This document summarizes a presentation on cybersecurity preparedness and response. It discusses establishing an investigation-ready environment through centralized logging, application whitelisting, data mapping and internet access point identification. It also recommends having a rapid response team and incident response plan in place. During an incident, it advises responding quickly to investigative requests and working with investigators on remediation. Post-incident, it recommends determining notification requirements, developing a public message and conducting lessons learned.
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
This document summarizes a presentation on cybersecurity risks for law firms and how to protect sensitive client data. The presentation covers:
1. Tips for preventing cyberattacks including having security plans, policies for employees and vendors, and implementing best practices.
2. The response required after a data breach, including activating an incident response plan, securing systems, notifying authorities and counsel, and conducting forensics.
3. Different legal obligations for law firms compared to corporations after a breach in terms of state breach notification laws and preserving attorney-client privilege.
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
The document discusses key findings from PwC's 2015 Global State of Information Security Survey. Some of the main points from the survey include that 61% of customers would stop using a company's products after a security breach, reported security incidents rose 48% globally, and losses from cyber incidents increased 34% on average. The document also notes that employees were the most common source of security incidents, and that board oversight of security risks is often lacking. It advocates that organizations view security through the lens of digital trust in order to build customer confidence and take advantage of opportunities in the digital world.
Cyber Security and the Impact on your BusinessLucy Denver
With cyber scams costing UK businesses an estimated £4.14bn* in lost data, reputational damage and online theft every year, Cyber Security is rapidly climbing the priority list of directors across the UK. This presentation will help you to:
- spot the most common cyber attacks, defend your business and protect your critical data if the worst does happen;
- understand the impact of GDPR on your business and how to protect yourself against expensive data losses.
This document summarizes recent legal developments regarding privacy risks, incidents, and liability in Canada. It discusses amendments to PIPEDA and PHIPA that expand requirements for breach notification. It also notes a court case, Hopkins v Kay, that suggests actual harm is not required for privacy claims. Additionally, it covers two class action cases, Evans and Condon, that were certified regarding data breaches. The certification in Condon was notable as it allowed for intentional intrusion claims over lost data where no harm was proven.
nCircle held a Webinar on 6/7 with Mike McKay Senior Sales Engineer at nCircle - The theme was to give smaller organizations the power to have a big organization security program.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
This document summarizes a presentation on cybersecurity risks for law firms and how to protect sensitive client data. The presentation covers:
1. Tips for preventing cyberattacks including having security plans, policies for employees and vendors, and implementing best practices.
2. The response required after a data breach, including activating an incident response plan, securing systems, notifying authorities and counsel, and conducting forensics.
3. Different legal obligations for law firms compared to corporations after a breach in terms of state breach notification laws and preserving attorney-client privilege.
Digital trust and cyber challenge now extends beyond the Enterprise Mourad Khalil
The document discusses key findings from PwC's 2015 Global State of Information Security Survey. Some of the main points from the survey include that 61% of customers would stop using a company's products after a security breach, reported security incidents rose 48% globally, and losses from cyber incidents increased 34% on average. The document also notes that employees were the most common source of security incidents, and that board oversight of security risks is often lacking. It advocates that organizations view security through the lens of digital trust in order to build customer confidence and take advantage of opportunities in the digital world.
Cyber Security and the Impact on your BusinessLucy Denver
With cyber scams costing UK businesses an estimated £4.14bn* in lost data, reputational damage and online theft every year, Cyber Security is rapidly climbing the priority list of directors across the UK. This presentation will help you to:
- spot the most common cyber attacks, defend your business and protect your critical data if the worst does happen;
- understand the impact of GDPR on your business and how to protect yourself against expensive data losses.
This document summarizes recent legal developments regarding privacy risks, incidents, and liability in Canada. It discusses amendments to PIPEDA and PHIPA that expand requirements for breach notification. It also notes a court case, Hopkins v Kay, that suggests actual harm is not required for privacy claims. Additionally, it covers two class action cases, Evans and Condon, that were certified regarding data breaches. The certification in Condon was notable as it allowed for intentional intrusion claims over lost data where no harm was proven.
nCircle held a Webinar on 6/7 with Mike McKay Senior Sales Engineer at nCircle - The theme was to give smaller organizations the power to have a big organization security program.
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...Citrin Cooperman
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks
MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions.
In today's world, a cyber attack happens every 39 seconds on average. For every doom and gloom story we can tell, there are also instances where another organization’s proactive defense has helped to avoid a cyber attack.
During our final MasterSnacks: Cybersecurity session, we discussed strategies your company can implement to move your IT environment from reactive to proactive. We also shared examples of current clients whose proactive positions have had a real impact in thwarting hackers' attempts at infiltrating their organizations. We covered:
- Case studies on companies that have successfully staved off cyber attacks
- Proactive strategies for protecting your infrastructure
- Automated tools to facilitate more timely evaluation and monitoring
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
This document discusses data and cyber security risks and best practices for protection and response. It notes several high-profile data breaches from 2012-2015 involving lost hard drives containing personal information, unauthorized access to medical records, a medical marijuana mailing error, and a payment card theft. It examines potential legal issues for organizations when data is lost or accessed without authorization. The document also outlines an incident response process and best practices for timing, analysis, and communication in response to a data security incident.
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
This presentation highlights the major principles and rights enshrined in the General Data Protection Regulations (GDPR) as well as 10 steps organisations (whether large or small) can take to ensure compliance.
The document discusses security best practices for Oracle Release 11i applications. It outlines several case studies of security breaches by internal employees and presents statistics showing that internal threats are real and account for the majority of security incidents. The presentation then provides an overview of authentication, authorization, and audit controls and recommends configuring profile options in Oracle applications to enforce secure password policies, session timeouts, and other settings in 30 minutes or less.
