This document provides an overview and agenda for a presentation on cyber security for agencies. The presentation will cover:
1) An introduction to cyber security threats in an agency environment and what agencies need to know.
2) The legal ramifications of a cyber attack and an agency's responsibilities and liabilities.
3) Developing a crisis communications plan to respond when a cyber attack occurs and the steps agencies should take.
The document then outlines one section of the presentation on defending enterprise integrity and making information security part of an organization's culture. It stresses the importance of focusing on human factors rather than just cyber defenses.
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
View on-demand presentation: http://securityintelligence.com/events/ibm-2015-cyber-security-intelligence-index/
The cyber threat landscape is increasing in complexity and frequency. Organizations that have historically not been the target of cyber attacks now make headline news with large data losses and compromised transactions. Organizations need a clear point of view on how to respond to these threats, and one that incorporates not only the relevant technology but also the organizational changes needed.
Nick Bradley, Practice Leader of the IBM Threat Research Group and the X-Force Threat Analysis Team, and Nick Coleman, Global Head Cyber Security Intelligence Services outline what organizations need to do now and in the future to stay ahead of the growing cyber security threat.
Does your business have a disaster preparedness plan? This SlideShare will cover all considerations necessary to formulate a comprehensive plan following the NFPA 1600 Standards followed by the US Department of Homeland Security.
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
This session will discuss the main cyber threats for 2019 by including security public and private sector experts. After an overview of the top cybersecurity industry predictions for the coming year, the panel will discuss effective solutions and roadmaps needed as we head into the 2020s.
Main points covered:
• What are the top cyber threats facing enterprises in 2019?
• What do the major cybersecurity vendors believe will happen in the next few years?
• What is being done to prepare for daily cyber-attacks facing enterprises?
• What projects are leading Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) implementing now?
Presenters:
Our first presenter for this session is Maria S. Thompson, State Chief Risk and Security Officer for the State of North Carolina. Maria brings to the State over 20 years of experience in Information Technology and cybersecurity. Maria’s personal honors include receiving the 2007 National Security Agency’s prestigious Rowlett Award for individual achievement in Information Assurance. Additionally, she received the 2008 Office of Secretary of Defense Certificate of Excellence for the implementation of an IA strategy for the Information Assurance Workforce. Most recently, Maria was selected as a winner of one of the 2018 Triangle Business Journal Women in Business award and State Scoop’s 50th Award State Cybersecurity Leader
The second presenter is Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.
Recorded Webinar: https://youtu.be/IHAAXQ30zBk
Key Findings from the 2015 IBM Cyber Security Intelligence IndexIBM Security
View on-demand presentation: http://securityintelligence.com/events/ibm-2015-cyber-security-intelligence-index/
The cyber threat landscape is increasing in complexity and frequency. Organizations that have historically not been the target of cyber attacks now make headline news with large data losses and compromised transactions. Organizations need a clear point of view on how to respond to these threats, and one that incorporates not only the relevant technology but also the organizational changes needed.
Nick Bradley, Practice Leader of the IBM Threat Research Group and the X-Force Threat Analysis Team, and Nick Coleman, Global Head Cyber Security Intelligence Services outline what organizations need to do now and in the future to stay ahead of the growing cyber security threat.
Does your business have a disaster preparedness plan? This SlideShare will cover all considerations necessary to formulate a comprehensive plan following the NFPA 1600 Standards followed by the US Department of Homeland Security.
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
NCSAM = Cyber Security Awareness Month: Trends and ResourcesStephen Cobb
My take on the main themes and topic of National Cyber Security Awareness Month, including shared responsibility, the Internet of Things, STEM education and the cyber workforce.
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
This session will discuss the main cyber threats for 2019 by including security public and private sector experts. After an overview of the top cybersecurity industry predictions for the coming year, the panel will discuss effective solutions and roadmaps needed as we head into the 2020s.
Main points covered:
• What are the top cyber threats facing enterprises in 2019?
• What do the major cybersecurity vendors believe will happen in the next few years?
• What is being done to prepare for daily cyber-attacks facing enterprises?
• What projects are leading Chief Information Security Officers (CISOs) and Chief Risk Officers (CROs) implementing now?
