SlideShare a Scribd company logo

Integrating Federal Data Security Regulations

Download as PPTX, PDF
Robert Craig
Robert Craig

The document summarizes key topics from a presentation on integrating federal regulatory initiatives related to data security laws and regulations. It discusses the FTC's authority to enforce reasonable security practices and outlines the SEC's transparency standards for releasing details about cyber incidents. The summary is: The FTC enforces reasonable security standards through Section 5 of the FTC Act and establishes pillars of assessment, risk management, and response planning. The SEC provides disclosure guidelines requiring details on cyber risks, controls, and procedures, and may turn guidelines into standards for transparency. The presentation also reviewed responding to SEC inquiries regarding data breach policies.

Government & Nonprofit
1 of 18
Integrating the Latest Federal Regulatory Initiatives into Practice through an Examination of Data Security Laws and Regulations Robert Craig, CISSP. Direct Support to the CISO Insider Threat Intelligence Agency February x, 2015 This was intended for a Marcus Evans event to be held in Washington DC in February 2015, which was cancelled. There were a few more SEC slides to be developed.
Topics  Reviewing FTC regulation and compliance policies.  Releasing details on an attack in compliance with SEC’s transparency standards.  Predicting the future directions of federal regulations
NMCIWG: Daily Computer Threat News Tuesday, January 06, 2015 • The hidden dangers of third party code in free apps • PayPal complete account hijacking bug gets fix, no award given • Morgan Stanley says wealth management employee stole client data • Three Million MoonPig customer accounts exposed by flaw Monday, January 05, 2015 • Target hackers hit OneStopParking.com • Microsoft Goes After More Tech Support Scammers • 2014 was the year hacking became the norm • Lizard Squad launches $6 DDoS tool • Snooki's Instagram Is Hacked • 5 Small Business Takeaways from Sony’s Hack • Majority of 4G USB Modems Vulnerable And SIM Cards Exploitable Via SMS • Sony: PlayStation Network is back online now, really • Exploit for Android same origin policy flaw is leveraged against Facebook users • Internet Systems Consortium website has been compromised to serve malware • FBI Probes If Banks Hacked Back as Firms Explore Cyber Offensive • Lizard Squad Member Said Group Provided Log-Ins Used In Sony Attack • Low-risk 'worm' removed at hacked South Korea nuclear operator • Hackers Compromise Official Bryan Adams Website • France Passes Online Surveillance Law That Makes It Legal to Spy on Internet Users Monday, December 29, 2014 • Malware families distributed through malicious campaign targeting WordPress sites • Rackspace restored after DDOS takes out DNS • FBI Investigating Hacker Group over Xbox Live and Playstation Network Attacks • Hackers claim to have exposed Sony, PlayStation personal data • Bad, bad Internet news: Internet Systems Consortium site hacked • Hacker Generates Fingerprint of German Defense Minister from Public Photos • Cyber attack on Angela Merkel aide: Report • Beware! Hackers are eyeing your car’s safety features to extort money • South Korea Says Nuclear Reactors Safe After Cyber-attacks • Thunderstrike Mac Attack Achieves Persistence • U.S. firm finds malware targeting visitors to Afghan govt websites • Children’s Hospital pays $40,000 over stolen data • Meet Anunak - The Hacker Crew That Owned Staples and Earned $18m In 2014
4
 “Only federal agency with the authority to enforce such a standard across broad swaths of the U.S. economy”.  Main legal authority in the data security space is provided by:  Section 5 of the FTC Act  Ability to stop unfair or deceptive acts or practices.  Other data security enforcement authorities:  Gramm-Leach-Bliley Act and the Safeguards Rule,  Fair Credit Reporting Act,  The HIPAA HITECH Act,  Children’s Online Privacy Protection Act and its implementing rule. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission Legal Authorities FTC FTC Act Section 5 Unfair or Deceptive Acts or Practices United States Code Title 15 Chapter 2, Subchapter I, Section 45 Public Law 109-455
 Practices the ‘pillars of reasonable security’  Established through settlements (> 50 data security cases).  Assessing and addressing security risks must be a continuous process.  There is no single, right way to do these assessments.  Depends on the volume and sensitivity of information the company holds  Cost of the tools that are available to address vulnerabilities, and other factors.  NIST Framework takes a similar approach by identifying different risk management practices and defining different levels of implementation. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission Security ‘Threshold’ FTC
 Companies are accountable for their practices and the representations they make.  FTC applies Section 5 to other commercial activities is considered appropriate and consistent.  Actions are brought when systemic failures in a company’s data security practices are discovered. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission ‘reasonable security practices‘ FTC  FTC’s data security enforcement actions initially focused on deception.  The key difference between unfairness and deception is that unfairness may be applicable even in the absence of a representation or omission in information presented to consumers.  Recent data security cases show that Section 5 is up to the task of protecting consumers in the rapidly changing environment of mobile technology and ‘apps’.
 Emphasizes companies need to implement practices that are appropriate for their businesses.  Do a risk assessment.  Minimize personal information about consumers.  Implement technical and physical safeguards.  Train employees to handle personal information properly.  Have a plan in place to respond to any security incidents that occur. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission ‘reasonable security practices‘ FTC