The document provides 10 tips for managing a data security incident from a breach practitioner. The tips are to initiate response immediately, don't make assumptions but find facts, keep investigating and progressing the response, don't rush public statements but strive for 90% confidence, obtain objective external input, get technical forensic help if needed, take a broad view of notification, consider the perspective of affected individuals, demonstrate commitment to improvements, and issue an apology from a senior spokesperson.
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
This session will provide details on the new law and its requirements, as well as address the current threat landscape, summarize existing data security laws in the U.S., discuss the new EU cyber directive, and continued impact of the Safe Harbor decision. We will disentangle these regulatory changes and challenges and provide tips and tricks for compliance.
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
The Verizon 2017 Data Breach Investigations Report findings relate specifically to the occurrence (likelihood) of security breaches leading to data compromise. The information, provided in aggregate, is filtered in many ways to make it relevant to you (e.g., by industry, actor motive). It is a piece of the information security puzzle—an awesome corner piece that can get you started—but just a piece nonetheless. This session will discuss the new targets that are identified and some solutions
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to ISACA CSXNA 2016 in Las Vegas on October 18, 2016.
https://www.isaca.org/cyber-conference/index.html
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
CIS13: FCCX and IDESG: An Industry PerspectivesCloudIDSummit
This document summarizes a workshop on the National Strategy for Trusted Identities in Cyberspace (NSTIC). The workshop agenda includes presentations on NSTIC pilots testing multifactor authentication, attribute exchange networks, and privacy-preserving authentication. It also covers the Identity Ecosystem Steering Group, the Federal Cloud Credential Exchange, and NSTIC's relationship to the National Cybersecurity Center of Excellence. The document discusses how NSTIC aims to address barriers in the identity marketplace around security, business models, usability, liability, interoperability and privacy by acting as a convener rather than implementing its own identity program. It outlines NSTIC's implementation strategy of private sector leadership and federal support through standards development,
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Data Breach Response: Before and After the BreachFinancial Poise
You’ve received the dreaded call that your company has just suffered a data breach – what do you do next? Who do you call for help? What notification obligations do you have?
With proper preparation, you can mitigate the damage caused by this unfortunate event and put your business in a position to recover. Your company may have already implemented its information security program and identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must call up your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients, customers, or the public of the breach. This webinar will help prepare you to take action when the worst happens.
Part of the webinar series: Cybersecurity & Data Privacy 2021
See more at https://www.financialpoise.com/webinars/
The document summarizes key statistics about data loss incidents in 2013, including that over 2,000 incidents exposed over 800 million records. It outlines the typical stages companies go through after an incident and laws requiring preparation and response. The document provides a self-assessment for companies and best practices around security, forensics, communications, and international considerations for responding to a data breach. It emphasizes that companies should plan for an incident as regulatory requirements and costs can be significant for unprepared organizations.
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to SecureWorld Expo Dallas on September 27, 2016.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
The trends continue to point upward for data incidents and 2013 is becoming a pace setter. The shifting regulatory landscape promises to add further complications for companies struggling to prepare for and respond to data privacy incidents.
This webinar will feature two leading data breach experts who have performed a two year trend analysis across hundreds of cases to offer a powerful and up-to-date perspective on what has happened and their predictions for the future. It will also cover how these factors are shaping regulations which are in turn influencing decision-making in the C-Suite.
Our featured speakers for this timely webinar will be:
-Bill Hardin, Director of Data Privacy Response & Investigations, Navigant
-Jennifer Coughlin, Privacy and Data Security Attorney, Nelson, Levine
-Gant Redmon, Esq. General Counsel and VP of Business Development, Co3 Systems
Brian Henger - Psychological Warfare: How Cyber Criminals Mess With Your Mindcentralohioissa
-The evolution of online advertising tactics
-What cyber criminals find appealing about advertising and profiling
-How advertisers and cyber criminals have worked together in the past
-What psychological tactics are used by cyber criminals in real world attacks
-How to protect yourself from psychological attacks
MasterSnacks: Cybersecurity - Playing Offense: A Proactive Approach to Cybers...Citrin Cooperman
Sign up for our weekly MasterSnacks courses here: https://www.citrincooperman.com/infocus/mastersnacks
MasterSnacks, our C-Suite Snacks spin-off, brings you a series of topic-specific courses, using our snack-sized sessions to go in depth on content important to you. Join MasterSnacks live every Wednesday at noon for live exclusive sessions.
In today's world, a cyber attack happens every 39 seconds on average. For every doom and gloom story we can tell, there are also instances where another organization’s proactive defense has helped to avoid a cyber attack.
During our final MasterSnacks: Cybersecurity session, we discussed strategies your company can implement to move your IT environment from reactive to proactive. We also shared examples of current clients whose proactive positions have had a real impact in thwarting hackers' attempts at infiltrating their organizations. We covered:
- Case studies on companies that have successfully staved off cyber attacks
- Proactive strategies for protecting your infrastructure
- Automated tools to facilitate more timely evaluation and monitoring
Cyber Security Planning: Preparing for a Data BreachFletcher Media
Presented by Clark Insurance in Portland, Maine, this two hour seminar featured lead panelists in the privacy security business.
This presentation reviews all aspects of a data breach from preparation, discovery, plan implementation, cyber insurance, crisis communication and PR policies and protocols.
This document discusses data and cyber security risks and best practices for protection and response. It notes several high-profile data breaches from 2012-2015 involving lost hard drives containing personal information, unauthorized access to medical records, a medical marijuana mailing error, and a payment card theft. It examines potential legal issues for organizations when data is lost or accessed without authorization. The document also outlines an incident response process and best practices for timing, analysis, and communication in response to a data security incident.