Presenters:
Our first presenter for this session is Maria S. Thompson, State Chief Risk and Security Officer for the State of North Carolina. Maria brings to the State over 20 years of experience in Information Technology and cybersecurity. Maria’s personal honors include receiving the 2007 National Security Agency’s prestigious Rowlett Award for individual achievement in Information Assurance. Additionally, she received the 2008 Office of Secretary of Defense Certificate of Excellence for the implementation of an IA strategy for the Information Assurance Workforce. Most recently, Maria was selected as a winner of one of the 2018 Triangle Business Journal Women in Business award and State Scoop’s 50th Award State Cybersecurity Leader
The second presenter is Dan Lohrmann is an internationally recognized cybersecurity leader, technologist and author. Starting his career at NSA, Lohrmann has served global organizations in the public and private sectors in many leadership capacities. As a top Michigan Government technology executive for seventeen years, Dan was national CSO of the Year, Public Official of the Year and a Computerworld Premier 100 IT Leader. He is currently CSO & Chief Strategist at Security Mentor, where he advises global and local corporations and governments on cybersecurity and technology infrastructure strategies and security culture change. He has been a keynote speaker at security conferences from South Africa to Europe and Washington D.C. to Moscow.
Recorded Webinar: https://youtu.be/IHAAXQ30zBk
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data.
Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation.
The webinar covers
• Ethical Hacking
• Penetration Testing
• Differences and Similarities
• Types & Stages of Penetration Testing
• Cybersecurity
• Impact of COVID-19 on Cybersecurity
Presenters:
Carl Carpenter
Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.
In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…
Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell
Andreas Christoforides
Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.
In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.
Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.
YouTube video: https://youtu.be/cTrdBZFIFhM
Website link: https://pecb.com/
Top 12 Cybersecurity Predictions for 2017IBM Security
No industry is immune from a cyberattack. In fact, cyber experts are predicting that we may see a rise in attacks and a spread as industries previously on the fringe now face direct hits. The question is, “What’s in store for us in 2017?”
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
What trends will 2018 bring for Business Continuity Professionals?PECB
Many business continuity practitioners are perceiving a higher level of risk than ever before in their careers. Unfortunately, these risks are more often resulting in real incidents which require emergency response and continuity of operations. Being prepared may be the most important thing an organization can do in 2018. But what should we prepare for, and how should we prepare for it? This discussion will walk through some of the emerging threats concepts, tools, and techniques that business continuity professionals can expect to see more of in 2018.
Main points covered:
- What should we prepare for in 2018?
- How should we prepare?
- The emerging threats, concepts, tools, and techniques expected in 2018
- Emerging threats creating new risks
Presenter:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Organizer: Nevila Muka
Date: January 17, 2018
Link to the recorded webinar:
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
In 2015 alone, hackers stole the records of - 11 million people from Premiere Blue Cross- 10 million people from Excellus BlueCross BlueShield- 80 million people from Anthem. We review the challenges, trends and opportunity of the cyberspace wars. Presented to APICS Ventura on March 8, 2016 by Gerry Poe - CEO of Santa Clarita Consultants. http://www.scc-co.com
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
Michael Barba and Jeff Hall discuss the most pressing cyber-threats facing retailers and what companies can do in the event of a cyber breach, data loss or claim. Mr. Barba is a managing director and Mr. Hall is a senior manager with BDO Consulting.
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Ethical Hacking vs Penetration Testing vs Cybersecurity: Know the Difference?PECB
Ethical hacking helps organizations in preventing the exploitation and vulnerabilities of their system’s data.
Today, several real-world testing methods are used to avoid cyber-attacks and secure important data from exploitation.
The webinar covers
• Ethical Hacking
• Penetration Testing
• Differences and Similarities
• Types & Stages of Penetration Testing
• Cybersecurity
• Impact of COVID-19 on Cybersecurity
Presenters:
Carl Carpenter
Carl is a former CISO of a $6B entity where he was responsible for protecting data of all types and regulatory environments such as FFIEC, HIPAA, and PCI as well as working with the FBI, IRS, and US Department of Labor around investigations relating to money laundering. He has performed assessments against Fortune 10 and 50 companies in the areas of GDPR, CCPA, ISO/IEC 27001 and currently performs CMMC assessments as well as CMMC pre-audit support to help ensure a successful CMMC audit. Prior to that, Carl retired from the US Military where he was involved in counter-terrorist, counter-narcotics, counter-intelligence operations and training foreign military members in these same concepts. Carl is also a PECB trainer in ISO/IEC 27001, ISO/IEC 27032, and CMMC Foundations and holds numerous other certifications.
