SlideShare a Scribd company logo

New Ohio Cybersecurity Law Requirements

Download as PPTX, PDF
Skoda Minotti
Skoda Minotti

Skoda Minotti’s Risk Advisory Services Group and Insurance Services Group are working closely with insurance industry licensees to meet the considerable requirements under the Ohio cybersecurity law. This presentation provides more detailed information about the law, and assists you with your understanding and implementation of the requirements.

Technology
1 of 19
New Ohio Cybersecurity Law Requirements Christopher Shaffer and Jeremy Long
2 Introduction Christopher Shaffer, CISSP, CISA, CCSFP, QSA • Senior Manager in the Risk Advisory Services group • 18 years of information technology security, operations, and consulting experience with clients • Leads the HITRUST CSF assessor program • Specializes in leading engagements for:  SSAE 18 (SOC 1)  SOC 2  PCI-DSS  HIPAA  HITRUST  NIST  ISO  IT general computing controls for private and public businesses across a variety of industries cshaffer@skodaminotti.com linkedin.com/in/cpshaffer1/ 440-449-6800
3 Introduction Jeremy Long, CPA/MBA • Principal managing the firm’s Insurance Services group • Specializes in providing accounting, attestation and advisory services • Works with clients throughout the U.S. in the following industries:  Insurance  Financial services  Software  Health services jlong@skodaminotti.com linkedin.com/in/jeremylongcpa/ 440-449-6800
4 Agenda • Background • Applicability • Important Dates • Data Security Requirements • Cybersecurity Plan • Implement Safeguards • Risk Assessments • Incident Response • How Can Skoda Minotti Help? • Our Assessment Methodology
5 Background NAIC Model Law (October 2017) • Protect consumer data by safeguarding insurance policyholders’ personal information; • Establish data security standards to mitigate the potential damage from a breach; • Develop, implement and maintain a secure information security program; and • Investigate cybersecurity events and notify the state insurance commissioner of such events immediately. Ohio Modifications (December 2018) • Expanded exempt licensees • Superintendent of Insurance is exclusive regulator of cybersecurity compliance for licensees • Provides for DOI to consider licensee’s nature, scale, and complexity in administering compliance • Provides affirmative defensive for compliant licenses to certain tort actions
6 Applicability • O.R.C. § 3965.01(M) - Licensee  “any person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of this state”  Includes all insurers, agencies, and brokers doing business in Ohio  Excludes reinsurers, RRGs, and purchasing groups domiciled or chartered and licensed in another state • Exemptions  < 20 employees  < $5 million in gross annual revenue  < $10 million in assets (at end of fiscal year)  HIPAA-compliant licensees but must provide a certificate of compliance to the superintendent  An employee, agent, representative, or independent contractor of a licensee, who is also a licensee, but covered by cybersecurity program of the licensee
7 Important Dates • March 20, 2019 - O.R.C. § 3965 became law  Reporting cybersecurity events is now effective • February 15, 2020 - Submission of first written statement certifying that the insurer is in compliance with the parts of the law that are effective  If your program requires material improvement, updating, or redesign, must also submit plan of remediation • March 20, 2020 - Required to implement most of the written cybersecurity program requirements • March 20, 2021 - Required to implement remaining third-party vendor due diligence and oversight requirements • June 1, 2021 - Insurers domiciled in Ohio and only authorized to do business in Ohio submit statement certifying compliance along with their Corporate Governance Annual Disclosure
8 Data Security Requirements • The Ohio Cybersecurity Law requires each licensee to implement: • Develop a written cybersecurity plan, customized for the size and complexity of the licensee • Implement administrative, technical and physical safeguards to protect nonpublic information • Conduct risk assessments for internal and external threats, and assess the sufficiency of policies and procedures in place • Address vulnerabilities based on these risk assessments and prioritize which security measures must be implemented • Establish, maintain and implement a written incident response plan to recover from a cybersecurity event, with clear roles and responsibilities defined • Require their third-party service providers to implement security measures to protect and secure any information systems and personal information within two years of the effective date of the Act; • Report cybersecurity events to the Ohio Department of Insurance within 3 business days
