SlideShare a Scribd company logo

Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)

Download as PPTX, PDF
P
Paul C. Van Slyke
1 of 14
CORPORATE DATA SECURITY BEST PRACTICES AND LEGAL COMPLIANCE PAUL C. VAN SLYKE HOOVER SLOVACEK HOUSTON TEXAS
OVERVIEW • 2014 – year of Data Breaches… Target, Sony, Neiman Marcus…….. • Industries with most breaches: Medical/healthcare, Education, financial services, retail/hospitality, real estate, professional services • Types of data: employer trade secrets, employer embarrassing information, employee and customer personal data, healthcare data • For every high-profile data breach, there are dozens of threats to small businesses' confidential information • In 2012, 50% of all targeted attacks were aimed at businesses with under 2,500 employees • High cost of a data breach
BEST PRACTICE PROTOCOLS • National Institute of Technology (NIST) Cybersecurity Frame Work • U.S. Dept. of Justice Best Practices for Victim Response and Reporting of Cyber Incidents • Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities • International Chamber of Commerce Cyber-Security Guide • Nat’l Assn. of Corporate Directors Cyber-Risk Oversight Handbook • California Attorney General Cyber Security in the Golden State
SOME MAJOR STATUTES • Healthcare Insurance Portability and Accountability Act – HIPPA • Gramm Leach Bliley Act (Glibba) • Federal Identify Theft • Payment Card Industry Protocols • Computer Fraud and Abuse Act • California – Identity Theft, Information Practices Act of 1977
MAJOR REGULATORS • Federal Trade Commission • Representations become misrepresentations –unfairness jurisdiction • GLB Act • California Attorney General- State Acts • Health and Human Services – HIPPA Act • U.S. Justice Dept.- Computer Fraud and Abuse Act
MAIN SOURCES OF INCIDENTS • Low hanging fruit • Employee Negligence • External theft of a device (theft of laptop or flash drive) • Employee theft (terminating employee) • Internet Phishing (employee training issue) • Internet Malware
RAPID DETECTION IS CRITICAL • If a company is slow to detect, or does not detect, it will face at least 4 major issues • Misses the opportunity to block the attack before it gets to critical data • Forensic data that could be used to precisely determine what occurred may be lost (e.g. logs are overwritten) • Story breaking publicity before the company is aware • When a third party breaks the story, the company is often force to discuss the incident before it can investigate and contain the incident • As a result, the company is more likely to be viewed as not handling the incident well
TOP PRIORITY STEPS BEFORE AN ATTACK • Identify your “Crown jewels” • Have an action plan in place • Rehearse you action plan • Have needed technology and services in place • Off-Site backup, intrusion detection, devices for logging network activity • Ensure legal counsel is familiar with technology and incident response plan • Engage with law enforcement – have established relationships with particular individuals • Create a crisis management plan
PRIVACY AND SECURITY STEPS • Check types of authentication and firewalls • Passwords sufficiently strong and changed regularly • When employees leave, is account on the network purged • Network intrusion detection or prevention system • Is encryption on network and mobile devices used? • Is logging enabled and stored for sufficient time? • Is up-to-date malware protection used? • Does company delete sensitive data no longer used?
PRE-INCIDENT DUE DILIGENCE • Assume you are a target! • Identify and map your data • Develop a records retention policy. If you don’t have it, it can’t be stolen • Audit contracts with vendors and business partners • Develop employee training on cybersecurity • Compare privacy notices with actual practices • Review cybersecurity insurance coverage • Limit access to those who have a need to know • Create a crisis management plan and team
INCIDENT RESPONSE TEAM • Create response plan and team leader • Include a C-Suite Executive • Define roles for each team member
CREATE A RESPONSE CHECKLIST • Don’t turn off computer • Notify managers within the company • Contact Law enforcement • Document potential scope of breach • Determine notification requirements • Determine whether to contact other victims • Make a forensic image of affected systems • Preserve all relevant communications • Block further access to the network
NOTIFICATION OF THE BREACH • Evaluate breach notification obligations • Evaluate coordination with law enforcement/regulators • Set corporate communications strategy • Follow crisis management policy
CONCLUSION • Paul C. Van Slyke, Attorney • Hoover Slovacek LLP • vanslyke@hooverslovacek.com • 713-735-4129

Recommended

How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 

Recommended

How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
Event Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsEvent Presentation: Cyber Security for Industrial Control Systems
Event Presentation: Cyber Security for Industrial Control SystemsInfonaligy
 
The Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityThe Hacking Team Hack: Lessons Learned for Enterprise Security
The Hacking Team Hack: Lessons Learned for Enterprise SecurityStephen Cobb
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Cyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCyber Security Overview for Small Businesses
Cyber Security Overview for Small BusinessesCharles Cline
 