In 2016, Carl joined Arrakis Consulting where he started as an auditor and providing CISO-as-a-Service to small or medium sized companies that needed more experience without increased cost. In 2017, Carl added active penetration testing to his portfolio of skills and routinely performs penetration tests against companies of all sizes. Carl also trains people on a variety of skills such as penetration testing, network engineering, network administration, OSI model, subnetting, etc…
Carl holds a Bachelors from Western Governors University in Network Security and Operations as well as numerous certifications from ITIL, Cisco, CompTIA, Microsoft, CMMC-AB, ISACA, OneTrust, RSA, PCI Council, Citrix, and Novell
Andreas Christoforides
Mr. Christoforides is an active IT auditor and a trainer for a various organization on Information Security Management Systems. He is a member of the Cyprus Computer Society, a PECB certified trainer for ISO/IEC 27001, ISO 22301 and GDPR CDPO, and a former Deputy Head of IT Infrastructure at a Bulgarian Leading Bank.
In 2019, he joined BEWISE and delivered to clients a wide range of Cybersecurity projects in the areas of strategy, governance and risk management, data privacy and protection (GDPR), and business resilience and recovery. He conducts IT Risk Assessments and develops IT policies and procedures towards establishing an effective and secure IT Governance framework.
Mr. Christoforides holds a BEng degree from Birmingham City University and a variety of other qualifications from Microsoft and CISCO.
YouTube video: https://youtu.be/cTrdBZFIFhM
Website link: https://pecb.com/
Top 12 Cybersecurity Predictions for 2017IBM Security
No industry is immune from a cyberattack. In fact, cyber experts are predicting that we may see a rise in attacks and a spread as industries previously on the fringe now face direct hits. The question is, “What’s in store for us in 2017?”
Cyber Resilience presented at the Malta Association of Risk Management (MARM) Cybercrime Seminar of 24 June 2013 by Mr Donald Tabone. Mr Tabone, Associate Director and Head of Information Protection and Business Resilience Services at KPMG Malta, presented a six-point action plan corporate entities can follow in order to reach a sustainable level of cyber resilience.
What trends will 2018 bring for Business Continuity Professionals?PECB
Many business continuity practitioners are perceiving a higher level of risk than ever before in their careers. Unfortunately, these risks are more often resulting in real incidents which require emergency response and continuity of operations. Being prepared may be the most important thing an organization can do in 2018. But what should we prepare for, and how should we prepare for it? This discussion will walk through some of the emerging threats concepts, tools, and techniques that business continuity professionals can expect to see more of in 2018.
Main points covered:
- What should we prepare for in 2018?
- How should we prepare?
- The emerging threats, concepts, tools, and techniques expected in 2018
- Emerging threats creating new risks
Presenter:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Organizer: Nevila Muka
Date: January 17, 2018
Link to the recorded webinar:
The State Of Information and Cyber Security in 2016Shannon G., MBA
Shannon Glass, Practice Director from AfidenceIT talks about the State of Information and Cyber Security in 2016. She covers the importance of creating a culture of security awareness within an organization, threats to look out for on the landscape, and why you should care about protecting your data assets.
In 2015 alone, hackers stole the records of - 11 million people from Premiere Blue Cross- 10 million people from Excellus BlueCross BlueShield- 80 million people from Anthem. We review the challenges, trends and opportunity of the cyberspace wars. Presented to APICS Ventura on March 8, 2016 by Gerry Poe - CEO of Santa Clarita Consultants. http://www.scc-co.com
Cybersecurity: The Danger, the Cost, the RetaliationPECB
The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era.
Main points covered:
• Costs and danger of cyber-attacks now compared to major natural disasters
• Nation State threats on critical infrastructure reaching acts of war
• Cyber offense short term and Cyber Defense long term
Presenter:
Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org
As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems.
His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment.
Recorded webinar: https://youtu.be/yyVsSj946S4
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
Michael Barba and Jeff Hall discuss the most pressing cyber-threats facing retailers and what companies can do in the event of a cyber breach, data loss or claim. Mr. Barba is a managing director and Mr. Hall is a senior manager with BDO Consulting.
This article examines cyber and information security as it relates to the legal industry and provides strategic considerations for law firms looking to deal with information security issues.
