuring information and programs are changed only in a specified and authorized manner o E.g. information has not been tampered with or deleted by those with unauthorized access
The CIA Triad (cont’d) • Availability √ Ensuring authorized users have continued access to information and resources o Information is readily available to those who need it to successfully conduct an organization’s business
Authority Access & Control Policy • Typically, a security policy has a hierarchical pattern: √ Junior staff usually bound not to share the little amount of information they have unless explicitly authorized √ Senior manager may have enough authority to make a decision on what data can be shared and with whom √ Policies governing senior employees may not be the same policy governing junior employees √ ISP should address every basic position in the organization with specifications that will clarify their authoritative status
Classification of Data • Data can have different value and thus may impose separation and specific handling regimes/procedures for each kind of data • Information classification system is commonly sorted as: √ High risk or highly confidential class √ Confidential class √ Public class
Classification of Data (cont’d) • High risk class - generally data protected by state and/or federal legislation or regulations √ Information covered under HIPAA, FERPA, or other federal regulations √ Financial data √ Payroll √ Personnel (privacy requirements) • Confidential Class √ Data in this class may not be covered by any laws or regulations, but the data owner judges that it should be protected against unauthorized disclosure √ Information protected by NDAs, trade secrets, confidential business information •
Classification of Data (cont’d) • Public Class √ Information freely distributed • Data owners should determine both the data classification and the exact measures a data custodian needs to take to preserve integrity in accordance to that level
Data Support and Operations • The regulation of general system mechanisms responsible for data protection n √ Data backup √ Movement of data
Security Awareness Employee Meetings • Security awareness training could help provide employees with information regarding how to collect/use/delete data, maintain data quality, records management, confidentiality, privacy, appropriate utilization of IT systems, correct usage of social networking, etc.
Responsibilities and Duties of Personnel • Not unusual for institutions to hire an ISP person with the sole responsibility for √ implementation √ education and training √ incident response √ user access reviews √ periodic updates of an ISP
Relevant Laws and Other ISP Items • An ISP is likely to include reference to relevant laws √ i.e. HIPAA, GLBA, international data protection laws like the EU General Data Protection Regulation (GDPR) • ISP may also include - √ Virus Protection Procedure √ Intrusion Detection Procedure √ Remote Work Procedure √ Technical Guidelines √ Consequences for Non-compliance √ Disciplinary Actions √ Terminated Employees
Massachusetts Standard: 201 C.M.R. 17 • Standards for the Protection of Personal Information of Residents of the Commonwealth • Implemented in 2010 - the top personal information protection law in the US when enacted • Makes every person or entity that owns personal information of a Massachusetts resident to adopt a written information security program (WISP) designed with appropriate safeguards
Massachusetts Information System Law • In Massachusetts, every information security program must include: √ At least one employee maintaining the information security program; √ Identify foreseeable security risks, both internal and external; √ Employee security policies dealing with access and transportation of personal information outside of the business; √ Disciplinary measures for violations; √ Methods of how to prevent terminated employees from reaching personal information.
Massachusetts Information System Law (cont’d) √ Oversee third-party service providers by taking reasonably steps to adopt and maintain security measures consistent with the entity; √ Restrictions on stored personal information access; √ Regular monitoring to ensure compliance with the implemented information security program and stop unauthorized access; √ Annual review of the security program, or whenever there is a material change in the business practices; and √ Document any incident involving a security breach and actions taken in response to breaches, and any review of business practices to protect personal information, if necessary.
NY Department of Financial Services Cybersecurity Regulation, 23 NYCRR Part 500 • Requires that all financial service companies maintain an ISP √ Any company regulated by the Department of Financial Services √ Exceptions - o Organization with fewer than 10 employees, less than $5 million in gross annual revenue for three years, or less than $10 million in year-end total assets
NY Department of Financial Services Cybersecurity Regulation • The ISP must address: √ information security; √ data governance and classification; √ asset inventory and device management; √ access controls and identity management; √ business continuity and disaster recovery planning and resources; √ systems operations and availability concerns; √ systems and network security; √ systems and network monitoring;
NY Department of Financial Services Cybersecurity Regulation (cont’d) • The ISP must address: √ systems and application development and quality assurance; √ physical security and environmental controls; √ customer data privacy; √ vendor and Third Party Service Provider management; √ risk assessment; and √ incident response.
NY Stop Hacks and Improve Electronic Data Act (“SHIELD Act”) • Expands NY breach notification law and imposes data security program requirements on businesses that possess the private information of New York State residents • • Applies regardless of whether the businesses have any physical presence in New York State • Program requirements include administrative, technical, and physical safeguards for detecting and responding to intrusions and maintaining security of information • Businesses subject to and in compliance with Gramm-Leach-Bliley, HIPAA, or the NY Dept. of Financial Services Cybersecurity Requirements are exempted from this requirement under the SHIELD Act
NY Stop Hacks and Improve Electronic Data Act (“SHIELD Act”) (cont’d) • Limited reprieve for “small businesses” with fewer than fifty employees, less than $3 million in gross revenues in the last three fiscal years, or less than $5 million in year-end total assets • Expands the definition of “private information” subject to NY data breach notification law • NY Attorney General can pursue civil penalties, but there is no private right of action
California Consumer Privacy Act • Effective January 1, 2020 • Mandates companies do the following: √ Inform consumers about the categories of personal information collected and the purposes for which the information is being used; √ Respond to verifiable consumer requests to access certain information; √ Allow customers to opt-out of the sale of their personal information; and √ Enable consumers (subject to carve outs) to request that businesses delete their personal information.
