SlideShare a Scribd company logo

Role of a breach coach

Download as PPTX, PDF
Dan Michaluk
Dan Michaluk

I hate the term "breach" - please call it a "security incident" - but the term "breach coach" is certainly ingrained. Posting today's presentation on the role of the coach as I step out the door to an insurance sector event.

1 of 16
Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk
Incident Response and the Role of a Breach Coach An Incident Response Primer: The Linear Model 2 Prepare Identify Contain & Restore Analyze Mitigate & Remedy
Incident Response and the Role of a Breach Coach An Incident Response Primer: The Analytical Model 3 Feedback (affected persons, media, regulators, government and other stakeholders) Input Witness statements, system data, system specs, existing policy and procedure, law, intelligence re malicious actors Process What is the exposure? What was the cause? Output Contain and restore, mitigate, remedy, communicate • Contained or restored • Reasonably understood • All reasonable steps taken
Incident Response and the Role of a Breach Coach Enter… the “breach coach” • A breach coach is • a lawyer • who knows the incident response process • and provides counsel on the process 4
Incident Response and the Role of a Breach Coach Why use a breach coach? • You’ll support you process with • Legal advice • Breadth of experience • Objectivity • Confidentiality 5
Incident Response and the Role of a Breach Coach When do I call? AFTER… • …you’ve confirmed that you have an “incident” (i.e. a real, non-trivial failure or problem) BEFORE… • … you take any containment steps other than those that must be taken • … you take any external action • … you let a large group of people know internally 6
Incident Response and the Role of a Breach Coach What to expect on that first call • The coach will determine what you know and assess what you don’t know • The coach will conduct a preliminary assessment of scope, exposure and “clock speed” • The coach will recommend a communication protocol • The coach will make recommendations on next steps 7
Incident Response and the Role of a Breach Coach The clock speed concept Fast-moving incident • SIN and DOB likely taken by a hacker • Errant e-mail sent to 1000 parents • PI included on envelope Slow-moving incident • Video surveillance system left unsecured • Former employee e-mailed payroll information home for work purposes… unclear if retained 8
Incident Response and the Role of a Breach Coach Communication and privilege • Privilege gives lawyers and clients a zone of privacy • Solicitor-client – communications for purpose of giving and receiving legal advice • Litigation – dominant purpose is to address contemplated litigation 9
Incident Response and the Role of a Breach Coach Communication and privilege PRIVILEGED • Client to lawyer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! NOT PRIVILEGED • IT staffer to IT staffer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! 10
Incident Response and the Role of a Breach Coach Communication and privilege • Elements of good protocol • Size of internal response team limited • Written communication outside the scope of privilege limited • Outside experts retained by the organization for the coach 11
Incident Response and the Role of a Breach Coach Outside experts • IT forensics • Communications • Response and notification services • Security consulting 12
Incident Response and the Role of a Breach Coach Going to the regulator • Go on the advice of your coach • Regulators a mandate to hold you accountable • A regulator is not a freely-available breach coach • It may be appropriate to go to the regulator at the outset • But if you do, your clock speed will immediately increase and you may lose control 13
Incident Response and the Role of a Breach Coach Going to the police • Go on the advice of your coach • Will rarely discharge your own duty to investigate and take reasonable steps • Can invite a loss of control over a situation over which you have control (e.g. known student hacker) • But when you are at an end there may be little downside to engaging the police and trying to get some help 14
Incident Response and the Role of a Breach Coach The press and external communications • Can be used against you • All external messages should be controlled • In general, messages • Are factual and appropriately qualified for uncertainties • Do not misrepresent or mislead • Demonstrate (by conveyance of facts) genuine concern 15
Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk

Recommended

Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
Fundamentals of Claims Management
Fundamentals of Claims ManagementFundamentals of Claims Management
Fundamentals of Claims Management
Sedgwick
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
Case IQ
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
Dan Michaluk
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
Marc S. Sokol
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
Dan Michaluk
 

Recommended

Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
Fundamentals of Claims Management
Fundamentals of Claims ManagementFundamentals of Claims Management
Fundamentals of Claims Management
Sedgwick
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
Case IQ
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
Dan Michaluk
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
Marc S. Sokol
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
Dan Michaluk
 
The BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecConThe BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecCon
Michael Gough
 
Sc slides
Sc slidesSc slides
Sc slides
York University - Osgoode Hall Law School
 
Precarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law SocietyPrecarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law Society
Richard Moorhead
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
Financial Poise
 
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Financial Poise
 
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
fahadansari131
 
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Case IQ
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
John Stauffacher
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
East Midlands Cyber Security Forum
 
