I hate the term "breach" - please call it a "security incident" - but the term "breach coach" is certainly ingrained. Posting today's presentation on the role of the coach as I step out the door to an insurance sector event.
Effective claims management has become a sophisticated process and one that draws upon numerous areas of expertise including data analysis, accident investigation, managed care, return to work, subrogation, alternative dispute resolution, structured settlements, and Medicare compliance as well as more traditional areas of claims expertise. Technology is continually evolving allowing the risk manager improved decision-making capabilities. Strong claims management fundamentals can apply to any major line of coverage including general liability, workers’ compensation, and auto liability. This session will explore how to identify key cost drivers, ways to better integrate claims resources, how to achieve faster reporting, the use of performance standards and guarantees, and how to evaluate the quality of your current claims services.
Presented by Dr Sam De Silva, partner at Nabarro to over 100 CEOs and Executives in London.
Explains what leaders should do immediately after becoming aware of a cyber attack, from a legal perspective.
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...Case IQ
In a transitional environment, characterized by physical distancing, remote workplaces, re‑opening of the economy and a fuzzy view of what’s coming next, a new collection of risks and challenges has emerged. Companies of every size are navigating the new landscape under extra stress, without the advantages of face-to-face communication, and the demands of a workforce that is hurting.
It’s a challenge to keep workers safe, healthy, engaged, committed, and productive in this environment, and there will always be risks of corruption and misconduct. Investigating under these circumstances requires new approaches tools and techniques.
Join Ken McCarthy, President of Integrity by McCarthy Inc, as he outlines the new risks posed by this environment, and the challenges and opportunities that will follow.
The webinar will cover:
Risks for misconduct in virtual and remote workplaces
Opportunities for new and different kinds of misconduct
Challenges of investigating in a transitional environment
Post-pandemic investigations
Examples of employees crossing the line
How the fraud triangle helps us to detect and prevent misconduct in the new environment
Critical Issues in School Board Cyber SecurityDan Michaluk
An hour presentation to school board officials in Ontario on cyber security issues, covering the threat environment, defense, incident response, threat information sharing and vendor issues.
Effective claims management has become a sophisticated process and one that draws upon numerous areas of expertise including data analysis, accident investigation, managed care, return to work, subrogation, alternative dispute resolution, structured settlements, and Medicare compliance as well as more traditional areas of claims expertise. Technology is continually evolving allowing the risk manager improved decision-making capabilities. Strong claims management fundamentals can apply to any major line of coverage including general liability, workers’ compensation, and auto liability. This session will explore how to identify key cost drivers, ways to better integrate claims resources, how to achieve faster reporting, the use of performance standards and guarantees, and how to evaluate the quality of your current claims services.
Presented by Dr Sam De Silva, partner at Nabarro to over 100 CEOs and Executives in London.
Explains what leaders should do immediately after becoming aware of a cyber attack, from a legal perspective.
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...Case IQ
In a transitional environment, characterized by physical distancing, remote workplaces, re‑opening of the economy and a fuzzy view of what’s coming next, a new collection of risks and challenges has emerged. Companies of every size are navigating the new landscape under extra stress, without the advantages of face-to-face communication, and the demands of a workforce that is hurting.
It’s a challenge to keep workers safe, healthy, engaged, committed, and productive in this environment, and there will always be risks of corruption and misconduct. Investigating under these circumstances requires new approaches tools and techniques.
Join Ken McCarthy, President of Integrity by McCarthy Inc, as he outlines the new risks posed by this environment, and the challenges and opportunities that will follow.
The webinar will cover:
Risks for misconduct in virtual and remote workplaces
Opportunities for new and different kinds of misconduct
Challenges of investigating in a transitional environment
Post-pandemic investigations
Examples of employees crossing the line
How the fraud triangle helps us to detect and prevent misconduct in the new environment
Critical Issues in School Board Cyber SecurityDan Michaluk
An hour presentation to school board officials in Ontario on cyber security issues, covering the threat environment, defense, incident response, threat information sharing and vendor issues.