California Consumer Privacy Act (cont’d) • Applies to business if they are for-profit businesses that collect and control California residents’ personal information, do business in California, and satisfy one of the following: √ Have annual gross revenues in excess of $25 million, or √ Receive or disclose the personal information of 50,000 or more California residents, households, or devices on an annual basis, or √ Derive 50 percent or more of their annual revenues from selling California residents’ personal information.
CCPA Private Right of Action • Limited private right of action for consumers when there is an “unauthorized access and exfiltration, theft, disclosure of a consumer’s nonencrypted or nonredacted personal information” for a business’s violation of “the duty to implement and maintain reasonable security procedures and practices” • Consumer has to give the business 30 days to cure the alleged violation and to respond with a written statement that the violation has been cured √ Consumers can then bring a civil suit for statutory damages of between $100 and $750 “per consumer per incident or actual damages, whichever is greater.” o Cal. Civ. Code § 1798.150(a)(1)(A) • Attorney General may also issue fines of up to $7,500 per violation, with maximum penalties reserved for intentional noncompliance
What Businesses Subject to CCPA Should Do • While there is no explicit requirement for an information security program in the CCPA, having one in place will help defend a business from an accusation that it didn’t “maintain reasonable security procedures and practices” prior to any data breach √ In 2016, the California Attorney General issued a “Data Breach Report” which identified safeguards the then-Attorney General viewed as constituting reasonable security practices, including data security controls published by the Center for Internet Security √ Those controls include a written information security program, oversight by a dedicated security officer or supervisor, employee training, vendor management, an incident response plan, and ongoing risk assessment and management
Employee Maintaining the Information Security Program • Employee is the designated officer for handling every aspect of the program. √ A designated security officer is responsible for coordinating and maintaining the security program. • This person should maintain independence by reporting to someone outside of the IT department.
Assessing Risk • What risks could your organization face? √ Examples: loss of data, unauthorized access, data corruption, hack, third-party data sharing, etc. • What would be appropriate, cost-effective management techniques for these risks?
Additional Elements of a Good Information Security Program • Designated security officer (DSO) • Risk Assessment • Policies and Procedures • Organizational security awareness • Regulatory standards compliance • Audit compliance plan
About the Faculty 46
About The Faculty Kathryn Nadro - knadro@sfgh.com Kathryn (“Katie”) Nadro leads Sugar Felsenthal Grais & Helsinger’s Data Security and Privacy practice. Katie advises clients on a diverse array of business matters, including data security and privacy compliance, commercial and business disputes, and employment issues. Katie works with individuals and businesses of all sizes to craft successful resolutions tailored to each individual matter. Katie is a Certified Information Privacy Professional (CIPP/US) and counsels clients on a variety of data security and privacy issues, including breach response, policy drafting, program management, data collection, vendor management, and compliance with ever-changing state, federal, and international privacy law. Katie also has broad litigation experience representing companies and individuals in contract, non-compete, discrimination, harassment, fiduciary duty, and trade secret litigation in state and federal court. With a background as both in-house and outside counsel, Katie understands that business objectives, time, and resources play an important role in reaching a favorable outcome for each client. 47
About The Faculty Anna Mercado Clark - AClark@phillipslytle.com As leader of Phillips Lytle’s Data Security & Privacy and E-Discovery & Digital Forensics Practice Teams, Ms. Clark focuses on complex e-discovery and digital forensics, cybersecurity and data privacy, and complex commercial litigation. As a former Assistant District Attorney, she also handles white collar criminal matters and investigations. Additionally, Ms. Clark has been awarded the following ANSI-accredited credentials by the International Association of Privacy Professionals (IAPP): Certified Information Privacy Professional/Europe (CIPP/E) and Certified Information Privacy Professional for the U.S. Private Sector (CIPP/US), preeminent certifications for advanced concentration in European data protection laws and U.S. private-sector laws, standards and practices, respectively. Ms. Clark routinely counsels sophisticated clients on data governance issues to address business needs while minimizing risks and complying with a rapidly evolving regulatory landscape and other legal obligations. She has extensive experience advising businesses in the technology, consumer, health care and financial industries regarding information management and disposition policies, litigation readiness, data transfers, third-party/vendor negotiation and management relative to data administration, and disaster recovery and avoidance. To read more, go to https://www.financialpoise.com/webinar-faculty/anna-mercado-clark/ 48
About The Faculty J. Eduardo Campos - jeduardo.campos@embedded-knowledge.com After creating business growth opportunities on four continents, J. Eduardo Campos spent thirteen years at Microsoft, first as a cybersecurity advisor, then leading innovative projects at the highest levels of government in the U.S. and abroad. Today, Eduardo is living his dream of building a better tomorrow through his consulting firm, Embedded-Knowledge, Inc. Working with organizations and entrepreneurs, he develops customized business strategies and forms partnerships focused on designing creative solutions to complex problems. 49
Questions or Comments? If you have any questions about this webinar that you did not get to ask during the live premiere, or if you are watching this webinar On Demand, please do not hesitate to email us at info@financialpoise.com with any questions or comments you may have. Please include the name of the webinar in your email and we will do our best to provide a timely response. IMPORTANT NOTE: The material in this presentation is for general educational purposes only. It has been prepared primarily for attorneys and accountants for use in the pursuit of their continuing legal education and continuing professional education. 50
About Financial Poise 51 DailyDAC LLC, d/b/a Financial Poise™ provides continuing education to attorneys, accountants, business owners and executives, and investors. It’s websites, webinars, and books provide Plain English, entertaining, explanations about legal, financial, and other subjects of interest to these audiences. Visit us at www.financialpoise.com Our free weekly newsletter, Financial Poise Weekly, updates you on new articles published on our website and Upcoming Webinars you may be interested in. To join our email list, please visit: https://www.financialpoise.com/subscribe/