Ra7solution 2010
Ra7solution 2010Ra7solution 2010
Ra7solution 2010NSCAfrica
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
MARRY7
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
Specialized Carriers & Rigging Association
 
healthcare and safety in environmental engineering
healthcare and safety in environmental engineeringhealthcare and safety in environmental engineering
healthcare and safety in environmental engineering
arslanMaqbool4
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2
HCEfareham
 
When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)
Britton Gallagher
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Social care claims club, October/November 2017
Social care claims club, October/November 2017Social care claims club, October/November 2017
Social care claims club, October/November 2017
Browne Jacobson LLP
 
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Dan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
Dan Michaluk
 

More Related Content

Similar to Role of a breach coach

The BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecConThe BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecCon
Michael Gough
 
Sc slides
Sc slidesSc slides
Sc slides
York University - Osgoode Hall Law School
 
Precarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law SocietyPrecarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law Society
Richard Moorhead
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
Financial Poise
 
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Financial Poise
 
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
fahadansari131
 
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Case IQ
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
John Stauffacher
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
East Midlands Cyber Security Forum
 
Ra7solution 2010
Ra7solution 2010Ra7solution 2010
Ra7solution 2010NSCAfrica
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
MARRY7
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest riskEvan Francen
 
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
Specialized Carriers & Rigging Association
 
healthcare and safety in environmental engineering
healthcare and safety in environmental engineeringhealthcare and safety in environmental engineering
healthcare and safety in environmental engineering
arslanMaqbool4
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2
HCEfareham
 
When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)
Britton Gallagher
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
Social care claims club, October/November 2017
Social care claims club, October/November 2017Social care claims club, October/November 2017
Social care claims club, October/November 2017
Browne Jacobson LLP
 

Similar to Role of a breach coach (20)

The BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecConThe BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecCon
 
Sc slides
Sc slidesSc slides
Sc slides
 
Precarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law SocietyPrecarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law Society
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
 
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
 
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
 
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Ra7solution 2010
Ra7solution 2010Ra7solution 2010
Ra7solution 2010
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
 
healthcare and safety in environmental engineering
healthcare and safety in environmental engineeringhealthcare and safety in environmental engineering
healthcare and safety in environmental engineering
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2
 
When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Social care claims club, October/November 2017
Social care claims club, October/November 2017Social care claims club, October/November 2017
Social care claims club, October/November 2017
 

More from Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Dan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
Dan Michaluk
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
Dan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
Dan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Dan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to information
Dan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
Dan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Dan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
Dan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
Dan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
Dan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
Dan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
Dan Michaluk
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
Dan Michaluk
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
Dan Michaluk
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
Dan Michaluk
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Dan Michaluk
 

More from Dan Michaluk (20)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
 

Recently uploaded

Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
anjalidixit21
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
9ib5wiwt
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
MattGardner52
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
o6ov5dqmf
 
new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.
niputusriwidiasih
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
azizurrahaman17
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
Abdul-Hakim Shabazz
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
9ib5wiwt
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
Wendy Couture
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
Knowyourright
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
bhavenpr
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Massimo Talia
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
9ib5wiwt
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
CAAJAYKUMAR4
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
Trademark Quick
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
Daffodil International University
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
How to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the NetherlandsHow to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the Netherlands
BridgeWest.eu
 

Recently uploaded (20)

Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptxHighlights_of_Bhartiya_Nyaya_Sanhita.pptx
Highlights_of_Bhartiya_Nyaya_Sanhita.pptx
 
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
原版仿制(aut毕业证书)新西兰奥克兰理工大学毕业证文凭毕业证雅思成绩单原版一模一样
 
Matthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government LiaisonMatthew Professional CV experienced Government Liaison
Matthew Professional CV experienced Government Liaison
 
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
一比一原版麻省理工学院毕业证(MIT毕业证)成绩单如何办理
 
new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.new victimology of indonesian law. Pptx.
new victimology of indonesian law. Pptx.
 
Tax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th semTax Law Notes on taxation law tax law for 10th sem
Tax Law Notes on taxation law tax law for 10th sem
 
Rokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal OpinionRokita Releases Soccer Stadium Legal Opinion
Rokita Releases Soccer Stadium Legal Opinion
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
1比1制作(swansea毕业证书)英国斯旺西大学毕业证学位证书托业成绩单原版一模一样
 
Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)Business and Corporate Case Update (2024)
Business and Corporate Case Update (2024)
 
Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....Car Accident Injury Do I Have a Case....
Car Accident Injury Do I Have a Case....
 
