SlideShare a Scribd company logo

What every CEO needs to know about Califorinia's new data breach law

David Sweigert
David Sweigert

Provided as a courtesy by: Dave Sweigert CISSP CISA PMP EMT Security+ HCSIPP Associate

Law
1 of 2
What every CEO needs to know about the $100,000 mouse click and California’s new A.B. 1710 October 2014 Author: Dave Sweigert, M.Sci., CISSP, CISA, PMP (non-attorney not providing legal advice) ABSTRACT Data breaches will now carry a de facto cost of $100 per record with the implementation of California’s Assembly Bill 1710 (signed into law 9/24/14 and effective 1/1/15). Background With the passage of A.B. 1710 California has now institutionalized the practice of offering victims of a data breach free credit monitoring services for twelve (12) months ($100 cost). Effective January 1, 2015, an organizational data breach will now subject organizations to AB 1710 liability for the records of Californians. This adds yet another law (and more liability) to the legislative, regulatory and compliance landscape. Thus, the era of the $100,000 mouse click has been ushered in. For example, if a spreadsheet of 1,000 sensitive records is mistakenly sent to the wrong e-mail address it can become a $100,000 mistake. (1,000 x $100 = $100,000) Pesky hackers no longer need to fight against firewalls and Intrusion Detection Systems (IDS). They can merely convince a poorly trained workforce member to rush an email message with billing information to a purported bookkeeping clearinghouse email address – or any other creative social engineering attack. Not a question of “if” but “when” Industry leaders addressing the consequences of such data breaches continue to strongly suggest that organizations focus on appropriate risk assessments1 and data breach response capabilities as opposed to old school over reliance on the latest “gee- 1 Office of Civil Rights Director Jocelyn Samuels reiterated at a recent industry conference that organizations dealing in protected health information (“PHI”) should, and in fact must, undertake to routinely assess and investigate vulnerability as part of an effective compliance program.
whiz” cyber hygiene appliance. Many organizations continue to rely on a patch work of routers, firewalls and network gear to protect sensitive data; but, have not undergone a comprehensive risk assessment of overall organizational risk. To illustrate, consider a recent Office of Inspector General (OIG)2 audit of the Kentucky Health Benefit Exchange, which cited weaknesses in: • Security planning • Risk assessments • Incident response capabilities These are the “soft skills” that are often overlooked by senior management, which may be more focused on line item costs for new “security” tools and appliances (e.g., encryption tools, anti-malware virus protection). Emergence of new risk frameworks As described in other articles by the author, the Cyber Security Framework (CSF), created by the White House Executive Order 13636, offers a viable framework to reduce the consequences of a data breach. Senior managers will discover that the CSF departs from the prescriptive nature of spelling out security controls and offers a flexible framework. The core principles of the framework are: 2 U.S. Department of Health and Human Services, 9/2014, No. A-18-14-30011 • Identify (pre-data breach) • Protect (pre-data breach) • Detect (data breach) • Respond (post-data breach) • Recover (post-data breach) Recovery and incident management As most security industry observers will admit, it is nearly impossible to guarantee a secure core infrastructure and/or enterprise. In fact, many regulated industry leaders complain that regulatory compliance does not mean better data security. This explains why some government regulators seem interested only in compliance activities (pre-incident) while juries tend to focus on response and recovery actions of senior management (post-incident). For most organizations a data breach seems to be a mathematical inevitability. Therefore, in the era of AB 1710, data breach incident response and recovery planning is no longer a nice to have option. It is an imperative. About the author: Dave Sweigert holds credentials as a Certified Information Systems Security Professional, Certified Information Systems Auditor, Project Management Professional and has earned separate Masters’ degrees in Information Security and Project Management. He is a former security researcher for the U.S. National Security Agency and the U.S. Air Force Electronic Security Command. He is an active supporter of the National Cyber League.

