Everyone should now understand that no bank or financial institution is immune from cyber risk. Many are now ready to move forward with improving their cyber risk posture but do not know what to do next or how to prioritize their resources. Recognizing that cybersecurity is an overall business risk issue that must be properly managed to comply with many laws and regulations governing banks and financial institutions, this presentation will provide a strategy for how to better understand and manage such risks by:
(1) Providing an overview of the legal and regulatory framework;
(2) Examining the most likely real-world risks; and
(3) Providing strategies for how to manage such risks, including cyber insurance and the development and implementation of an appropriate cyber risk management program (which is not as difficult as it sounds).
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (and Attorneys Who Represent Them) at the Southwest Association of Bank Counsel 42nd Annual Convention on September 20, 2018 (formerly, Texas Association of Bank Counsel).
When money is the at the top of the mind of cybercriminals, where do they turn their heads to? The Banking Sector. With countless operations including Wealth Management, Trading, and Revenue Management, Investor Accounting, it is no light matter when we say that cybersecurity threats keep banks up at night. With data breaches rampantly hitting all types of organizations across the world, the banking sector, for obvious reasons, stays under a constant and increased pressure for safekeeping of their customer's data and more importantly, their money.
The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective.
This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
When money is the at the top of the mind of cybercriminals, where do they turn their heads to? The Banking Sector. With countless operations including Wealth Management, Trading, and Revenue Management, Investor Accounting, it is no light matter when we say that cybersecurity threats keep banks up at night. With data breaches rampantly hitting all types of organizations across the world, the banking sector, for obvious reasons, stays under a constant and increased pressure for safekeeping of their customer's data and more importantly, their money.
The Cybersecurity Risk Management Framework Strategy for Defense Platform Systems course prepares command leadership to implement the National Institute of Standards and Technology’s (NIST) cybersecurity Risk Management Framework (RMF) from a Platform Information Technology (PIT) perspective.
This one-day workshop reviews the five functions of cybersecurity that leadership must consider when making decisions about program resources and requirements.
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
Talking about Next-Gen Security Operation Center for IDNIC+APJII as representative from IDSECCONF. People-Centric SOC requires lot of investment on human in terms of quantity and quality, unfortunately, (good) IT security people are getting rare these days. Organisation need to put their investments more on technology, as in Industry 4.0, machines are getting more advanced to support Human on doing continuous and repetitive task.
Moving from “traditional” to next-gen SOC require proper plan, thats what this talk was about.
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
Using NIST cybersecurity framework, one of the largest healthcare IT firms in the US developed the global security architecture and roadmap addressing security gaps by architecture domain and common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables.
(Source : RSA Conference USA 2017)
Cyber risk isn't new, but the stakes grow higher every day. An incident is no longer likely to be an isolated event, but a sustained and persistent campaign. There is no single solution that will offer protection from an attack, but a Cyber Resilience strategy can provide a multi-layered approach that encompasses people, processes and technology. Pete's presentation talks about eliminating the gap between IT and the business to present a united front against threats. This is a paradigm shift that uses security intelligence to guide decisions and support agility.
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
Designated IT security experts in Europe and Asia have been interviewed by RadarServices, the European market leader for managed security services, with regards to future IT security trends and challenges. They shared their views concerning the development of cyber attacks and security technologies until 2025.
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
Cyber Security Awareness Session conducted by Lightracers Consulting, for Management and non-IT employees. In this learning presentation, we will look at - What is Cyber Crime, Types of Cyber crime, What is Cyber Security, Types of Threats, Social Engineering techniques, Identifying legitimate and secure websites, Protection measures, Cyber Law in India followed by a small quiz.