 “Section 5 is up to the task of protecting consumers in the rapidly changing environment of mobile technologies”.  Mobile devices and ‘apps’ can leave a broad range of sensitive personal information at risk.  FTC brought enforcement actions against two popular ‘apps’.  Credit Karma and Fandango.  ‘Apps’ contained flawed implementations of the Secure Sockets Layer (SSL) protocol, which is a common means for encrypting data in transit.  Susceptible to “man in the middle attacks,” in which an impostor could pose as a legitimate data recipient and collect highly sensitive information from consumers – including Social Security numbers in the case of Credit Karma, and credit card information in the case of Fandango.  FTC alleged companies had overrode more secure default settings and failed to test adequately. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission Mobile Technology FTC
SEC Releasing details of a cyber incident Compliance with the SEC’s transparency standards
 SEC issued a set of disclosure guidelines in 2011.  Companies to disclose any potential cyber risk.  Possible effects of that risk.  Status of internal controls.  Risk management procedures in place.  SEC is revisiting the issue and considering turning guidelines into standards.  Desired Outcome: Companies will have to live up to the level of transparency their investors have come to expect. Source: The Security Ratings Blog, “How can the SEC become the primary regulator of corporate cyber security?”, Posted by Ben Fagan, LinkedIn, Aug 6, 2014 9:00:00 AM Releasing details of a cyber incident Compliance with the SEC’s transparency standards SEC
 Minimum standard for breach transparency would hold companies accountable for their security procedures.  Desired Outcome: To make it more likely that companies would regularly measure security performance.  Desired Outcome: Rather than be subject to investigation by the SEC, companies would hopefully opt to improve their standing with the Commission and shareholders by properly reporting security breaches. Source: The Security Ratings Blog, “How can the SEC become the primary regulator of corporate cyber security?”, Posted by Ben Fagan, LinkedIn, Aug 6, 2014 9:00:00 AM Releasing details of a cyber incident Compliance with the SEC’s transparency standards SEC
Securities and Exchange Commission Division of Corporation Finance CF Disclosure Guidance: Topic No. 2 “Cybersecurity” October 13, 2011  Laws are designed to elicit disclosure of timely, comprehensive, and accurate information.  Risks and events that a reasonable investor would consider important to an investment decision.2  Material information regarding cybersecurity risks and cyber incidents is required to be disclosed:  In order to make other required disclosures, in light of the circumstances under which they are made, not misleading.3  Disclose the risk of cyber incidents if issues are among the most significant factors that make an investment in the company speculative or risky.4 SEC
SEC – Disclosure Guidance : Risk Factors  Determining if a risk factor disclosure is required:  Evaluate cybersecurity risks and take into account all available relevant information.  Prior cyber incidents and the severity and frequency of those incidents.  Probability of cyber incidents occurring.  Quantitative and qualitative magnitude of those risks.  Potential costs and other consequences from misappropriation of assets or sensitive information, corruption of data or operational disruption.  Adequacy of preventative actions taken to reduce cybersecurity risks (context of the industry in which they operate).  Cybersecurity risk disclosure must adequately describe the nature of the material risks and specify how each risk affects the registrant.  Do not present risks that could apply to any issuer or any offering and avoid generic risk factor disclosure.5 SEC
 Disclosures may include:  Discussion of business or operations that give rise to material cybersecurity risks and the potential costs and consequences.  Extent of outsourcing functions that have material cybersecurity risks.  Description of those functions and how those risks are addressed.  Description of cyber incidents that have been experienced that are individually, or in the aggregate, material to incident.  Include a description of the costs and other consequences.  Risks related to cyber incidents that may remain undetected for an extended period.  Description of relevant insurance coverage. SEC – Disclosure Guidance : Description SEC
 Disclose known or threatened cyber incidents to place the discussion of cybersecurity risks in context.  For example, if a registrant experienced a material cyber attack in which malware was embedded in its systems and customer data was compromised, it likely would not be sufficient for the registrant to disclose that there is a risk that such an attack may occur.  Instead, as part of a broader discussion of malware or other similar attacks that pose a particular risk, the registrant may need to discuss the occurrence of the specific attack and its known and potential costs and other consequences.  Provide disclosure tailored to particular circumstances.  Avoid generic “boilerplate” disclosure.  Provide sufficient disclosure to allow investors to appreciate the nature of the risks faced.  SEC reiterates that the federal securities laws do not require disclosure that itself would compromise cybersecurity. SEC – Disclosure Guidance : Description (continued) SEC
Responding to SEC Inquiries Concerning: Data Breach and Data Security Policies  Jurisdiction over the policies and practices of the securities industry  Ensures the integrity of the securities exchanges, and provide investor protection.  Conducts periodic examinations of industry participants  Investment Banks, Asset Managers, Hedge Funds, and Mutual Funds  Requires regulated entities to perform a risk assessment of various cybersecurity risks and adopt written policies and procedures. Source: Marc Powers on October 28, 2014 Posted in http://www.dataprivacymonitor.com/category/data-breaches/ SEC
Federal Draft Legislation (2014)