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
This presentation highlights the major principles and rights enshrined in the General Data Protection Regulations (GDPR) as well as 10 steps organisations (whether large or small) can take to ensure compliance.
The document discusses security best practices for Oracle Release 11i applications. It outlines several case studies of security breaches by internal employees and presents statistics showing that internal threats are real and account for the majority of security incidents. The presentation then provides an overview of authentication, authorization, and audit controls and recommends configuring profile options in Oracle applications to enforce secure password policies, session timeouts, and other settings in 30 minutes or less.
The document provides 10 tips for managing a data security incident from a breach practitioner. The tips are to initiate response immediately, don't make assumptions but find facts, keep investigating and progressing the response, don't rush public statements but strive for 90% confidence, obtain objective external input, get technical forensic help if needed, take a broad view of notification, consider the perspective of affected individuals, demonstrate commitment to improvements, and issue an apology from a senior spokesperson.
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...centralohioissa
This session will provide details on the new law and its requirements, as well as address the current threat landscape, summarize existing data security laws in the U.S., discuss the new EU cyber directive, and continued impact of the Safe Harbor decision. We will disentangle these regulatory changes and challenges and provide tips and tricks for compliance.
Learning from Verizon 2017 Data Breach Investigations Report – The New TargetsUlf Mattsson
The Verizon 2017 Data Breach Investigations Report findings relate specifically to the occurrence (likelihood) of security breaches leading to data compromise. The information, provided in aggregate, is filtered in many ways to make it relevant to you (e.g., by industry, actor motive). It is a piece of the information security puzzle—an awesome corner piece that can get you started—but just a piece nonetheless. This session will discuss the new targets that are identified and some solutions
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
Get the FUD out of Cybersecurity! ISACA CSXNA 2016 in Las VegasShawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to ISACA CSXNA 2016 in Las Vegas on October 18, 2016.
https://www.isaca.org/cyber-conference/index.html
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
CIS13: FCCX and IDESG: An Industry PerspectivesCloudIDSummit
This document summarizes a workshop on the National Strategy for Trusted Identities in Cyberspace (NSTIC). The workshop agenda includes presentations on NSTIC pilots testing multifactor authentication, attribute exchange networks, and privacy-preserving authentication. It also covers the Identity Ecosystem Steering Group, the Federal Cloud Credential Exchange, and NSTIC's relationship to the National Cybersecurity Center of Excellence. The document discusses how NSTIC aims to address barriers in the identity marketplace around security, business models, usability, liability, interoperability and privacy by acting as a convener rather than implementing its own identity program. It outlines NSTIC's implementation strategy of private sector leadership and federal support through standards development,
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Data Breach Response: Before and After the BreachFinancial Poise
You’ve received the dreaded call that your company has just suffered a data breach – what do you do next? Who do you call for help? What notification obligations do you have?
With proper preparation, you can mitigate the damage caused by this unfortunate event and put your business in a position to recover. Your company may have already implemented its information security program and identified the responsible parties, including applicable outside experts, to be contacted in the event of a breach. However, now you must call up your incident response team to investigate the extent of the breach, evaluate the possible damage to your company, and determine whether you must notify your clients, customers, or the public of the breach. This webinar will help prepare you to take action when the worst happens.
Part of the webinar series: Cybersecurity & Data Privacy 2021
See more at https://www.financialpoise.com/webinars/
The document summarizes key statistics about data loss incidents in 2013, including that over 2,000 incidents exposed over 800 million records. It outlines the typical stages companies go through after an incident and laws requiring preparation and response. The document provides a self-assessment for companies and best practices around security, forensics, communications, and international considerations for responding to a data breach. It emphasizes that companies should plan for an incident as regulatory requirements and costs can be significant for unprepared organizations.
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to SecureWorld Expo Dallas on September 27, 2016.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Although Sony seemed to dominate the cyber-security headlines of 2014, it was just one of many corporations infiltrated by an increasingly sophisticated and driven pool of hackers. J.P. Morgan Chase, Home Depot, and Target also top the list of businesses struggling with data breaches.
The most recent major cyberattack against Anthem Healthcare shook the insurance industry. In a rare show of honesty, the insurer began alerting customers and the media to the potential of a data break just eight days after it first noted suspicious activity on Jan. 27, 2015.
Immediately upon discovering it had been attacked, Anthem jumped to address the security vulnerability, contacted the FBI, and hired leading cyber-security firm Mandiant to evaluate its systems, said president and CEO Joseph Swedish in a statement.
Noting the importance of protecting financial institutions, New York's Department of Financial Services responded to the Anthem breach by announcing its intent to integrate regular assessments of cyber-security preparedness at insurance companies as part of its examination process. It will also enforce "enhanced regulations" on insurers based in New York.
"Recent cyber security breaches should serve as a stern wake up call for insurers and other financial institutions to strengthen their cyber defenses," said Benjamin M. Lawsky, New York State's superintendent of financial services, in a statement. He continued, "Regulators and private sector companies must both redouble their efforts and move aggressively to help safeguard this consumer data.“
Most people might expect that larger insurers, given the sensitive customer information they handle, would boast robust cyber-security programs. This is not necessarily true.
As part of its investigation, the Department found that 95% of insurers already think they have sufficient staff for information security, and just 14% of CEOs receive monthly briefings on data security. Anthem, the nation's second-largest health insurer, had not even encrypted its database containing nonmedical data. It claims that the HIPAA did not require it to do so.
While experts believe that Anthem was exclusively targeted in its attack, there is no doubt that all financial institutions are at risk. Here are eight things to know as the industry enters a year of increasingly heightened cyber-vulnerability.