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
In today’s business environment, organizations have a responsibility to their employees, clients, and customers to ensure the confidentiality, integrity and availability of the critical data that is entrusted to them. Every network is vulnerable to some form of attack. However it is not enough to simply confirm that a technical vulnerability exists and implement countermeasures; it is critical to repeatedly verify that the countermeasures are in place and working properly throughout the secured network. During this webinar, David Hammarberg, Principal, IT Director, and leader of McKonly & Asbury’s Cybersecurity Practice will be joined by Partner, Michael Hoffner and they will lead a discussion on a Cybersecurity Risk Management Program including what it is and how it can prepare your organization for the future.
Cybersecurity: Cyber Risk Management for Lawyers and ClientsShawn Tuma
Shawn E. Tuma, cybersecurity and data privacy attorney at Spencer Fane, LLP, delivered the presentation titled "Cybersecurity: Cyber Risk Management for Lawyers and Clients" at the Texas Bar CLE's 16th Annual Advanced Business Law Course on November 8, 2018.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma delivered this presentation on April 9, 2019, at the Oklahoma State University 4th Annual Cyber Security Conference in Oklahoma City, Oklahoma.
In twenty years of practicing cyber law, Shawn Tuma has seen a multitude of cybersecurity and data breach cases that have helped him understand the real-world risks companies face and the practical things they can do to prioritize their resources and effectively manage cyber risk. In this presentation, he will share his experience on issues such as:
· Why cybersecurity is an overall business risk issue that must be properly managed to comply with laws and regulations
· Why strategic leadership is critical in cybersecurity
· Why teams are critical for cybersecurity and how to personalities and psychology can impact that team
· The most likely real-world risks that most companies face
· How to prioritize limited resources to effectively manage the most likely real-world risks
· What is reasonable cybersecurity
· How to develop, implement, and mature a cyber risk management program
· Why cyber insurance is a critical component of the cyber risk management process
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presented this session to The American Institute of Architects' Large Firm Round Table on March 15, 2018. For more of Shawn Tuma's presentations please visit: https://shawnetuma.com/presentations/
Effective cybersecurity for small and midsize businessesShawn Tuma
This presentation was delivered at the Center for American & International Law's Second Annual Cybersecurity & Data Privacy Law Conference on April 13, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
Spencer Fane LLP Cybersecurity and Data Privacy attorney Shawn Tuma delivered "The Legal Case for Cyber Risk Management Programs and What They Should Include" at the Texas Society of Certified Public Accountants' TSCPA CPE 2018 CPE Expo Conference on November 30, 2018, in Addison, Texas.
The Legal Case for Cyber Risk Management - InfoSec World Privacy & Risk SummitShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at Misti's InfoSec World during the Privacy & Risk Summit on March 22, 2018, in Orlando, Florida.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
Renaissance Executive Forums 2019 CEO Summit presentation by Shawn E. Tuma, Co-Chair, Data Privacy & Cybersecurity Group, Spencer Fane, LLP
March 7, 2019
Dallas, Texas
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma presents the lunch keynote on the Legal Case for Cybersecurity at SecureWorld-Dallas in 2017.
Here is a link directly to the YouTube video of this presentation: https://youtu.be/3ZeJ86Ebas0
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
The Legal Case for Cybersecurity: Implementing and Maturing a Cyber Risk Mana...Shawn Tuma
was delivered as a webinar to the State Bar of Texas Women and the Law Section on February 15, 2018, by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Implementing a Security Management FrameworkJoseph Wynn
Given at the Pittsburgh ISSA April 2017 chapter meeting.
This presentation discussed how to improve the success of your information security program by organizing it using a security management framework.
Overcoming Hidden Risks in a Shared Security ModelOnRamp
Risk management, compliance, and security are a shared burden between your organization and your vendors. Standards such as NIST (Publication 500-292) and regulations like HIPAA and PCI-DSS provide considerations for compliance and security but do not account for the nuances of your unique business or your infrastructure. Guidelines are written as though one party is responsible for compliance and security, but you rely on multiple vendors. Outsourcing can lead to ambiguous delegation of compliance responsibilities, lack of data governance and security practices, and difficulty in achieving data protection—ultimately risking non-compliance and leaving your infrastructure vulnerable.
