Presentation is loading. Please wait.

Presentation is loading. Please wait.

DATA BREACH SIMULATION TRAINING WELCOME

Published byBuddy Simon Modified over 6 years ago

Similar presentations

Presentation on theme: "DATA BREACH SIMULATION TRAINING WELCOME"— Presentation transcript:

1 DATA BREACH SIMULATION TRAINING WELCOME
DATA BREACH SIMULATION TRAINING WELCOME! 8:45am – 9am TEAM INTRODUCTIONS Please find your assigned team table and introduce yourself to your Team Leader(s) and the other members of your team. Please write your name on the back of your name sign with the sharpies provided. TEAM 4 David Bender Mirjam Supponen TEAM 5 Jennifer Lavalley Eric Ratcliffe (360Advanced) TEAM 1 Tom Hemnes TEAM 2 Rick Olin TEAM 3 Paul Jean TEAM 6 Laila Paszti Please review the intentionally incomplete incident response plan handout at your table and see how many different things your Team can find that are wrong with it. For purposes of the simulation exercise, we will all be working at Serious Financial bank.

2 DATA BREACH SIMULATION TRAINING JANUARY 12, INTRODUCTION Sayoko Blodgett-Ford, Member, GTC (CIPP/US)

3 DATA BREACH SIMULATION - PANELISTS
Rocco Grillo, Executive Managing Director/Cyber Resilience Leader, Stroz Friedberg/Aon. Mr. Grillo regularly advises clients, including boards and executive management, on a wide range of cybersecurity issues across all industries. Mr. Grillo has more than 25 years of experience providing organizations with security and risk management services. He is an internationally recognized expert in the field of Incident Response and information security and has assisted corporations, law enforcement agencies, major law firms, and industry threat intelligence organizations with matters involving computer security incident response & computer forensics, and security threat advisory services. Peter Lefkowitz, Chief Privacy Officer and Senior Data Rights Management Counsel, GE Digital. Mr. Lefkowitz is the Chief Privacy Officer and Senior Data Rights Management Counsel at GE Digital and supports GE’s Digital business, including GE’s Predix platform and internet-connected products and predictive analytics solutions.  He served as GE’s Chief Privacy Officer from Previously, he was Vice President of Privacy and Security Legal and Chief Privacy Officer at Oracle Corporation. Patrick Ford, Chief Information Security Officer, Americas Region, Schneider Electric. Mr. Ford is the Chief Information Security Officer for the Americas Region at Schneider Electric. Previously, he was the Senior Principle Advisor at Protiviti. He served as the Vice President, Corporate Security at Aetna, Inc. and was the Senior Director of Global Security for the Americas Region for Pfizer, Inc. He also was a Supervisory Special Agent at the Federal Bureau of Investigation from Sayoko Blodgett-Ford, CIPP/US, Member, GTC Law Group PC and Affiliates. Ms. Blodgett-Ford’s practice focuses on intellectual property strategy and transactions and data privacy and security law.  She has extensive expertise in due diligence in connection with technology M&A transactions. She is an Adjunct at the Boston College Law School and a Lecturer in Law at the University of Hawai’i law school.  She previously served as General Counsel of Tetris Online, Inc. and as Senior Manager of the Intellectual Property Group at Nintendo of America Inc. in Redmond, Washington.

4 DATA PRIVACY & SECURITY
TEAM Mirjam Supponen

5 REFERENCE MATERIALS - AVAILABLE ON GTC SITE Harvard Club WIFI Password = veritas415
PLUS THE “INTENTIONALLY INCOMPLETE” X CORP DOCUMENT PASSWORD “GTC1”

6 SCHEDULE (subject to adjustment)
8:45 – 9am TEAM INTRODUCTIONS (Team Leaders) 9am OPENING REMARKS (Sayoko) 9:15am – 10:30am  Overview (Rocco) Simulation Days 1-4 (Panelists + Teams) During the simulation, we will have several 5-10 minute break out intervals for Team discussion of particular questions facilitated by Team Leaders, followed by Group discussion led by the panel. 10:30am – 10:40am  BREAK 10:40am – 11:30am  Simulation Days 5+ (same format as Days 1-4) Conclusion/Takeaways (Rocco) 11:30am – noon  Wrap Up and Review of “better” Incident Response Plan (Sayoko)

7 FORMAT FOR DATA BREACH SIMULATION EXERCISE
Simulates Days 1-6+ of a response to a cybersecurity incident at Serious Financial. Simulation will be a combination of guidance/comments from the Panelists as well as Team discussions and Group discussions. We will have four breakouts (5-10 minutes) for Team discussions. Most of the questions are designed to not have one right answer – goal is to consider pros and cons of different options – and encourage effective collaboration and communication with a cross-functional team. Team Leaders to report back to Group during Group Discussion and keep notes of key takeaways to share with group. OK to use intentionally incomplete Incident Response plan to take notes on what makes the most sense for your particular organization. We will review a “better” Incident Response Plan after the simulation and consider how helpful it would have been during the simulation. Simulation participants are encouraged to make notes on their copy and download the Word version from the GTC website (it will be made available after the simulation) and consider whether it is relevant to their organization.