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your MindBrian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mind
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
 
Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Dan Michaluk
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware lyLisa Young
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)AT-NET Services, Inc. - Charleston Division
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of CybersecurityTruShield Security Solutions
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015T. J. Saotome
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board informationAprio
 
Ceh intro
Ceh introCeh intro
Ceh introAnimesh Roy
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 
Hipervínculo 1°G
Hipervínculo 1°GHipervínculo 1°G
Hipervínculo 1°GMoisés Avelino López
 
Finalaya featured result_09jan2013
Finalaya featured result_09jan2013Finalaya featured result_09jan2013
Finalaya featured result_09jan2013Investors Empowered
 

More Related Content

What's hot

Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comAravind R
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Dan Michaluk
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Lucien Pierce
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...TruShield Security Solutions
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Latercentralohioissa
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecuritycentralohioissa
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015T. J. Saotome
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board informationAprio
 
Cyber security
Cyber securityCyber security
Cyber securityEduonix
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessEric Schiowitz
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actorsOWASP EEE
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2MLG College of Learning, Inc
 

What's hot (20)

Cybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.comCybersecurity Basics - Aravindr.com
Cybersecurity Basics - Aravindr.com
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014
 
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
Cybercrime: 5 Practical Tips for Law Firms on Avoiding Financial & Reputation...
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
Penetration Testing and Vulnerability Assessments: Examining the SEC and FINR...
 
Deral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail LaterDeral Heiland - Fail Now So I Don't Fail Later
Deral Heiland - Fail Now So I Don't Fail Later
 
Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)Webinar cybersecurity presentation-6-2018 (final)
Webinar cybersecurity presentation-6-2018 (final)
 
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about CybersecurityMark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
Mark Villinski - Top 10 Tips for Educating Employees about Cybersecurity
 
The Current State of Cybersecurity
The Current State of CybersecurityThe Current State of Cybersecurity
The Current State of Cybersecurity
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015DRC -- Cybersecurity concepts2015
DRC -- Cybersecurity concepts2015
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board information
 
Ceh intro
Ceh introCeh intro
Ceh intro
 
Cyber security
Cyber securityCyber security
Cyber security
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors[Bucharest] Catching up with today's malicious actors
[Bucharest] Catching up with today's malicious actors
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
 

Viewers also liked

Finalaya featured result_09jan2013
Finalaya featured result_09jan2013Finalaya featured result_09jan2013
Finalaya featured result_09jan2013Investors Empowered
 
CFM statement - pray for a nation in crisis - english - final 11 nov 2016
CFM statement - pray for a nation in crisis - english - final 11 nov 2016CFM statement - pray for a nation in crisis - english - final 11 nov 2016
CFM statement - pray for a nation in crisis - english - final 11 nov 2016Sivin Kit
 
Contexto social y económico
Contexto social y económicoContexto social y económico
Contexto social y económicovanessaquen95
 
Richie Bello Executive Training
Richie Bello Executive Training Richie Bello Executive Training
Richie Bello Executive Training Richie Bello ✅
 
ESTILO DE APRENDIZAJE
ESTILO DE APRENDIZAJE ESTILO DE APRENDIZAJE
ESTILO DE APRENDIZAJE vanessaquen95
 
Social Media Marketing Strategy RDX.PPTX
Social Media Marketing Strategy RDX.PPTXSocial Media Marketing Strategy RDX.PPTX
Social Media Marketing Strategy RDX.PPTXHassan Gulzar
 
Inkster Aux PD Training Certificate
Inkster Aux PD Training CertificateInkster Aux PD Training Certificate
Inkster Aux PD Training CertificateJoe Buford
 
Trabajo 2 redes sociales
Trabajo 2 redes socialesTrabajo 2 redes sociales
Trabajo 2 redes socialesvanessaquen95
 
Bab iii dasar & lingkup akuntansi
Bab iii dasar & lingkup akuntansiBab iii dasar & lingkup akuntansi
Bab iii dasar & lingkup akuntansiAzwan Habibie
 
Indonesia OneSearch: Latar Belakang, Road Map, dan Progress
Indonesia OneSearch: Latar Belakang, Road Map, dan ProgressIndonesia OneSearch: Latar Belakang, Road Map, dan Progress
Indonesia OneSearch: Latar Belakang, Road Map, dan ProgressIsmail Fahmi
 
ID IGF 2016 - Hukum 2 - Cybersecurity dan HAM
ID IGF 2016 - Hukum 2 - Cybersecurity dan HAMID IGF 2016 - Hukum 2 - Cybersecurity dan HAM
ID IGF 2016 - Hukum 2 - Cybersecurity dan HAMIGF Indonesia
 