Join our expert panel as they share insights into closing the gap on who’s responsible for what in data security and best practices for improving your security posture.
Takeaways:
Who owns the responsibility of compliance and security?
How to find and mitigate hidden risks in a 3rd party ecosystem
How to map your requirements to owners, policies, and controls
Expert recommendations for PCI, HIPAA, FERPA, FISMA and more.
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
Presentation to the Association of Continuity Professionals, North Texas Chapter, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
IT Risk Management & Leadership 30 March - 02 April 2014 Dubai UAE360 BSI
Are you effectively securing your organization’s IT systems that store, process, or transmit organizational information?
Is your IT risk management plan tailored to the specific risk profile of your business and being coordinated across all functional and business units?
With the release of IT Governance frameworks, requirements for risk management and new international standards entering the market, the pressure is mounting to ensure that all your IT risks are identified and the necessary action is taken – be this to mitigate them, accept or ignore them. So, how safe is your IT system? What are the risks that your organization is being exposed to?
The solution to this challenge is to establish an effective risk management process that protects the organization, not just its IT assets, and provides it with the ability to perform its mission.
Risk management is the process of identifying and assessing risk and taking preventive measures to reduce it to an acceptable level. It is critical that you develop an effective risk management program that assesses and mitigates risks within your IT systems and better manages these IT-related mission risks.
BENEFITS OF ATTENDING THIS WORKSHOP
Identify common IT project risks
Learn how to assess threats and vulnerabilities to create a risk response strategy
Understand what qualifies as risk with IT projects
Understand the most common IT risk sources
Qualify and quantify IT risks
Learn the difference between negative and positive IT risks
Develop an IT risk management plan
Plan risk response methods for IT risks
Create risk mitigation and contingency plans
Monitor and control project risks
Overcome resistance from stakeholders and team members
WHO SHOULD ATTEND THIS WORKSHOP
IT risk managers
IT security managers
Compliance officers
Program and project managers
IT project managers
IT operation manager
Contact Kris at kris@360bsi.com to register.
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
Part of the webinar series:
CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Similar to Cybersecurity: Cyber Risk Management for Banks & Financial Institutions (20)
Lifecycle: Responding to a Ransomware Attack - A Professional Breach Guide's ...Shawn Tuma
Shawn Tuma, a professional "breach guide" (aka, breach quarterback, coach, privacy counsel, etc), is an attorney who has practiced in cyber law since 1999. His day job as Co-Chair of Spencer Fane LLP's Data Privacy and Cybersecurity Practice is leading companies through the cyber incident response and recovery process. In this presentation, he provides a virtual tabletop exercise explaining the lifecycle of responding to a typical ransomware attack through a detailed timeline.
The audio for this presentation, in podcast form, is here: https://www.secureworldexpo.com/resources/podcast-ransomware-attack-lifecycle
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Southern Methodist University Digital Branding Class on October 27, 2020.
Incident Response Planning - Lifecycle of Responding to a Ransomware AttackShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, was a guest lecturer on this topic at Columbia University for the Executive Masters of Technology Management Program on November 21, 2020.
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Northwestern State University's Fall Continuing Legal Education Conference on November 18, 2020.
Reimagine Your Company Operating Again After a Ransomware Attack -- The Lifec...Shawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Dallas Baptist University Reimagine Technology Conference course in Dallas, Texas on November 18, 2020.
The Role of Contracts in Privacy, Cybersecurity, and Data BreachShawn Tuma
Shawn Tuma, Co-Chair of Spencer Fane LLP's Data Privacy & Cybersecurity practice, presented on this topic at the 2020 Texas Bar CLE's Making and Breaking Iron-Clad Contracts course in Austin, Texas on March 6, 2020.