Recommended

MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 

Recommended

MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceStatewide Insurance Brokers
 
The digital economy and cybersecurity
The digital economy and cybersecurityThe digital economy and cybersecurity
The digital economy and cybersecurityMark Albala
 
Axxera End Point Security Protection
Axxera End Point Security ProtectionAxxera End Point Security Protection
Axxera End Point Security ProtectionShawn Crimson
 
idg_secops-solutions
idg_secops-solutionsidg_secops-solutions
idg_secops-solutionsJonny Nässlander
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomStanford GSB Corporate Governance Research Initiative
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bbmarukanda
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceBrian Arellanes
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 
DatumBox
DatumBoxDatumBox
DatumBoxluciCondescu
 
marysresume-2015
marysresume-2015marysresume-2015
marysresume-2015Mary Jennings
 

More Related Content

What's hot

Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Ben Griffith
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bbmarukanda
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceBrian Arellanes
 
You Are the Target
You Are the TargetYou Are the Target
You Are the TargetEMC
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShowAdam Heller
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyMark Albala
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook Kristin Judge
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)PwC France
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentationBradford Bach
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 febmharbpavia
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignStephanie Holman
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityPixel Crayons
 

What's hot (20)

Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
Hacking Municipal Government Best Practices for Protection of Sensitive Loc...
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
Critical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the BoardroomCritical Update Needed: Cybersecurity Expertise in the Boardroom
Critical Update Needed: Cybersecurity Expertise in the Boardroom
 
Ict forensics and audit bb
Ict forensics and audit bbIct forensics and audit bb
Ict forensics and audit bb
 
HE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSourceHE Mag_New Cyber Threats_ITSource
HE Mag_New Cyber Threats_ITSource
 
You Are the Target
You Are the TargetYou Are the Target
You Are the Target
 
Fall2015SecurityShow
Fall2015SecurityShowFall2015SecurityShow
Fall2015SecurityShow
 
Why is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economyWhy is cyber security a disruption in the digital economy
Why is cyber security a disruption in the digital economy
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
 
Cyber for Counties Guidebook
Cyber for Counties Guidebook Cyber for Counties Guidebook
Cyber for Counties Guidebook
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
Etude PwC/CIO/CSO sur la sécurité de l'information (2014)
 
Data breach presentation
Data breach presentationData breach presentation
Data breach presentation
 
Final cyber risk report 24 feb
Final cyber risk report 24 febFinal cyber risk report 24 feb
Final cyber risk report 24 feb
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
IMC 618 - Public Relations Campaign
IMC 618 - Public Relations CampaignIMC 618 - Public Relations Campaign
IMC 618 - Public Relations Campaign
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Top Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on CybersecurityTop Positive and Negative Impacts of AI & ML on Cybersecurity
Top Positive and Negative Impacts of AI & ML on Cybersecurity
 