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
This document provides information about Shawn Tuma, a cybersecurity partner at Scheef & Stone, L.L.P. It includes his contact information, areas of expertise, industry affiliations, and qualifications. The document highlights that Tuma serves on several boards and committees related to cybersecurity, data privacy, and technology law. It also lists some of the awards and recognitions he has received for his work in these fields.
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
This presentation focused on cybersecurity protections for law firms and attorneys' ethical obligation to protect client information. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsNicholas Van Exan
An overview of some contemporary topics related to privacy and data breaches, with a focus on how security professional can help mitigate privacy risks both before and after data breaches occur.
The document discusses PIPEDA, Canada's private sector privacy law, and the importance of having an Incident Response Plan (IRP) to respond to data breaches. It provides an overview of PIPEDA's 10 fair information principles and requirements regarding data breaches. It emphasizes that an IRP outlines the steps to detect, respond to, and reduce the risk of future incidents. It also stresses engaging legal counsel to maintain privilege and avoid liability when developing, implementing, and responding to breaches according to the IRP.
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the meeting of Women's In-House Network - DFW on April 27, 2017.
This presentation included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies and the EU's General Data Protection Regulation (GDPR).
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
Gowlings - November 12, 2014
In an ever-increasing digital world, all businesses face challenges in managing and protecting sensitive and confidential information. In this presentation Gowlings and Marsh Canada Limited addressed best practices for responding to a cyber breach, and what types of insurance may be available to respond to such a loss. Topics included:
• Trends, and the evolution of cyber insurance/products
• The D&O connection, cyber is a strategic business risk
• Risk Management Strategies
• Best Practices in Breach Response.
20230426 AIIM23 How to Leverage Privacy Practices to Build Customer Trust.pptxJesse Wilkins
This presentation, delivered at the AIIM23 conference in New Orleans on April 26, 2023, described how to leverage good privacy practices, including data minimization, to build customer trust.
This document summarizes a presentation on protecting businesses from cyber risks. It discusses the growing nature and costs of cyber threats and data breaches for businesses. These include increased electronic data production, more devices being connected online, and outsourced IT services increasing potential data loss. The document outlines sources of cyber risk like targeted attacks, human error, and theft of devices. It discusses the types of insurable and uninsurable cyber losses for businesses and where losses could potentially be covered by insurance like E&O, CGL, D&O or cyber/tech policies. The presentation emphasizes that businesses should be aware of their cyber risk exposure and proactively assess their insurance coverage, as policies may not fully cover all losses from a
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
With the board room increasingly being held accountable for data breaches, it's crucial that they know and understand the cyber risks facing their organization.Connect board room to server room
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
1) The document outlines five steps to take when an organization experiences a "Zero Hour", which is when sensitive data is at risk due to a security breach or hack. The five steps are: understand your data and where it is stored; evaluate and update data security policies; plan your data breach response; check cyber liability insurance coverage; and assess information security representations to clients.
2) It stresses the importance of understanding what sensitive data an organization has, where it is located, and having updated security policies. It also recommends planning an internal response team and external partners to contact in the event of a breach.
3) Organizations should also check what cybersecurity incidents their insurance policies cover and ensure security claims to clients
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
This document summarizes a live webinar on compliance strategy and performance. The webinar featured speakers from Ethisphere and Convercent discussing key data and benchmarks, emerging best practices, and predictions for 2016. Topics included budget and visibility trends in compliance, the impact of mergers and acquisitions on misconduct, challenges in accessing and centralizing compliance data, and measuring return on investment and culture of compliance. State of the program reporting was also covered, noting variation in frequency, content, format and audiences.
This document summarizes a webinar on data protection updates regarding the Safe Harbor agreement and its practical impact for companies. The webinar discusses available data transfer solutions in the wake of the Safe Harbor agreement being invalidated, requirements for data protection notifications, a summary of the Schrems v Data Commissioner case, and the likelihood of a new Safe Harbor or EU-US Privacy Shield framework being established. Alternative mechanisms for international data transfers such as unambiguous consent, binding corporate rules, and model clauses are also covered.
Corruption In China: Recovery-Led InvestigationsEthisphere
This document summarizes a webinar discussing challenges with conducting internal investigations in China and the benefits of a "recovery-led" approach. The webinar featured speakers from Control Risks and TE Connectivity discussing case studies where terminating individuals for corruption backfired due to lack of planning. The "recovery-led" approach focuses on business continuity, local legal factors, and resolving issues in the long-term interests of the company rather than just fact-finding.
Key Steps to Creating a Strong Compliance Culture Through Effective LeadershipEthisphere
This document summarizes a presentation on creating an effective compliance culture through leadership. It discusses how US and global guidelines emphasize the importance of strong leadership and culture. Recent enforcement actions have faulted companies for lack of oversight and failing to address misconduct. The presentation outlines best practices for compliance leaders, including engaging the board, collaborating with senior management, implementing incentives, and developing a strategic communications plan to push the compliance message throughout the organization.
Building on the Foundation of Ethics and Compliance to Achieve SustainabilityEthisphere
This document summarizes a webinar discussing how leading companies build upon the foundations of ethics and compliance to achieve sustainability. Speakers from Microsoft, Petco, and Voya Financial discuss their company's ethics and compliance programs and how their ethics/compliance and sustainability teams collaborate. They address increasing transparency expectations and challenges in global supply chains. The webinar aims to demonstrate how sustainability teams can learn from ethics/compliance and identify shared systems and controls.