More Related Content

PPT
How Do You Create A Successful Information Security Program Hire A Great Iso!!
byTammy Clark
 
PDF
Cybersecurity Goverence for Boards of Directors
byPaul Feldman
 
PDF
Cybersecurity solution-guide
byAdilsonSuende
 
PPTX
New York Department of Financial Services Cybersecurity Regulations
byShawn Tuma
 
PPT
Data Risks In A Digital Age
bypadler01
 
PPT
Protecting Donor Privacy
byRaymond Cunningham
 
PDF
Cissp notes
byJagbir Singh
 
PPT
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
byTammy Clark
 
Cybersecurity Goverence for Boards of Directors
byPaul Feldman
 
Cybersecurity solution-guide
byAdilsonSuende
 
New York Department of Financial Services Cybersecurity Regulations
byShawn Tuma
 
Data Risks In A Digital Age
bypadler01
 
Protecting Donor Privacy
byRaymond Cunningham
 
Cissp notes
byJagbir Singh
 
What CIOs and CFOs Need to Know About Cyber Security
byPhil Agcaoili
 

What's hot

PPTX
Information security governance
byKoen Maris
 
PPTX
Cyber Security Organizational Operating Model and Governance
bySrinidhi Aithal
 
PDF
Leveraging Board Governance for Cybersecurity
byShareDocView.com
 
PPTX
Protecting the Crown Jewels – Enlist the Beefeaters
byJack Nichelson
 
PDF
Information Security Benchmarking 2015
byCapgemini
 
PPTX
Deconstructing Data Breach Cost
byResilient Systems
 
PDF
Cisa 2013 ch5
byAladdin Dandis
 
PPTX
Linked in misti_rs_1.0
byVincent Toms
 
PDF
Don't let them take a byte
bylgcdcpas
 
PDF
Emerging Trends in Information Privacy and Security
byJessica Santamaria
 
PPTX
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
byCBIZ, Inc.
 
PDF
CMW Cyber Liability Presentation
bySean Graham
 
PDF
Simplifying the data privacy governance quagmire building automated privacy ...
byAvinash Ramineni
 
PDF
A CIRO's-eye view of Digital Risk Management
byDaren Dunkel
 
PDF
Data breach-response-planning-laying-the-right-foundation
byBradley Arant Boult Cummings LLP
 
PDF
Fadi Mutlak - Information security governance
bynooralmousa
 
PDF
Enterprise cyber security
bynsheel
 
PPTX
Cybertopicsecurity_3
byAnne Starr
 
PPT
Implementing an Information Security Program
byRaymond Cunningham
 
PPTX
Risk Management and Security in Strategic Planning
byKeyaan Williams
 
Information security governance
byKoen Maris
 
Cyber Security Organizational Operating Model and Governance
bySrinidhi Aithal
 
Leveraging Board Governance for Cybersecurity
byShareDocView.com
 
Protecting the Crown Jewels – Enlist the Beefeaters
byJack Nichelson
 
Information Security Benchmarking 2015
byCapgemini
 
Deconstructing Data Breach Cost
byResilient Systems
 
Cisa 2013 ch5
byAladdin Dandis
 
Linked in misti_rs_1.0
byVincent Toms
 
Don't let them take a byte
bylgcdcpas
 
Emerging Trends in Information Privacy and Security
byJessica Santamaria
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
byCBIZ, Inc.
 
CMW Cyber Liability Presentation
bySean Graham
 
Simplifying the data privacy governance quagmire building automated privacy ...
byAvinash Ramineni
 
A CIRO's-eye view of Digital Risk Management
byDaren Dunkel
 
Data breach-response-planning-laying-the-right-foundation
byBradley Arant Boult Cummings LLP
 
Fadi Mutlak - Information security governance
bynooralmousa
 
Enterprise cyber security
bynsheel
 
Cybertopicsecurity_3
byAnne Starr
 
Implementing an Information Security Program
byRaymond Cunningham
 
Risk Management and Security in Strategic Planning
byKeyaan Williams
 

Similar to How to Build and Implement your Company's Information Security Program

PDF
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
byFinancial Poise
 
PPTX
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
PPTX
Domain 2 - Asset Security
byMaganathin Veeraragaloo
 
PPT
The New Massachusetts Privacy Rules V4
bystevemeltzer
 
PPT
The New Massachusetts Privacy Rules V4
bystevemeltzer
 
PPT
The New Massachusetts Privacy Rules V4
bystevemeltzer
 
PPTX
ISM-CS5750-01.pptx
byRashidSahito1
 
DOCX
Unit 1 Information Security.docx
byPrernaThakwani
 
PPTX
2011 hildebrandt institute cio forum data privacy and security presentation...
byDavid Cunningham
 