Recommended

Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)ChristopherAntonius
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateRedspin, Inc.
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 

Recommended

Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Generic_Sample_incidentresponseplanIRP_ISS_2016
Generic_Sample_incidentresponseplanIRP_ISS_2016Samuel Loomis
 
Data-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseData-Centric Security for the Extended Enterprise
Data-Centric Security for the Extended EnterpriseNextLabs, Inc.
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)ChristopherAntonius
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
HIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateHIPAA Enforcement Heats Up in the Coldest State
HIPAA Enforcement Heats Up in the Coldest StateRedspin, Inc.
 
Security Lifecycle Management
Security Lifecycle ManagementSecurity Lifecycle Management
Security Lifecycle ManagementBarry Caplin
 
Internal Risk Management
Internal Risk ManagementInternal Risk Management
Internal Risk ManagementBarry Caplin
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201IJNSA Journal
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment ReportBelinda Edwards
 
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...David Sweigert
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
 
Strengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringStrengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringBooz Allen Hamilton
 
Thinking Ahead to Litigation While Developing Cybersecurity Plans
Thinking Ahead to Litigation While Developing Cybersecurity PlansThinking Ahead to Litigation While Developing Cybersecurity Plans
Thinking Ahead to Litigation While Developing Cybersecurity PlansJason Glass, CFA, CISSP
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses- Mark - Fullbright
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
 
CST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comCST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comjonhson198
 
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresEY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresJulien Boucher
 
How to prevent data breach risk from impacting capital ratios
How to prevent data breach risk from impacting capital ratiosHow to prevent data breach risk from impacting capital ratios
How to prevent data breach risk from impacting capital ratiosThomas Lee
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.comjonhson199
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 
Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?bdana68
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Monica Rivera
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 

More Related Content

What's hot

Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follAISHA232980
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Gross, Mendelsohn & Associates
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment ReportBelinda Edwards
 
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...David Sweigert
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
 
Strengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringStrengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringBooz Allen Hamilton
 
Thinking Ahead to Litigation While Developing Cybersecurity Plans
Thinking Ahead to Litigation While Developing Cybersecurity PlansThinking Ahead to Litigation While Developing Cybersecurity Plans
Thinking Ahead to Litigation While Developing Cybersecurity PlansJason Glass, CFA, CISSP
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareCompTIA
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses- Mark - Fullbright
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems- Mark - Fullbright
 
CST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comCST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comjonhson198
 
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresEY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresJulien Boucher
 
How to prevent data breach risk from impacting capital ratios
How to prevent data breach risk from impacting capital ratiosHow to prevent data breach risk from impacting capital ratios
How to prevent data breach risk from impacting capital ratiosThomas Lee
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.comjonhson199
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1jhietala
 

What's hot (19)

Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201
 
Cyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the follCyb 690 cybersecurity program template directions the foll
Cyb 690 cybersecurity program template directions the foll
 
Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...Business Intelligence and Data Security for Long-Term Care Financial Professi...
Business Intelligence and Data Security for Long-Term Care Financial Professi...
 
HSN Risk Assessment Report
HSN Risk Assessment ReportHSN Risk Assessment Report
HSN Risk Assessment Report
 
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise" ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
ESEI White Paper-Disaster Recovery "A Risk Assessment Exercise"
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update2015 Energy Industry Cybersecurity Research Update
2015 Energy Industry Cybersecurity Research Update
 
Strengthening Security with Continuous Monitoring
Strengthening Security with Continuous MonitoringStrengthening Security with Continuous Monitoring
Strengthening Security with Continuous Monitoring
 
Thinking Ahead to Litigation While Developing Cybersecurity Plans
Thinking Ahead to Litigation While Developing Cybersecurity PlansThinking Ahead to Litigation While Developing Cybersecurity Plans
Thinking Ahead to Litigation While Developing Cybersecurity Plans
 
Tech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in HealthcareTech Refresh - Cybersecurity in Healthcare
Tech Refresh - Cybersecurity in Healthcare
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses
 
Business Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer SystemsBusiness Security Check Reducing Risks Your Computer Systems
Business Security Check Reducing Risks Your Computer Systems
 
CST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comCST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.com
 
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosuresEY - SEC Reporting update - Spotlight on cybersecurity disclosures
EY - SEC Reporting update - Spotlight on cybersecurity disclosures
 