Special Challenges of Doing Business in RussiaEthisphere
This document discusses the challenges of doing business in Russia. It summarizes recent US sanctions against Russia and their implications. It also discusses Russia's reaction to the sanctions and legal developments in Russia around anti-corruption laws. Recent Foreign Corrupt Practices Act cases involving bribery in Russia by HP and Diebold are also summarized. The document outlines special challenges like corruption, hidden ownership, and use of sham intermediaries when working in Russia.
Russian Sanctions: What the U.S. and OFAC Directives Mean for Global CompaniesEthisphere
The document provides an overview and summary of recent U.S. sanctions imposed in response to the Russian actions in Ukraine and the implications for global companies. It discusses the sanctions that have designated individuals and entities in Russia, examines entities that may be considered "owned or controlled" by designated persons, and outlines steps companies can take to mitigate risks from potential expansion of sanctions to other sectors of the Russian economy.
Risk Containment: Tailoring Contract Provisions with Third Parties to Minimiz...Ethisphere
This document discusses risk containment strategies for tailoring contract provisions with third parties to minimize risks under the Foreign Corrupt Practices Act (FCPA) and maximize compliance safeguards. It recommends including core provisions like anti-corruption representations and warranties, audit rights, and termination rights. Government expectations for diligence, oversight and preventative measures with third parties are high given most FCPA cases involve third parties and companies are liable for their actions.
Reputation Risk: Why Companies Need to CareEthisphere
Thank you for the insightful presentation. Managing reputation risk is clearly crucial in today's environment of heightened transparency and stakeholder expectations.
Doing Business in Mexico: Compliance Implications of the Pact for MexicoEthisphere
This document summarizes a webcast on business compliance implications of reforms in Mexico. It discusses reforms in anticorruption, energy, and telecommunications. For anticorruption, it notes stalled legislation and risks of low enforcement. For energy, it outlines the opening of the oil sector to foreign firms and compliance provisions in contracts. For telecommunications, it discusses allowing foreign investment and risks of mergers and acquisitions. Throughout, it provides strategies for companies to mitigate compliance risks like training and cultural considerations for acquired firms. Speakers from AT&T, Halliburton and Baker & McKenzie address these topics.
Optimizing Compliance Programs in Organizations: A Top Down ApproachEthisphere
This document provides a summary of a presentation on optimizing compliance programs in organizations using a top-down approach. The presentation discusses challenges with siloed compliance programs and the benefits of an integrated, enterprise-wide approach. It emphasizes taking a risk-based approach with board oversight and continuous monitoring. The presentation also compares external, internal, and regulatory audits and argues for differentiating their roles while increasing integration among compliance functions.
Hotline Confidential: Is Your Company Using Best Practices for Whistleblower ...Ethisphere
This document summarizes a webinar on best practices for whistleblower compliance programs. It discusses examining whistleblower statutes to ensure compliance, reviewing best practices for establishing a hotline, and discussing employee training on hotlines and anti-retaliation policies. The webinar examines laws like Sarbanes-Oxley, Dodd-Frank, and the False Claims Act and recommends developing an accessible internal reporting process, promptly addressing complaints, maintaining confidentiality, and documenting all reports and investigations.
Whistleblower Best Practices: What Do Compliance and Business Leaders Need to...Ethisphere
Greg Radinsky, Cynthia Jackson, and Joan Meyer spoke at a webcast on May 15, 2015 about whistleblower best practices. They discussed key themes such as the goal of promptly uncovering misconduct through whistleblower programs. U.S. expectations include encouraging internal reporting and protecting whistleblowers. An effective program provides reporting channels, screens reports by priority, trains employees, conducts awareness campaigns, and monitors performance. However, some countries have laws conflicting with U.S. standards regarding anonymity, data privacy, and labor issues that must be addressed for global rollouts.
Essential Elements of Global Compliance ProgramsEthisphere
This document summarizes a webcast on essential elements of global compliance programs presented by Baker & McKenzie on June 4, 2015. It discusses increasing global enforcement trends, including growing cooperation between authorities. Effective compliance programs are being rewarded with reduced penalties. The presentation outlines key elements of compliance programs, including risk assessment, standards and controls, training, oversight, monitoring, and periodic re-assessment. It also provides an example of compliance requirements under Spanish law.
Cybersecurity: Managing Risk Around New Data ThreatsEthisphere
This document summarizes a webcast on cybersecurity risks and strategies for managing them. It discusses the development of the NIST cybersecurity framework to encourage voluntary adoption of best practices. It also notes incentives recommended to the President to promote framework adoption, such as cyber insurance, grants, liability limitations, and streamlined regulations. The document then provides brief biographies of the three speakers on the webcast, who are experts on cybersecurity law and policy from large law firms and companies.
Anti-Corruption and Third Parties: Mitigating the RisksEthisphere
This document summarizes a webcast on mitigating corruption risks from third parties. It discusses how corruption from third parties can harm businesses through extortion, disrupted operations, and reputational and legal risks. It outlines anti-bribery laws in countries like the US, UK, and Brazil that prohibit bribery through third parties. It provides tips for assessing third party risks, such as checking backgrounds, behaviors, due diligence, and contracts. Resources on anti-corruption guidelines and compliance programs are also listed.
Conflict Minerals: The First Year and What's to ComeEthisphere
The document summarizes a webinar presented by Baker & McKenzie on the topic of conflict minerals. It discusses filings in the first year of SEC conflict minerals rules, trends observed, informal SEC comments, ongoing litigation challenging the rules, and expectations for years 2 and 3. It also outlines what companies can expect in terms of conflict minerals report format, listing smelters and suppliers, determining conflict-free status, and implementing audits.
Conflict Minerals Update: Making Sense of the Appellate Court Decision and SE...Ethisphere
The document summarizes a webcast discussing a recent appellate court decision and SEC statement regarding conflict minerals reporting requirements.