As an attorney serving as a guide for companies that have data breaches, I regularly advise clients through the data breach incident response process. Here is a checklist that I developed to give them a roadmap for how this process works, on a single page. While this is not an exhaustive list, these are the items that most often need to be performed in the cases in which I guide clients through the incident response and remediation process. Of course, there will be exceptions, additions, and omissions — take this for what it is, a starting point. Another important point to remember is that this is just a checklist, it is not a cybersecurity incident response plan. Fore more information see https://shawnetuma.com/incident-response-checklist/
Cybersecurity is a Team Sport (SecureWorld - Dallas 2018)Shawn Tuma
Cybersecurity is a Team Sport: Why strategic leadership and an understanding of roles, personalities, and psychology is important for building and managing effective cybersecurity teams.
This presentation was a discussion of issues such as:
* Who should be on the team and what should they know?
* How should the team be organized?
* Who is responsible for developing the strategy and seeing the whole playing field?
* What are the team members responsibilities?
* How do team members personalities affect their roles and performance?
* Is there a role for lawyers if the "privilege" "magic wand" turns out to be more fairy-tale than reality?
The presentation was delivered by cybersecurity and data privacy attorney Shawn Tuma, Co-Chair of the Cybersecurity and Data Privacy Practice Group of Spencer Fane LLP, on October 10, 2018, at SecureWorld - Dallas.
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
Reginald A. Hirsch and Shawn E. Tuma presented this talk at the Annual Meeting of the State Bar of Texas for the Law Practice Management Section of the State Bar of Texas. The date of the talk was June 22, 2018, and the location was Houston, Texas.
Cybersecurity Fundamentals for Legal Professionals (and every other business)Shawn Tuma
Cybersecurity & Data Privacy attorney Shawn Tuma delivered this presentation to the Mid-Year Meeting of the State Bar of Oklahoma's Intellectual Property Law Section on June 2, 2018. For more information visit www.shawnetuma.com
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
Dallas cybersecurity and data privacy attorney Shawn Tuma delivered this presentation on social media law to Social Media Breakfast on February 22, 2018.
Cybersecurity: How to Protect Your Firm from a Cyber AttackShawn Tuma
Cybersecurity: How to Protect Your Firm from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Recovering from a Cyber Attack was delivered on February 7, 2018, at the Texas Bar CLE Cybersecurity Workshop course by Todd Hindman, Global Director, Data Breach Response Services of ID Experts Corp. and Shawn Tuma, Cybersecurity & Data Privacy Attorney at Scheef & Stone.
Presentation to the Texas Bar CLE program on Contract Drafting, Review and Negotiation on December 5, 2017 in Austin, Texas, by Cybersecurity & Data Privacy Attorney Shawn Tuma, on October 19, 2017. For more information visit www.businesscyberrisk.com
#CyberAvengers - Artificial Intelligence in the Legal and Regulatory RealmShawn Tuma
The #CyberAvengers' Paul Ferrillo (a/k/a Director Fury) and Shawn Tuma (a/k/a Hulk) presented at the Practical Cybersecurity Risk Management Strategies program of the New Jersey State Bar Association (NJSBA) Cybersecurity Institute on November 17, 2017. In this presentation, Fury and Hulk focused the core #CyberAvengers message of the real-life cybersecurity issues facing most companies -- the basics of good cyber hygiene -- and explained how artificial intelligence and machine learning will help companies do a better job at getting these right, along with how and why AI/ML play a critical role in the future of cybersecurity.
Cybersecurity Fundamentals for Legal ProfessionalsShawn Tuma
Cybersecurity & Data Privacy Attorney Shawn Tuma delivered this presentation at the 55th Annual Conference on Intellectual Property Law at The Center for American and International Law on November 13, 2017.