9 Cybersecurity Plan The scale and scope of a covered entity's cybersecurity program should be based on all of the following factors: • The size and complexity of the organization • The nature and scope of the activities of the organization • The sensitivity of the information to be protected • The resources available to the covered entity.
10 Cybersecurity Plan (cont.) Adopting a published framework provides key benefits over developing your own: • Compliance with contractual requirements • Achieving measurable security improvements • Improved maturity and effectiveness of security operations • Ability to report security readiness to management. Risk Management Frameworks could include: • National Institute of Standards and Technology (NIST) Special Publications: Cybersecurity Framework, 800-53, 800-53a, or 800-171 • International Organization for Standardization (ISO) 27000 Family - Information Security Management Systems (ISMS) • Payment Card Industry – Data Security Standards (PCI-DSS) v 3.2.1
11 Cybersecurity Plan – Confidentiality Written cybersecurity plan and annual submission in the control or possession of the Department of Insurance: • Shall be confidential by law and privileged • Are not public records and shall not be released • Shall not be subject to subpoena • Shall not be subject to discovery or admissible in evidence in any private civil action • *Confidentiality provision excludes state, federal and international regulatory agencies and law enforcement & NAIC • *Can be used by the Superintendent in furtherance of any regulatory or legal action brought by the Department
12 Implement Safeguards Implement administrative, technical and physical safeguards to protect nonpublic information • Provided within your chosen risk management framework • Some frameworks have differing levels of implementation based upon your organization’s scope and complexity • Internal controls derived from risk assessment mitigating actions • Vendor best practices • Research organizations such as CERT, SANS, etc.
13 Risk Assessments According to NIST, the goal of a risk assessment is for an organization to understand “the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.” NIST 800-30 - Guide for Conducting Risk Assessments Step 1 System Characterization (Section 3.1) Step 2 Threat Identification (Section 3.2) Step 3 Vulnerability Identification (Section 3.3) Step 4 Control Analysis (Section 3.4) Step 5 Likelihood Determination (Section 3.5) Step 6 Impact Analysis (Section 3.6) Step 7 Risk Determination (Section 3.7) Step 8 Control Recommendations (Section 3.8) Step 9 Results Documentation (Section 3.9).
14 Risk Assessments (cont.) • The risk assessment will generate a list of vulnerabilities from which to implement security measures (mitigating actions/controls). • Prioritization of measures can be based on metrics the organization defines, but may consider the following:  Residual risk score  The resources available to the organization
15 Incident Response • Licensees are required to investigate the incident and report the event to the Superintendent of Insurance, within three days of the event. • An Incident Response Plan should contain the following:  Roles, responsibilities, and communication and contact strategies in the event of a data breach including notification of the Superintendent of Insurance and affected parties, at a minimum  Determine whether a cybersecurity event has occurred  Identify any nonpublic information that may have been involved in the cybersecurity event  Restore security operations to compromised systems to prevent further data breach disclosures.  Hold your third party providers accountable and ensure their incident response plan aligns to your requirements and is followed.  Maintain cybersecurity event records for a period of 5 years
16 Incident Response (cont.) Why?  Protect your data ‒ Avoid ransomware hostages, data loss, or disclosure of confidential data  Protect Your Reputation & Customer Trust ‒ Public relations nightmare and IDC notes 78% of consumers would take business elsewhere if they were affected by a data breach.  Protect Your Revenue ‒ Ponemon’s 2018 study put the average cost of a data breach at $3.86 million. Up 6.4% from the previous year. ‒ National Cyber Security Alliance estimates that 60% of small to medium-sized businesses go out of business within 6 months of a breach. ‒ Equifax ($430 million and growing), Target (10% stock price loss), Home Depot ($62 million)
17 How Can Skoda Minotti Help? • We can help an organization select and implement a Risk Management Framework to meet the Chapter 3965 • Perform a readiness assessment and help develop remediation plans to effectively implement a Cybersecurity program. • Provide a formal assessment for you to show ongoing compliance to measure your program’s effectiveness on an annual basis.
18 Our Assessment Methodology Scope Plan FieldworkReport Submit
19 Questions?