Viewers also liked

Susan Gordon, PhD Vitae
Susan Gordon, PhD VitaeSusan Gordon, PhD Vitae
Susan Gordon, PhD VitaeSusan Gordon
 
evaluacion del tercer bloque
evaluacion del tercer bloqueevaluacion del tercer bloque
evaluacion del tercer bloquepriscila calle
 
первісне суспільство
первісне суспільствопервісне суспільство
первісне суспільствоPaniIrina
 
WELCOME TO Mr. Nazir Ullah Burki
WELCOME TO Mr. Nazir Ullah BurkiWELCOME TO Mr. Nazir Ullah Burki
WELCOME TO Mr. Nazir Ullah BurkiNazirBurki1
 
єгипет
єгипетєгипет
єгипетPaniIrina
 
Social media - context also matters.
Social media - context also matters.Social media - context also matters.
Social media - context also matters.Underline 8
 
ROVR - Driving Safety and Fleet Management for Energy Sector
ROVR - Driving Safety and Fleet Management for Energy SectorROVR - Driving Safety and Fleet Management for Energy Sector
ROVR - Driving Safety and Fleet Management for Energy SectorCartasite
 
OSHA 2014: Cartasite and ConocoPhillips
OSHA 2014: Cartasite and ConocoPhillipsOSHA 2014: Cartasite and ConocoPhillips
OSHA 2014: Cartasite and ConocoPhillipsCartasite
 

Viewers also liked (19)

DatumBox
DatumBoxDatumBox
DatumBox
 
marysresume-2015
marysresume-2015marysresume-2015
marysresume-2015
 
Akib mahmud
Akib mahmudAkib mahmud
Akib mahmud
 
CORREO ELECTRONICO
CORREO ELECTRONICOCORREO ELECTRONICO
CORREO ELECTRONICO
 
Susan Gordon, PhD Vitae
Susan Gordon, PhD VitaeSusan Gordon, PhD Vitae
Susan Gordon, PhD Vitae
 
redes sociales
redes socialesredes sociales
redes sociales
 
evaluacion del tercer bloque
evaluacion del tercer bloqueevaluacion del tercer bloque
evaluacion del tercer bloque
 
example.pdf
example.pdfexample.pdf
example.pdf
 
Latest PPT.pptx
Latest PPT.pptxLatest PPT.pptx
Latest PPT.pptx
 
первісне суспільство
первісне суспільствопервісне суспільство
первісне суспільство
 
WELCOME TO Mr. Nazir Ullah Burki
WELCOME TO Mr. Nazir Ullah BurkiWELCOME TO Mr. Nazir Ullah Burki
WELCOME TO Mr. Nazir Ullah Burki
 
єгипет
єгипетєгипет
єгипет
 
Social media - context also matters.
Social media - context also matters.Social media - context also matters.
Social media - context also matters.
 
beauty philipp abbass
beauty philipp abbassbeauty philipp abbass
beauty philipp abbass
 
ROVR - Driving Safety and Fleet Management for Energy Sector
ROVR - Driving Safety and Fleet Management for Energy SectorROVR - Driving Safety and Fleet Management for Energy Sector
ROVR - Driving Safety and Fleet Management for Energy Sector
 
social
socialsocial
social
 
OSHA 2014: Cartasite and ConocoPhillips
OSHA 2014: Cartasite and ConocoPhillipsOSHA 2014: Cartasite and ConocoPhillips
OSHA 2014: Cartasite and ConocoPhillips
 
Ramiz Ali Khan cv (1)
Ramiz Ali Khan cv (1)Ramiz Ali Khan cv (1)
Ramiz Ali Khan cv (1)
 
Pteropsida
PteropsidaPteropsida
Pteropsida
 

Similar to Integrating Federal Data Security Regulations

Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachUlf Mattsson
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfProtected Harbor
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelCristian Garcia G.
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSScott Suhy
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Shawn Tuma
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarksMatt Siltala
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 

Similar to Integrating Federal Data Security Regulations (20)

Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protection
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Verizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breachVerizon 2014 data breach investigation report and the target breach
Verizon 2014 data breach investigation report and the target breach
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdfThe Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
The Protected Harbor 2022 Legal Services Data Breach Trend Report (2).pdf
 
Forrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust modelForrester no more chewy centers- the zero trust model
Forrester no more chewy centers- the zero trust model
 
