Professional Documents
Culture Documents
2011 Co3 Systems, Inc. The information contained herein is proprietary and confidential.
Page 1
Agenda
Introductions Cyber Incident Response The process Tips for getting it right Todays reality with breaches CSO versus CPO Q&A
Page 2
Page 3
Page 5
Page 6
Page 7
Page 8
Page 9
Page 10
Page 11
Page 12
Suggestions
Working with Security in advance is vital, knowing where the tensions are, and what youll do to resolve them is key to success Early triage is critical to determining if PI has been exposed Establish Executive support in advance of a breach for anything that may look contentious Have a clear process that coordinates activities across multiple groups to ensure an efficient organizational response Conduct dry runs, simulations or tabletops it will illuminate where there are potential issues make sure to test out multiple scenarios
Page 13
Security and Privacy the Yin and the Yang Cyber Incidents
Cyber breach DDoS Malware, etc.
PII Exposed
CISO-Driven Response
IT/Security: protect the integrity and continuity of business operations Privacy: protect customers and employees
aligning objectives
Page 14
5 Rules for Working With Your CSO Rule #1: Know Your History
The modern day CSO has been around about the same amount of time as the CPO The CPO title came about in the mid to late 90s with the advent of GLB and HIPAA The CSO title (as opposed to the CiSO title) arose after 9/11 with the increased focus on security The CPO role weakened following 9/11 but has strengthened as personal information becomes basis of corporate value
Page 15
5 Rules for Working With Your CSO Rule #2 Accept Your Co-Dependence
Privacy and Security are intertwined. You can have security without privacy, but you cant have privacy without security You can promise not to share information, but that doesnt do much good if any hacker can just steal it Theres no responding to a data breach if you dont know about it or you cant identify what information has been accessed IT is generally the real first responder. They are the ER triage of data breach response
Page 16
Page 19
Page 20
Questions
2011 Co3 Systems, Inc. The information contained herein is proprietary and confidential.
Page 21
Thanks!
1 Alewife Center, Suite 450 Cambridge, MA 02140 ph: 617.206.3900 e: info@co3sys.com www.co3sys.com
1100 Main Street, Suite 2710 Kansas City, MO 64105 ph: 816.285.7600 e: info@ashcroftlawfirm.com www.ashcroftgroupllc.com/law/
Gartner: Co3 define(s) what software packages for privacy look like.
Page 22