The document discusses benchmarks from a survey of privacy programs and the costs of privacy programs. It finds that organizations with more effective information security programs spend more on privacy. The highest spending categories for privacy programs are data security and program management, while the lowest are policies/procedures and redress/enforcement.
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportLumension
What are IT pros most concerned about heading into 2013? The annual State of the Endpoint Report sponsored by Lumension and conducted by Ponemon Institute reveals APTs and mobile devices pose the biggest security threat to organizations in the coming year. Unfortunately, respondents also demonstrated a disconnect between their identified risk and planned security spend as well as a significant need for improved internal collaboration.
This presentation by Larry Ponemon of the Ponemon Institute and Paul Zimski of Lumension reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2013 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:
•IT perspective on today’s Top 3 risks;
•Disconnect between perceived risk and corresponding strategies to combat those threats;
•Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain
Survey Results: The consumerization of it from the end user’s perspectiveSymantec
More than ever, end users rely on smartphones to keep them connected both personally and professionally. As a result, enterprises now must support a wide variety of both enterprise- and employee-liable devices. Symantec recently conducted a small survey to learn more about end users’ experiences with and perspectives on this rapidly growing trend.
[ITOnAir]데브멘토 동영상 Sriram Prasad(스리람 프라사드) APAJ 마케팅 디렉터
퀘스트 Toad11 신제품 및 데이터베이스 분야 전략
발표 기자간담회(2011. 10. 17)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
퀘스트의 데이터베이스 분야 솔루션 전략 및 비전 발표. 최근의 클라우드
및 빅데이터와 같은 IT 환경 변화에 따른 DB 분야 최신
트렌드와 시장 상황에 대한 업데이트 내용과 Toad 11 제품군 및 강력한 성능이 어떻게 비즈니스에
부합하고 업무를 혁신할 수 있는지에 대한 설명
The CTO Survey was conducted by Spinverse Ltd. and covers Finnish CTOs’ views on the current innovation environment and its future outlook.
The survey was supported by EK, Sitra and Technology Academy Finland.
Greatest IT Security Risks of 2013: Annual State of the Endpoint ReportLumension
What are IT pros most concerned about heading into 2013? The annual State of the Endpoint Report sponsored by Lumension and conducted by Ponemon Institute reveals APTs and mobile devices pose the biggest security threat to organizations in the coming year. Unfortunately, respondents also demonstrated a disconnect between their identified risk and planned security spend as well as a significant need for improved internal collaboration.
This presentation by Larry Ponemon of the Ponemon Institute and Paul Zimski of Lumension reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2013 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:
•IT perspective on today’s Top 3 risks;
•Disconnect between perceived risk and corresponding strategies to combat those threats;
•Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain
Survey Results: The consumerization of it from the end user’s perspectiveSymantec
More than ever, end users rely on smartphones to keep them connected both personally and professionally. As a result, enterprises now must support a wide variety of both enterprise- and employee-liable devices. Symantec recently conducted a small survey to learn more about end users’ experiences with and perspectives on this rapidly growing trend.
[ITOnAir]데브멘토 동영상 Sriram Prasad(스리람 프라사드) APAJ 마케팅 디렉터
퀘스트 Toad11 신제품 및 데이터베이스 분야 전략
발표 기자간담회(2011. 10. 17)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
퀘스트의 데이터베이스 분야 솔루션 전략 및 비전 발표. 최근의 클라우드
및 빅데이터와 같은 IT 환경 변화에 따른 DB 분야 최신
트렌드와 시장 상황에 대한 업데이트 내용과 Toad 11 제품군 및 강력한 성능이 어떻게 비즈니스에
부합하고 업무를 혁신할 수 있는지에 대한 설명
The CTO Survey was conducted by Spinverse Ltd. and covers Finnish CTOs’ views on the current innovation environment and its future outlook.
The survey was supported by EK, Sitra and Technology Academy Finland.
So maximieren Sie den Nutzen von SAP: Business Netzwerke als Schlüssel zum Er...SAP Ariba
Das Erfassen aller Ausgaben über Warengruppen, Lieferanten und Ländergrenzen ist
eine große Herausforderung für die meisten eProcurement Systeme. Die Nutzung
eines solchen Systems hängt von vielen Erfolgsfaktoren ab, wie z.b. dem Enablement
der Lieferanten, dem Bereitstellen von Katalogen und schlussendlich der operativen
Nutzung durch die User. Clariant wird Ihnen in diesem spannenden Vortrag erläutern,
wie der führende Hersteller von Spezialchemie das Ariba Netzwerk zusammen mit SAP
nutzt, um Synergieeffekte im Einkauf zu nutzen und Prozesse länderübergreifend zu
standardisieren.
Peter Beyeler, Global eProcurement & Automation Manager – Clariant
2013 Ariba Commerce Summit Frankfurt
Quadric exists to increase the contribution of business to society. We are an international team of analysts, consultants and creative professionals helping companies improve performance while becoming better places to work. Using the Quadric@ framework, we help companies drive volume and pricing, influence future trends, guide innovation and integrate acquisitions more effectively.