The Essentials of Cyber Insurance: A Panel of Industry ExpertsShawn Tuma
Patrick Florer (Risk Centric Security, Inc.), Mark Knepshield (McGriff, Seibels & Williams), and John Southrey (Texas Medical Liability Trust) are cyber insurance industry experts who have been working in the industry for longer than most of the newly-minted experts have even known about cyber insurance. In this panel presentation at the North Texas ISSA Conference, cybersecurity and data privacy attorney Shawn Tuma moderated their discussion and it was outstanding even though they did not make it through half of the slides due to the depth of their discussion. The presentation date was November 10, 2017.
what is the future of Pi Network currency.DOT TECH
The future of the Pi cryptocurrency is uncertain, and its success will depend on several factors. Pi is a relatively new cryptocurrency that aims to be user-friendly and accessible to a wide audience. Here are a few key considerations for its future:
Message: @Pi_vendor_247 on telegram if u want to sell PI COINS.
1. Mainnet Launch: As of my last knowledge update in January 2022, Pi was still in the testnet phase. Its success will depend on a successful transition to a mainnet, where actual transactions can take place.
2. User Adoption: Pi's success will be closely tied to user adoption. The more users who join the network and actively participate, the stronger the ecosystem can become.
3. Utility and Use Cases: For a cryptocurrency to thrive, it must offer utility and practical use cases. The Pi team has talked about various applications, including peer-to-peer transactions, smart contracts, and more. The development and implementation of these features will be essential.
4. Regulatory Environment: The regulatory environment for cryptocurrencies is evolving globally. How Pi navigates and complies with regulations in various jurisdictions will significantly impact its future.
5. Technology Development: The Pi network must continue to develop and improve its technology, security, and scalability to compete with established cryptocurrencies.
6. Community Engagement: The Pi community plays a critical role in its future. Engaged users can help build trust and grow the network.
7. Monetization and Sustainability: The Pi team's monetization strategy, such as fees, partnerships, or other revenue sources, will affect its long-term sustainability.
It's essential to approach Pi or any new cryptocurrency with caution and conduct due diligence. Cryptocurrency investments involve risks, and potential rewards can be uncertain. The success and future of Pi will depend on the collective efforts of its team, community, and the broader cryptocurrency market dynamics. It's advisable to stay updated on Pi's development and follow any updates from the official Pi Network website or announcements from the team.
Introduction to Indian Financial System ()Avanish Goel
The financial system of a country is an important tool for economic development of the country, as it helps in creation of wealth by linking savings with investments.
It facilitates the flow of funds form the households (savers) to business firms (investors) to aid in wealth creation and development of both the parties
when will pi network coin be available on crypto exchange.DOT TECH
There is no set date for when Pi coins will enter the market.
However, the developers are working hard to get them released as soon as possible.
Once they are available, users will be able to exchange other cryptocurrencies for Pi coins on designated exchanges.
But for now the only way to sell your pi coins is through verified pi vendor.
Here is the telegram contact of my personal pi vendor
@Pi_vendor_247
Even tho Pi network is not listed on any exchange yet.
Buying/Selling or investing in pi network coins is highly possible through the help of vendors. You can buy from vendors[ buy directly from the pi network miners and resell it]. I will leave the telegram contact of my personal vendor.
@Pi_vendor_247
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
how to swap pi coins to foreign currency withdrawable.DOT TECH
As of my last update, Pi is still in the testing phase and is not tradable on any exchanges.
However, Pi Network has announced plans to launch its Testnet and Mainnet in the future, which may include listing Pi on exchanges.
The current method for selling pi coins involves exchanging them with a pi vendor who purchases pi coins for investment reasons.
If you want to sell your pi coins, reach out to a pi vendor and sell them to anyone looking to sell pi coins from any country around the globe.
Below is the contact information for my personal pi vendor.
Telegram: @Pi_vendor_247
how to sell pi coins on Bitmart crypto exchangeDOT TECH
Yes. Pi network coins can be exchanged but not on bitmart exchange. Because pi network is still in the enclosed mainnet. The only way pioneers are able to trade pi coins is by reselling the pi coins to pi verified merchants.
A verified merchant is someone who buys pi network coins and resell it to exchanges looking forward to hold till mainnet launch.
I will leave the telegram contact of my personal pi merchant to trade with.