PPT
Information security background
byNicholas Davis
 
PPT
Information Security Background
byNicholas Davis
 
PPT
The New Massachusetts Privacy Rules (February 2, 2010)
bystevemeltzer
 
PPTX
Week 9- 1 information security slides.pptx
byhassanarif1022
 
PPTX
Introduction to Information security ppt
bykrishkiran2408
 
PPTX
Introduction to Information security ppt
bykrishkiran2408
 
DOCX
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
byJessica Graf
 
PPTX
Information Security
byAlok Katiyar
 
PPTX
Laws and ethics in information assurance
byakbarshah9596
 
PPT
Testing
bylorenceman
 
PDF
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
byFinancial Poise
 
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
Domain 2 - Asset Security
byMaganathin Veeraragaloo
 
The New Massachusetts Privacy Rules V4
bystevemeltzer
 
The New Massachusetts Privacy Rules V4
bystevemeltzer
 
The New Massachusetts Privacy Rules V4
bystevemeltzer
 
ISM-CS5750-01.pptx
byRashidSahito1
 
Unit 1 Information Security.docx
byPrernaThakwani
 
2011 hildebrandt institute cio forum data privacy and security presentation...
byDavid Cunningham
 
Information security background
byNicholas Davis
 
Information Security Background
byNicholas Davis
 
The New Massachusetts Privacy Rules (February 2, 2010)
bystevemeltzer
 
Week 9- 1 information security slides.pptx
byhassanarif1022
 
Introduction to Information security ppt
bykrishkiran2408
 
Introduction to Information security ppt
bykrishkiran2408
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
byJessica Graf
 
Information Security
byAlok Katiyar
 
Laws and ethics in information assurance
byakbarshah9596
 
Testing
bylorenceman
 
CNIT 125: Ch 2. Security and Risk Management (Part 1)
bySam Bowne
 

More from Financial Poise

PDF
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
byFinancial Poise
 
PDF
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
byFinancial Poise
 
PDF
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
byFinancial Poise
 
PDF
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
byFinancial Poise
 
PDF
PERSUASIVE BRIEF WRITING 2022 - Style
byFinancial Poise
 
PDF
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
byFinancial Poise
 
PDF
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
byFinancial Poise
 
PDF
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
byFinancial Poise
 
PDF
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
byFinancial Poise
 
PDF
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
byFinancial Poise
 
PDF
BUSINESS LAW REVIEW- 2022: Selling a Business
byFinancial Poise
 
PDF
BUSINESS LAW REVIEW- 2022: Immigration Law for Business-101
byFinancial Poise
 
PDF
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
byFinancial Poise
 
PDF
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
byFinancial Poise
 
PDF
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
byFinancial Poise
 
PDF
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
byFinancial Poise
 
PDF
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
byFinancial Poise
 
PDF
M&A BOOT CAMP 2022 - The M&A Process
byFinancial Poise
 
PDF
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
byFinancial Poise
 
PDF
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
byFinancial Poise
 
IP-301 POST-GRANT REVIEW TRIALS 2022 - Things to Consider Before You File
byFinancial Poise
 
IP-301 POST-GRANT REVIEW TRIALS 2022 - PGRT Basics
byFinancial Poise
 
THE NUTS & BOLTS OF BANKRUPTCY LAW 2022: The Nuts & Bolts of a First Day Hearing
byFinancial Poise
 
RESTRUCTURING, INSOLVENCY & TROUBLED COMPANIES 2022: Bad Debtor Owes Me Money!
byFinancial Poise
 
PERSUASIVE BRIEF WRITING 2022 - Style
byFinancial Poise
 
CYBER SECURITY and DATA PRIVACY 2022: Data Breach Response - Before and After...
byFinancial Poise
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 - Enforcement: Post-Judgment Procee...
byFinancial Poise
 
NEWBIE LITIGATOR SCHOOL - 101 Part 3 2022 -Appellate Practice- 101
byFinancial Poise
 
MARKETING TIPS FOR THE NEW (OR OLD!) BUSINESS OWNER 2022: Learn How to Do Con...
byFinancial Poise
 
CHAPTER 11 - INDUSTRY FOCUS 2022 - Focus on Oil and Gas
byFinancial Poise
 
BUSINESS LAW REVIEW- 2022: Selling a Business
byFinancial Poise
 
BUSINESS LAW REVIEW- 2022: Immigration Law for Business-101
byFinancial Poise
 
NEWBIE LITIGATOR SCHOOL - Part I 2022: Working With Experts
byFinancial Poise
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Executive Compensat...
byFinancial Poise
 
CORPORATE REGULATORY COMPLIANCE BOOT CAMP 2022 - PART 2: Securities Law Comp...
byFinancial Poise
 
M&A BOOT CAMP - 2022: Post-Closing Issues -Integration & Potential Buyer Sell...
byFinancial Poise
 
M&A BOOT CAMP 2022 - Key Provisions in M&A Agreements
byFinancial Poise
 
M&A BOOT CAMP 2022 - The M&A Process
byFinancial Poise
 
CROWDFUNDING 2022 - Crowdfunding from the Investor's Perspective
byFinancial Poise
 
CROWDFUNDING 2022 - Securities Crowdfunding for Intermediaries
byFinancial Poise
 

Recently uploaded

PPTX
Capacity Building Programme for Teachers on Equitable and Inclusive Education
byMUKHTAR133762
 