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec
Symantec’s 2011 Information Retention and eDiscovery Survey examines how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request. The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines.
The second annual Corporate Social Responsibility Perceptions Survey, conducted by research-based consultancy Penn Schoen Berland in partnership with brand consulting firm Landor Associates and strategic communications firm Burson-Marsteller, analyzed consumer views of companies operating across 14 industries ranging from Apparel to Telecommunications.
Spenser Reinhardt's presentation on Detecting Security Breaches With Docker, Honeypots, & Nagios.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
Despite changing threats and the near certainty of compromise, most
IT security programs are much the same as they were a decade ago. How
have attacker motivations and tactics changed, and why? What does
this mean for IT security departments, and how must they adapt?
This webinar will detail the security challenges organizations face
today, the implications of changes in attacker tactics and
motivations, and what firms can do to better align their security
program with today's reality.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Colby Clark, Director of Incident Management, Fishnet Security
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement. According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident.
This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline. Finally, it will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from industry-leader iSIGHT Partners.
Are you confused by all the social media marketing lingo and terms? You are not alone! SO! What? SOcial introduces the complete glossary of social media terms for those interested in social media marketing. Master these terms and you'll be a social media know-it-all in no time guaranteed!
So maximieren Sie den Nutzen von SAP: Business Netzwerke als Schlüssel zum Er...SAP Ariba
Das Erfassen aller Ausgaben über Warengruppen, Lieferanten und Ländergrenzen ist
eine große Herausforderung für die meisten eProcurement Systeme. Die Nutzung
eines solchen Systems hängt von vielen Erfolgsfaktoren ab, wie z.b. dem Enablement
der Lieferanten, dem Bereitstellen von Katalogen und schlussendlich der operativen
Nutzung durch die User. Clariant wird Ihnen in diesem spannenden Vortrag erläutern,
wie der führende Hersteller von Spezialchemie das Ariba Netzwerk zusammen mit SAP
nutzt, um Synergieeffekte im Einkauf zu nutzen und Prozesse länderübergreifend zu
standardisieren.
Peter Beyeler, Global eProcurement & Automation Manager – Clariant
2013 Ariba Commerce Summit Frankfurt
Quadric exists to increase the contribution of business to society. We are an international team of analysts, consultants and creative professionals helping companies improve performance while becoming better places to work. Using the Quadric@ framework, we help companies drive volume and pricing, influence future trends, guide innovation and integrate acquisitions more effectively.
Symantec 2011 Information Retention and eDiscovery Survey Global Key FindingsSymantec
Symantec’s 2011 Information Retention and eDiscovery Survey examines how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request. The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines.
The second annual Corporate Social Responsibility Perceptions Survey, conducted by research-based consultancy Penn Schoen Berland in partnership with brand consulting firm Landor Associates and strategic communications firm Burson-Marsteller, analyzed consumer views of companies operating across 14 industries ranging from Apparel to Telecommunications.
Spenser Reinhardt's presentation on Detecting Security Breaches With Docker, Honeypots, & Nagios.
The presentation was given during the Nagios World Conference North America held Oct 13th - Oct 16th, 2014 in Saint Paul, MN. For more information on the conference (including photos and videos), visit: http://go.nagios.com/conference
Today's Breach Reality, The IR Imperative, And What You Can Do About ItResilient Systems
Despite changing threats and the near certainty of compromise, most
IT security programs are much the same as they were a decade ago. How
have attacker motivations and tactics changed, and why? What does
this mean for IT security departments, and how must they adapt?
This webinar will detail the security challenges organizations face
today, the implications of changes in attacker tactics and
motivations, and what firms can do to better align their security
program with today's reality.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Colby Clark, Director of Incident Management, Fishnet Security
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement. According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident.
This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline. Finally, it will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from industry-leader iSIGHT Partners.
Are you confused by all the social media marketing lingo and terms? You are not alone! SO! What? SOcial introduces the complete glossary of social media terms for those interested in social media marketing. Master these terms and you'll be a social media know-it-all in no time guaranteed!
Oggi, grazie ai Social Networks, le distanze si sono notevolmente ridotte e i canali di comunicazione si sono ampliati e diversificati.
Nell’era della socialità la presenza sui Social Media è indispensabile per ogni azienda che voglia creare una relazione duratura nel tempo con i propri clienti, ampliare i propri contatti, avere informazioni di prima mano sulle opinioni relative ai servizi/prodotti e ottenere maggior visibilità.
Noi di Ulixe CRM oltre a proporre soluzioni di Social CRM, offriamo consulenze di Social Media Marketing. I nostri servizi vanno dalla proposizione di una strategia di Marketing all’attuazione di Viral Marketing; in particolare ci occupiamo di strutturare campagne mirate in base ad ogni contesto aziendale e settore merceologico, scegliendo insieme ai nostri clienti i canali di comunicazione più adatti alle loro esigenze.