The appellate court upheld most of the SEC's conflict minerals rules but found that requirements to describe products as "not DRC conflict free" violated the First Amendment. In response, the SEC limited its stay of the rules and a CF director statement said companies still must file reports by June 2 but need not use the constitutionally problematic descriptions. The statement provides guidance on complying with the upheld portions of the rules. There remains uncertainty around further appeals and rulemaking but companies should plan to file by the June 2 deadline.
Zodiac Signs and Food Preferences_ What Your Sign Says About Your Tastemy Pandit
Know what your zodiac sign says about your taste in food! Explore how the 12 zodiac signs influence your culinary preferences with insights from MyPandit. Dive into astrology and flavors!
How to Implement a Real Estate CRM SoftwareSalesTown
To implement a CRM for real estate, set clear goals, choose a CRM with key real estate features, and customize it to your needs. Migrate your data, train your team, and use automation to save time. Monitor performance, ensure data security, and use the CRM to enhance marketing. Regularly check its effectiveness to improve your business.
Easily Verify Compliance and Security with Binance KYCAny kyc Account
Use our simple KYC verification guide to make sure your Binance account is safe and compliant. Discover the fundamentals, appreciate the significance of KYC, and trade on one of the biggest cryptocurrency exchanges with confidence.
Understanding User Needs and Satisfying ThemAggregage
https://www.productmanagementtoday.com/frs/26903918/understanding-user-needs-and-satisfying-them
We know we want to create products which our customers find to be valuable. Whether we label it as customer-centric or product-led depends on how long we've been doing product management. There are three challenges we face when doing this. The obvious challenge is figuring out what our users need; the non-obvious challenges are in creating a shared understanding of those needs and in sensing if what we're doing is meeting those needs.
In this webinar, we won't focus on the research methods for discovering user-needs. We will focus on synthesis of the needs we discover, communication and alignment tools, and how we operationalize addressing those needs.
Industry expert Scott Sehlhorst will:
• Introduce a taxonomy for user goals with real world examples
• Present the Onion Diagram, a tool for contextualizing task-level goals
• Illustrate how customer journey maps capture activity-level and task-level goals
• Demonstrate the best approach to selection and prioritization of user-goals to address
• Highlight the crucial benchmarks, observable changes, in ensuring fulfillment of customer needs
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...Aleksey Savkin
The Strategy Implementation System offers a structured approach to translating stakeholder needs into actionable strategies using high-level and low-level scorecards. It involves stakeholder analysis, strategy decomposition, adoption of strategic frameworks like Balanced Scorecard or OKR, and alignment of goals, initiatives, and KPIs.
Key Components:
- Stakeholder Analysis
- Strategy Decomposition
- Adoption of Business Frameworks
- Goal Setting
- Initiatives and Action Plans
- KPIs and Performance Metrics
- Learning and Adaptation
- Alignment and Cascading of Scorecards
Benefits:
- Systematic strategy formulation and execution.
- Framework flexibility and automation.
- Enhanced alignment and strategic focus across the organization.
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This PowerPoint compilation offers a comprehensive overview of 20 leading innovation management frameworks and methodologies, selected for their broad applicability across various industries and organizational contexts. These frameworks are valuable resources for a wide range of users, including business professionals, educators, and consultants.
Each framework is presented with visually engaging diagrams and templates, ensuring the content is both informative and appealing. While this compilation is thorough, please note that the slides are intended as supplementary resources and may not be sufficient for standalone instructional purposes.
This compilation is ideal for anyone looking to enhance their understanding of innovation management and drive meaningful change within their organization. Whether you aim to improve product development processes, enhance customer experiences, or drive digital transformation, these frameworks offer valuable insights and tools to help you achieve your goals.
INCLUDED FRAMEWORKS/MODELS:
1. Stanford’s Design Thinking
2. IDEO’s Human-Centered Design
3. Strategyzer’s Business Model Innovation
4. Lean Startup Methodology
5. Agile Innovation Framework
6. Doblin’s Ten Types of Innovation
7. McKinsey’s Three Horizons of Growth
8. Customer Journey Map
9. Christensen’s Disruptive Innovation Theory
10. Blue Ocean Strategy
11. Strategyn’s Jobs-To-Be-Done (JTBD) Framework with Job Map
12. Design Sprint Framework
13. The Double Diamond
14. Lean Six Sigma DMAIC
15. TRIZ Problem-Solving Framework
16. Edward de Bono’s Six Thinking Hats
17. Stage-Gate Model
18. Toyota’s Six Steps of Kaizen
19. Microsoft’s Digital Transformation Framework
20. Design for Six Sigma (DFSS)
To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.AnnySerafinaLove
This letter, written by Kellen Harkins, Course Director at Full Sail University, commends Anny Love's exemplary performance in the Video Sharing Platforms class. It highlights her dedication, willingness to challenge herself, and exceptional skills in production, editing, and marketing across various video platforms like YouTube, TikTok, and Instagram.
B2B payments are rapidly changing. Find out the 5 key questions you need to be asking yourself to be sure you are mastering B2B payments today. Learn more at www.BlueSnap.com.
Industrial Tech SW: Category Renewal and CreationChristian Dahlen
Every industrial revolution has created a new set of categories and a new set of players.
Multiple new technologies have emerged, but Samsara and C3.ai are only two companies which have gone public so far.
Manufacturing startups constitute the largest pipeline share of unicorns and IPO candidates in the SF Bay Area, and software startups dominate in Germany.