Delivered at Trend Micro's Executive briefing events Sydney and Melbourne 5-6 June 2017 on Australia's new Mandatory Data Breach Notification legislation. YoutubeVideo available at https://youtu.be/j5nmY916H7k
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
Learn actionable steps to provide a high-level plan for implementing a privacy program in conjunction with your existing organizational RIM/IG program(s).
Want to follow along with the webinar replay? Download it here for FREE: https://info.aiim.org/data-privacy-for-the-im-practitioner-practical-advice-for-preparedness-and-prevention
As privacy and security professionals it's true: we simply can't get enough data on the costs of a data breach. This is primarily driven, of course, by our desire to quantify the risks associated with our profession in terms that organizations can understand and measure. Our quest is complicated, however, by the fact that breach cost data is so hard to come by.
This unique webinar will take data breach analysis to the next level. First we'll define our terms and review of some of the best known, publicly available data breach research. But then, we'll dive into a more detailed, exhaustive, quantitative review of breach data. This will include both case studies of a few seminal data breaches and statistical analysis of data breaches in the aggregate.
Our featured speaker for this timely webinar is Patrick Florer, Co-Founder & CTO of Risk Centric Security. Patrick, who is also a Fellow and Chief Research Analyst at the Ponemon Institute, has decades of experience in risk analysis and analytics and is considered an expert in data breach analysis.
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
To view the accompanying webinar, go to:
https://www.financialpoise.com/financial-poise-webinars/data-privacy-compliance-2020/
Cyber risk related to information security is growing. A potentially huge exposure for transportation companies is the personal data of their current and prospective drivers.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
All levels of society rely upon information technology systems. Network operations are pervasive and impact nearly every aspect of our society. The desire of companies to collect, use, store, and secure information about customers, employees, and other individuals is a requirement of the new economy. It is no wonder that the prevalence of electronic communications and a growing dependency on cyber structures and operations also create potential vulnerabilities to cyberattacks. It is critical to preserve information systems and address and prevent weaknesses in cyber protection efforts. This webinar examines the means for companies to reach data goals ethically, efficiently and legally. The panel will also discuss the evolving regulatory approaches of the European Union, United States Federal government and significant developments in U.S. state regimes, including California. Best practices and model comprehensive privacy and cybersecurity policies are discussed. And, data breach response and related litigation, including class action litigation issues and fiduciary duty violations under corporate law, are discussed.
Part of the webinar series: CORPORATE & REGULATORY COMPLIANCE BOOTCAMP 2022 - PART I
See more at https://www.financialpoise.com/webinars/
Cyber Crime: Preparing Your Organization for the New NormalSandra Fathi
Cyber crime is rampant and every organization must prepare itself for the when, not if, they will have a data breach. This presentation was given at Pworld's Crisis Communications Boot Camp in Ottawa, CA June 13, 2019
This presentation was given at the FPRA Capital Chapter's meeting in Tallahasse on May 25, 2017. It covers what communicators need to know in the event of a data breach or cyber security incident.
Fear Factor Metrics: PR Metrics Communicators Fear MostSandra Fathi
Presentation given at PR News Measurement Conference in Chicago on November 18, 2015. Covers key measurement concepts including Share of Voice (SOV), Competitive Benchmarking & Correlations
Trade Secrets Your Agency Isn't SharingSandra Fathi
If you have never worked in a PR agency, their doings can seem mysterious. How does the agency get all of that coverage for their clients? Is it because of exclusive relationships with publications? Is it because they meet reporters for drinks or play golf together? What is the black magic that commands such high retainers? If you haven't been inside an agency, and your company expects you to hire and manage one, it can be intimidating. Agencies prefer to adopt a mystique about how they work because they think that keeping you in the dark will give them the upper hand in negotiations. However, the more you know about agency operations, the better results you achieve for your company and the more value you extract from your agency. In this session, we'll review models of agency operations and discuss the factors you need to know when engaging an agency.
We'll discuss:
Comparing apples to apples: how to compare agencies during the dreaded RFP process
How to see through the bull@#*%: Relationships don't mean a thing if they don't know how to tell your story
How to avoid the bait and switch: meet your team—not just the sales team—during the hiring process
How to negotiate guaranteed results into your agency agreement
How to save time and money—dictate how your hours should and shouldn't be spent in a retainer relationship
How to set yourself up for success: what you need to do to educate your new partner
This presentation was given at Ragan's 7th Annual Employee Communications, PR & Social Media Summit at Microsoft on October 28th, 2015
Bloggers Speak Out: New paid and pitching techniques to score more placement Sandra Fathi
This PPT was presented as part of a webinar for PR Daily entitled "Bloggers Speak Out: New paid and pitching techniques to score more placement." The webinar had three presenters and this portion was given by Sandra Fathi. It covers what's new in blogger relations, influencer marketing strategies, research and tools, promotions and sponsorships and product and service reviews.