PPTX
History in your Hands Class 5 January 2026 online slides.pptx
byEilsONeill
 
PDF
Fidelity to Energy: A Critical Analysis of Baz Luhrmann’s Intersemiotic Trans...
byKruti Vyas
 
PPTX
DISCHARGE FROM HOSPITAL (JHASKETAN )(1).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
Master3 Realms and Yoga All students by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
PPTX
what are the Talent pool in Odoo 19 Recruitment
byCeline George
 
PPTX
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
PPTX
Java Programming_BJD_Slideshare-Introduction.pptx
byBapusahebDange
 
PPTX
Palta Utsav Open to All Quiz Final Set.pptx
bySourav Kr Podder
 
PPTX
Throat painting and throat swab.....pptx
byAneetaSharma15
 
PDF
30 Ways Teachers Use AI in 2026 – Practical Classroom Workflows with Monsha f...
byMonsha.AI
 
PDF
Halogen-Derivatives.pdf/BY K SANDEEP SWAMY/FOR ONLINE CLASSES CONTACT 9491878325
bySandeep Swamy
 
PDF
eSAT-for-Teachers-2025-2028-ver.2-Nov2025 idp.pdf
byJunmelValientes
 
PPTX
When UDL is no longer enough: Examining post-UDL reflections on inclusive des...
byFrederic Fovet
 
PPTX
Prepositions of Place : English Grammar Presentation
byPintoo Dhillon
 
PDF
2.India-and-Her-Neighbours ppt.pdf/Social science Grade 7 part -2 By:K SANDE...
bySandeep Swamy
 
PPTX
How to add bank Account in Odoo 19
byCeline George
 
PPTX
CHAPTER NO. 09 HCP BY GG LABORATORY CLINICAL TEST
byGanu Gavade
 
PPTX
Complete and Detailed Overview of Odoo 18 Contact
byCeline George
 
PDF
ATOMIC-STRUCTURE.pdf/class 11 chemistry/IITJEE AND NEET/By: K SANDEEP SWAMY(M...
bySandeep Swamy
 
Capacity Building Programme for Teachers on Equitable and Inclusive Education
byMUKHTAR133762
 
History in your Hands Class 5 January 2026 online slides.pptx
byEilsONeill
 
Fidelity to Energy: A Critical Analysis of Baz Luhrmann’s Intersemiotic Trans...
byKruti Vyas
 
DISCHARGE FROM HOSPITAL (JHASKETAN )(1).pptx
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Master3 Realms and Yoga All students by LDMMIA
by©LDMMIA, ©Reiki Yoga
 
what are the Talent pool in Odoo 19 Recruitment
byCeline George
 
OCCULTISM IN JEHOVAH'S WITNESSES' ARTWORK
byDaniel Barnea
 
Java Programming_BJD_Slideshare-Introduction.pptx
byBapusahebDange
 
Palta Utsav Open to All Quiz Final Set.pptx
bySourav Kr Podder
 
Throat painting and throat swab.....pptx
byAneetaSharma15
 
30 Ways Teachers Use AI in 2026 – Practical Classroom Workflows with Monsha f...
byMonsha.AI
 
Halogen-Derivatives.pdf/BY K SANDEEP SWAMY/FOR ONLINE CLASSES CONTACT 9491878325
bySandeep Swamy
 
eSAT-for-Teachers-2025-2028-ver.2-Nov2025 idp.pdf
byJunmelValientes
 
When UDL is no longer enough: Examining post-UDL reflections on inclusive des...
byFrederic Fovet
 
Prepositions of Place : English Grammar Presentation
byPintoo Dhillon
 
2.India-and-Her-Neighbours ppt.pdf/Social science Grade 7 part -2 By:K SANDE...
bySandeep Swamy
 
How to add bank Account in Odoo 19
byCeline George
 
CHAPTER NO. 09 HCP BY GG LABORATORY CLINICAL TEST
byGanu Gavade
 
Complete and Detailed Overview of Odoo 18 Contact
byCeline George
 
ATOMIC-STRUCTURE.pdf/class 11 chemistry/IITJEE AND NEET/By: K SANDEEP SWAMY(M...
bySandeep Swamy
 