Computer Security - Case Study
Computer Security - Case StudyComputer Security - Case Study
Computer Security - Case Study
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
 
Legal issues of domain names & trademarks
Legal issues of domain names & trademarksLegal issues of domain names & trademarks
Legal issues of domain names & trademarks
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
IBM X-Force.PDF
IBM X-Force.PDFIBM X-Force.PDF
IBM X-Force.PDF
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 

Recently uploaded

Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...narwatsonia7
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalorenarwatsonia7
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolSERUDS INDIA
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28JSchaus & Associates
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...ResolutionFoundation
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Christina Parmionova
 
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Roomishabajaj13
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILChristina Parmionova
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up NumberMs Riya
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...Christina Parmionova
 
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...Garima Khatri
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Christina Parmionova
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012rehmti665
 
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceHigh Profile Call Girls
 
Club of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationClub of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationEnergy for One World
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证mbetknu
 
13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.ppt13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.pptsilvialandin2
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhellokittymaearciaga
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.Christina Parmionova
 

Recently uploaded (20)

Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
Premium Call Girls Btm Layout - 7001305949 Escorts Service with Real Photos a...
 
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service BangaloreCall Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
Call Girls Bangalore Saanvi 7001305949 Independent Escort Service Bangalore
 
Start Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnoolStart Donating your Old Clothes to Poor People kurnool
Start Donating your Old Clothes to Poor People kurnool
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28
 
Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...Precarious profits? Why firms use insecure contracts, and what would change t...
Precarious profits? Why firms use insecure contracts, and what would change t...
 
Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.Take action for a healthier planet and brighter future.
Take action for a healthier planet and brighter future.
 
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With RoomVIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
VIP Kolkata Call Girl Jatin Das Park 👉 8250192130 Available With Room
 
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRILPanet vs.Plastics - Earth Day 2024 - 22 APRIL
Panet vs.Plastics - Earth Day 2024 - 22 APRIL
 
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
##9711199012 Call Girls Delhi Rs-5000 UpTo 10 K Hauz Khas Whats Up Number
 
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
“Exploring the world: One page turn at a time.” World Book and Copyright Day ...
 
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
VIP Mumbai Call Girls Andheri West Just Call 9920874524 with A/C Room Cash on...
 
Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.Action Toolkit - Earth Day 2024 - April 22nd.
Action Toolkit - Earth Day 2024 - April 22nd.
 
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls ServicesModel Town (Delhi) 9953330565 Escorts, Call Girls Services
Model Town (Delhi) 9953330565 Escorts, Call Girls Services
 
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
Call Girls Connaught Place Delhi reach out to us at ☎ 9711199012
 
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile ServiceCunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
Cunningham Road Call Girls Bangalore WhatsApp 8250192130 High Profile Service
 
Club of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological CivilizationClub of Rome: Eco-nomics for an Ecological Civilization
Club of Rome: Eco-nomics for an Ecological Civilization
 
(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证(多少钱)Dal毕业证国外本科学位证
(多少钱)Dal毕业证国外本科学位证
 
13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.ppt13875446-Ballistic Missile Trajectories.ppt
13875446-Ballistic Missile Trajectories.ppt
 
history of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptxhistory of 1935 philippine constitution.pptx
history of 1935 philippine constitution.pptx
 
WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.WORLD CREATIVITY AND INNOVATION DAY 2024.
WORLD CREATIVITY AND INNOVATION DAY 2024.
 