Recommended

Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015Health IT Conference – iHT2
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 

Recommended

Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015
Cybersecurity for Board of Directors - CIO Perspectives Atlanta 2015Phil Agcaoili
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
NYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsNYS DFS CyberSecurity Regulations
NYS DFS CyberSecurity RegulationsJon Bosco
 
Security Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurity Framework for Digital Risk Managment
Security Framework for Digital Risk ManagmentSecurestorm
 
Nist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoNist cybersecurity framework isc2 quantico
Nist cybersecurity framework isc2 quanticoTuan Phan
 
TrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTrustedAgent GRC for Vulnerability Management
TrustedAgent GRC for Vulnerability ManagementTuan Phan
 
CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015CHIME Lead Forum - Seattle 2015
CHIME Lead Forum - Seattle 2015Health IT Conference – iHT2
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010Donald E. Hester
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0Aladdin Dandis
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813Kinetic Potential
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Kinetic Potential
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanResilient Systems
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...Cohesive Networks
 
IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentationKenneth Dorado, CISA, HCISPP
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 

More Related Content

What's hot

Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterTuan Phan
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010Donald E. Hester
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813Kinetic Potential
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Kinetic Potential
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk ManagementShaun Sloan
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionPrecisely
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanResilient Systems
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisRahul Neel Mani
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDPranav Shah
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...Cohesive Networks
 

What's hot (20)

Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond ChapterNIST Cybersecurity Framework Intro for ISACA Richmond Chapter
NIST Cybersecurity Framework Intro for ISACA Richmond Chapter
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
How to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity RequirementsHow to Approach the NYDFS Proposed Cybersecurity Requirements
How to Approach the NYDFS Proposed Cybersecurity Requirements
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010NIST IT Standards for Local Governments 2010
NIST IT Standards for Local Governments 2010
 
Cisa 2013 ch0
Cisa 2013 ch0Cisa 2013 ch0
Cisa 2013 ch0
 
What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813What is a cybersecurity assessment 20210813
What is a cybersecurity assessment 20210813
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813Nist 800 53 deep dive 20210813
Nist 800 53 deep dive 20210813
 
Cyber Security Risk Management
Cyber Security Risk ManagementCyber Security Risk Management
Cyber Security Risk Management
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
How to Audit Your Incident Response Plan
How to Audit Your Incident Response PlanHow to Audit Your Incident Response Plan
How to Audit Your Incident Response Plan
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
Cybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoDCybersecurity Metrics: Reporting to BoD
Cybersecurity Metrics: Reporting to BoD
 
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
The Chicago School of Cybersecurity: A Pragmatic Look at the NIST Cybersecuri...
 

Similar to New Ohio Cybersecurity Law Requirements

Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Manuel Guillen
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdfSoniaCristina49
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
 
Choosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for BusinessesChoosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for Businessesbasilmph
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskHealth Catalyst
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management FrameworkJoseph Wynn
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsRob Arnold
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
 
SEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesSEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesResilient Systems
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkTuan Phan
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500Shawn Tuma
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
 

Similar to New Ohio Cybersecurity Law Requirements (20)

IASA ey deck presentation
IASA ey deck presentationIASA ey deck presentation
IASA ey deck presentation
 
Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020Kmicro Cybersecurity Offerings 2020
Kmicro Cybersecurity Offerings 2020
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Choosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for BusinessesChoosing the Right Cybersecurity Services: A Guide for Businesses
Choosing the Right Cybersecurity Services: A Guide for Businesses
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Solvency II Offering
Solvency II Offering Solvency II Offering
Solvency II Offering
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
Implementing a Security Management Framework
Implementing a Security Management FrameworkImplementing a Security Management Framework
Implementing a Security Management Framework
 
2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI Workshop
 
Building Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & MetricsBuilding Your Information Security Program: Frameworks & Metrics
Building Your Information Security Program: Frameworks & Metrics
 