@Pi_vendor_247
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...Vighnesh Shashtri
In India, financial inclusion remains a critical challenge, with a significant portion of the population still unbanked. Non-Banking Financial Companies (NBFCs) have emerged as key players in bridging this gap by providing financial services to those often overlooked by traditional banking institutions. This article delves into how NBFCs are fostering financial inclusion and empowering the unbanked.
how can I sell my pi coins for cash in a pi APPDOT TECH
You can't sell your pi coins in the pi network app. because it is not listed yet on any exchange.
The only way you can sell is by trading your pi coins with an investor (a person looking forward to hold massive amounts of pi coins before mainnet launch) .
You don't need to meet the investor directly all the trades are done with a pi vendor/merchant (a person that buys the pi coins from miners and resell it to investors)
I Will leave The telegram contact of my personal pi vendor, if you are finding a legitimate one.
@Pi_vendor_247
#pi network
#pi coins
#money
Falcon stands out as a top-tier P2P Invoice Discounting platform in India, bridging esteemed blue-chip companies and eager investors. Our goal is to transform the investment landscape in India by establishing a comprehensive destination for borrowers and investors with diverse profiles and needs, all while minimizing risk. What sets Falcon apart is the elimination of intermediaries such as commercial banks and depository institutions, allowing investors to enjoy higher yields.
NO1 Uk Black Magic Specialist Expert In Sahiwal, Okara, Hafizabad, Mandi Bah...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
1. Spencer Fane LLP | spencerfane.com
Cybersecurity: Cyber Risk
Management for Banks &
Financial Institutions
Texas Association of Bank Counsel
42nd Annual Convention
Shawn Tuma
Co-Chair, Cybersecurity & Data Privacy
Spencer Fane LLP | @spencerfane
spencerfane.com | @shawnetuma
2. Spencer Fane LLP | spencerfane.com
The Problem for Law Firms
• Cybersecurity and privacy are issues that most
attorneys would prefer to ignore but are uniquely
obligated to address.
• Cybersecurity and privacy impact all lawyers and
law firms alike.
• Clients demanding adequate security (firms are
their third-party risk).
• Law firms are an increasingly popular target.
– Value and sensitivity of data.
– Data for multiple clients.
3. Spencer Fane LLP | spencerfane.com
The Ethics for Law Firms
“A lawyer should preserve the confidences
and secrets of a client.”
• Ethics Opinion 384 (Sept. 1975)
• Canon No. 4, Code of Professional
Responsibility
• Disciplinary Rule (DR) 4-101 (A) and (B)
• New duty of “technical competence” for lawyers
4. Spencer Fane LLP | spencerfane.com
Cybersecurity is no longer just an IT
issue—it is an overall business risk issue.
5. Spencer Fane LLP | spencerfane.com
“Security and IT protect companies’ data;
Legal protects companies from their data.”
Security and IT protect companies’ data;
Legal protects companies from their data.
9. Spencer Fane LLP | spencerfane.com
2 Themes to Remember
• Cyber law is an expedition
• The “issues” usually aren’t really that new
10. Spencer Fane LLP | spencerfane.com
The Real Threats
• 63% confirmed breaches from weak,
default, or stolen passwords
• Data is lost over 100x more than stolen
• Phishing used most to install malware
Easily Avoidable Incidents
91% in 2015
91% in 2016
93% in 2017
Easily Avoidable Incidents
91% in 2015
91% in 2016
93% in 2017
11. Spencer Fane LLP | spencerfane.com
Cybersecurity Best Practices
• Risk assessment
• Policies and procedures focused
on cybersecurity
– Culture
– Social engineering, password, security
questions
• Train workforce on P&P, security
• Phish all workforce
• Multi-factor authentication
• Internal controls / access controls
to restrict unnecessary data risk
• Data retention policy
• Signature based antivirus and
malware detection
• No outdated or unsupported
software
• Patch management process
• Backups segmented offline, cloud,
redundant
• Incident response plan
• Encrypt sensitive and air-gap
hypersensitive data
• Adequate logging and retention
• Third-party security risk
management program
• Firewall, intrusion detection and
prevention systems
• Managed services provider (MSP)
or managed security services
provider (MSSP)
• Cyber risk insurance
12. Spencer Fane LLP | spencerfane.com
Canary in the Coal Mine
• What is your role?