Viewers also liked (20)

Hipervínculo 1°G
Hipervínculo 1°GHipervínculo 1°G
Hipervínculo 1°G
 
Finalaya featured result_09jan2013
Finalaya featured result_09jan2013Finalaya featured result_09jan2013
Finalaya featured result_09jan2013
 
CFM statement - pray for a nation in crisis - english - final 11 nov 2016
CFM statement - pray for a nation in crisis - english - final 11 nov 2016CFM statement - pray for a nation in crisis - english - final 11 nov 2016
CFM statement - pray for a nation in crisis - english - final 11 nov 2016
 
Andamio de computadoras-1°G
Andamio de computadoras-1°GAndamio de computadoras-1°G
Andamio de computadoras-1°G
 
Contexto social y económico
Contexto social y económicoContexto social y económico
Contexto social y económico
 
Richie Bello Executive Training
Richie Bello Executive Training Richie Bello Executive Training
Richie Bello Executive Training
 
Tom Leenders - Ready for liftoff!
Tom Leenders - Ready for liftoff!Tom Leenders - Ready for liftoff!
Tom Leenders - Ready for liftoff!
 
Aqualibro Fascículo 6
Aqualibro Fascículo 6Aqualibro Fascículo 6
Aqualibro Fascículo 6
 
ESTILO DE APRENDIZAJE
ESTILO DE APRENDIZAJE ESTILO DE APRENDIZAJE
ESTILO DE APRENDIZAJE
 
Bienestar bio psicosocial
Bienestar bio psicosocialBienestar bio psicosocial
Bienestar bio psicosocial
 
Social Media Marketing Strategy RDX.PPTX
Social Media Marketing Strategy RDX.PPTXSocial Media Marketing Strategy RDX.PPTX
Social Media Marketing Strategy RDX.PPTX
 
Inkster Aux PD Training Certificate
Inkster Aux PD Training CertificateInkster Aux PD Training Certificate
Inkster Aux PD Training Certificate
 
Trabajo 2 redes sociales
Trabajo 2 redes socialesTrabajo 2 redes sociales
Trabajo 2 redes sociales
 
India Magdalena
India MagdalenaIndia Magdalena
India Magdalena
 
Molinero Tejeda
Molinero TejedaMolinero Tejeda
Molinero Tejeda
 
Pedro Vargas
Pedro VargasPedro Vargas
Pedro Vargas
 
Bab iii dasar & lingkup akuntansi
Bab iii dasar & lingkup akuntansiBab iii dasar & lingkup akuntansi
Bab iii dasar & lingkup akuntansi
 
Indonesia OneSearch: Latar Belakang, Road Map, dan Progress
Indonesia OneSearch: Latar Belakang, Road Map, dan ProgressIndonesia OneSearch: Latar Belakang, Road Map, dan Progress
Indonesia OneSearch: Latar Belakang, Road Map, dan Progress
 
ID IGF 2016 - Hukum 2 - Cybersecurity dan HAM
ID IGF 2016 - Hukum 2 - Cybersecurity dan HAMID IGF 2016 - Hukum 2 - Cybersecurity dan HAM
ID IGF 2016 - Hukum 2 - Cybersecurity dan HAM
 
02 kisi kisi-2014
02 kisi kisi-201402 kisi kisi-2014
02 kisi kisi-2014
 

Similar to Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)

Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team SportQuarles & Brady
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessNicholas Davis
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraIGN MANTRA
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and HealthcareJonathon Coulter
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas IndonesiaIGN MANTRA
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarConcept Searching, Inc
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Emily2014
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Robi Sen
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxAkramAlqadasi1
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxJkYt1
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityStephen Cobb
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 

Similar to Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D) (20)

Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Top Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your BusinessTop Cybersecurity Challenges Facing Your Business
Top Cybersecurity Challenges Facing Your Business
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantraWorkshop incident response n handling-bssn 12 nop 2019-ignmantra
Workshop incident response n handling-bssn 12 nop 2019-ignmantra
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Cyber Security and Healthcare
Cyber Security and HealthcareCyber Security and Healthcare
Cyber Security and Healthcare
 
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia
 
How To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 WebinarHow To Eliminate Security Exposures in Office 365 Webinar
How To Eliminate Security Exposures in Office 365 Webinar
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities Identifying Your Agency's Vulnerabilities
Identifying Your Agency's Vulnerabilities
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...Everything is not awesome: The rising threat of Cyber-attack and what to do a...
Everything is not awesome: The rising threat of Cyber-attack and what to do a...
 