Securing Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best PracticesSecuring Fintech: Threats, Challenges & Best Practices
Securing Fintech: Threats, Challenges & Best Practices
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
SEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure GuidelinesSEC Cybersecurity Disclosure Guidelines
SEC Cybersecurity Disclosure Guidelines
 
Introduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity FrameworkIntroduction to NIST Cybersecurity Framework
Introduction to NIST Cybersecurity Framework
 
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
NYDFS Cybersecurity Regulations - 23 NYCRR Part 500
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 

More from Skoda Minotti

Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Skoda Minotti
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesSkoda Minotti
 
Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesSkoda Minotti
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSkoda Minotti
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesSkoda Minotti
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and RewardsSkoda Minotti
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesSkoda Minotti
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsSkoda Minotti
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsSkoda Minotti
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentSkoda Minotti
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsSkoda Minotti
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologySkoda Minotti
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedSkoda Minotti
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top TalentSkoda Minotti
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding MedicareSkoda Minotti
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Skoda Minotti
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation BasicsSkoda Minotti
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusSkoda Minotti
 
Using a Forensic CPA for Lawyers
Using a Forensic CPA for LawyersUsing a Forensic CPA for Lawyers
Using a Forensic CPA for LawyersSkoda Minotti
 

More from Skoda Minotti (20)

Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020Navigating Tomorrow's Tax Landscape - 2020
Navigating Tomorrow's Tax Landscape - 2020
 
Elevate 2019: Business Leader Slides
Elevate 2019: Business Leader SlidesElevate 2019: Business Leader Slides
Elevate 2019: Business Leader Slides
 
Elevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional SlidesElevate 2019: Financial Professional Slides
Elevate 2019: Financial Professional Slides
 
Smart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv SessionSmart Manufacturing Workshop: An Interactive Improv Session
Smart Manufacturing Workshop: An Interactive Improv Session
 
Managing Risk
Managing RiskManaging Risk
Managing Risk
 
Navigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of CryptocurrenciesNavigating the Tax and Accounting Implications of Cryptocurrencies
Navigating the Tax and Accounting Implications of Cryptocurrencies
 
Performance and Rewards
Performance and RewardsPerformance and Rewards
Performance and Rewards
 
Non-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private CompaniesNon-Qualified Deferred Compensation Programs for Private Companies
Non-Qualified Deferred Compensation Programs for Private Companies
 
ABC Presents: Interviewing Skills
ABC Presents: Interviewing SkillsABC Presents: Interviewing Skills
ABC Presents: Interviewing Skills
 
Valuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell AgreementsValuation Issues in Developing and Executing Buy-Sell Agreements
Valuation Issues in Developing and Executing Buy-Sell Agreements
 
ABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top TalentABC Presents: Recruiting and Retaining Top Talent
ABC Presents: Recruiting and Retaining Top Talent
 
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and AcquisitionsState and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
State and Local Tax Nexus Issues and the Impact on Mergers and Acquisitions
 
Future-Proofing Your Business with Technology
Future-Proofing Your Business with TechnologyFuture-Proofing Your Business with Technology
Future-Proofing Your Business with Technology
 
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re HeadedManufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
Manufacturing in Northeast Ohio: Where We Stand, Where We’re Headed
 
Recruiting and Retaining Top Talent
Recruiting and Retaining Top TalentRecruiting and Retaining Top Talent
Recruiting and Retaining Top Talent
 
Understanding Medicare
Understanding MedicareUnderstanding Medicare
Understanding Medicare
 
Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019Five Digital Marketing Trends Your Company Needs to Know in 2019
Five Digital Marketing Trends Your Company Needs to Know in 2019
 
Business Valuation Basics
Business Valuation BasicsBusiness Valuation Basics
Business Valuation Basics
 
The Importance of State and Local Tax Nexus
The Importance of State and Local Tax NexusThe Importance of State and Local Tax Nexus
The Importance of State and Local Tax Nexus
 
Using a Forensic CPA for Lawyers
Using a Forensic CPA for LawyersUsing a Forensic CPA for Lawyers
Using a Forensic CPA for Lawyers
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 