How to Build and Implement your Company's Information Security Program

  • 2.
    2 Practical and entertainingeducation for attorneys, accountants, business owners and executives, and investors.
  • 3.
    Disclaimer The material inthis webinar is for informational purposes only. It should not be considered legal, financial or other professional advice. You should consult with an attorney or other appropriate professional to determine what may be best for your individual needs. While Financial Poise™ takes reasonable steps to ensure that information it publishes is accurate, Financial Poise™ makes no guaranty in this regard. 3
  • 5.
    Meet the Faculty MODERATOR: KathrynNadro – Sugar, Felsenthal, Grais & Helsinger LLP PANELISTS: J. Eduardo Campos – Embedded-Knowledge, Inc. Anna Mercado Clark – Phillips Lytle LLP 5
  • 6.
    About This Webinar- Howto Build and Implement your Company's Information Security Program Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure? An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place. This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data. 6
  • 7.
    About This Series CyberSecurity & Data Privacy 2021 Cybersecurity and data privacy are critical topics of concern for every business in today’s environment. Data breaches are a threat to every business and can cause both direct losses from business interruption and loss of data to indirect losses from unwanted publicity and damage to your business’s reputation. Compliance with a patchwork of potentially applicable state and federal laws and regulations may cost your business in terms of money and time. This series discusses the various laws and regulations that affect businesses in the United States and in Europe, as well as the best practices to use in creating an information security program and preparing for and responding to data breaches. Each Financial Poise Webinar is delivered in Plain English, understandable to investors, business owners, and executives without much background in these areas, yet is of primary value to attorneys, accountants, and other seasoned professionals. Each episode brings you into engaging, sometimes humorous, conversations designed to entertain as it teaches. Each episode in the series is designed to be viewed independently of the other episodes so that participants will enhance their knowledge of this area whether they attend one, some, or all episodes. 7
  • 8.
    Episodes in thisSeries #1 Introduction to US Privacy and Data Security: Regulations and Requirements Premiere date: 08/04/21 #2: Introduction to EU General Data Protection Regulation: Planning, Implementation, and Compliance Premiere date: 9/01/21 #3: How to Build and Implement your Company's Information Security Program Premiere date: 10/06/21 #4: Data Breach Response: Before and After the Breach Premiere date: 11/03/21 8
  • 9.
    Episode #3: Howto Build and Implement your Company's Information Security Program 9
  • 10.
    Introduction • Information securityprograms are a documented set of a company or agency’s information security policies, guidelines and procedures • Majority of security programs aim to assess risk, monitor threats, and mitigate cyber security attacks • Massachusetts and New York are currently the only states with strict information security requirements √ Other states starting to implement similar laws • Implemented in any industry that deals with personally identifiable information
  • 11.
    Information Security Programs– Then and Now • Early information security efforts identified confidentiality, integrity, and availability (“CIA Triad”) as primary security factors • The rise of information security programs - √ 1967 - military computers were hacked and CIA Triad found to be inadequate - not much was changed √ 1970s - “phreakers” exploit vulnerabilities in telephone network to make free long- distance calls √ 1980s - First National Bank of Chicago hacked for $70 million √ 1990s & 2000s - computers become targets as more people provide personal information online
  • 12.
    Information Security Programs– Then and Now • Today, the CIA Triad eventually evolved into “Parkerian Hexad” √ Parkerian Hexad factors – o Confidentiality/control o Information integrity o Authenticity o Availability o Utility
  • 13.
    What is InformationSecurity? • Information security refers to processes and methodologies designed and implemented to protect print, electronic, or any other form of information or data, including – √ Confidential, private, and sensitive information; or √ Data derived from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption
  • 14.
    Information Security vs.Computer Security vs. Information Assurance • Share the common goals of protecting confidentiality, integrity, and availability of information • Terms used interchangeably but do not have the exact same meaning √ Differences lie in the approach to subject, methodologies used, and areas of concentration • Information security is concerned with the protection of the CIA Triad regardless of the form the data may take: print, electronic, or other
  • 15.
    What Information isProtected? • Personally identifiable information (PII) or sensitive personal information √ Home address √ Social security # √ Credit card # √ Date birth √ Username or account number with password and/or access code
  • 16.
    What Information isProtected? (cont’d) • Health information √ Medical records • Other proprietary information √ Financial data • Trade secrets
  • 17.
    Key Elements ofan Effective Information Security Program (ISP) • Purpose • Scope • Information security objectives √ CIA Triad • Authority and access control policy • Classification of data • Data support and operations • Security awareness sessions • Responsibilities and duties of personnel • Relevant laws
  • 18.
    The Purpose • Differentinstitutions may create ISPs for various reasons, but they generally share few similarities, including - √ Establish a general approach to information security √ Detect and forestall the compromise of information security • o i.e. misuse of data, networks, computer systems and applications √ Protect reputation of the company with respect to its ethical and legal obligations √ Recognize the rights of customers o i.e. providing effective mechanism for responding to complaints
  • 19.
    The Scope • Generally,ISPs address: √ All data √ Programs √ Systems √ Facilities √ Other tech infrastructure
  • 20.
    Information Security Objectives •An organization looking to implement ISP needs to have well-defined objectives • Information security systems are deemed to safeguard 3 main objectives - √ Confidentiality √ Integrity √ Availability
  • 21.
    The CIA Triad •Confidentiality √ Controlling who gets to read information √ Ensuring only individuals who need access to this information to do their jobs get to see it √ Access restricted to only authorized individuals • Integrity √ Ensuring information and programs are changed only in a specified and authorized manner o E.g. information has not been tampered with or deleted by those with unauthorized access
  • 22.
    The CIA Triad(cont’d) • Availability √ Ensuring authorized users have continued access to information and resources o Information is readily available to those who need it to successfully conduct an organization’s business