Precarious professionalism 17 Sep 14 to Law SocietyRichard Moorhead
Why is the legal professions's position precarious: its claims to be competent, ethical, leaders in their field, and good regulators are all weakened. Globalisation, markets, technology, innovation and professional inertia or complacency all pose threats.
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...Financial Poise
Now, more than ever, employers must be prepared to promptly and effectively respond to complaints of workplace harassment and/or discrimination. Often, that requires knowing when and how to conduct an internal investigation. Given the significance of the issues often at stake and the potential for a negative outcome (attorneys’ fees, high dollar settlement, negative PR), learning on the fly is not a viable option when undertaking an investigation. This program covers a host of questions, including what sort of issues should be investigated, who should conduct the investigation, what steps should you take and in what order, who should be interviewed, what sort of documents should be created and how do you close out the investigation? It also explores the investigation process and provides guidance from a seasoned investigator as to how to handle the many issues that you will often confront during the course of an investigation.
To listen to this webinar on-demand, go to: https://www.financialpoise.com/financial-poise-webinars/workplace-investigations-2020/
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Financial Poise
Now, more than ever, employers must be prepared to promptly and effectively respond to complaints of workplace harassment and/or discrimination. Often, that requires knowing when and how to conduct an internal investigation. Given the significance of the issues often at stake and the potential for a negative outcome (attorneys’ fees, high dollar settlement, negative PR), learning on the fly is not a viable option when undertaking an investigation. This program covers a host of questions, including what sort of issues should be investigated, who should conduct the investigation, what steps should you take and in what order, who should be interviewed, what sort of documents should be created and how do you close out the investigation? It also explores the investigation process and provides guidance from a seasoned investigator as to how to handle the many issues that you will often confront during the course of an investigation.
To view the accompanying webinar, go to:
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Case IQ
In today’s “new world of work,” many organizations run on a hybrid model, with some employees working remotely and others in the physical office. While this set-up is convenient, it can cause unique interpersonal issues between employees.
Reduced face-to-face communication makes it harder for teams to bond, while making it easier for harassers to get away with bad behavior. To reduce harassment incidents in your hybrid workplace, you need to foster a culture of openness, willingness to learn, and compassion.
Join workplace investigation and executive management expert Kenneth McCarthy as he outlines how to address and prevent hybrid workplace harassment incidents.
Sam looked at some cases of data breaches and hacks and explained the importance of planning, cyber hygiene and recovery plans.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Autumn event on 19th October 2017 at University of Nottingham.
https://emcsf.org.uk/
Incident ResponseAs a security professional, you will.docxMARRY7
Incident Response
A
s a security professional, you will be versed in a number of different
technologies and techniques, each designed to prevent an attack and secure
the organization. Each of the techniques you will learn is meant to prevent
an attack or limit its scope, but the reality is that attacks can and will happen, and
the techniques you have learned in this course cannot ever be guaranteed to stop
an attack from penetrating your organization. As a security professional, this is
a reality that you will have to accept.
Once you have accepted that an attack will inevitably penetrate your organization
at some point, your job now becomes knowing how to respond to these situations.
This is the role of incident response. Incident response, as the name implies, is the
process of how you and your organization will respond to a security incident when
it occurs. Although security incidents are bound to occur, you shouldn’t sit by and
let them happen. You have to know, in some detail, how you will respond.
Incident response includes those details. If you respond incorrectly to an incident,
you could make a bad situation worse. For example, not knowing what to do,
whom to call, or what the chain of command is in these situations would potentially
do further damage.
Finally, incident response may have a legal aspect. Security incidents are often
crimes, and so you must take special care when responding. When you decide to
pursue criminal charges, you move from the realm of just responding to performing
a formal investigation. The formal investigation will include special techniques
for gathering and processing evidence for the purpose of potentially prosecuting
the criminal later.
This chapter investigates and examines the various aspects of incident response
and ways to plan and design a process for responding to that breach in your
organization.