The Shifting State of Endpoint Risk: Key Strategies to Implement in 2012Lumension
Review this presentation as we reveal statistics from the 2012 State of the Endpoint survey, sponsored by Lumension® and conducted by Ponemon Institute. Find out about today's growing insecurity, IT's perceived areas of greatest risk for 2012, and the disconnect between risk and planned security strategies. In addition, we will examine the evolving IT risk environment and recommendations to more effectively and cost-efficiently secure your endpoints.
* How organizations are creating a perfect storm for hackers
* The Top 3 new threats to the workplace
* Perceived risks and corresponding strategies to combat today's evolving endpoint environment
Find out about our reliance on productivity tools, but how inadequate collaboration and resource restrictions for security are creating a perfect storm for hackers.
The report is based on the survey conducted among attendees of the 2nd annual conference “Enterprise Mobility Day” which was held on October 11th, 2012 by the Center for Enterprise Mobility of I.T.Co and the Russian Union of CIO (SoDIT)
Find out more about past participants...where are they aligned under the corporate umbrella, what their structure is, how many employees they pay, and much more!
CompTIA’s 2nd Annual Trends in Enterprise Mobility study builds on previous CompTIA research in the mobility space and further explores mobility trends, challenges and opportunities. Understand the variables and trade-offs involved in a company’s decision on provisioning devices; ascertain benefits realized from using mobile/remote work solutions; identify the challenges in supporting and managing mobile/remote work; and
gauge the need for training and/or standards.
Hoe staat het er voor qua omzet en verdeling binnen affiliate marketing in Nederland? Het IAB heeft in samenwerking met Deloitte een onderzoek gedaan en zal de resultaten traditioneel op de Affiliate Dag bekend maken!
In this edition of “Collaborating for Innovation” the goal was to draw executive attention to current strengths and improvement opportunities, relating to the process of innovation, focusing on four overarching aspects of the innovative company:
The consequences of changing corporate/strategic imperatives upon innovation as a lever for growth
The changing structure and operation of the R&D function and its impact on corporate success
The embedding of innovation as a culture underpinning an organization beyond the R&D function and across the value chain, including customers and suppliers
The drivers and obstacles for integrating these “external” parties in various stages of the innovation process
Most organizations have made significant investments in security controls to enable prevention and detection. But when incidents occur, is your firm able to quickly mitigate them? The best security teams are. And as a result their organizations can learn from them and improve their performance next time.
This webinar will review critical components of proper incident mitigation including:
- Conducting post mortem and updating SOPs
- Evaluating historical response performance
- Generating reports for management, auditors, and authorities
Our featured speakers for this webinar will be:
- Stephen Brennan, Global Technical Consulting Lead - Managing Partner, CSC
- Ted Julian, Chief Marketing Officer, Co3 Systems
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
As attacks on Sony and Target show, the impact of a breach can stretch for months. Knowing how to communicate to the various internal and external audiences is crucial to mitigating the trail of damage.
The webinar features Melanie Dougherty Thomas, a crisis expert with more than 20 years of experience in marketing and communications. Melanie is Managing Director of Inform – a top communications firm that serves Fortune 500s.
Melanie will outline strategies for:
·Incident investigation and assessment
·Public acknowledgement and media management
·Customer and social media responses
·Legal notifications and obligations
Our featured speakers for this webinar will be:
·Melanie Dougherty Thomas, Managing Director, Inform
·Ted Julian, CMO, Co3 Systems
Marked by record-breaking data breaches and an explosion of increasingly complex, sophisticated attacks, 2014 was challenging year for security professionals. Can the industry find relief in 2015? Bruce Schneier & Jon Oltsik evaluate how we did in 2014 from an incident response perspective, as well as offer predictions for what lies ahead in 2015.
By Popular Demand: Co3's Latest and Greatest Features Resilient Systems
This year's data breaches make it clearer than ever – organizations are in desperate need of an effective, consistent, and compliant incident response (IR) process that stops attacks in their tracks.
To help companies like yours prepare for incidents, assess their impact, execute the response, and manage the process to closure, we made a bunch of enhancements to our platform this year. This webinar will feature some of the latest features, many of which came from customer requests, your peers in the industry:
-Integrated threat intelligence provides team members the information they need, when they need it.
-SIEM integrations and incident automation turbo-charge plan creation and execution.
-Easy customization yields a finely-tuned response process without requiring programming expertise.
Our featured speakers for this webinar will be:
- Tim Armstrong, Sales Engineering Manager, Co3 Systems
- Ted Julian, Chief Marketing Officer, Co3 Systems
Are We Breached How to Effectively Assess and Manage Incidents Resilient Systems
Most organizations have made significant investments in security controls to enable prevention and detection. But when the inevitable alerts fire, what happens next? Is your firm able to quickly assess these events and, if necessary, manage them to closure? The best security teams do. And as a result their organizations manage incidents gracefully as just another part of doing business.