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdfXYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
XYZ-v.-state-of-Maharashtra-Bombay-HC-Writ-Petition-6340-2023.pdf
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
 
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
怎么购买(massey毕业证书)新西兰梅西大学毕业证学位证书注册证明信原版一模一样
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
Understanding about ITR-1 and Documentation
Understanding about ITR-1 and DocumentationUnderstanding about ITR-1 and Documentation
Understanding about ITR-1 and Documentation
 
Secure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark TodaySecure Your Brand: File a Trademark Today
Secure Your Brand: File a Trademark Today
 
ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.ADR in criminal proceeding in Bangladesh with global perspective.
ADR in criminal proceeding in Bangladesh with global perspective.
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
How to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the NetherlandsHow to Obtain Permanent Residency in the Netherlands
How to Obtain Permanent Residency in the Netherlands
 

Role of a breach coach

  • 1. Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk
  • 2. Incident Response and the Role of a Breach Coach An Incident Response Primer: The Linear Model 2 Prepare Identify Contain & Restore Analyze Mitigate & Remedy
  • 3. Incident Response and the Role of a Breach Coach An Incident Response Primer: The Analytical Model 3 Feedback (affected persons, media, regulators, government and other stakeholders) Input Witness statements, system data, system specs, existing policy and procedure, law, intelligence re malicious actors Process What is the exposure? What was the cause? Output Contain and restore, mitigate, remedy, communicate • Contained or restored • Reasonably understood • All reasonable steps taken
  • 4. Incident Response and the Role of a Breach Coach Enter… the “breach coach” • A breach coach is • a lawyer • who knows the incident response process • and provides counsel on the process 4
  • 5. Incident Response and the Role of a Breach Coach Why use a breach coach? • You’ll support you process with • Legal advice • Breadth of experience • Objectivity • Confidentiality 5
  • 6. Incident Response and the Role of a Breach Coach When do I call? AFTER… • …you’ve confirmed that you have an “incident” (i.e. a real, non-trivial failure or problem) BEFORE… • … you take any containment steps other than those that must be taken • … you take any external action • … you let a large group of people know internally 6
  • 7. Incident Response and the Role of a Breach Coach What to expect on that first call • The coach will determine what you know and assess what you don’t know • The coach will conduct a preliminary assessment of scope, exposure and “clock speed” • The coach will recommend a communication protocol • The coach will make recommendations on next steps 7
  • 8. Incident Response and the Role of a Breach Coach The clock speed concept Fast-moving incident • SIN and DOB likely taken by a hacker • Errant e-mail sent to 1000 parents • PI included on envelope Slow-moving incident • Video surveillance system left unsecured • Former employee e-mailed payroll information home for work purposes… unclear if retained 8
  • 9. Incident Response and the Role of a Breach Coach Communication and privilege • Privilege gives lawyers and clients a zone of privacy • Solicitor-client – communications for purpose of giving and receiving legal advice • Litigation – dominant purpose is to address contemplated litigation 9
  • 10. Incident Response and the Role of a Breach Coach Communication and privilege PRIVILEGED • Client to lawyer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! NOT PRIVILEGED • IT staffer to IT staffer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! 10
  • 11. Incident Response and the Role of a Breach Coach Communication and privilege • Elements of good protocol • Size of internal response team limited • Written communication outside the scope of privilege limited • Outside experts retained by the organization for the coach 11
  • 12. Incident Response and the Role of a Breach Coach Outside experts • IT forensics • Communications • Response and notification services • Security consulting 12
  • 13. Incident Response and the Role of a Breach Coach Going to the regulator • Go on the advice of your coach • Regulators a mandate to hold you accountable • A regulator is not a freely-available breach coach • It may be appropriate to go to the regulator at the outset • But if you do, your clock speed will immediately increase and you may lose control 13
  • 14. Incident Response and the Role of a Breach Coach Going to the police • Go on the advice of your coach • Will rarely discharge your own duty to investigate and take reasonable steps • Can invite a loss of control over a situation over which you have control (e.g. known student hacker) • But when you are at an end there may be little downside to engaging the police and trying to get some help 14
  • 15. Incident Response and the Role of a Breach Coach The press and external communications • Can be used against you • All external messages should be controlled • In general, messages • Are factual and appropriately qualified for uncertainties • Do not misrepresent or mislead • Demonstrate (by conveyance of facts) genuine concern 15
  • 16. Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk

Editor's Notes

  1. 1
  2. -incident response is a process -various models -they all look like this -this one, I believe is from, ISO/IEC 27035 ... -the last three are linear -but they are iterative and loop -to be clear, analysis supports both containment, mitigation and remediation
  3. 16