Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cybersecurity Mission
Impossible?
Shawn E.Tuma
Scheef & Stone, LLP
@shawnetuma
ShawnTuma
Partner, Scheef & Stone, L.L.P.
214.472.2135
shawn.tuma@solidcounsel.com
@shawnetuma
blog: shawnetuma.com
web: s...
#CCBBF
@shawnetuma
“There are only two types of companies: those that have
been hacked, and those that will be.” –Robert Mueller
97% - CompaniesTested – Breached in Prior 6 mos.
Odds: Security @100% / Hacker @ 1
•Stewardship
•Public Relations
•Legal
Responding: Execute Breach Response Plan
• contact attorney
• assemble your ResponseTeam
• notify Card Processor
• contact...
What does “reporting & notification” mean?
• Law Enforcement
• StateAttorneys General
• pre-notice =VT (14 days), MD,
NJ S...
www.solidcounsel.com
first
name or
first initial
last name
SSN
DLN or
GovtID
data
breach
first
name or
first initial
last
...
2013 Cost (pre-Target)
 $188.00 per record
 $5.4 million = total average cost paid by organizations
2014 Cost
$201 per ...
Blocking &Tackling –
Most Common Breaches
Theft
Lost
Passwords
Phishing
Websites
Basic IT
Case Stories
Blocking &Tackling – Must Haves
Approved & Documented
Basic IT Security
Basic Physical Security
Policies & Procedures ...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
Security
Culture
Assess, Audit,
Gap Analysis
Develop
Strategic Plan
Implement &
Execute Plan
Manage
R...
www.solidcounsel.com
•Login Credentials
•“You don’t drown from falling into
the water”
•25k v. 40m (T) / 56m (HD)
www.solidcounsel.com
Newspaper
Research
Email
Scheduling
Lunch With
Client
Trial
Exhibits
Draft of
Plaintiff’s
Original
Pe...
www.solidcounsel.com
38
protecting misusing responding
data
devices
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies
Upcoming SlideShare
Loading in …5
×

Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies

468 views

Published on

Presentation to the Collin County Bench Bar Foundation's 2015 Bench Bar Conference. Focused on the latest cybersecurity trends and strategies for mitigation of cyber risk and compliance.

Published in: Law
  • Be the first to comment

Collin County Bench Bar Conference: Cybersecurity Mitigation & Compliance Strategies

  1. 1. Cybersecurity Mission Impossible? Shawn E.Tuma Scheef & Stone, LLP @shawnetuma
  2. 2. ShawnTuma Partner, Scheef & Stone, L.L.P. 214.472.2135 shawn.tuma@solidcounsel.com @shawnetuma blog: shawnetuma.com web: solidcounsel.com This information provided is for educational purposes only, does not constitute legal advice, and no attorney-client relationship is created by this presentation. Shawn Tuma is a cyber lawyer business leaders trust to help solve problems with cutting- edge issues involving cybersecurity, data privacy, computer fraud, intellectual property, and social media law. He is a partner at Scheef & Stone, LLP, a full service commercial law firm inTexas that represents businesses of all sizes throughout the United States and, through its Mackrell International network, throughout the world.  Texas SuperLawyers 2015  Best Lawyers in Dallas 2014 & 2015, D Magazine (Digital Information Law)  Chair, Collin County Bar Association Civil Litigation & Appellate Section  College of the State Bar ofTexas  Privacy and Data Security Committee, Litigation, Intellectual Property Law, and Business Sections of the State Bar ofTexas  Information Security Committee of the Section on Science &Technology Committee of the American Bar Association  Social Media Committee of the American Bar Association  NorthTexas Crime Commission, Cybercrime Committee  Infragard (FBI)  International Association of Privacy Professionals  Information Systems Security Association  Contributor, Norse DarkMatters Security Blog  Editor, Business Cyber Risk Law Blog
  3. 3. #CCBBF @shawnetuma
  4. 4. “There are only two types of companies: those that have been hacked, and those that will be.” –Robert Mueller
  5. 5. 97% - CompaniesTested – Breached in Prior 6 mos.
  6. 6. Odds: Security @100% / Hacker @ 1
  7. 7. •Stewardship •Public Relations •Legal
  8. 8. Responding: Execute Breach Response Plan • contact attorney • assemble your ResponseTeam • notify Card Processor • contact forensics • contact notification vendor • investigate breach • remediate responsible vulnerabilities • reporting & notification
  9. 9. What does “reporting & notification” mean? • Law Enforcement • StateAttorneys General • pre-notice =VT (14 days), MD, NJ St. Police • FederalAgencies • FTC, SEC, HHS, etc. • Consumers • Fla, Ohio,Vermont = 45 days • Industry Groups • PCI, FINRA, FFIEC • Credit Bureaus • ProfessionalVendors & Suppliers
  10. 10. www.solidcounsel.com first name or first initial last name SSN DLN or GovtID data breach first name or first initial last name Acct or Card # Access or Security Code data breach Info that IDs Individual Health-care, provided, or pay data breach Duty to notify when “unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information …” Tx. Bus. Comm. Code § 521.053 CIVIL PENALTY $100.00 per individual per day for notification delay, not to exceed $250,000 for single breach § 521.151
  11. 11. 2013 Cost (pre-Target)  $188.00 per record  $5.4 million = total average cost paid by organizations 2014 Cost $201 per record  $5.9 million = total average cost paid by organizations “The primary reason for the increase is the loss of customers following the data breach due to the additional expenses required to preserve the organization’s brand and reputation.” –Ponemon Institute 2014 Cost of Data Breach Study Cost of a Data Breach
  12. 12. Blocking &Tackling – Most Common Breaches Theft Lost Passwords Phishing Websites Basic IT Case Stories
  13. 13. Blocking &Tackling – Must Haves Approved & Documented Basic IT Security Basic Physical Security Policies & Procedures Focused on Data Security  Company  Workforce (Rajaee v. DesignTech Homes, Ltd.)  Network  Business Associates (Travelers Casualty v. Ignition Studio, Inc.) Implementation & Training Regular Reassessment & Update
  14. 14. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  15. 15. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  16. 16. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  17. 17. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  18. 18. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  19. 19. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  20. 20. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  21. 21. www.solidcounsel.com Security Culture Assess, Audit, Gap Analysis Develop Strategic Plan Implement & Execute Plan Manage Response & Conflict Reassess & Update protecting businesses’ information protecting businesses from their information Risk Compliance Program
  22. 22. www.solidcounsel.com •Login Credentials •“You don’t drown from falling into the water” •25k v. 40m (T) / 56m (HD)
  23. 23. www.solidcounsel.com Newspaper Research Email Scheduling Lunch With Client Trial Exhibits Draft of Plaintiff’s Original Petition Personally Identifiable Information (PII) Protected Health Information (PHI) Formula for Coke Let us think …
  24. 24. www.solidcounsel.com 38 protecting misusing responding data devices

×