This webinar will review critical components of proper incident assessment and management including:
- Assessing events for severity and potential impact including triage
- Engaging the appropriate team members across the organization
- Choosing the optimal containment strategy for your business
Our featured speakers for this webinar will be:
- Stephen Brennan, Global Technical Consulting Lead - Managing Partner, CSC
- Ted Julian, Chief Marketing Officer, Co3 Systems
Ready or Not, Here They Come Preparing For Phase 2 HIPAA Compliance Audits Resilient Systems
The next round of HIPAA compliance audits will now include business associates as well as covered entities. Compliance with the Privacy Rule, the Security Rule, and the Breach Notification Rule are all in scope, so documentation will be a key factor.
This webinar will provide best practices for covered entities under the HIPAA compliance audit. Learn what your organization can do to best prepare for the next round.
Our featured speakers for this webinar will be:
- Amy Derlink, Chief Privacy Officer, IOD Incorporated
- Gant Redmon, CIPP/US General Counsel & VP of Business Development, Co3 Systems
Are you a CIPP holder (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT)? Attend this webinar for CPE credit.
Encryption: Who, What, When, Where, and Why It's Not a PanaceaResilient Systems
Encryption is a crucial and powerful tool in any organization's data protection / privacy arsenal. But to be effective, it must be applied properly. And even then it's not a silver bullet, including from a privacy breach disclosure perspective.
This webinar will discuss:
- Encryption vs. hashing: what is it, and when might you want to use one over the other?
- Practical considerations: implementation options and their merits
- Legal considerations: encryption requirements, benefits and restrictions
- Legal limitations: situations in which encryption is not enough
Our featured speakers for this webinar will be:
- Suhna Pierce, Associate, Morrison Foerster
- Gant Redmon, Esq. CIPP/US, General Counsel & VP of Business Development, Co3 Systems
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
Is your organization ready to respond to an incident? More specifically, do you have the people, process, and technology in place that is required to cope with today's threats?
This webinar will provide practical steps on how to assess your organization's risks, threats, and current capabilities through a methodical and proven approach. From there, it will detail the people, process, and technology considerations when standing up or revitalizing an incident response (IR) program.
Specifically it will cover the four pillars of a modern IR function:
- Identify what must be protected
- Scope potential breach impact to the organization
- Define IR management capabilities
- Determine likely threats and their potential impact
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Solutions Principal, HP
EU Cyber Attacks And The Incident Response ImperativeResilient Systems
Speaking at the recent Cyber Security Summit in London, Lee Miles, Deputy Head of the U.K. National Cyber Crime Unit said, "cybercrime is anonymous, sophisticated, and international." Gone are the days of hacking "to plant a flag for kudos... it's all about the money now," he said. Accounts like these highlight the inevitability of breaches and emphasize just how crucial a capable incident response capability is to survival.
This webinar will review the major components of a modern incident response function, highlighting what organizations can do to quickly improve their program. It will use the Co3 platform to demonstrate how firms can dramatically improve incident response without requiring a significant investment in staff, professional services, or infrastructure.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Tim Armstrong, Security Incident Response Specialist, Co3 Systems
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
Boxing legend Joe Louis famously said, "Everyone has a plan... until they get hit." While grizzled incident response veterans can relate to this sentiment, they all know that thorough preparation is crucial to success. Response procedures that are so thoroughly ingrained that executing them is like muscle memory have a chance, even in the fog of battle.
Have you thoroughly prepared your organization to respond when the inevitable happens? How confident are you that it will work in a real-world situation? Proper incident response preparation is key to answering these questions and is frankly the foundation of any incident response capability.
This webinar will review critical components of IR preparation including:
- IR Underpinnings
- Flexible Frameworks
- Leadership Challenges
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Sean Mason, Global Incident Response Leader, CSC
You have probably heard of the major breach at the US retailer Target, in which 40m credit cards and their details were stolen. As with any incident of this magnitude, there are valuable lessons to be learned. One way to understand the breach more fully - to borrow a phrase from DeepThroat talking about the Watergate scandal in All The Presidents Men - is to follow the money.
This webinar will do just that. Using the Target breach as a real example, for which there is now much information in the public domain, we will detail what we know about how it happened. We will place particular emphasis on the money trail, not only in terms of how the bad guys turn the data into cash, but also who ends up footing the bill, the role insurance can play, and the resulting lawsuits and other repercussions (both the CEO and CIO of Target have resigned). As such, this webinar represents a powerful opportunity to learn first hand what really happens as a breach unwinds from a very respected professional who has been in the trenches for decades.
And here are three important take-aways from this highly informative webinar:
1. Why Chip and PIN is not foolproof
2. A detailed understanding of where the money goes post breach
3. Top tips for how firms must think differently about IR in the wake of Target-like incidents
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Mark Rasch, Chief Privacy Officer, SAIC
Do you have an incident response plan to cover disasters, cyber-attacks, and other threats to your organization? How confident are you that it will work in a real-world situation? While simply having a plan will help you check the box on the audit, it doesn't guarantee effectiveness in a real situation. Assessing your incident response plans through fire drills, desk top exercises, functional scenarios, and full scale exercises will help your organization truly validate the effectiveness of the plan.