336
14
CHAPTER
Chapter 14 Topics
This chapter covers the following topics and concepts:
• What a security incident is
• What the process of incident response is
• What incident response plans (IRPs) are
• What planning for disaster and recovery is
• What evidence handling and administration is
• What requirements of regulated industries are
Chapter 14 Goals
When you complete this chapter, you will be able to:
• List the components of incident response
• List the goals of incident response
What Is a Security Incident?
A security incident in an organization is a serious event that can occur at any point from
the desktop level to the servers and infrastructure that make the network work. A security
incident can be anything including accidental actions that result in a problem up to and
including the downright malicious. Regardless of why a security incident occurred, the
organization must respond appropriately.
A security incident can cover a lot of different events, but to clarify what constitutes
a security incident, the following guidelin ...
A panel of top industry professionals provide their expert opinions on current hot-button legal topics and their impact on your operations. Topics include:
• OSHA investigations
• The borrowed servant doctrine and its impact on the relationship between crane companies and their customers
• How you should respond to accidents
• Recovering from at-fault parties and employees for damage to your crane and other property
Moderator: Fred Marcinak, Attorney-At-Law, Smith Moore Leatherwood LLP
Panelists:
Bill Smith, Executive Vice President, Nations Builders Insurance Services, Inc. (NBIS)
Matt Stone, Attorney-at-Law, Smith Moore Leatherwood LLP
Jim Wiethorn, Principal Engineer/Chairman, Haag Engineering
When Violence Invades Your Family Entertainment Center (FEC)Britton Gallagher
Working in the amusements and entertainment industry where the public and large groups are present increases the risk of onsite violence toward you, your employees and your guests.
Do you have an incident response plan to cover disasters, cyber-attacks, and other threats to your organization? How confident are you that it will work in a real-world situation? While simply having a plan will help you check the box on the audit, it doesn't guarantee effectiveness in a real situation. Assessing your incident response plans through fire drills, desk top exercises, functional scenarios, and full scale exercises will help your organization truly validate the effectiveness of the plan.
IR assessments are meant to:
- Evaluate plans, policies, and procedures
- Find weaknesses in the plan and gaps in resources
- Improve coordination and communication internally and externally
- Define and validate roles and responsibilities
- Train personnel in their roles and responsibilities
This webinar will provide practical steps for assessing your organization's plans and demonstrate ways to improve them through a methodical and proven approach. After all, whether they're big or small, internal or external, in most any organization incidents occur. Complete plans that have been tested, backed by trained resources and thorough communication, are the proven recipe to minimize the impact of incidents when they occur.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Security Intelligence and Operations Principal, HP Enterprise Security Products
Social care issues continue to dominate the local authority claims landscape so we focused on a range of social care topics for our last claims clubs of the year including:
- STPs and ACOs
- Inquests
- Vicarious liability - Armes -v- Nottinghamshire County Council [2017] UKSC 60
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
One hour presentation to IT professionals at Ontario school boards. Covers labour issues in MFA rollout, threat information sharing and business e-mail compromises and PHIPA.
Precarious professionalism 17 Sep 14 to Law SocietyRichard Moorhead
Why is the legal professions's position precarious: its claims to be competent, ethical, leaders in their field, and good regulators are all weakened. Globalisation, markets, technology, innovation and professional inertia or complacency all pose threats.
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
Part 1 of this webinar series provided an overview of cybersecurity and explained the cyber risks and legislation affecting nonprofits. In part 2 of the series, Imran Ahmad of Miller Thomson, LLP returns to answer your questions on cybersecurity and to delve deeper into cybersecurity maintenance and best practices to avoid data breaches. This includes the implementation of measures to prevent data breaches in the pre-attack phase, to the implementation of security best practices in the event of a cyber attack or breach.
What you will learn:
· How to develop key cybersecurity-related documents;
· How to maintain an internal matrix of when to notify affected individuals;
· How to review contracts from a cybersecurity compliance perspective.