How to prevent data breach risk from impacting capital ratios
How to prevent data breach risk from impacting capital ratiosHow to prevent data breach risk from impacting capital ratios
How to prevent data breach risk from impacting capital ratios
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com
 
Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1Avior Healthcare Security Compliance Webcast Final1
Avior Healthcare Security Compliance Webcast Final1
 

Similar to What every CEO needs to know about Califorinia's new data breach law

Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?bdana68
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Monica Rivera
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaLizbethQuinonez813
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docxwrite30
 
C H A P T E R 1 4 Risk Management and Worker Protec ti.docx
C H A P T E R 1 4 Risk Management and Worker Protec ti.docxC H A P T E R 1 4 Risk Management and Worker Protec ti.docx
C H A P T E R 1 4 Risk Management and Worker Protec ti.docxRAHUL126667
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityPaul Ferrillo
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxssuserf9c51d
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Paul Ferrillo
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016FitCEO, Inc. (FCI)
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskJohn Loveland
 
cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015Paul Ferrillo
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...IJNSA Journal
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationApril Dillard
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 

Similar to What every CEO needs to know about Califorinia's new data breach law (20)

Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?Does Your Organization Have A Privacy Incident Response Plan?
Does Your Organization Have A Privacy Incident Response Plan?
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )
 
Identity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expaIdentity Theft ResponseYou have successfully presented an expa
Identity Theft ResponseYou have successfully presented an expa
 
arcsight_scmag_hcspecial
arcsight_scmag_hcspecialarcsight_scmag_hcspecial
arcsight_scmag_hcspecial
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docx
 
C H A P T E R 1 4 Risk Management and Worker Protec ti.docx
C H A P T E R 1 4 Risk Management and Worker Protec ti.docxC H A P T E R 1 4 Risk Management and Worker Protec ti.docx
C H A P T E R 1 4 Risk Management and Worker Protec ti.docx
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
employee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurityemployee-awareness-and-training-the-holy-grail-of-cybersecurity
employee-awareness-and-training-the-holy-grail-of-cybersecurity
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
 
Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014Cybersecurity_Alert_Dec_16_2014
Cybersecurity_Alert_Dec_16_2014
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
 
Data exfiltration so many threats 2016
Data exfiltration so many threats 2016Data exfiltration so many threats 2016
Data exfiltration so many threats 2016
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info Risk
 
cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015cybersecurity_alert_feb_12_2015
cybersecurity_alert_feb_12_2015
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
EXPLORING CRITICAL VULNERABILITIES IN SIEM IMPLEMENTATION AND SOC SERVICE PRO...
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisDavid Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterDavid Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityDavid Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsDavid Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartDavid Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentDavid Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentDavid Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTDavid Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackDavid Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionDavid Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanDavid Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSDavid Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Recently uploaded

Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGPRAKHARGUPTA419620
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...James Watkins, III JD CFP®
 
Understanding Social Media Bullying: Legal Implications and Challenges
Understanding Social Media Bullying: Legal Implications and ChallengesUnderstanding Social Media Bullying: Legal Implications and Challenges
Understanding Social Media Bullying: Legal Implications and ChallengesFinlaw Associates
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书Fir sss
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书E LSS
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfMilind Agarwal
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书Fir L
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourBhavikaGholap1
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULEsreeramsaipranitha
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptjudeplata
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书Fir L
 
A Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxA Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxPKrishna18
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Oishi8
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书Fir L
 

Recently uploaded (20)

Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKING
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
Understanding Social Media Bullying: Legal Implications and Challenges
Understanding Social Media Bullying: Legal Implications and ChallengesUnderstanding Social Media Bullying: Legal Implications and Challenges
Understanding Social Media Bullying: Legal Implications and Challenges
 
如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书 如何办理佛蒙特大学毕业证学位证书
如何办理佛蒙特大学毕业证学位证书
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
 
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 25 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书如何办理澳洲南澳大学(UniSA)毕业证学位证书
如何办理澳洲南澳大学(UniSA)毕业证学位证书
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
THE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labourTHE FACTORIES ACT,1948 (2).pptx labour
THE FACTORIES ACT,1948 (2).pptx labour
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.pptFINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
FINALTRUEENFORCEMENT OF BARANGAY SETTLEMENT.ppt
 