This presentation was given at eMetrics, Chicago, on June 9th, 2015. It focuses on three primary tactics of measurement for public relations: share of voice, competitive benchmarking and correlations.
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsSandra Fathi
Presentation given at eMetrics Summit in San Francisco on April 1, 2015. Covers PR measurement through three specific tactics - share of voice, competitive benchmarking and correlations.
Before Disaster Strikes: Creating an Effective Crisis Communications PlanSandra Fathi
This webinar was presented by WOMMA on December 10, 2014. It covers Crisis Communications and Crisis Planning for public relations, social media and marketing professionals.
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Cyber Security 101: What Your Agency Needs to Know
1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies
CYBER SECURITY 101:
What Your Agency Needs to Know
PR Council Genome Series
May 4, 2017
2. PROPRIETARY & CONFIDENTIAL
PRESENTERS
Sandra Fathi, President, Affect
PR Council Board Member
sfathi@affect.com
@sandrafathi
Simon Russell
Managing Partner,
BeCyberSure
simonr@becybersure.com
Vince L. Martinez
Partner, K&L Gates LLP
Vince.martinez@klgates.com
3. PROPRIETARY & CONFIDENTIAL
I. Cyber Security 101: What you need to know about cyber security and threats in an
agency environment
II. Legal Ramifications: Cyber security and the law, the agency’s responsibilities and
liabilities
III. Crisis Communications: When it happens to you, a plan of action
AGENDA
March 4, 2010Affect
4. PROPRIETARY & CONFIDENTIAL
DEFENDING ENTERPRISE INTEGRITY
Making InfoSec Part of the Culture
Simon Russell, Managing Partner, BeCyberSure North America
5. PROPRIETARY & CONFIDENTIAL
Defending(Enterprise(Integrity(((
What is “Cyber Security”?(
• The(process(of(applying(security(
measures(to(ensure(
confiden9ality,(integrity,(and(
availability(of(data(
• Essen9ally,(protec9on(against(
Cyber(Risk(
What is “Cyber Risk”?(
• “Cyber(Risk”(means(any(risk(of(
financial(loss,(disrup9on(or(damage(
to(the(reputa9on(of(an(individual(or(
organiza9on(from(some(sort(of(
failure(of(their(informa9on(
technology(systems(
10. PROPRIETARY & CONFIDENTIAL
EXCUSES#FOR#NOT#ADDRESSING#CYBER#
Defending(Enterprise(Integrity(((
• Usually easier targetI’M TOO SMALL
• All data has value or you could be a stepping stoneNOTHING WORTH STEALING
• Every organization is of interest to the criminal – they do
not discriminate
MY TYPE OF BUSINESS IS NOT A
TARGET
• Not the point- there are other assets to stealI DON’T HANDLE MONEY
• You are still responsible - the responsibility is not
outsourced
I OUTSOURCE IT, PAYMENTS, ETC
• Not any more!
SOMEONE ELSE WILL PAY IF
SOMETHING GOES WRONG (e.g.
banks, insurance)
17. Basic Incident Response Steps
• Recognize the occurrence of an incident.
• Notify and assemble the incident response team to begin the investigation.
• The internal team can include IT, Security, HR, Counsel, Compliance,
business heads and IR.
• The external team can include outside counsel, technological consultancies
and crisis management / public relations firms.
• Identify and fix (or contain) the technological issue.
• Determine any legal obligations and comply.
• Determine if any public reporting obligations exist.
• Communicate with the public as appropriate.
• Eradicate remnants of the security incident and recover business operations.
18. Data Breach Notification Requirements
• The primary consideration is the exposure of personally identifiable
information (PII).
• All states except AL and SD require companies to notify affected
individuals when their PII has been compromised.
• There are variances in notification laws and the types of data considered PII.
• Most states require notice as soon as reasonably possible; a few require
notice within 30 to 45 days of discovery.
• Certain federal laws, such as HIPAA and GLBA, require companies to
notify affected individuals.