New Ohio Cybersecurity Law Requirements

  • 1. New Ohio Cybersecurity Law Requirements Christopher Shaffer and Jeremy Long
  • 2. 2 Introduction Christopher Shaffer, CISSP, CISA, CCSFP, QSA • Senior Manager in the Risk Advisory Services group • 18 years of information technology security, operations, and consulting experience with clients • Leads the HITRUST CSF assessor program • Specializes in leading engagements for:  SSAE 18 (SOC 1)  SOC 2  PCI-DSS  HIPAA  HITRUST  NIST  ISO  IT general computing controls for private and public businesses across a variety of industries cshaffer@skodaminotti.com linkedin.com/in/cpshaffer1/ 440-449-6800
  • 3. 3 Introduction Jeremy Long, CPA/MBA • Principal managing the firm’s Insurance Services group • Specializes in providing accounting, attestation and advisory services • Works with clients throughout the U.S. in the following industries:  Insurance  Financial services  Software  Health services jlong@skodaminotti.com linkedin.com/in/jeremylongcpa/ 440-449-6800
  • 4. 4 Agenda • Background • Applicability • Important Dates • Data Security Requirements • Cybersecurity Plan • Implement Safeguards • Risk Assessments • Incident Response • How Can Skoda Minotti Help? • Our Assessment Methodology
  • 5. 5 Background NAIC Model Law (October 2017) • Protect consumer data by safeguarding insurance policyholders’ personal information; • Establish data security standards to mitigate the potential damage from a breach; • Develop, implement and maintain a secure information security program; and • Investigate cybersecurity events and notify the state insurance commissioner of such events immediately. Ohio Modifications (December 2018) • Expanded exempt licensees • Superintendent of Insurance is exclusive regulator of cybersecurity compliance for licensees • Provides for DOI to consider licensee’s nature, scale, and complexity in administering compliance • Provides affirmative defensive for compliant licenses to certain tort actions
  • 6. 6 Applicability • O.R.C. § 3965.01(M) - Licensee  “any person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of this state”  Includes all insurers, agencies, and brokers doing business in Ohio  Excludes reinsurers, RRGs, and purchasing groups domiciled or chartered and licensed in another state • Exemptions  < 20 employees  < $5 million in gross annual revenue  < $10 million in assets (at end of fiscal year)  HIPAA-compliant licensees but must provide a certificate of compliance to the superintendent  An employee, agent, representative, or independent contractor of a licensee, who is also a licensee, but covered by cybersecurity program of the licensee
  • 7. 7 Important Dates • March 20, 2019 - O.R.C. § 3965 became law  Reporting cybersecurity events is now effective • February 15, 2020 - Submission of first written statement certifying that the insurer is in compliance with the parts of the law that are effective  If your program requires material improvement, updating, or redesign, must also submit plan of remediation • March 20, 2020 - Required to implement most of the written cybersecurity program requirements • March 20, 2021 - Required to implement remaining third-party vendor due diligence and oversight requirements • June 1, 2021 - Insurers domiciled in Ohio and only authorized to do business in Ohio submit statement certifying compliance along with their Corporate Governance Annual Disclosure
  • 8. 8 Data Security Requirements • The Ohio Cybersecurity Law requires each licensee to implement: • Develop a written cybersecurity plan, customized for the size and complexity of the licensee • Implement administrative, technical and physical safeguards to protect nonpublic information • Conduct risk assessments for internal and external threats, and assess the sufficiency of policies and procedures in place • Address vulnerabilities based on these risk assessments and prioritize which security measures must be implemented • Establish, maintain and implement a written incident response plan to recover from a cybersecurity event, with clear roles and responsibilities defined • Require their third-party service providers to implement security measures to protect and secure any information systems and personal information within two years of the effective date of the Act; • Report cybersecurity events to the Ohio Department of Insurance within 3 business days
  • 9. 9 Cybersecurity Plan The scale and scope of a covered entity's cybersecurity program should be based on all of the following factors: • The size and complexity of the organization • The nature and scope of the activities of the organization • The sensitivity of the information to be protected • The resources available to the covered entity.