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...Financial Poise
Now, more than ever, employers must be prepared to promptly and effectively respond to complaints of workplace harassment and/or discrimination. Often, that requires knowing when and how to conduct an internal investigation. Given the significance of the issues often at stake and the potential for a negative outcome (attorneys’ fees, high dollar settlement, negative PR), learning on the fly is not a viable option when undertaking an investigation. This program covers a host of questions, including what sort of issues should be investigated, who should conduct the investigation, what steps should you take and in what order, who should be interviewed, what sort of documents should be created and how do you close out the investigation? It also explores the investigation process and provides guidance from a seasoned investigator as to how to handle the many issues that you will often confront during the course of an investigation.
To listen to this webinar on-demand, go to: https://www.financialpoise.com/financial-poise-webinars/workplace-investigations-2020/
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Financial Poise
Now, more than ever, employers must be prepared to promptly and effectively respond to complaints of workplace harassment and/or discrimination. Often, that requires knowing when and how to conduct an internal investigation. Given the significance of the issues often at stake and the potential for a negative outcome (attorneys’ fees, high dollar settlement, negative PR), learning on the fly is not a viable option when undertaking an investigation. This program covers a host of questions, including what sort of issues should be investigated, who should conduct the investigation, what steps should you take and in what order, who should be interviewed, what sort of documents should be created and how do you close out the investigation? It also explores the investigation process and provides guidance from a seasoned investigator as to how to handle the many issues that you will often confront during the course of an investigation.
To view the accompanying webinar, go to:
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Case IQ
In today’s “new world of work,” many organizations run on a hybrid model, with some employees working remotely and others in the physical office. While this set-up is convenient, it can cause unique interpersonal issues between employees.
Reduced face-to-face communication makes it harder for teams to bond, while making it easier for harassers to get away with bad behavior. To reduce harassment incidents in your hybrid workplace, you need to foster a culture of openness, willingness to learn, and compassion.
Join workplace investigation and executive management expert Kenneth McCarthy as he outlines how to address and prevent hybrid workplace harassment incidents.
Sam looked at some cases of data breaches and hacks and explained the importance of planning, cyber hygiene and recovery plans.
This slideshare was originally presented at the East Midlands Cyber Security Forum's Autumn event on 19th October 2017 at University of Nottingham.
https://emcsf.org.uk/
Incident ResponseAs a security professional, you will.docxMARRY7
Incident Response
A
s a security professional, you will be versed in a number of different
technologies and techniques, each designed to prevent an attack and secure
the organization. Each of the techniques you will learn is meant to prevent
an attack or limit its scope, but the reality is that attacks can and will happen, and
the techniques you have learned in this course cannot ever be guaranteed to stop
an attack from penetrating your organization. As a security professional, this is
a reality that you will have to accept.
Once you have accepted that an attack will inevitably penetrate your organization
at some point, your job now becomes knowing how to respond to these situations.
This is the role of incident response. Incident response, as the name implies, is the
process of how you and your organization will respond to a security incident when
it occurs. Although security incidents are bound to occur, you shouldn’t sit by and
let them happen. You have to know, in some detail, how you will respond.
Incident response includes those details. If you respond incorrectly to an incident,
you could make a bad situation worse. For example, not knowing what to do,
whom to call, or what the chain of command is in these situations would potentially
do further damage.
Finally, incident response may have a legal aspect. Security incidents are often
crimes, and so you must take special care when responding. When you decide to
pursue criminal charges, you move from the realm of just responding to performing
a formal investigation. The formal investigation will include special techniques
for gathering and processing evidence for the purpose of potentially prosecuting
the criminal later.
This chapter investigates and examines the various aspects of incident response
and ways to plan and design a process for responding to that breach in your
organization.
336
14
CHAPTER
Chapter 14 Topics
This chapter covers the following topics and concepts:
• What a security incident is
• What the process of incident response is
• What incident response plans (IRPs) are
• What planning for disaster and recovery is
• What evidence handling and administration is
• What requirements of regulated industries are
Chapter 14 Goals
When you complete this chapter, you will be able to:
• List the components of incident response
• List the goals of incident response
What Is a Security Incident?