• Certain federal regulators, including the FTC and FCC, are active within
their jurisdictions.
• Breach notification can also be a function of contract, which should be
known before an incident occurs.
19. Notifying Law Enforcement
• Relevant federal law enforcement agencies include the FBI
and the Secret Service.
• The Department of Justice has issued guidance for interacting with
federal law enforcement authorities in the wake of a cybersecurity event.
• https://www.justice.gov/sites/default/files/criminal-ccips/legacy/
2015/04/30/04272015reporting-cyber-incidents-final.pdf
• State Attorneys General may also be required to be notified.
• It is a best practice to have pre-established contacts with law
enforcement before an event.
• Remember that law enforcement has different goals than you when
responding to a cybersecurity event, and the logistics and possible issues
surrounding law enforcement involvement should be understood beforehand.
20. Public Company Reporting Obligations
• The SEC’s Division of Corporation Finance offered guidance in 2011.
• https://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm
• The guidance gives context to materiality in several parts of periodic reports.
• Some incidents may be described generally in quarterly and annual filings.
• Filing a Form 8-K is most appropriate for events of immediate material
consequence to investors.
• The SEC has not yet brought an enforcement action for inadequate
cybersecurity disclosure, but has frequently indicated its interest in doing so.
21. Recent Regulatory Developments
• The New York Department of Financial Services recently implemented
regulations for certain financial institutions:
• http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf
• Affects both businesses registered under the New York Banking, Insurance
and Financial Services Laws, as well as certain third parties that service those
businesses.
• Contains specific technological measures required of covered entities.
• The Colorado Division of Securities recently proposed enhanced
cybersecurity measures for broker-dealers and investment advisers:
• https://drive.google.com/file/d/0BymCt_FLs-RGUWl5c3lDUVlzeDg/view
• Specifies what measures firms should consider in order to have “written
procedures reasonably designed to ensure cybersecurity.”
• Takeaway: More regulators are beginning to list specific measures required.
22. Consequences of a Cyber Incident
• Major damage to the company’s operations, customer loyalty, reputation
and financial results.
• Litigation, settlement, repair and remediation costs in recent
cases have reached into the tens of millions of dollars, including:
• Example: Target - breach related costs approaching $180 million per latest Form 10-K.
• Shareholder derivative actions, including against directors
• Customer class actions
• Litigation with (former) business partners
• Regulatory investigations, actions and remediation oversight
• Example: FTC v. Wyndham Worldwide Corp.
• Inadequate or misleading data security protections can be
charged as unfair and deceptive trade practices.
• Activist investor campaigns
23. Roles for Outside Counsel
• Extend attorney-client privilege to response advice.
• Extend work product protection to investigative documentation.
• Hire other third parties as agents of the legal engagement.
• Establish contact with law enforcement.
• Identify likely regulators and applicable standards and guidance.
• Identify legal and contractual obligations to notify or report.
• Ensure legal accuracy of public statements.
26. PROPRIETARY & CONFIDENTIAL
WHAT’S THE SCENARIO
• Scenario #1: A reporter tweets that they’ve broken a story about your data
breach – you were unaware that the press was aware.
• Scenario #2: IT department detects a breach and informs the PR department
that it has been mitigated.
• Scenario #3: The FBI calls to tell you that they are investigating your data
breach.
• Scenario #4: The IT department reports a breach to PR, but has no idea how
large it is or what the total impact will be.
• Scenario #5: A Hacker threatens to release your client’s data if you don’t pay
$100,000 in Bitcoin
You need a plan and you needed it yesterday.
27. PROPRIETARY & CONFIDENTIAL
THE THREAT IS REAL
• The Element of Surprise: breaches are often leaked to the media before full
investigations are complete
• Under Pressure: Customers, media, employees etc. demand information
• The Gift that Keeps on Giving: Data breach incidents tend to have more than
one news cycle
• Social Media Wildfire: False information spreads quickly on sites like Twitter,
Facebook and LinkedIn
If you are prepared for data breach response, you have a better chance of
controlling your message and preserving your reputation.