  • 10. 10 Cybersecurity Plan (cont.) Adopting a published framework provides key benefits over developing your own: • Compliance with contractual requirements • Achieving measurable security improvements • Improved maturity and effectiveness of security operations • Ability to report security readiness to management. Risk Management Frameworks could include: • National Institute of Standards and Technology (NIST) Special Publications: Cybersecurity Framework, 800-53, 800-53a, or 800-171 • International Organization for Standardization (ISO) 27000 Family - Information Security Management Systems (ISMS) • Payment Card Industry – Data Security Standards (PCI-DSS) v 3.2.1
  • 11. 11 Cybersecurity Plan – Confidentiality Written cybersecurity plan and annual submission in the control or possession of the Department of Insurance: • Shall be confidential by law and privileged • Are not public records and shall not be released • Shall not be subject to subpoena • Shall not be subject to discovery or admissible in evidence in any private civil action • *Confidentiality provision excludes state, federal and international regulatory agencies and law enforcement & NAIC • *Can be used by the Superintendent in furtherance of any regulatory or legal action brought by the Department
  • 12. 12 Implement Safeguards Implement administrative, technical and physical safeguards to protect nonpublic information • Provided within your chosen risk management framework • Some frameworks have differing levels of implementation based upon your organization’s scope and complexity • Internal controls derived from risk assessment mitigating actions • Vendor best practices • Research organizations such as CERT, SANS, etc.
  • 13. 13 Risk Assessments According to NIST, the goal of a risk assessment is for an organization to understand “the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.” NIST 800-30 - Guide for Conducting Risk Assessments Step 1 System Characterization (Section 3.1) Step 2 Threat Identification (Section 3.2) Step 3 Vulnerability Identification (Section 3.3) Step 4 Control Analysis (Section 3.4) Step 5 Likelihood Determination (Section 3.5) Step 6 Impact Analysis (Section 3.6) Step 7 Risk Determination (Section 3.7) Step 8 Control Recommendations (Section 3.8) Step 9 Results Documentation (Section 3.9).
  • 14. 14 Risk Assessments (cont.) • The risk assessment will generate a list of vulnerabilities from which to implement security measures (mitigating actions/controls). • Prioritization of measures can be based on metrics the organization defines, but may consider the following:  Residual risk score  The resources available to the organization
  • 15. 15 Incident Response • Licensees are required to investigate the incident and report the event to the Superintendent of Insurance, within three days of the event. • An Incident Response Plan should contain the following:  Roles, responsibilities, and communication and contact strategies in the event of a data breach including notification of the Superintendent of Insurance and affected parties, at a minimum  Determine whether a cybersecurity event has occurred  Identify any nonpublic information that may have been involved in the cybersecurity event  Restore security operations to compromised systems to prevent further data breach disclosures.  Hold your third party providers accountable and ensure their incident response plan aligns to your requirements and is followed.  Maintain cybersecurity event records for a period of 5 years
  • 16. 16 Incident Response (cont.) Why?  Protect your data ‒ Avoid ransomware hostages, data loss, or disclosure of confidential data  Protect Your Reputation & Customer Trust ‒ Public relations nightmare and IDC notes 78% of consumers would take business elsewhere if they were affected by a data breach.  Protect Your Revenue ‒ Ponemon’s 2018 study put the average cost of a data breach at $3.86 million. Up 6.4% from the previous year. ‒ National Cyber Security Alliance estimates that 60% of small to medium-sized businesses go out of business within 6 months of a breach. ‒ Equifax ($430 million and growing), Target (10% stock price loss), Home Depot ($62 million)
  • 17. 17 How Can Skoda Minotti Help? • We can help an organization select and implement a Risk Management Framework to meet the Chapter 3965 • Perform a readiness assessment and help develop remediation plans to effectively implement a Cybersecurity program. • Provide a formal assessment for you to show ongoing compliance to measure your program’s effectiveness on an annual basis.