  • 23.
    Authority Access &Control Policy • Typically, a security policy has a hierarchical pattern: √ Junior staff usually bound not to share the little amount of information they have unless explicitly authorized √ Senior manager may have enough authority to make a decision on what data can be shared and with whom √ Policies governing senior employees may not be the same policy governing junior employees √ ISP should address every basic position in the organization with specifications that will clarify their authoritative status
  • 24.
    Classification of Data •Data can have different value and thus may impose separation and specific handling regimes/procedures for each kind of data • Information classification system is commonly sorted as: √ High risk or highly confidential class √ Confidential class √ Public class
  • 25.
    Classification of Data(cont’d) • High risk class - generally data protected by state and/or federal legislation or regulations √ Information covered under HIPAA, FERPA, or other federal regulations √ Financial data √ Payroll √ Personnel (privacy requirements) • Confidential Class √ Data in this class may not be covered by any laws or regulations, but the data owner judges that it should be protected against unauthorized disclosure √ Information protected by NDAs, trade secrets, confidential business information •
  • 26.
    Classification of Data(cont’d) • Public Class √ Information freely distributed • Data owners should determine both the data classification and the exact measures a data custodian needs to take to preserve integrity in accordance to that level
  • 27.
    Data Support andOperations • The regulation of general system mechanisms responsible for data protection n √ Data backup √ Movement of data
  • 28.
    Security Awareness EmployeeMeetings • Security awareness training could help provide employees with information regarding how to collect/use/delete data, maintain data quality, records management, confidentiality, privacy, appropriate utilization of IT systems, correct usage of social networking, etc.
  • 29.
    Responsibilities and Dutiesof Personnel • Not unusual for institutions to hire an ISP person with the sole responsibility for √ implementation √ education and training √ incident response √ user access reviews √ periodic updates of an ISP
  • 30.
    Relevant Laws andOther ISP Items • An ISP is likely to include reference to relevant laws √ i.e. HIPAA, GLBA, international data protection laws like the EU General Data Protection Regulation (GDPR) • ISP may also include - √ Virus Protection Procedure √ Intrusion Detection Procedure √ Remote Work Procedure √ Technical Guidelines √ Consequences for Non-compliance √ Disciplinary Actions √ Terminated Employees
  • 31.
    Massachusetts Standard: 201C.M.R. 17 • Standards for the Protection of Personal Information of Residents of the Commonwealth • Implemented in 2010 - the top personal information protection law in the US when enacted • Makes every person or entity that owns personal information of a Massachusetts resident to adopt a written information security program (WISP) designed with appropriate safeguards
  • 32.
    Massachusetts Information SystemLaw • In Massachusetts, every information security program must include: √ At least one employee maintaining the information security program; √ Identify foreseeable security risks, both internal and external; √ Employee security policies dealing with access and transportation of personal information outside of the business; √ Disciplinary measures for violations; √ Methods of how to prevent terminated employees from reaching personal information.
  • 33.
    Massachusetts Information SystemLaw (cont’d) √ Oversee third-party service providers by taking reasonably steps to adopt and maintain security measures consistent with the entity; √ Restrictions on stored personal information access; √ Regular monitoring to ensure compliance with the implemented information security program and stop unauthorized access; √ Annual review of the security program, or whenever there is a material change in the business practices; and √ Document any incident involving a security breach and actions taken in response to breaches, and any review of business practices to protect personal information, if necessary.
  • 34.
    NY Department ofFinancial Services Cybersecurity Regulation, 23 NYCRR Part 500 • Requires that all financial service companies maintain an ISP √ Any company regulated by the Department of Financial Services √ Exceptions - o Organization with fewer than 10 employees, less than $5 million in gross annual revenue for three years, or less than $10 million in year-end total assets
  • 35.
    NY Department ofFinancial Services Cybersecurity Regulation • The ISP must address: √ information security; √ data governance and classification; √ asset inventory and device management; √ access controls and identity management; √ business continuity and disaster recovery planning and resources; √ systems operations and availability concerns; √ systems and network security; √ systems and network monitoring;
  • 36.
    NY Department ofFinancial Services Cybersecurity Regulation (cont’d) • The ISP must address: √ systems and application development and quality assurance; √ physical security and environmental controls; √ customer data privacy; √ vendor and Third Party Service Provider management; √ risk assessment; and √ incident response.
  • 37.
    NY Stop Hacksand Improve Electronic Data Act (“SHIELD Act”) • Expands NY breach notification law and imposes data security program requirements on businesses that possess the private information of New York State residents • • Applies regardless of whether the businesses have any physical presence in New York State • Program requirements include administrative, technical, and physical safeguards for detecting and responding to intrusions and maintaining security of information • Businesses subject to and in compliance with Gramm-Leach-Bliley, HIPAA, or the NY Dept. of Financial Services Cybersecurity Requirements are exempted from this requirement under the SHIELD Act
  • 38.
    NY Stop Hacksand Improve Electronic Data Act (“SHIELD Act”) (cont’d) • Limited reprieve for “small businesses” with fewer than fifty employees, less than $3 million in gross revenues in the last three fiscal years, or less than $5 million in year-end total assets • Expands the definition of “private information” subject to NY data breach notification law • NY Attorney General can pursue civil penalties, but there is no private right of action
  • 39.
    California Consumer PrivacyAct • Effective January 1, 2020 • Mandates companies do the following: √ Inform consumers about the categories of personal information collected and the purposes for which the information is being used; √ Respond to verifiable consumer requests to access certain information; √ Allow customers to opt-out of the sale of their personal information; and √ Enable consumers (subject to carve outs) to request that businesses delete their personal information.
  • 40.