Integrating Federal Data Security Regulations

  • 1. Integrating the Latest Federal Regulatory Initiatives into Practice through an Examination of Data Security Laws and Regulations Robert Craig, CISSP. Direct Support to the CISO Insider Threat Intelligence Agency February x, 2015 This was intended for a Marcus Evans event to be held in Washington DC in February 2015, which was cancelled. There were a few more SEC slides to be developed.
  • 2. Topics  Reviewing FTC regulation and compliance policies.  Releasing details on an attack in compliance with SEC’s transparency standards.  Predicting the future directions of federal regulations
  • 3. NMCIWG: Daily Computer Threat News Tuesday, January 06, 2015 • The hidden dangers of third party code in free apps • PayPal complete account hijacking bug gets fix, no award given • Morgan Stanley says wealth management employee stole client data • Three Million MoonPig customer accounts exposed by flaw Monday, January 05, 2015 • Target hackers hit OneStopParking.com • Microsoft Goes After More Tech Support Scammers • 2014 was the year hacking became the norm • Lizard Squad launches $6 DDoS tool • Snooki's Instagram Is Hacked • 5 Small Business Takeaways from Sony’s Hack • Majority of 4G USB Modems Vulnerable And SIM Cards Exploitable Via SMS • Sony: PlayStation Network is back online now, really • Exploit for Android same origin policy flaw is leveraged against Facebook users • Internet Systems Consortium website has been compromised to serve malware • FBI Probes If Banks Hacked Back as Firms Explore Cyber Offensive • Lizard Squad Member Said Group Provided Log-Ins Used In Sony Attack • Low-risk 'worm' removed at hacked South Korea nuclear operator • Hackers Compromise Official Bryan Adams Website • France Passes Online Surveillance Law That Makes It Legal to Spy on Internet Users Monday, December 29, 2014 • Malware families distributed through malicious campaign targeting WordPress sites • Rackspace restored after DDOS takes out DNS • FBI Investigating Hacker Group over Xbox Live and Playstation Network Attacks • Hackers claim to have exposed Sony, PlayStation personal data • Bad, bad Internet news: Internet Systems Consortium site hacked • Hacker Generates Fingerprint of German Defense Minister from Public Photos • Cyber attack on Angela Merkel aide: Report • Beware! Hackers are eyeing your car’s safety features to extort money • South Korea Says Nuclear Reactors Safe After Cyber-attacks • Thunderstrike Mac Attack Achieves Persistence • U.S. firm finds malware targeting visitors to Afghan govt websites • Children’s Hospital pays $40,000 over stolen data • Meet Anunak - The Hacker Crew That Owned Staples and Earned $18m In 2014
  • 4. 4
  • 5.  “Only federal agency with the authority to enforce such a standard across broad swaths of the U.S. economy”.  Main legal authority in the data security space is provided by:  Section 5 of the FTC Act  Ability to stop unfair or deceptive acts or practices.  Other data security enforcement authorities:  Gramm-Leach-Bliley Act and the Safeguards Rule,  Fair Credit Reporting Act,  The HIPAA HITECH Act,  Children’s Online Privacy Protection Act and its implementing rule. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission Legal Authorities FTC FTC Act Section 5 Unfair or Deceptive Acts or Practices United States Code Title 15 Chapter 2, Subchapter I, Section 45 Public Law 109-455
  • 6.  Practices the ‘pillars of reasonable security’  Established through settlements (> 50 data security cases).  Assessing and addressing security risks must be a continuous process.  There is no single, right way to do these assessments.  Depends on the volume and sensitivity of information the company holds  Cost of the tools that are available to address vulnerabilities, and other factors.  NIST Framework takes a similar approach by identifying different risk management practices and defining different levels of implementation. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission Security ‘Threshold’ FTC
  • 7.  Companies are accountable for their practices and the representations they make.  FTC applies Section 5 to other commercial activities is considered appropriate and consistent.  Actions are brought when systemic failures in a company’s data security practices are discovered. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission ‘reasonable security practices‘ FTC  FTC’s data security enforcement actions initially focused on deception.  The key difference between unfairness and deception is that unfairness may be applicable even in the absence of a representation or omission in information presented to consumers.  Recent data security cases show that Section 5 is up to the task of protecting consumers in the rapidly changing environment of mobile technology and ‘apps’.
  • 8.  Emphasizes companies need to implement practices that are appropriate for their businesses.  Do a risk assessment.  Minimize personal information about consumers.  Implement technical and physical safeguards.  Train employees to handle personal information properly.  Have a plan in place to respond to any security incidents that occur. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission ‘reasonable security practices‘ FTC