8 REVIEW “BAD” INCIDENT RESPONSE PLAN
A parade of horribles. What was wrong with the incident response plan?

9   What’s in a Name? The name of the company on this document is X Corp but our company name is Serious Financial. This is not a typo. X Corp acquired Serious Financial over a decade ago and no one ever updated this document to reflect the new company name after the acquisition. Serious Financial later divested the “X Corp” brand name and domain name xcorp.com to another company, who is now a customer of Serious Financial. Do Titles Matter? This is not labeled as an “Incident Response Plan”. Instead, it has a section at the end called “Reporting Problems.” Unless someone is very familiar with the document they probably would not even know to look at this document in the event of an incident, and many employees will not even have a copy as it is just given to them in a large packet on hire but most people file that somewhere and forget it. Process? The document does not have any process details. Everything old is new again? The not been updated recently -- it references Y2K and dial up modems. First contact? The only contact information is at the bottom of the document and it is for Shana Angelosa in IT. No legal contact. No backups. Shana left the company several years ago and now works at a competitor for Serious Financial. Her cell number is the same though. If anyone calls her cell number and leaves a voice mail, they will have just disclosed a highly confidential incident to a competitor. And if they her address, it will go to the general IT department at our customer, who likely will route it to our customer’s legal department. So, both a competitor and a customer may learn of a breach before key people at Serious Financial. TAKEAWAY – HAVE AN UPDATED INCIDENT RESPONSE PLAN WITH THE PROPER TITLE, PROCESS INFORMATION, MULTIPLE CONTACTS AND BACKUPS AND KEEP IT UP TO DATE.

10 Thank You

Download ppt "DATA BREACH SIMULATION TRAINING WELCOME"

Similar presentations

Welcome to Awras Consultancy Ltd. Portfolio Awras Consultancy Ltd. Portfolio www.awras.ly.

Welcome to Awras Consultancy Ltd. Portfolio Awras Consultancy Ltd. Portfolio
Value Financial Mortgage Services, Inc (C) 2012, Limited Time Offer Expiring November 15th, 2012 1.

Value Financial Mortgage Services, Inc (C) 2012, Limited Time Offer Expiring November 15th,
© 2014 Microsoft Corporation. All rights reserved.

© 2014 Microsoft Corporation. All rights reserved.
Wolf, Greenfield & Sacks, P.C. | 600 Atlantic Avenue | Boston, Massachusetts 02210 | 617.646.8000 | 617.646.8646 fax | wolfgreenfield.com Communicating.

Wolf, Greenfield & Sacks, P.C. | 600 Atlantic Avenue | Boston, Massachusetts | | fax | wolfgreenfield.com Communicating.
FERPA: Protect our Students by Protecting their Records Prepared by Rebekah D. Mathis-Stump, JD.

FERPA: Protect our Students by Protecting their Records Prepared by Rebekah D. Mathis-Stump, JD.
General Counsel Online How Technology is Reshaping the Corporate Law Office Corporate Counsel Technology Institute Widener University School of Law Name:George.

General Counsel Online How Technology is Reshaping the Corporate Law Office Corporate Counsel Technology Institute Widener University School of Law Name:George.
An Educational Computer Based Training Program CBTCBT.

An Educational Computer Based Training Program CBTCBT.
Webcast Guidelines The audience is in listen-only mode. Please e-mail questions via the Q&A panel box. Select audience questions will be answered during.

Webcast Guidelines The audience is in listen-only mode. Please questions via the Q&A panel box. Select audience questions will be answered during.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
ITI 2014 Presenter Orientation. Mission: Dorchester School District Two leading the way, every student, every day through relationships, rigor and relevance.

ITI 2014 Presenter Orientation. Mission: Dorchester School District Two leading the way, every student, every day through relationships, rigor and relevance.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
FERPA Family Educational Rights and Privacy Act A Tutorial.

FERPA Family Educational Rights and Privacy Act A Tutorial.
Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.
Project Kickoff Meeting May 29, 2013 1 Transforming the Way Government Builds Solutions.

Project Kickoff Meeting May 29, Transforming the Way Government Builds Solutions.
Advancing Government through Collaboration, Education and Action Human Capital SIG February 14, 2013 Gamification in Federal Training Programs.

Advancing Government through Collaboration, Education and Action Human Capital SIG February 14, 2013 Gamification in Federal Training Programs.
Peter A. Sokoloff & Co. Specializing in Mergers and Acquisitions of Security and Telecommunications Companies. Peter A. Sokoloff & Co. 550 North Brand.

Peter A. Sokoloff & Co. Specializing in Mergers and Acquisitions of Security and Telecommunications Companies. Peter A. Sokoloff & Co. 550 North Brand.
Ticket to Work Virtual Job Fair Webinar Series for Service Providers.

Ticket to Work Virtual Job Fair Webinar Series for Service Providers.
Cyber Security ⃝ Managing risk is at the forefront of every financial professional’s mind. CFMA Southern Ontario invites you to join in the discussion.

Cyber Security ⃝ Managing risk is at the forefront of every financial professional’s mind. CFMA Southern Ontario invites you to join in the discussion.
Nicholas Kostopulos- Career Highlights And Achievements.

Nicholas Kostopulos- Career Highlights And Achievements.
Welcome to the 2015 Northeast Regional Meeting. Welcome to the Primerus Northeast Regional Meeting  Special thanks to Primerus members Ganfer & Shore,

Welcome to the 2015 Northeast Regional Meeting. Welcome to the Primerus Northeast Regional Meeting  Special thanks to Primerus members Ganfer & Shore,

Similar presentations

Ads by Google