IR assessments are meant to:
- Evaluate plans, policies, and procedures
- Find weaknesses in the plan and gaps in resources
- Improve coordination and communication internally and externally
- Define and validate roles and responsibilities
- Train personnel in their roles and responsibilities
This webinar will provide practical steps for assessing your organization's plans and demonstrate ways to improve them through a methodical and proven approach. After all, whether they're big or small, internal or external, in most any organization incidents occur. Complete plans that have been tested, backed by trained resources and thorough communication, are the proven recipe to minimize the impact of incidents when they occur.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Security Intelligence and Operations Principal, HP Enterprise Security Products
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
Minutes, hours, days - each one counts when responding to a security incident. Yet most firms have a lot of room for improvement.
According to the 2013 Verizon Data Breach Investigations Report, in 66% of cases (up from 56% last year), breaches remained undiscovered for years, and in 22% of cases, it took months to fully contain the incident.
This webinar will review the challenges firms face in trying to create a rapid and decisive incident response (IR) process. It will then highlight the crucial role that timely, contextual threat intelligence can play in turbo-charging incident response, particularly when tightly integrated with the broader IR discipline.
Our presenters will reveal the power of this approach by demonstrating Co3's integrated threat intelligence capabilities including intel from the cyber threat intelligence experts at iSIGHT Partners.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Tim Armstrong, Security Incident Response Specialist, Co3 Systems
- Matt Hartley, VP of Product Management, iSIGHT Partners
As a new CISO, you want to have an impact as quickly as possible - people will be watching and judging. But at the same time, you need to be practical about what's achievable in an organization that you're still getting to know. It's also important to consider the experience you bring to the role and how it applies - or doesn't - to your new job.
In this webinar, we'll discuss three fundamental differences you're likely to experience in your new job and offer recommendations on strategic activities you can focus on in your first 90 days. New CISOs will gain a framework for identifying these quick wins. Existing CISOs will get an opportunity to refresh and revitalize their security program.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Bill Campbell, IT Executive and Serial CISO
Are you a CIPP holder? (CIPP/US, CIPP/C, CIPP/E, CIPP/G and CIPP/IT) Attend this webinar for CPE credit.
We all know that Target-like breaches aren't completely preventable. But does that mean we're doomed and powerless? Not even close. A decisive response effort can dramatically reduce the impact of a breach, potentially stopping attacks in their tracks before sensitive data is lost.
This webinar will show you how. Using the Target breach as a case study, it will demonstrate how timely detection and threat intelligence integrated with incident response management could have stopped the attack cold.
Our featured speakers for this webinar will be:
- Tim Armstrong, Security Incident Response Specialist, Co3 Systems
- Colin Henderson, Principal Consultant Security Intelligence & Operations, HP, Enterprise Security Products
veryone's heard about the Target breach at the end of last year; some of you may have been affected. One way to understand this breach - to borrow a phrase from Deep Throat talking about the Watergate Scandal in "All The President's Men" - is to follow the money.
This webinar will do that. It will detail what we know about the Target breach and how it happened. But it will place particular emphasis on the money trail - not only in terms of how the bad guys turn the data into cash, but also who ends up footing the bill, the role insurance can play, the likelihood of lawsuits, and so on. As such, this webinar represents a powerful opportunity to learn what really goes down as a breach unwinds from a respected professional who has been in the trenches for decades.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Mark Rasch, Chief Privacy Officer, SAIC
How'd we do in 2013 from a data breach perspective? As we close out the year, are the cupboards / budgets bare and will it be a lean holiday season? Or should we be budgeting a holiday celebration with all of the trappings and a sumptuous New Year?
Borrowing themes from the Charles Dickens holiday classic, this webinar will review industry statistics and other indicators to evaluate how we did in 2013 from a privacy breach and security incident response perspective. Will our mythical CSO and CPO get the Scrooge-like CFO to approve their budget increases? And what will 2014 hold from a security, privacy, and regulatory perspective? Register below to find out.
Our featured speakers for this Dickensian webinar will be:
- Ebenezer Scrooge, Chief Financial Officer, Acme Inc. played by Ted Julian, Chief Marketing Officer, Co3 Systems
- Bob Cratchit, Chief Privacy Officer, Acme Inc. played by Gant Redmon, General Counsel, Co3 Systems
- Tiny Tim, Chief Security Officer, Acme Inc. played by "Tiny" Tim Armstrong, Incident Response Specialist, Co3 Systems
Incident Response: Don't Mess It Up, Here's How To Get It RightResilient Systems
According to Gartner "75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired." According to Forrester, "You can't afford ineffective incident response." Despite these stakes, the incident response capability at most organizations is immature.
Based on an anonymized breach scenario, this webinar will define a framework for the broader incident response (IR) process. By highlighting IR components that were handled well, and a few that weren't, attendees will gain practical experience to help them better prepare for the inevitable.