A security incident in an organization is a serious event that can occur at any point from
the desktop level to the servers and infrastructure that make the network work. A security
incident can be anything including accidental actions that result in a problem up to and
including the downright malicious. Regardless of why a security incident occurred, the
organization must respond appropriately.
A security incident can cover a lot of different events, but to clarify what constitutes
a security incident, the following guidelin ...
A panel of top industry professionals provide their expert opinions on current hot-button legal topics and their impact on your operations. Topics include:
• OSHA investigations
• The borrowed servant doctrine and its impact on the relationship between crane companies and their customers
• How you should respond to accidents
• Recovering from at-fault parties and employees for damage to your crane and other property
Moderator: Fred Marcinak, Attorney-At-Law, Smith Moore Leatherwood LLP
Panelists:
Bill Smith, Executive Vice President, Nations Builders Insurance Services, Inc. (NBIS)
Matt Stone, Attorney-at-Law, Smith Moore Leatherwood LLP
Jim Wiethorn, Principal Engineer/Chairman, Haag Engineering
When Violence Invades Your Family Entertainment Center (FEC)Britton Gallagher
Working in the amusements and entertainment industry where the public and large groups are present increases the risk of onsite violence toward you, your employees and your guests.
Do you have an incident response plan to cover disasters, cyber-attacks, and other threats to your organization? How confident are you that it will work in a real-world situation? While simply having a plan will help you check the box on the audit, it doesn't guarantee effectiveness in a real situation. Assessing your incident response plans through fire drills, desk top exercises, functional scenarios, and full scale exercises will help your organization truly validate the effectiveness of the plan.
IR assessments are meant to:
- Evaluate plans, policies, and procedures
- Find weaknesses in the plan and gaps in resources
- Improve coordination and communication internally and externally
- Define and validate roles and responsibilities
- Train personnel in their roles and responsibilities
This webinar will provide practical steps for assessing your organization's plans and demonstrate ways to improve them through a methodical and proven approach. After all, whether they're big or small, internal or external, in most any organization incidents occur. Complete plans that have been tested, backed by trained resources and thorough communication, are the proven recipe to minimize the impact of incidents when they occur.
Our featured speakers for this webinar will be:
- Ted Julian, Chief Marketing Officer, Co3 Systems
- Richard White, Security Intelligence and Operations Principal, HP Enterprise Security Products
Social care issues continue to dominate the local authority claims landscape so we focused on a range of social care topics for our last claims clubs of the year including:
- STPs and ACOs
- Inquests
- Vicarious liability - Armes -v- Nottinghamshire County Council [2017] UKSC 60
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
One hour presentation to IT professionals at Ontario school boards. Covers labour issues in MFA rollout, threat information sharing and business e-mail compromises and PHIPA.
One hour presentation to Ontario public sector institutions that looks at the privacy and security implications the main information flows associated with COVID-19 workplace health and safety.
Here's a one hour presentation to Canadian municipal lawyers on the union right of access to information that arises under labour law and how it has fared against employee privacy claims.
1 hours presentation to IT security and law enforcement audience on how access to information legislation and related pressures affect public bodies in Canada.
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
45 min prez to compliance professionals at Canadian financial institutions. A survey presentation covering privacy, data security and anti-spam (CASL).
Who is the "health information custodian" when an institution with an educational mandate provides health care? PHIPA gives institutions choice. Here's a presentation i gave yesterday in which I argue that the institution (and not its practitioners) should assume the role of the HIC.
Student Conduct Investigations - Examining Evidence and Determining CredibiliityDan Michaluk
A one hour presentation to student conduct investigators at colleges and universities in Canada. Support for the "hard" cases in which credibility is at issue, including hard sexual violence cases.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
How to Obtain Permanent Residency in the Netherlands
Role of a breach coach
1. Incident Response and the Role of a Breach Coach
Incident Response and the Role of a Breach Coach
September 29, 2017
Dan Michaluk
2. Incident Response and the Role of a Breach Coach
An Incident Response Primer: The Linear Model
2
Prepare Identify
Contain &
Restore
Analyze
Mitigate &
Remedy
3. Incident Response and the Role of a Breach Coach
An Incident Response Primer: The Analytical Model
3
Feedback (affected persons, media, regulators, government and other stakeholders)
Input
Witness statements,
system data, system
specs, existing policy
and procedure, law,
intelligence re
malicious actors
Process
What is the
exposure? What was
the cause?