• How does your bank
handle:
– P&P + Training
– MFA
– Phishing
– Backups
– IR Team + IRP
– Cyber Insurance
15. Spencer Fane LLP | spencerfane.com
How mature is your bank’s cyber risk
management program?
“GMR Transcription Services, Inc. . . . Shall . . . establish and implement, and thereafter
maintain, a comprehensive information security program that is reasonably designed to protect
the security, confidentiality, and integrity of personal information collected from or about
consumers.” In re GMR Transcription Svcs, Inc., Consent Order (Aug. 14, 2014)
“We believe disclosures regarding a company’s cybersecurity risk management program and
how the board of directors engages with management on cybersecurity issues allow investors
to assess how a board of directors is discharging its risk oversight responsibility in this
increasingly important area.” SEC Statement and Guidance (Feb. 21, 2018)
“Institutions should maintain effective information security programs commensurate with their
operational complexities. Information security programs should have strong board and senior
management support, promote integration of security activities and controls throughout the
institution’s business processes, and establish clear accountability for carrying out security
responsibilities.” FFIEC Examination Handbook (Sept. 2016)
“Each Covered Entity shall maintain a cybersecurity program designed to protect the
confidentiality, integrity and availability of the Covered Entity’s Information Systems.” NYDFS
Cybersecurity Regulations § 500.02
“Taking into account the state of the art, the costs of implementation and the nature, scope,
context and purposes of processing as well as the risk of varying likelihood and severity for the
rights and freedoms of natural persons, the controller and the processor shall implement
appropriate technical and organizational measures to ensure a level of security appropriate to
the risk, including …” GDPR, Art. 32
16. Spencer Fane LLP | spencerfane.com
Too little –
“just check the
box”
Too much –
“boiling the
ocean”
What is reasonable
cybersecurity?
17. Spencer Fane LLP | spencerfane.com
Identify:
Assess Cyber
Risk
Identify &
Protect:
Strategic
Planning
Protect &
Detect:
Implement
Strategy &
Deploy Assets
Protect:
Develop,
Implement &
Train on P&P
Protect: Third
Party Risk
Protect &
Respond: Develop
IR Plan & Tabletop
Recover &
Identify:
Reassess,
Refine &
Mature
Cyber Risk
Management
Program Process
18. Spencer Fane LLP | spencerfane.com
What should your bank’s cyber risk
management program look like?
• Based on a risk assessment1,2,3,4,5,6
• Implemented and maintained (i.e.,
maturing)1,2,3,6
• Fully documented in writing for both
content and implementation1,2,3,6
• Comprehensive1,2,3,4,5,6
• Contain administrative, technical,
and physical safeguards1,2,3,6
• Reasonably designed to protect
against risks to network and
data1,2,3,4,5,6
• Identify and assess internal and
external risks2,6
• Use defensive infrastructure and
policies and procedures to protect
network and data1,2,3,4,5,6
• Workforce training2,3,6
• Detect events2,6
• Respond to events to mitigate
negative impact2,6
• Recover from events to restore
normalcy2,6
• Regularly review network activity
such as audit logs, access reports,
incident tracking reports3,6
• Assign responsibility for security to
an individual3,5,6
• Address third-party risk2,3,5,6
• Certify compliance by Chair of
Board or Senior Officer or Chief
Privacy Officer2
1. In re GMR Transcription Svcs, Inc., Consent Order (August 14, 2014)
2. NYDFS Cybersecurity Regulations Section 500.02
3. HIPAA Security Management Process, §164.308(a)(1)(ii)
4. SEC Statement and Guidance on 2/21/18
5. GDPR Art. 32
6. FFIEC IT Examination Handbook
19. Spencer Fane LLP | spencerfane.com
A few words about privilege
• Great sales pitch → the magic wand!