Our featured speakers for this webinar will be:
- Jim Goddard, Managing Principal, Security Intelligence and Operations Consulting, HP Enterprise Security
- Ted Julian, Chief Marketing Officer, Co3 Systems. Serial security and compliance entrepreneur.
Treat a Breach Like a Customer, Not a Compliance IssueResilient Systems
After a breach occurs, thoughts turn to technical remediation and regulatory compliance. Affected customers have often been viewed through a filter of breach notification laws. That thinking is changing. Now, privacy and breach response is as much a customer issue - not just a compliance issue. It's time to update core practices to be prepared for and mitigate the damage of an incident beyond just checking the compliance box.
Co3 and Experian are teaming up to provide clients with invaluable breach response techniques. This webinar will review the best practices to leverage during breach response to ensure continued customer satisfaction. Attendees will also get a sneak peek at the new Co3 Systems / Experian Data Breach Resolution incident response management product integration.
Our featured speakers for this timely webinar will be:
-Gant Redmon, Esq. CIPP/US, General Counsel & VP of Business Development, Co3 Systems
-Bob Krenek, Senior Director, Experian Data Breach Resolution
-Michael Bruemmer, Vice President, Experian Data Breach Resolution
You're Breached: Information Risk Analysis for Today's Threat LandscapeResilient Systems
If you would like a copy of the slide in the form of a self-playing PowerPoint Show, please contact jtroisi@co3sys.com
IT security executives have used information risk analysis for decades. From basic objectives such as ensuring critically sensitive data gets protection commensurate with its value, to more sophisticated uses such as determining when certain risks can be accepted, these risk management frameworks help align security with the business. Changes in the "threat landscape", which includes the technical operating environment, the motivation and capability of threats, and even business context can have dramatic implications on the application of analysis techniques. And in information technology, from BYOD, to cloud, to mobile, to state-sponsored actors; plenty has changed in the last 3 years alone.
This webinar will review the conceptual underpinnings of information risk analysis that remain widely used today. We will then examine important changes in the threat landscape over the last few years and assess their impact on risk assessment and its application in risk management. Finally, we will offer recommendations for how, in light of these changes, organizations should think differently about risk and as a result, their security program as a whole.
Our featured speakers for this timely webinar will be:
- Bill Campbell, CISSP, Director at i-fact@nalysis, former security executive at MITRE, Union Bank, Symantec and Fidelity Investments.
- Ted Julian, Chief Marketing Officer, Co3 Systems. Serial security and compliance entrepreneur.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Privacy & Data Breach Management
1. Privacy & Data Breach Management
Benchmarks, Informal Survey, Solutions
Presentation by Dr. Larry Ponemon
Webinar sponsored by Co3 Systems
September 13, 2012
2. Agenda
• Benchmark Analysis
• Cost Benchmarks
• Informal Influencer Survey
• Market Need For Breach Management Solutions
9/13/2012 Ponemon Institute: Private & Confidential Information 2
3. About Ponemon Institute
• Ponemon Institute conducts independent research on cyber security, data protection
and privacy issues.
• Since our founding 11+ years ago our mission has remained constant, which is to
enable organizations in both the private and public sectors to have a clearer
understanding of the practices, enabling technologies and potential threats that will
affect the security, reliability and integrity of information assets and IT systems.
• Ponemon Institute research informs organizations on how to improve upon their data
protection initiatives and enhance their brand and reputation as a trusted enterprise.
• In addition to research, Ponemon Institute offers independent assessment and
strategic advisory services on privacy and data protection issues. The Institute also
conducts workshops and training programs.
• The Institute is frequently engaged by leading companies to assess their privacy and
data protection activities in accordance with generally accepted standards and
practices on a global basis.
• The Institute also performs customized benchmark studies to help organizations
identify inherent risk areas and gaps that might otherwise trigger regulatory action.
9/13/2012 Ponemon Institute: Private & Confidential Information 3
4. Benchmark Analysis
Analysis is based on Ponemon Institute’s 2012 benchmark on corporate privacy management (n=89 companies)
5. Background
• Ponemon Institute has conduct detailed benchmark surveys of corporate privacy
program activities for the past 10 years (starting in January 2003).
• Ponemon Institute has conducted more than 500+ separate benchmark studies.
• A total of 89 large, US-based organizations in various industries participated in
this 2012 study (fieldwork concluding in August).
• The primary contact in these organizations was the chief security officer, the chief
information security officer, the chief privacy officer or another individual who has
overall responsibility for privacy & data protection.
• All results were gathered by the researcher. All individual and company-
identifiable information was removed to protect the confidentiality of responding
organizations.
• Caveats – Benchmarks provide descriptive information that may not be
representative of all corporate privacy initiatives.
9/13/2012 Ponemon Institute: Private & Confidential Information 5
6. Industries
A total of 89 companies participated in this 2012 research
Minimum headcount of participating companies is > 1,000
Financial services
2% 4%
3% Health & pharma
21%
6% Retail
Public sector
6%
Industrial
Services
6%
Consumer products
12%
6% Technology & software
Transportation
7% Energy & utilities
12%
Communications
7%
8% Education & research
Other
9/13/2012 Ponemon Institute: Private & Confidential Information 6
7. Overall Benchmark Score
The benchmark scores for the 2012 sample of 89 companies are presented in a percentage form.