  • 9.  “Section 5 is up to the task of protecting consumers in the rapidly changing environment of mobile technologies”.  Mobile devices and ‘apps’ can leave a broad range of sensitive personal information at risk.  FTC brought enforcement actions against two popular ‘apps’.  Credit Karma and Fandango.  ‘Apps’ contained flawed implementations of the Secure Sockets Layer (SSL) protocol, which is a common means for encrypting data in transit.  Susceptible to “man in the middle attacks,” in which an impostor could pose as a legitimate data recipient and collect highly sensitive information from consumers – including Social Security numbers in the case of Credit Karma, and credit card information in the case of Fandango.  FTC alleged companies had overrode more secure default settings and failed to test adequately. Source: On the Front Lines: The FTC’s Role in Data Security, U.S. Federal Trade Commissioner Julie Brill, Keynote Address Before the Center for Strategic and International Studies, “Stepping into the Fray: The Role of Independent Agencies in Cybersecurity” September 17, 2014 Federal Trade Commission Mobile Technology FTC
  • 10. SEC Releasing details of a cyber incident Compliance with the SEC’s transparency standards
  • 11.  SEC issued a set of disclosure guidelines in 2011.  Companies to disclose any potential cyber risk.  Possible effects of that risk.  Status of internal controls.  Risk management procedures in place.  SEC is revisiting the issue and considering turning guidelines into standards.  Desired Outcome: Companies will have to live up to the level of transparency their investors have come to expect. Source: The Security Ratings Blog, “How can the SEC become the primary regulator of corporate cyber security?”, Posted by Ben Fagan, LinkedIn, Aug 6, 2014 9:00:00 AM Releasing details of a cyber incident Compliance with the SEC’s transparency standards SEC
  • 12.  Minimum standard for breach transparency would hold companies accountable for their security procedures.  Desired Outcome: To make it more likely that companies would regularly measure security performance.  Desired Outcome: Rather than be subject to investigation by the SEC, companies would hopefully opt to improve their standing with the Commission and shareholders by properly reporting security breaches. Source: The Security Ratings Blog, “How can the SEC become the primary regulator of corporate cyber security?”, Posted by Ben Fagan, LinkedIn, Aug 6, 2014 9:00:00 AM Releasing details of a cyber incident Compliance with the SEC’s transparency standards SEC
  • 13. Securities and Exchange Commission Division of Corporation Finance CF Disclosure Guidance: Topic No. 2 “Cybersecurity” October 13, 2011  Laws are designed to elicit disclosure of timely, comprehensive, and accurate information.  Risks and events that a reasonable investor would consider important to an investment decision.2  Material information regarding cybersecurity risks and cyber incidents is required to be disclosed:  In order to make other required disclosures, in light of the circumstances under which they are made, not misleading.3  Disclose the risk of cyber incidents if issues are among the most significant factors that make an investment in the company speculative or risky.4 SEC
  • 14. SEC – Disclosure Guidance : Risk Factors  Determining if a risk factor disclosure is required:  Evaluate cybersecurity risks and take into account all available relevant information.  Prior cyber incidents and the severity and frequency of those incidents.  Probability of cyber incidents occurring.  Quantitative and qualitative magnitude of those risks.  Potential costs and other consequences from misappropriation of assets or sensitive information, corruption of data or operational disruption.  Adequacy of preventative actions taken to reduce cybersecurity risks (context of the industry in which they operate).  Cybersecurity risk disclosure must adequately describe the nature of the material risks and specify how each risk affects the registrant.  Do not present risks that could apply to any issuer or any offering and avoid generic risk factor disclosure.5 SEC
  • 15.  Disclosures may include:  Discussion of business or operations that give rise to material cybersecurity risks and the potential costs and consequences.  Extent of outsourcing functions that have material cybersecurity risks.  Description of those functions and how those risks are addressed.  Description of cyber incidents that have been experienced that are individually, or in the aggregate, material to incident.  Include a description of the costs and other consequences.  Risks related to cyber incidents that may remain undetected for an extended period.  Description of relevant insurance coverage. SEC – Disclosure Guidance : Description SEC
  • 16.  Disclose known or threatened cyber incidents to place the discussion of cybersecurity risks in context.  For example, if a registrant experienced a material cyber attack in which malware was embedded in its systems and customer data was compromised, it likely would not be sufficient for the registrant to disclose that there is a risk that such an attack may occur.  Instead, as part of a broader discussion of malware or other similar attacks that pose a particular risk, the registrant may need to discuss the occurrence of the specific attack and its known and potential costs and other consequences.  Provide disclosure tailored to particular circumstances.  Avoid generic “boilerplate” disclosure.  Provide sufficient disclosure to allow investors to appreciate the nature of the risks faced.  SEC reiterates that the federal securities laws do not require disclosure that itself would compromise cybersecurity. SEC – Disclosure Guidance : Description (continued) SEC
  • 17. Responding to SEC Inquiries Concerning: Data Breach and Data Security Policies  Jurisdiction over the policies and practices of the securities industry  Ensures the integrity of the securities exchanges, and provide investor protection.  Conducts periodic examinations of industry participants  Investment Banks, Asset Managers, Hedge Funds, and Mutual Funds  Requires regulated entities to perform a risk assessment of various cybersecurity risks and adopt written policies and procedures. Source: Marc Powers on October 28, 2014 Posted in http://www.dataprivacymonitor.com/category/data-breaches/ SEC