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
如何办理普利茅斯大学毕业证(本硕)Plymouth学位证书
 
A Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxA Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptx
 
Old Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax RegimeOld Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax Regime
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126
 
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
如何办理新加坡南洋理工大学毕业证(本硕)NTU学位证书
 

What every CEO needs to know about Califorinia's new data breach law

  • 1. What every CEO needs to know about the $100,000 mouse click and California’s new A.B. 1710 October 2014 Author: Dave Sweigert, M.Sci., CISSP, CISA, PMP (non-attorney not providing legal advice) ABSTRACT Data breaches will now carry a de facto cost of $100 per record with the implementation of California’s Assembly Bill 1710 (signed into law 9/24/14 and effective 1/1/15). Background With the passage of A.B. 1710 California has now institutionalized the practice of offering victims of a data breach free credit monitoring services for twelve (12) months ($100 cost). Effective January 1, 2015, an organizational data breach will now subject organizations to AB 1710 liability for the records of Californians. This adds yet another law (and more liability) to the legislative, regulatory and compliance landscape. Thus, the era of the $100,000 mouse click has been ushered in. For example, if a spreadsheet of 1,000 sensitive records is mistakenly sent to the wrong e-mail address it can become a $100,000 mistake. (1,000 x $100 = $100,000) Pesky hackers no longer need to fight against firewalls and Intrusion Detection Systems (IDS). They can merely convince a poorly trained workforce member to rush an email message with billing information to a purported bookkeeping clearinghouse email address – or any other creative social engineering attack. Not a question of “if” but “when” Industry leaders addressing the consequences of such data breaches continue to strongly suggest that organizations focus on appropriate risk assessments1 and data breach response capabilities as opposed to old school over reliance on the latest “gee- 1 Office of Civil Rights Director Jocelyn Samuels reiterated at a recent industry conference that organizations dealing in protected health information (“PHI”) should, and in fact must, undertake to routinely assess and investigate vulnerability as part of an effective compliance program.
  • 2. whiz” cyber hygiene appliance. Many organizations continue to rely on a patch work of routers, firewalls and network gear to protect sensitive data; but, have not undergone a comprehensive risk assessment of overall organizational risk. To illustrate, consider a recent Office of Inspector General (OIG)2 audit of the Kentucky Health Benefit Exchange, which cited weaknesses in: • Security planning • Risk assessments • Incident response capabilities These are the “soft skills” that are often overlooked by senior management, which may be more focused on line item costs for new “security” tools and appliances (e.g., encryption tools, anti-malware virus protection). Emergence of new risk frameworks As described in other articles by the author, the Cyber Security Framework (CSF), created by the White House Executive Order 13636, offers a viable framework to reduce the consequences of a data breach. Senior managers will discover that the CSF departs from the prescriptive nature of spelling out security controls and offers a flexible framework. The core principles of the framework are: 2 U.S. Department of Health and Human Services, 9/2014, No. A-18-14-30011 • Identify (pre-data breach) • Protect (pre-data breach) • Detect (data breach) • Respond (post-data breach) • Recover (post-data breach) Recovery and incident management As most security industry observers will admit, it is nearly impossible to guarantee a secure core infrastructure and/or enterprise. In fact, many regulated industry leaders complain that regulatory compliance does not mean better data security. This explains why some government regulators seem interested only in compliance activities (pre-incident) while juries tend to focus on response and recovery actions of senior management (post-incident). For most organizations a data breach seems to be a mathematical inevitability. Therefore, in the era of AB 1710, data breach incident response and recovery planning is no longer a nice to have option. It is an imperative. About the author: Dave Sweigert holds credentials as a Certified Information Systems Security Professional, Certified Information Systems Auditor, Project Management Professional and has earned separate Masters’ degrees in Information Security and Project Management. He is a former security researcher for the U.S. National Security Agency and the U.S. Air Force Electronic Security Command. He is an active supporter of the National Cyber League.