These scores are compiled from a proprietary instrument containing 130 items presented in seven
(7) sections. Each section is weighted equally for purposes of comparison.
70%
61%
60%
53%
50% 47%
42%
40%
30%
20%
10%
0%
> 25,000 FTE 5,000 to 25,000 FTE < 5,000 FTE Overall
9/13/2012 Ponemon Institute: Private & Confidential Information 7
8. Overall Benchmark Score
The benchmark scores for the 2012 sample of 89 companies are presented in a percentage
form. These scores are compiled from a proprietary instrument containing 130 items presented
in seven (7) sections. Each section is weighted equally for purposes of comparison.
90%
79%
80%
70%
70%
61%
60% 56%
50%
42%
40%
33%
29%
30%
20%
10%
0%
Policy% Com% Mgmt% Security% Compliance% Choice% Redress%
9/13/2012 Ponemon Institute: Private & Confidential Information 8
9. Benchmarks on Privacy Policies
Centralized version control procedures 49%
Harmonized approach to global policies 43%
Acceptable use policies for social media 41%
Acceptable use policies for mobile devices (BYOD) 38%
0% 10% 20% 30% 40% 50% 60%
90%
79%
80% 76%
71%
68%
70% 63% 65%
60% 62%
59%
60% 56%
50%
40%
30%
20%
10%
0%
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
9/13/2012 Ponemon Institute: Private & Confidential Information 9
10. Benchmarks on Training & Communications
Mandatory training for all employees 41%
Specialized training for high risk employees 37%
Metrics for assessing training effectiveness 30%
Incident response training for readiness 29%
Privacy awareness for business partners 15%
Privacy awareness for customers 12%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
60% 56%
50% 52% 50% 52%
50% 46% 47% 48% 46%
45%
40%
30%
20%
10%
0%
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
9/13/2012 Ponemon Institute: Private & Confidential Information 10
11. Benchmarks on Privacy Program Management
Centralized authority 35%
Adequacy of program resources 33%
Formal privacy or data governance strategy 29%
Data inventory for sensitive PI 21%
Independent audit or assessment 17%
0% 5% 10% 15% 20% 25% 30% 35% 40%
60%
52%
50%
50% 48%
46%
44%
41% 42%
40% 39% 40%
40%
30%
20%
10%
0%
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
9/13/2012 Ponemon Institute: Private & Confidential Information 11
12. Benchmarks on Data Security
Alignment of privacy and cyber security strategy 33%
Extensive use of encryption for data at rest 31%
Controls over PI data in cloud environments 29%
Extensive use of data loss prevention tools 27%
Privileged user visibility 24%
0% 5% 10% 15% 20% 25% 30% 35%
80%
68% 68% 70%
70% 64% 66% 65% 66%
59%
60% 53%
50%
50%
40%
30%
20%
10%
0%
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
9/13/2012 Ponemon Institute: Private & Confidential Information 12
13. Benchmarks on Privacy Compliance & Monitoring
Compliance monitoring over contract and temporary
29%
employees
Mock regulatory audits or assessments 25%
Advanced assessments of marketing compaigns 22%
Board level reporting 21%
Evaluation of information theft upon employee termination 21%
0% 5% 10% 15% 20% 25% 30% 35%
70%
59% 61%
60% 54%
50% 46% 48%
43% 45%
39% 41% 40%
40%
30%
20%
10%
0%
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
9/13/2012 Ponemon Institute: Private & Confidential Information 13
14. Benchmarks on Consent & Choice
Exclusive use of permission-based lists for
26%
customer/consumer contact
Testing that customer preferences are honored 23%
Rigorous monitoring of secondary uses of sensitive PI 22%
Global harmonization of consumer preferences 18%
Readiness for do not track 18%
0% 5% 10% 15% 20% 25% 30%
40%
35% 34% 35%
35% 33% 33% 32% 33% 33%
30%
30% 28%
25%
20%
15%
10%
5%
0%
2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
9/13/2012 Ponemon Institute: Private & Confidential Information 14
16. Net change over 10 years
The benchmark scores for the 2012 sample consists of 89 companies. The benchmark scores
for the 2003 sample consist of 68 companies. Please note that both samples were matched
by organizational headcount (size), industry sector and geographic footprint. Certain items in
the proprietary benchmark instrument were edited or updated over this 10-year period.