Digital Marketing with a Focus on Sustainabilitysssourabhsharma
Digital Marketing best practices including influencer marketing, content creators, and omnichannel marketing for Sustainable Brands at the Sustainable Cosmetics Summit 2024 in New York
Top mailing list providers in the USA.pptxJeremyPeirce1
Discover the top mailing list providers in the USA, offering targeted lists, segmentation, and analytics to optimize your marketing campaigns and drive engagement.
3 Simple Steps To Buy Verified Payoneer Account In 2024SEOSMMEARTH
Buy Verified Payoneer Account: Quick and Secure Way to Receive Payments
Buy Verified Payoneer Account With 100% secure documents, [ USA, UK, CA ]. Are you looking for a reliable and safe way to receive payments online? Then you need buy verified Payoneer account ! Payoneer is a global payment platform that allows businesses and individuals to send and receive money in over 200 countries.
If You Want To More Information just Contact Now:
Skype: SEOSMMEARTH
Telegram: @seosmmearth
Gmail: seosmmearth@gmail.com
❼❷⓿❺❻❷❽❷❼❽ Dpboss Matka Result Satta Matka Guessing Satta Fix jodi Kalyan Final ank Satta Matka Dpbos Final ank Satta Matta Matka 143 Kalyan Matka Guessing Final Matka Final ank Today Matka 420 Satta Batta Satta 143 Kalyan Chart Main Bazar Chart vip Matka Guessing Dpboss 143 Guessing Kalyan night
Part 2 Deep Dive: Navigating the 2024 Slowdownjeffkluth1
Introduction
The global retail industry has weathered numerous storms, with the financial crisis of 2008 serving as a poignant reminder of the sector's resilience and adaptability. However, as we navigate the complex landscape of 2024, retailers face a unique set of challenges that demand innovative strategies and a fundamental shift in mindset. This white paper contrasts the impact of the 2008 recession on the retail sector with the current headwinds retailers are grappling with, while offering a comprehensive roadmap for success in this new paradigm.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoft’s Digital Transformation Framework
McKinsey’s Ten Guiding Principles of Digital Transformation
Forrester’s Digital Transformation Framework
IDC’s Digital Transformation MaturityScape
MIT’s Digital Transformation Framework
Gartner’s Digital Transformation Framework
Accenture’s Digital Strategy & Enterprise Frameworks
Deloitte’s Digital Industrial Transformation Framework
Capgemini’s Digital Transformation Framework
PwC’s Digital Transformation Framework
Cisco’s Digital Transformation Framework
Cognizant’s Digital Transformation Framework
DXC Technology’s Digital Transformation Framework
The BCG Strategy Palette
McKinsey’s Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
Company Valuation webinar series - Tuesday, 4 June 2024FelixPerez547899
This session provided an update as to the latest valuation data in the UK and then delved into a discussion on the upcoming election and the impacts on valuation. We finished, as always with a Q&A
Company Valuation webinar series - Tuesday, 4 June 2024
Corporate Cyber Attacks: Managing Risk to Avoid Reputation Harm
1. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │1
GOOD. SMART.BUSINESS. PROFIT.
TM
2. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │2
CORPORATE CYBERATTACKS: MANAGING RISK
TO AVOID REPUTATIONAL HARM
September 18, 2014
3. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │3
Chelsie Chmela
Events Manager
Chelsie.Chmela@ethisphere.com
We encourage you to engage during the Q&A portion of today’s webcast by using
the “Submit Question” button located within your West LegalEdcenter experience
or the Chat Box in ReadyTalk
HOST
QUESTIONS
MATERIALS Included in your registration:
• Event recording and deck: West LegalEdcenter provides on-demand event
access for 180 days or until the end of your subscription, if sooner. Ethisphere
will provide the recording and presentation deck following the live event to
ReadyTalk attendees.
3
4. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │4
Stuart Levi
Partner
Skadden, Arps, Slate Meagher & Flom LLP & Affliates
Devon Kerr
Senior Consultant
Mandiant
SPEAKING TODAY
5. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │5
Beijing
Boston
Brussels
Chicago
Frankfurt
Hong Kong
Houston
London
Los Angeles
Moscow
Munich
New York
Palo Alto
Paris
São Paulo
Shanghai
Singapore
Sydney
Tokyo
Toronto
Washington, D.C.
Wilmington
Privacy and Cybersecurity 2014:
The Current State of Affairs
•Presented by
•Stuart Levi
6. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │6
PRIVACY V. CYBERSECURITY
• Privacy policy
compliance
• Big data mining
• Privacy regulations
• Internet of things
• Do not track
• Location data
• Global enforcement
Privacy
7. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │7
PRIVACY V. CYBERSECURITY
• Data breaches
• Non-data cyber theft
• Denial of service attacks
• Compliance with security
policies
• NIST guidelines
Cybersecurity
8. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │8
PRIVACY V. CYBERSECURITY
Government Spying
• Snowden revelations
• Access to records through
public companies
• Government monitoring
• Global implications
9. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │9
PRIVACY V. CYBERSECURITY
PRIVACY CYBERSECURITY
Government
spying
Data
Breaches
Increased
demands
for
privacy
regulation
10. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │10
THE REALITY COMPANIES FACE TODAY
• Data breaches and cyberattacks are increasingly common.
• More companies are considered “targets of choice.”
• A large segment of the security community has adopted
an “assume you’ve been breached” mentality.
• Attacks are from:
− Hackers looking to profit
− State-sponsored organizations
− Hackers looking to wreak havoc
11. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │11
THE REALITY COMPANIES FACE TODAY
• Attacks are not limited to personal information:
− Theft of intellectual property
− Theft of business information
− Denial of service attacks
• No industry is immune from attack.
• Rapid detection has become as important as threat prevention.