• Mature understanding → not so simple!
• Prepare by doing everything possible to ensure the applicability of
privileges but carry out the work as though there will be no privilege.
– Retain experienced cyber counsel to assess cyber risk, develop and lead
cyber risk management program.
– List role in engagement agreement.
– Develop communications protocol at the outset.
• i.e., “if it doesn’t need to be in writing …”
• Counsel must actively lead and stay engaged in the process.
• Counsel should hire, direct, and receive info from consultants.
• If incident, consider multiple tracks:
– proactive risk management;
– normal business investigation;
– Investigation in anticipation of litigation.
Photo credit: dave_7
Link: https://www.flickr.com/photos/daveseven/1910839183/in/photostream/
20. Spencer Fane LLP | spencerfane.com
A few words about privilege
• Great sales pitch → the magic wand!
• Mature understanding → not so simple!
• Prepare by doing everything possible to ensure the applicability of
privileges but carry out the work as though there will be no privilege.
– Retain experienced cyber counsel to assess cyber risk, develop and lead
cyber risk management program.
– List role in engagement agreement.
– Develop communications protocol at the outset.
• i.e., “if it doesn’t need to be in writing …”
• Counsel must actively lead and stay engaged in the process.
• Counsel should hire, direct, and receive info from consultants.
• If incident, consider multiple tracks:
– proactive risk management;
– normal business investigation;
– Investigation in anticipation of litigation.
21. Spencer Fane LLP | spencerfane.com
Without a magic wand, how does
cyber legal counsel help?
22. Spencer Fane LLP | spencerfane.com
Cyber Insurance
Key considerations about cyber insurance:
• If you don’t know you have it, you don’t!
• Does your broker really “get” cyber?
• Is your coverage based on your risk?
• Was security/IT involved in procurement?
• Does your coverage include social engineering?
• Does your coverage include contractual liability?
• Do you have first-party and third-party coverage?
• Do you understand your sublimits?
• Can you chose your counsel and vendors?
23. Spencer Fane LLP | spencerfane.com
Cyber Insurance
Key considerations about cyber insurance:
• If you don’t know you have it, you don’t!
• Does your broker really “get” cyber?
• Is your coverage based on your risk?
• Was security/IT involved in procurement?
• Does your coverage include social engineering?
• Does your coverage include contractual liability?
• Do you have first-party and third-party coverage?
• Do you understand your sublimits?
• Can you chose your counsel and vendors?
24. Spencer Fane LLP | spencerfane.com
Practitioner Editor, Bloomberg BNA – Texas Cybersecurity &
Data Privacy Law
Board of Directors & General Counsel, Cyber Future Foundation
Board of Advisors, North Texas Cyber Forensics Lab
Policy Council, National Technology Security Coalition
Cybersecurity & Data Privacy Law Trailblazers, National Law
Journal
SuperLawyers - Top 100 Lawyers in Dallas (2016)
SuperLawyers (2015-18)
D Magazine - Best Lawyers in Dallas (2014-18)
Officer, Computer & Technology Section, State Bar of Texas
Privacy and Data Security Committee, State Bar of Texas
College of the State Bar of Texas
Board of Directors, Collin County Bench Bar Conference
Past Chair, Civil Litigation Section, Collin County Bar Association
North Texas Crime Commission, Cybercrime Committee
Infragard (FBI)
International Association of Privacy Professionals (IAPP)
Shawn E. Tuma
Spencer Fane LLP
Partner & Co-Chair,
Cybersecurity & Data
Privacy Practice
O 972.324.0317
M 214.726.2808
stuma@spencerfane.com
web: spencerfane.com
blog: shawnetuma.com
@shawnetuma