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptxColorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
Colorado-Society-of-CPAs-Cybersecurity-Presentation-v3_Feb8.pptx
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
 
nist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptxnist_small_business_fundamentals_july_2019.pptx
nist_small_business_fundamentals_july_2019.pptx
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
Using Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber SecurityUsing Technology and People to Improve your Threat Resistance and Cyber Security
Using Technology and People to Improve your Threat Resistance and Cyber Security
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 

Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)

  • 1. CORPORATE DATA SECURITY BEST PRACTICES AND LEGAL COMPLIANCE PAUL C. VAN SLYKE HOOVER SLOVACEK HOUSTON TEXAS
  • 2. OVERVIEW • 2014 – year of Data Breaches… Target, Sony, Neiman Marcus…….. • Industries with most breaches: Medical/healthcare, Education, financial services, retail/hospitality, real estate, professional services • Types of data: employer trade secrets, employer embarrassing information, employee and customer personal data, healthcare data • For every high-profile data breach, there are dozens of threats to small businesses' confidential information • In 2012, 50% of all targeted attacks were aimed at businesses with under 2,500 employees • High cost of a data breach
  • 3. BEST PRACTICE PROTOCOLS • National Institute of Technology (NIST) Cybersecurity Frame Work • U.S. Dept. of Justice Best Practices for Victim Response and Reporting of Cyber Incidents • Cybersecurity Best Practices for Small and Medium Pennsylvania Utilities • International Chamber of Commerce Cyber-Security Guide • Nat’l Assn. of Corporate Directors Cyber-Risk Oversight Handbook • California Attorney General Cyber Security in the Golden State
  • 4. SOME MAJOR STATUTES • Healthcare Insurance Portability and Accountability Act – HIPPA • Gramm Leach Bliley Act (Glibba) • Federal Identify Theft • Payment Card Industry Protocols • Computer Fraud and Abuse Act • California – Identity Theft, Information Practices Act of 1977
  • 5. MAJOR REGULATORS • Federal Trade Commission • Representations become misrepresentations –unfairness jurisdiction • GLB Act • California Attorney General- State Acts • Health and Human Services – HIPPA Act • U.S. Justice Dept.- Computer Fraud and Abuse Act
  • 6. MAIN SOURCES OF INCIDENTS • Low hanging fruit • Employee Negligence • External theft of a device (theft of laptop or flash drive) • Employee theft (terminating employee) • Internet Phishing (employee training issue) • Internet Malware
  • 7. RAPID DETECTION IS CRITICAL • If a company is slow to detect, or does not detect, it will face at least 4 major issues • Misses the opportunity to block the attack before it gets to critical data • Forensic data that could be used to precisely determine what occurred may be lost (e.g. logs are overwritten) • Story breaking publicity before the company is aware • When a third party breaks the story, the company is often force to discuss the incident before it can investigate and contain the incident • As a result, the company is more likely to be viewed as not handling the incident well
  • 8. TOP PRIORITY STEPS BEFORE AN ATTACK • Identify your “Crown jewels” • Have an action plan in place • Rehearse you action plan • Have needed technology and services in place • Off-Site backup, intrusion detection, devices for logging network activity • Ensure legal counsel is familiar with technology and incident response plan • Engage with law enforcement – have established relationships with particular individuals • Create a crisis management plan
  • 9. PRIVACY AND SECURITY STEPS • Check types of authentication and firewalls • Passwords sufficiently strong and changed regularly • When employees leave, is account on the network purged • Network intrusion detection or prevention system • Is encryption on network and mobile devices used? • Is logging enabled and stored for sufficient time? • Is up-to-date malware protection used? • Does company delete sensitive data no longer used?
  • 10. PRE-INCIDENT DUE DILIGENCE • Assume you are a target! • Identify and map your data • Develop a records retention policy. If you don’t have it, it can’t be stolen • Audit contracts with vendors and business partners • Develop employee training on cybersecurity • Compare privacy notices with actual practices • Review cybersecurity insurance coverage • Limit access to those who have a need to know • Create a crisis management plan and team
  • 11. INCIDENT RESPONSE TEAM • Create response plan and team leader • Include a C-Suite Executive • Define roles for each team member
  • 12. CREATE A RESPONSE CHECKLIST • Don’t turn off computer • Notify managers within the company • Contact Law enforcement • Document potential scope of breach • Determine notification requirements • Determine whether to contact other victims • Make a forensic image of affected systems • Preserve all relevant communications • Block further access to the network
  • 13. NOTIFICATION OF THE BREACH • Evaluate breach notification obligations • Evaluate coordination with law enforcement/regulators • Set corporate communications strategy • Follow crisis management policy
  • 14. CONCLUSION • Paul C. Van Slyke, Attorney • Hoover Slovacek LLP • vanslyke@hooverslovacek.com • 713-735-4129