Editor's Notes

  1. Cybersecurity is critically important to the insurance industry because insurance companies, agencies and agents collect highly sensitive consumer financial and health information, which is an especially alluring target for cyber criminals. Recognizing this risk, the National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law (NAIC Model Law) in October 2017 to encourage states to establish a legal framework for requiring insurance organizations to implement comprehensive cybersecurity programs. Ohio was second state to adopt the NAIC Model Law (South Carolina was first and Michigan adopted in in late 2018). Connecticut and New York have enacted cybersecurity regulations for insurance companies without specifically adopting the NAIC Model Law
  2. The entire law applies to Licensee’s If you are exempt, you do not have to comply with the cybersecurity program chapter but you do still need to comply with the chapters surrounding “investigation of events” and “notification to superintendent” Once you fail to qualify as exempt, you have 180 days to enact the law
  3. Non-public information means information that is not publicly available information and is one of the following: (1) Business-related information of a licensee the tampering with, unauthorized disclosure of, access to, or use of which, would cause a material adverse impact to the business, operation, or security of the licensee; (2) Information concerning a consumer that because of the name, number, personal mark, or other identifier contained in the information can be used to identify that consumer in combination with any one or more of the following data elements: (a) Social security number; (b) Driver's license, commercial driver's license, or state identification card number; (c) Account, credit card, or debit card number; (d) Any security code, access code, or password that would permit access to the consumer's financial account; (e) Biometric records. (3) Any information or data, except age or gender, that is in any form or medium created by or derived from a health care provider or a consumer, that can be used to identify a particular consumer, and that relates to any of the following: (a) The past, present, or future physical, mental, or behavioral health or condition of the consumer or a member of the consumer's family; (b) The provision of health care to the consumer; (c) Payment for the provision of health care to the consumer.
  4. The program shall be commensurate with the size and complexity of the licensee, the nature and scope of the licensee's activities including its use of third-party service providers, and the sensitivity of the nonpublic information used by the licensee or in the licensee's possession, custody, or control.
  5. (D) Based on its risk assessment, the licensee shall do all of the following: (1) Design its information security program to mitigate the identified risks in a way that is commensurate with the size and complexity of the licensee, the nature and scope of the licensee's activities including its use of third-party service providers, and the sensitivity of the nonpublic information used by the licensee or in the licensee's possession, custody, or control; (2) Determine which of the following security measures are appropriate and implement such security measures: (a) Place access controls on information systems, including controls to authenticate and permit access only to authorized individuals, to protect against the unauthorized acquisition of nonpublic information; (b) Identify and manage the data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes in accordance with their relative importance to business objectives and the organization's risk strategy; (c) Restrict access at physical locations containing nonpublic information to authorized individuals; (d) Protect by encryption or other appropriate means all nonpublic information while such information is being transmitted over an external network and all nonpublic information stored on a laptop computer or other portable computing or storage device or media; (e) Adopt secure development practices for in-house developed applications utilized by the licensee and procedures for evaluating, assessing, or testing the security of externally developed applications utilized by the licensee; (f) Modify the information system in accordance with the licensee's information security program; (g) Utilize effective controls, which may include multifactor authentication procedures for accessing nonpublic information; (h) Regularly test and monitor systems and procedures to detect actual and attempted attacks on, or intrusions into, information systems; (i) Include audit trails within the information security program designed to detect and respond to cybersecurity events and designed to reconstruct material financial transactions sufficient to support normal operations and obligations of the licensee; (j) Implement measures to protect against destruction, loss, or damage of nonpublic information due to environmental hazards, such as fire and water damage or other catastrophes or technological failures; (k) Develop, implement, and maintain procedures for the secure disposal of nonpublic information in any format. (3) Include cybersecurity risks in the licensee's enterprise risk management process; (4) Stay informed regarding emerging threats or vulnerabilities and utilize reasonable security measures when sharing information relative to the character of the sharing and the type of information shared; (5) Provide its personnel with cybersecurity awareness training that is updated as necessary to reflect risks identified by the licensee in the risk assessment.
  6.  Each licensee shall notify the superintendent of insurance as promptly as possible after a determination that a cybersecurity event involving nonpublic information in the possession of the licensee has occurred, but in no event later than three business days after that determination, when either of the following criteria has been met: