Professional Documents
Culture Documents
Washington, D.C.
October 27, 2015
1
Panel Members
2
Recent High Profile Data Breaches
3
Recent High Profile Data Breaches
4
Recent High Profile Data Breaches
5
Recent High Profile Data Breaches
6
Recent High Profile Data Breaches
7
High Level Technical Overview
A. General Overview
1. General Overview.
8
High Level Technical Overview
9
High Level Technical Overview
10
High Level Technical Overview
11
High Level Technical Overview
12
High Level Technical Overview
13
High Level Technical Overview
14
High Level Technical Overview
15
High Level Technical Overview
16
High Level Technical Overview
17
High Level Technical Overview
18
High Level Technical Overview
19
High Level Technical Overview
20
High Level Technical Overview
21
High Level Technical Overview
22
High Level Technical Overview
23
100% Prevention is NOT POSSIBLE
24
100% Prevention is NOT POSSIBLE
• Will be hacked.
• Have been or will be, but just don’t know it (or don’t
admit it).
25
Standard of Care
26
Government Involvement
27
Government Involvement
B. Federal Agencies
i. SEC.
ii. DOJ.
iii. FTC.
28
Government Involvement
C. Federal Legislation:
i. Cyber information sharing legislation passed by
House in the spring (two versions).
29
Government Involvement
D. State Regulations
i. 49 states
30
Government Involvement
31
Information Sharing Among
Stakeholders, Government Agencies, Etc.
32
3rd Party Vulnerability
and Efforts to Control
C. Audits re Same.
33
Who are the Hackers?
B. Criminal Groups.
C. “Patriotic hackers.”
D. Terrorists/ISIL.
E. Even Teenagers.
34
What Are Their Motiviations?
35
Data Breach Litigation
36
Commercially Available
Products and Services
37
Commercially Available
Products and Services
38
Commercially Available
Products and Services
39
Suggested Best Practices
40
Suggested Best Practices
B. Critical for:
• Post-breach litigation.
41
Suggested Best Practices
• FBI Infraguard.
• USSS ECTF.
• Others.
43
Suggested Best Practices
44
Suggested Best Practices
45
Suggested Best Practices
46
Suggested Best Practices
6) Notification of Customers:
47
Suggested Best Practices
D. War Games/Simulations:
48
Suggested Best Practices
49
Questions?
50