    California Consumer PrivacyAct (cont’d) • Applies to business if they are for-profit businesses that collect and control California residents’ personal information, do business in California, and satisfy one of the following: √ Have annual gross revenues in excess of $25 million, or √ Receive or disclose the personal information of 50,000 or more California residents, households, or devices on an annual basis, or √ Derive 50 percent or more of their annual revenues from selling California residents’ personal information.
  • 41.
    CCPA Private Rightof Action • Limited private right of action for consumers when there is an “unauthorized access and exfiltration, theft, disclosure of a consumer’s nonencrypted or nonredacted personal information” for a business’s violation of “the duty to implement and maintain reasonable security procedures and practices” • Consumer has to give the business 30 days to cure the alleged violation and to respond with a written statement that the violation has been cured √ Consumers can then bring a civil suit for statutory damages of between $100 and $750 “per consumer per incident or actual damages, whichever is greater.” o Cal. Civ. Code § 1798.150(a)(1)(A) • Attorney General may also issue fines of up to $7,500 per violation, with maximum penalties reserved for intentional noncompliance
  • 42.
    What Businesses Subjectto CCPA Should Do • While there is no explicit requirement for an information security program in the CCPA, having one in place will help defend a business from an accusation that it didn’t “maintain reasonable security procedures and practices” prior to any data breach √ In 2016, the California Attorney General issued a “Data Breach Report” which identified safeguards the then-Attorney General viewed as constituting reasonable security practices, including data security controls published by the Center for Internet Security √ Those controls include a written information security program, oversight by a dedicated security officer or supervisor, employee training, vendor management, an incident response plan, and ongoing risk assessment and management
  • 43.
    Employee Maintaining theInformation Security Program • Employee is the designated officer for handling every aspect of the program. √ A designated security officer is responsible for coordinating and maintaining the security program. • This person should maintain independence by reporting to someone outside of the IT department.
  • 44.
    Assessing Risk • Whatrisks could your organization face? √ Examples: loss of data, unauthorized access, data corruption, hack, third-party data sharing, etc. • What would be appropriate, cost-effective management techniques for these risks?
  • 45.
    Additional Elements ofa Good Information Security Program • Designated security officer (DSO) • Risk Assessment • Policies and Procedures • Organizational security awareness • Regulatory standards compliance • Audit compliance plan
  • 46.
  • 47.
    About The Faculty KathrynNadro - knadro@sfgh.com Kathryn (“Katie”) Nadro leads Sugar Felsenthal Grais & Helsinger’s Data Security and Privacy practice. Katie advises clients on a diverse array of business matters, including data security and privacy compliance, commercial and business disputes, and employment issues. Katie works with individuals and businesses of all sizes to craft successful resolutions tailored to each individual matter. Katie is a Certified Information Privacy Professional (CIPP/US) and counsels clients on a variety of data security and privacy issues, including breach response, policy drafting, program management, data collection, vendor management, and compliance with ever-changing state, federal, and international privacy law. Katie also has broad litigation experience representing companies and individuals in contract, non-compete, discrimination, harassment, fiduciary duty, and trade secret litigation in state and federal court. With a background as both in-house and outside counsel, Katie understands that business objectives, time, and resources play an important role in reaching a favorable outcome for each client. 47
  • 48.
    About The Faculty AnnaMercado Clark - AClark@phillipslytle.com As leader of Phillips Lytle’s Data Security & Privacy and E-Discovery & Digital Forensics Practice Teams, Ms. Clark focuses on complex e-discovery and digital forensics, cybersecurity and data privacy, and complex commercial litigation. As a former Assistant District Attorney, she also handles white collar criminal matters and investigations. Additionally, Ms. Clark has been awarded the following ANSI-accredited credentials by the International Association of Privacy Professionals (IAPP): Certified Information Privacy Professional/Europe (CIPP/E) and Certified Information Privacy Professional for the U.S. Private Sector (CIPP/US), preeminent certifications for advanced concentration in European data protection laws and U.S. private-sector laws, standards and practices, respectively. Ms. Clark routinely counsels sophisticated clients on data governance issues to address business needs while minimizing risks and complying with a rapidly evolving regulatory landscape and other legal obligations. She has extensive experience advising businesses in the technology, consumer, health care and financial industries regarding information management and disposition policies, litigation readiness, data transfers, third-party/vendor negotiation and management relative to data administration, and disaster recovery and avoidance. To read more, go to https://www.financialpoise.com/webinar-faculty/anna-mercado-clark/ 48
  • 49.
    About The Faculty J.Eduardo Campos - jeduardo.campos@embedded-knowledge.com After creating business growth opportunities on four continents, J. Eduardo Campos spent thirteen years at Microsoft, first as a cybersecurity advisor, then leading innovative projects at the highest levels of government in the U.S. and abroad. Today, Eduardo is living his dream of building a better tomorrow through his consulting firm, Embedded-Knowledge, Inc. Working with organizations and entrepreneurs, he develops customized business strategies and forms partnerships focused on designing creative solutions to complex problems. 49
  • 50.
    Questions or Comments? Ifyou have any questions about this webinar that you did not get to ask during the live premiere, or if you are watching this webinar On Demand, please do not hesitate to email us at info@financialpoise.com with any questions or comments you may have. Please include the name of the webinar in your email and we will do our best to provide a timely response. IMPORTANT NOTE: The material in this presentation is for general educational purposes only. It has been prepared primarily for attorneys and accountants for use in the pursuit of their continuing legal education and continuing professional education. 50
  • 51.
    About Financial Poise 51 DailyDACLLC, d/b/a Financial Poise™ provides continuing education to attorneys, accountants, business owners and executives, and investors. It’s websites, webinars, and books provide Plain English, entertaining, explanations about legal, financial, and other subjects of interest to these audiences. Visit us at www.financialpoise.com Our free weekly newsletter, Financial Poise Weekly, updates you on new articles published on our website and Upcoming Webinars you may be interested in. To join our email list, please visit: https://www.financialpoise.com/subscribe/