Editor's Notes

  1. So the fact that there’s an isolated vulnerability in a product or service that a company offers, or even the fact that a company suffers a breach, does not mean that the FTC will come calling, let alone file a lawsuit. It is the company that decides what data to collect, how to use it, and when – if ever – to get rid of it.
  2. Do a risk assessment. Companies should know what information they have, how it flows through their enterprise, what kind of access employees and third parties have to this information, and what vulnerabilities could compromise its confidentiality, integrity, or availability. Minimize personal information about consumers. Limiting the consumer information that companies collect and retain to what is necessary to fulfill legitimate business needs will help reduce unnecessary security risks. Implement technical and physical safeguards. Security measures like firewalls, strong passwords, and limiting the circumstances under which sensitive personal information may be stored on laptops are important but not sufficient. Protecting information “the old fashioned way” – by ensuring that back up tapes, CDs, external hard drives, USB thumbdrives and the like are locked up, and securely destroyed when no longer needed – is a risk reducing complement to security measures deployed on computers and networks. Train employees to handle personal information properly. Have a plan in place to respond to any security incidents that occur.
  3. Target’s infamous security breach in 2013 was a highly publicized event. Some have questioned why it took Target four days to publically disclose the breach of its customers’ sensitive information, saying that the retailer had the responsibility to inform customers as soon as the problem was discovered. According to CNBC, Target Chairman and CEO Gregg Steinhafel, claims the four day period from security breach to public disclosure was actually fast, considering the retailer identified, investigated and took security actions during that period. John Mutch, CEO of BeyondTrust, reported to Forbes that 27 of the largest companies that reported cyber breaches claimed to have suffered no financial losses. Evidence, however, indicated otherwise. Sony doled out $171 million to clean up their incident, while Heartland Payment Systems lost an estimated $140 million.
  4. Target’s infamous security breach in 2013 was a highly publicized event. Some have questioned why it took Target four days to publically disclose the breach of its customers’ sensitive information, saying that the retailer had the responsibility to inform customers as soon as the problem was discovered. According to CNBC, Target Chairman and CEO Gregg Steinhafel, claims the four day period from security breach to public disclosure was actually fast, considering the retailer identified, investigated and took security actions during that period. John Mutch, CEO of BeyondTrust, reported to Forbes that 27 of the largest companies that reported cyber breaches claimed to have suffered no financial losses. Evidence, however, indicated otherwise. Sony doled out $171 million to clean up their incident, while Heartland Payment Systems lost an estimated $140 million.
  5. 2 The information in this disclosure guidance is intended to assist registrants in preparing disclosure required in registration statements under the Securities Act of 1933 and periodic reports under the Securities Exchange Act of 1934.  In order to maintain the accuracy and completeness of information in effective shelf registration statements, registrants may also need to consider whether it is necessary to file reports on Form 6-K or Form 8-K to disclose the costs and other consequences of material cyber incidents.  See Item 5(a) of Form F-3 and Item 11(a) of Form S-3. 3 Securities Act Rule 408, Exchange Act Rule 12b-20, and Exchange Act Rule 14a-9. Information is considered material if there is a substantial likelihood that a reasonable investor would consider it important in making an investment decision or if the information would significantly alter the total mix of information made available. See Basic Inc. v. Levinson, 485 U.S. 224 (1988); and TSC Industries, Inc. v. Northway, Inc., 426 U.S. 438 (1976). Registrants also should consider the antifraud provisions of the federal securities laws, which apply to statements and omissions both inside and outside of Commission filings. See Securities Act Section 17(a); Exchange Act Section 10(b); and Exchange Act Rule 10b-5. 4 See Item 503(c) of Regulation S-K; and Form 20-F, Item 3.D.
  6. http://www.bakerlaw.com/marcdpowers/ http://www.dataprivacymonitor.com/category/cybersecurity/ http://www.dataprivacymonitor.com/category/data-breaches/