29. PROPRIETARY & CONFIDENTIALAffect
PHASE 1: READINESS
PREVENTATIVE MEDICINE
Anticipating a Crisis
1. Crisis Mapping (SWOT Analysis)
2. Policies and Procedures (Prevention)
3. Crisis Monitoring
4. Crisis Communications Plan
5. Crisis Action Plan
6. Crisis Standard Communications Template
30. PROPRIETARY & CONFIDENTIALAffect
THREAT MAPPING
RISK ASSESSMENT
Internal
• Employees
• Facilities
• Vendors/Suppliers
• Distributors/Resellers
• Product
External
• Acts of Nature
• Market
• Legal Restrictions/Law
• Customers
• Advocacy Groups
Anticipating & Understanding Threats to a Business
People, Products, Facilities, Environment, Information
31. PROPRIETARY & CONFIDENTIALAffect
INFORMATION THREATS
What’s in your files?
1. HR – Name, Address, Social Security
2. Payroll – Name, Address, Social Security & Bank Account
3. Customer – Name, Address, Credit Card & Bank Account
4. Vendor – Name, Address, Credit Card & Bank Account
5. Other – Medical Records, Demographic Information, Email, File Servers
etc.
32. PROPRIETARY & CONFIDENTIALAffect
CRISIS COMMUNICATIONS
ANTICIPATING THREATS
Create A Chart:
Potential Informational Threats to Your Business
HR Sales Marketing Finance
Rank Order
High Risk
to
Low Risk
33. PROPRIETARY & CONFIDENTIALAffect
CRISIS TOOLKIT
RESPONSE RESOURCES
1. Develop materials:
• Messages/FAQ
• Prepared statements
• Press release template
• Customer letters
2. Train employees
• Awareness
• Anticipation
• Organizational Preparation
3. Prepare channels:
• Hotline
• Dark site
• Social Media
4. Data Breach/Customer Assistance
Resources
• Microsite/Landing Page FAQ
• Identity Theft Remediation
Services
• Force Password/Account
Information Change
• Special Customer Advocate/Team
34. PROPRIETARY & CONFIDENTIALAffect
IMMEDIATE ACTION
BEST PRACTICES
Preparing a Response
1. Don’t delay
2. Acknowledge situation
3. Acknowledge impact and ‘victims’
4. Commit to investigate
5. Commit to sharing information and cooperation with relevant parties
6. Share corrective action plan if available
7. Respond in the format in which the crisis was received**
35. PROPRIETARY & CONFIDENTIALAffect
RESPONSE OUTLINE
CRITICAL INFORMATION
Prepare a Template Crisis Response:
1. What happened?
2. What do we know about it?
3. Who/what was impacted?
4. How do we feel about it? (How should we feel?)
5. What are we going to do about it?
6. When are we going to do it?
7. When/how will we communicate next?
36. PROPRIETARY & CONFIDENTIALAffect
CUSTOMER COMMUNICATION
Notice of Data Breach
1. Introduction: Why are we contacting you?
2. What happened?
3. What information was compromised?
4. What are we doing to remedy the situation?
5. What can you do to prevent/mitigate further risk?
6. Where can you find more information?
38. PROPRIETARY & CONFIDENTIALAffect
PHASE 3: REASSURANCE
DOSE OF MEDICINE
Who to Reassure? How to Reassure?
1. Develop full response plan
2. Put plan into action: Immediate remedy
3. Communicate results of plan and impact
4. Reaffirm commitment to correction
5. Demonstrate results of program
39. PROPRIETARY & CONFIDENTIALAffect
PHASE 4: RECOVERY
LONG-TERM TREATMENT PLAN
Rebuilding reputation, trust and customer loyalty
Implementing preventative measures for long-term crisis mitigation
and/or prevention
1. Review need for operational, regulatory, environmental and employee
changes
2. Develop long-term plan including policies and prevention tactics
3. Reassess crisis plan
4. Regain customer/public trust
40. PROPRIETARY & CONFIDENTIALAffect
1. Implement Policies to Address Potential Vulnerabilities
2. Establish a Regular Review Cycle for Information Security
3. Establish Inter-Departmental Cooperation
4. Establish a Framework for Response
5. Build a Data Breach Crisis Toolkit
10 KEY TAKEAWAYS
CRISIS COMMUNICATIONS FOR DATA
BREACHES
41. PROPRIETARY & CONFIDENTIALAffect
6. Know Where & How to Respond
7. Prepare Your Employees in Advance
8. Establish Assistance Services for those Impacted
9. Know the Law Regarding Reporting in All Regions of Operations
10. Be Honest, Be Transparent
10 KEY TAKEAWAYS
CRISIS COMMUNICATIONS FOR DATA
BREACHES