SlideShare a Scribd company logo

Data Breach In The Hospitality Industry

Download as PPTX, PDF
Clarknuber
Clarknuber

This document discusses how to protect organizations from data breaches. It outlines the importance of having a data breach response plan and taking proactive steps to prevent breaches from occurring. These include inventorying personal information, assessing breach risks, encrypting computers, conducting security assessments, and purchasing cyber insurance. The document notes that each personal record compromised in a breach costs about $201 on average and that many security leaders lose their jobs if they experience a public breach without having a documented response plan in place.

Technology
1 of 13
WELCOME
PROTECTING YOUR ORGANIZATION Reduce Risk by Taking Action
Program Discussion • What is considered personal information? • Why the hospitality industry? • What are the federal and state data security requirements? • How can a company prepare and protect? • When and how should a company communicate a data breach?
Other facts • Each personal record compromised during a data breach costs an entity approximately $201.*(avg. U.S. cost) • 25% of victims of data breaches subsequently suffer identity theft.** • Through 2016, 75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired. *Ponemon Institute 2014 report ** LexisNexis “True Cost of Fraud” report
Roadmap of a data breach
Why you should care Sources of data security obligations- • Federal Consumer Protection Law • State data security & breach notification laws • Contractual requirements • Social responsibility Responsibility for compliance- • Data controllers bear responsibility • Implement “appropriate” or “reasonable” data protection measures
Prepare and protect
Breach response plan • Preparation • Identification and scoping • Containment and intelligence gathering • Eradication and remediation • Recovery • Lessons learned
Action Items • Inventory personally identifiable information(PII) • Assess the likelihood of a breach of PII • Encrypt all laptops & other selected computers • Have an outside security assessment performed • Implement an Intrusion Detection System • Purchase insurance • Develop an after-breach plan – tech and non-tech • Training
Insurance coverage • What makes hospitality a difficult risk? • Integrate coverage into breach response plan • No standard policy but most policies include: • Specific coverage issues • Underwriting hot buttons First Party • Breach Response - Forensics - Legal - Notification • Fines & Penalties • Cyber Extortion • Business Interruption Third Party • Privacy Liability • Media Liability
Questions?

Recommended

Information Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric VanderburgInformation Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric Vanderburg
Eric Vanderburg
 
DHS Cybersecurity Webinar
DHS Cybersecurity Webinar DHS Cybersecurity Webinar
DHS Cybersecurity Webinar
businessforward
 
PCI Compliance Overview
PCI Compliance OverviewPCI Compliance Overview
PCI Compliance Overview
LawPay
 
CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...
CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...
CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...
Health IT Conference – iHT2
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
Next Dimension Inc.
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
IISPEastMids
 
TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)Neil Ende
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 

Recommended

Information Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric VanderburgInformation Security Lesson 1 - Eric Vanderburg
Information Security Lesson 1 - Eric Vanderburg
Eric Vanderburg
 
DHS Cybersecurity Webinar
DHS Cybersecurity Webinar DHS Cybersecurity Webinar
DHS Cybersecurity Webinar
businessforward
 
PCI Compliance Overview
PCI Compliance OverviewPCI Compliance Overview
PCI Compliance Overview
LawPay
 
CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...
CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...
CHIME LEAD New York 2014 "Creating an Effective Cyber Security Strategy: Key ...
Health IT Conference – iHT2
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
Next Dimension Inc.
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
IISPEastMids
 
TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)TLG Keep Your Head IN the Cloud Webinar (05-05-15)
TLG Keep Your Head IN the Cloud Webinar (05-05-15)Neil Ende
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
Cyber physical system for healthcare
Cyber physical system for healthcareCyber physical system for healthcare
Cyber physical system for healthcare
JUGAL GANDHI
 
What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?
Mercatus Center
 
Security Scare - Cybersecurity & What to Do About It!
Security Scare - Cybersecurity & What to Do About It!Security Scare - Cybersecurity & What to Do About It!
Security Scare - Cybersecurity & What to Do About It!
Craig Rispin
 
Wayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens: CyberMaryland Hosts Cybersecurity MeetingWayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens
 
Disaster preparedness
Disaster preparednessDisaster preparedness
Disaster preparedness
Clio - Cloud-Based Legal Technology
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Browne Jacobson LLP
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Nicholas Van Exan
 
Information Security Risk Management in Biomedical Equipment
Information Security Risk Management in Biomedical EquipmentInformation Security Risk Management in Biomedical Equipment
Information Security Risk Management in Biomedical Equipment
Bart Hubbs
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
- Mark - Fullbright
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
Patrick Florer
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
David Doughty
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 

More Related Content

What's hot

CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
Cyber physical system for healthcare
Cyber physical system for healthcareCyber physical system for healthcare
Cyber physical system for healthcare
JUGAL GANDHI
 
What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?
Mercatus Center
 
Security Scare - Cybersecurity & What to Do About It!
Security Scare - Cybersecurity & What to Do About It!Security Scare - Cybersecurity & What to Do About It!
Security Scare - Cybersecurity & What to Do About It!
Craig Rispin
 
Wayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens: CyberMaryland Hosts Cybersecurity MeetingWayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens
 
Disaster preparedness
Disaster preparednessDisaster preparedness
Disaster preparedness
Clio - Cloud-Based Legal Technology
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
Rd. R. Agung Trimanda
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Browne Jacobson LLP
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
Health IT Conference – iHT2
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Nicholas Van Exan
 
Information Security Risk Management in Biomedical Equipment
Information Security Risk Management in Biomedical EquipmentInformation Security Risk Management in Biomedical Equipment
Information Security Risk Management in Biomedical Equipment
Bart Hubbs
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
- Mark - Fullbright
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 

What's hot (17)

CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
Cyber physical system for healthcare
Cyber physical system for healthcareCyber physical system for healthcare
Cyber physical system for healthcare
 
What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?What Should We Do about Cyber Attacks?
What Should We Do about Cyber Attacks?
 
Security Scare - Cybersecurity & What to Do About It!
Security Scare - Cybersecurity & What to Do About It!Security Scare - Cybersecurity & What to Do About It!
Security Scare - Cybersecurity & What to Do About It!
 
Wayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens: CyberMaryland Hosts Cybersecurity MeetingWayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
Wayne Schepens: CyberMaryland Hosts Cybersecurity Meeting
 
Disaster preparedness
Disaster preparednessDisaster preparedness
Disaster preparedness
 
Resume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and ControlsResume: The Complete Guide to Cybersecurity Risks and Controls
Resume: The Complete Guide to Cybersecurity Risks and Controls
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015
 
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security ProsPrivacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
Privacy & Pwnage: Privacy, Data Breaches and Lessons for Security Pros
 
Information Security Risk Management in Biomedical Equipment
Information Security Risk Management in Biomedical EquipmentInformation Security Risk Management in Biomedical Equipment
Information Security Risk Management in Biomedical Equipment
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 

Similar to Data Breach In The Hospitality Industry

Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
Patrick Florer
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
David Doughty
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
Jim Brashear
 
Cyber Response and Planning for SMBs
Cyber Response and Planning for SMBsCyber Response and Planning for SMBs
Cyber Response and Planning for SMBs
Mary Brophy
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
The Network Support Company
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
Quarles & Brady
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
Glenn E. Davis
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension Inc.
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Amy Purcell
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
Lawley Insurance
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due DiligenceResilient Systems
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
pdewitte
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Joe Bartolo
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
Kaufman & Canoles
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15E Andrew Keeney
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
This account is closed
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 

Similar to Data Breach In The Hospitality Industry (20)

Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
Cyber Response and Planning for SMBs
Cyber Response and Planning for SMBsCyber Response and Planning for SMBs
Cyber Response and Planning for SMBs
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
3rd Party Risk: Practical Considerations for Privacy & Security Due Diligence
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 

Recently uploaded

UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
UiPathCommunity
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
Jen Stirrup
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
UiPathCommunity
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 

Recently uploaded (20)

UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..UiPath Community Day Dubai: AI at Work..
UiPath Community Day Dubai: AI at Work..
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...The Metaverse and AI: how can decision-makers harness the Metaverse for their...
The Metaverse and AI: how can decision-makers harness the Metaverse for their...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 

Data Breach In The Hospitality Industry

  • 3. Program Discussion • What is considered personal information? • Why the hospitality industry? • What are the federal and state data security requirements? • How can a company prepare and protect? • When and how should a company communicate a data breach?
  • 4.
  • 5. Other facts • Each personal record compromised during a data breach costs an entity approximately $201.*(avg. U.S. cost) • 25% of victims of data breaches subsequently suffer identity theft.** • Through 2016, 75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired. *Ponemon Institute 2014 report ** LexisNexis “True Cost of Fraud” report
  • 6.
  • 7. Roadmap of a data breach
  • 8. Why you should care Sources of data security obligations- • Federal Consumer Protection Law • State data security & breach notification laws • Contractual requirements • Social responsibility Responsibility for compliance- • Data controllers bear responsibility • Implement “appropriate” or “reasonable” data protection measures
  • 10. Breach response plan • Preparation • Identification and scoping • Containment and intelligence gathering • Eradication and remediation • Recovery • Lessons learned
  • 11. Action Items • Inventory personally identifiable information(PII) • Assess the likelihood of a breach of PII • Encrypt all laptops & other selected computers • Have an outside security assessment performed • Implement an Intrusion Detection System • Purchase insurance • Develop an after-breach plan – tech and non-tech • Training
  • 12. Insurance coverage • What makes hospitality a difficult risk? • Integrate coverage into breach response plan • No standard policy but most policies include: • Specific coverage issues • Underwriting hot buttons First Party • Breach Response - Forensics - Legal - Notification • Fines & Penalties • Cyber Extortion • Business Interruption Third Party • Privacy Liability • Media Liability