Output
Contain and
restore,
mitigate, remedy,
communicate
• Contained or
restored
• Reasonably
understood
• All reasonable
steps taken
4. Incident Response and the Role of a Breach Coach
Enter… the “breach coach”
• A breach coach is
• a lawyer
• who knows the incident
response process
• and provides counsel
on the process
4
5. Incident Response and the Role of a Breach Coach
Why use a breach coach?
• You’ll support you
process with
• Legal advice
• Breadth of experience
• Objectivity
• Confidentiality
5
6. Incident Response and the Role of a Breach Coach
When do I call?
AFTER…
• …you’ve confirmed that you
have an “incident” (i.e. a real,
non-trivial failure or problem)
BEFORE…
• … you take any containment
steps other than those that
must be taken
• … you take any external action
• … you let a large group of
people know internally
6
7. Incident Response and the Role of a Breach Coach
What to expect on that first call
• The coach will determine what you know and assess
what you don’t know
• The coach will conduct a preliminary assessment of
scope, exposure and “clock speed”
• The coach will recommend a communication protocol
• The coach will make recommendations on next steps
7
8. Incident Response and the Role of a Breach Coach
The clock speed concept
Fast-moving incident
• SIN and DOB likely taken by
a hacker
• Errant e-mail sent to 1000
parents
• PI included on envelope
Slow-moving incident
• Video surveillance system
left unsecured
• Former employee e-mailed
payroll information home for
work purposes… unclear if
retained
8
9. Incident Response and the Role of a Breach Coach
Communication and privilege
• Privilege gives lawyers and clients a zone of privacy
• Solicitor-client – communications for purpose of
giving and receiving legal advice
• Litigation – dominant purpose is to address
contemplated litigation
9
10. Incident Response and the Role of a Breach Coach
Communication and privilege
PRIVILEGED
• Client to lawyer: I’m
really worried we screwed
up. We knew this was a
problem eight months ago
and didn’t fix it!
NOT PRIVILEGED
• IT staffer to IT staffer:
I’m really worried we
screwed up. We knew
this was a problem eight
months ago and didn’t fix
it!
10
11. Incident Response and the Role of a Breach Coach
Communication and privilege
• Elements of good protocol
• Size of internal response team limited
• Written communication outside the scope of privilege
limited
• Outside experts retained by the organization for the
coach
11
12. Incident Response and the Role of a Breach Coach
Outside experts
• IT forensics
• Communications
• Response and
notification services
• Security consulting
12
13. Incident Response and the Role of a Breach Coach
Going to the regulator
• Go on the advice of your coach
• Regulators a mandate to hold you accountable
• A regulator is not a freely-available breach coach
• It may be appropriate to go to the regulator at the outset
• But if you do, your clock speed will immediately increase
and you may lose control
13
14. Incident Response and the Role of a Breach Coach
Going to the police
• Go on the advice of your coach
• Will rarely discharge your own duty to investigate and
take reasonable steps
• Can invite a loss of control over a situation over which
you have control (e.g. known student hacker)
• But when you are at an end there may be little downside
to engaging the police and trying to get some help
14
15. Incident Response and the Role of a Breach Coach
The press and external communications
• Can be used against you
• All external messages should be controlled
• In general, messages
• Are factual and appropriately qualified for uncertainties
• Do not misrepresent or mislead
• Demonstrate (by conveyance of facts) genuine concern
15
16. Incident Response and the Role of a Breach Coach
Incident Response and the Role of a Breach Coach
September 29, 2017
Dan Michaluk
Editor's Notes
1
-incident response is a process
-various models
-they all look like this
-this one, I believe is from, ISO/IEC 27035
...
-the last three are linear
-but they are iterative and loop
-to be clear, analysis supports both containment, mitigation and remediation