− Each day the threat is not detected, the level of damage and harm increases
• Locating the source of the harm is becoming more difficult
12. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │12
THE REALITY COMPANIES FACE TODAY
• Informative statistics from the Verizon 2013 Data Breach
Investigations Report:
− 78% of intrusions were rated as “low difficulty”
− 69% discovered by external parties
− 66% took multiple months to discover
− 75% are considered opportunistic attacks
− 80% involved authentication based attacks
• Each statistic presents a potential liability risk.
13. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │13
KEY LEGAL THREATS TODAY
• FTC enforcement activity
− “Misleading” consumers by “promising” industry-standard or robust security
− Inadequate security protection
• Shareholder litigation
− For any cybersecurity loss (not just data breaches)
» Denial of service
» Loss of intellectual property or confidential information
• Data breach class actions
14. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │14
THE RESPONSE CLOCK HAS
ACCELERATED
HISTORICAL PRACTICE
COMPANIES OFTEN
DELAYED NOTICE UNTIL
FULL FORENSIC
ANALYSIS WAS DONE
» Provided time to formulate a
response and manage PR,
communications and legal
» Companies often hopeful that
forensics analysis would reveal
notice was not required
» Sometimes delay was required
by law enforcement,
but this was the exception
15. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │15
THE RESPONSE CLOCK HAS
ACCELERATED
• Today, companies face a new and pressing reality:
− Privacy advocates/activists
» Learning of breaches and threatening to go public if the
company does not disclose
» Generally unsympathetic to pleas that the company
needs more time to formulate its response
− Insurance plans may require prompt notice
16. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │16
DATA SECURITY CLASS ACTIONS
ARE ON THE RISE
• Plaintiffs’ lawyers are looking to cash in on the increase in
data security breaches at retailers, banks and other
institutions.
• Their tool of choice: large-scale class actions based around
theories of alleged damage to consumers’ privacy.
• While relatively few cases have been filed so far, the number
will undoubtedly grow.
17. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │17
THE FTC AND PLAINTIFF
LAWYERS NEED A HOOK
• The company failed to install or implement adequate
security protections.
− Were there internal or consultant recommendations that were ignored?
• The company “misled” customers about the level of its security.
• The company’s procedures or policies were lacking or not followed.
− Security policies
− Vendor policies
• C-suite and/or board was not adequately kept apprised of
security procedures.
• The company took too long to provide notice of a data breach or to
respond to an attack
18. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │18
KEY TAKEAWAY
The goal of every company today should be to
eliminate as many of these hooks as possible
19. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │19
STEPS EVERY COMPANY
SHOULD BE TAKING TODAY
• Privacy audit and implementation
• Risk assessment
• Establish a rapid response team
• Testing
• Privacy by design
• Evaluate insurance coverage
20. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │20
PRIVACY AUDITS
• Typically performed by a law firm and/or external consultant
− External advisers see issues that are hidden to
companies
» View each issue from a “what if” lawsuit perspective
− “Good fact” in the event of a litigation
− External advisers have the benefit of seeing best
practices at other companies
− Provides regulators with comfort
21. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │21
PRIVACY AUDITS
• Key Steps:
− Where is data coming into the company?
− How is data used and what controls are in place?
− How are security decisions made and implemented?
− Do internal and external privacy policies align with actual practice?
» Very often they do not
− What is the company saying about its security practices?
− What is the company disclosing in its public filings?
− How are company executives and board members kept informed?
− How mature is the privacy program?
− What sort of training/retraining is provided?
• Critical Step: Need to act on audit recommendations
22. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │22
RISK ASSESSMENT
• What types of personal information could be compromised?
• Is there a risk of confidential information being compromised?
• What is the potential for lost business?
• Is there a potential for regulatory scrutiny?
• Is there a potential for fines and penalties?
• What is the potential for damage to reputation/loss
of trust/media publicity?
23. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │23
ESTABLISHING A RAPID RESPONSE TEAM
• Critical in a world where you may lose control of
the response timing
• Key stakeholders will bring unique and important perspectives
− IT, legal, security, PR/communications, HR, risk management,
corporate management, government relations
• Scrambling to figure out the team once an incident occurs is
inefficient and dramatically increases the risk of a misstep
• Create a playbook of how incidents will be handled
• Understand the data breach notification requirements
• Understand SEC disclosure obligations
24. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │24
TESTING
• Critical to test your incident response plan at least
semi-annually
− Consider different scenarios
• Consider creating a report of areas to improve
− But assess the risks of creating such a report
• Assess roles and responsibilities
− Did people leave?
− Was there any internal restructuring?
− Were new systems implemented?
25. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │25
TESTING
• Update process documents
• Review third-party vendor contacts
» PR
» Forensics
» Notification
» Legal
− Are these still the right contacts?
• Any changes to law
26. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │26
PRIVACY BY DESIGN
• Area of focus for the FTC
» Companies should maintain comprehensive data management procedures
throughout the life cycle of their products and services
• Now a critical area for risk mitigation
• Key ideas:
− Proactive not reactive
− Privacy embedded into the design process
− Visibility and transparency within the organization
− Privacy and security as part of the corporate culture
27. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │27
EVALUATE INSURANCE COVERAGE
CRITICAL AREAS OF
CYBER INSURANCE
− Network security liability (third
party)
− Privacy liability (third party)
− Professional liability (third party)
− Notification costs
− Regulatory defense
− Data loss/recreation
− Business Interruption
28. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │28
Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates
29. Skadden, Arps, Slate, Meagher & Flom LLPCyberattacks 2014 – How to Prepare Today and Respond Tomorrow │29
Devon Kerr Senior Consultant
If you work in a classified environment, you may recognize some of the information we present today. MANDIANT observed everything we’ll talk about in non-classified environments, and we’ve changed some of it to protect our clients.