90%
79%
80%
70%
70%
61%
60% 56% 56%
50%
50% 46%
42% 40%
39%
40%
33% 35%
29% 27%
30%
20%
10%
0%
Policy% Com% Mgmt% Security% Compliance% Choice% Redress%
FY 2012 FY 2003
9/13/2012 Ponemon Institute: Private & Confidential Information 16
17. Cost Benchmarks
Analysis is based on Ponemon Institute’s 2012 benchmark on corporate privacy management (n=265 companies)
18. Extrapolated cost of privacy programs
$US millions (000,000 omitted)
Analysis is based on Ponemon Institute’s 2012 benchmark on corporate privacy management (n=265 companies)
This graph reports the average direct and indirect program spending for FY 2012 based on SES quartiles
from 1 = highest to 4 = lowest. The SES is a metric ranging from -2 (lowest) to +2 (highest) that attempts to
measure the effectiveness of an organization’s information security posture. The SES was developed by
Ponemon Institute and his been validated in more than 50 studies conducted over nearly eight (8) years. As
can be seen, organizations with a higher SES spend more direct and indirect costs on privacy programs.
While not shown in this graph, the average privacy program cost for our benchmark sample of companies
totals $5.98 million.
10.00
9.00 8.75
8.00
7.00 6.39
6.00
4.84 4.61
5.00
3.92 4.18
4.00
3.12 3.27 2.92
3.00 2.53
2.00 1.70 1.65
1.00
-
Quartile 1 (SES 1.1) Quartile 2 (SES .71) Quartile 3 (SES .35) Quartile 4 (SES -.11)
Direct cost Indirect cost Total
9/13/2012 Ponemon Institute: Private & Confidential Information 18
19. Extrapolated cost of privacy programs
$US millions (000,000 omitted)
Analysis is based on Ponemon Institute’s 2012 benchmark on corporate privacy management (n=265 companies)
This graph reports the average direct and indirect program spending for FY 2012 based on six expenditure
or spending categories totaling $5.98 million. As can be seen, the two highest spending categories are data
security ($1.55 million) and program management ($1.50 million). In contrast, the two lowest spending
categories are redress and enforcement ($.30 million) and policies and procedures ($.60 million). While not
shown separately, our benchmark sample of companies spend approximately 25% of budget on program
management activities, which includes all costs associated with data breach incident management.
$1.80
$1.55
$1.60 $1.50
$1.40
$1.20 $1.14
$1.00 $0.90
$0.80
$0.60
$0.60
$0.40 $0.30
$0.20
$-
Policies & Training & Program Data security Compliance Redress &
procedures communication management monitoring enforcement
9/13/2012 Ponemon Institute: Private & Confidential Information 19
21. Benchmark study of 107 privacy influencers
• Results in this report are based on Ponemon Institute’s proprietary
database of privacy practices in US organizations.
• Examined perceptions about data breach incident response management.
• Purpose of analysis is to determine the value privacy leaders place on an
automated tool or system to deal with the data breach incident management
process.
• The results indicate that privacy leaders believe automated management
tools are important to deal with the data breach incident management
process due to the numerous separate incidents that require ongoing
tracking.
9/13/2012 Ponemon Institute: Private & Confidential Information 21
22. Is there a need to have an automated tool or system
to deal with the data breach incident management
process?
Benchmark question posed to 107 privacy leaders in U.S. based corporations
4%
15%
Yes
No
Unsure
81%
9/13/2012 Ponemon Institute: Private & Confidential Information 22
23. Do you have an automated data breach management
tool or system today?
Benchmark question posed to 107 privacy leaders in U.S. based corporations
2%
36% No
Yes, homemade
62% Yes, commercial
9/13/2012 Ponemon Institute: Private & Confidential Information 23
24. What is your company’s primary focus for data
breach management issues?
Benchmark question posed to 107 privacy leaders in U.S. based corporations
2%
6%
10%
US
Global
North America
50%
Europe/EU
Latin America
Asia-Pacific
31%
9/13/2012 Ponemon Institute: Private & Confidential Information 24
25. Approximately, how many separate incidents
require tracking over a 12-month period?
Benchmark question posed to 107 privacy leaders in U.S. based corporations
< 40 9%
21 to 40 15%
11 to 20 24%
5 to 10 36%
2 to 4 10%
>2 5%
0% 5% 10% 15% 20% 25% 30% 35% 40%
9/13/2012 Ponemon Institute: Private & Confidential Information 25
26. Need for a Data Breach Management Tool
• Ponemon Institute’s tracking study of the cost of privacy programs reveals the
potential market demand data breach incident management tool for the following
reasons:
– Cost effective – TCO of the tool versus labor costs and professional fees
– A comprehensive and accurate repository of summarized privacy and data
breach laws reduces research costs and legal services.
– Benefits SMBs that cannot afford a fully-dedicated privacy staff.
– Secures (lock-down) sensitive and confidential information concerning data
breach incidents and events.
– Avoid redundant or inconsistent operating practices and reduce operational
complexity.
• Ponemon Institute’s proprietary benchmarks on corporate privacy spending for larger-
sized organizations (headcount > 1,000) reveal a substantial spending level for
program management (which includes incident response) and data security
measures.
9/13/2012 Ponemon Institute: Private & Confidential Information 26
27. Questions?
Ponemon Institute
www.ponemon.org
Tel: 231.938.9900
Toll Free: 800.887.3118
Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA
research@ponemon.org