Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing a Data Breach Prevention-Detection-Mitigation

Published byAlbert Chester Ball Modified over 5 years ago

Similar presentations

Presentation on theme: "Managing a Data Breach Prevention-Detection-Mitigation"— Presentation transcript:

1 Managing a Data Breach Prevention-Detection-Mitigation
By Gerard Joyce Dun Laoghaire Dec 13th 2017

2 Robert Mueller FBI Director
There are two types of organisations; those that have been hacked and those that are going to be hacked. Robert Mueller FBI Director

3 Overview Who We Are and What We Do What is a ‘Data Breach’? Prevention
- Exercise 1 Detection - Exercise 2 Mitigation - Exercise 3 To Do List

4 Who We Are and What We Do Experienced Risk & Compliance Professionals
Members of IRM, ACOI, ACCA, ISI... Involved in the Development of Standards We make a Governance, Risk & Compliance Solution called CalQRisk CalQRisk is used by 150+ regulated firms Including Brokers, Financial Advisors, Fund Management Companies, Fund Administrators, Credit Unions, Solicitors, Hotels, Charities and Local Authorities

5 What is a ‘Data Breach’? Data that you are ‘controlling’ is accessed / viewed / altered by unauthorised persons. Data could be: Personal Identifiable Information (PII) Trade Secrets / Business Processes Intellectual Property Cause of Breach Could be intentional, criminal Could be accidental

6 July : The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. They also stole credit card numbers for about 209,000 people. And they grabbed personal information of people in the UK and Canada too.

7 Cyber Security firm FireEye say the global median time it takes to discover breaches is 99 days. (2016 data - down from 146 days in M-Trends 2017, a view from the front lines, p.47) The Equifax breach wasn’t discovered for 141 days.

8 In December 2013 over 40 million credit cards were stolen from nearly 2000 Target stores by accessing data on point of sale (POS) systems. Target later revised that number to include private data for 70 million customers.

9 Risk Assessment Data Breach Prevention Detection Mitigation
Documented Policy Unauthorised Access Incident Response Data Breach Prevention Detection Mitigation

10 Exercise 1 What are the threats and what can you do to prevent them?
Think Who? How? What?

11 Exercise 1 Who? Hackers and Hacktivists Disgruntled Employees
Careless Employees Criminal Organisations Aggressive Competitors Hostile Nation States

12 Exercise 1 How? (What vulnerabilities will they exploit?)
Unwitting Employees / Social Engineering Unpatched Flaws in Systems Less Secure Service Providers Insecure Cloud Storage Mobile Devices

13 Exercise 1 What? (What is of interest?) What are your ‘Crown Jewels’?
Personal Data Customer Data Money Trade Secrets / Intellectual Property

14 Risk Controls – Data Breach
Swiss Cheese Model Policy Unauthorised Access Procedures Code of Practice Training & Education Employee - Intentional Data Breach Checks Intrusion Prevention Employee - Unintentional Anti-Virus Software Strong Access Control IT Glitch Encryption Data Classification

15 Why Detection is Important
Fines imposed will be proportional to the ‘Dwell Time’ The longer the theft is going on the more data gets stolen The quicker a breach is detected the quicker action can be taken to mitigate the impact.

16 Exercise 2 How would you know you have a breach? Think
Who would recognise it first? (You, Your Customer…) What the signs might be Service Delivery - How might that be affected?

17 Exercise 2 How would you know you have a breach? Customers Tell You
Service is Disrupted Unusual Traffic on your Network Credit Card Company Calls Data is Corrupted Your Intellectual Property appears “online”

18 Risk Controls – Data Breach
Policy Monitor Feedback Unauthorised Access Procedures Measure Service Training & Education Monitor Network Traffic Employee - Intentional Checks Data Breach Intrusion Prevention Employee - Unintentional Anti-Virus Software Maintain Good Comms Strong Access Control IT Glitch Monitor Data Integrity Encryption Monitor Press / SocMed Data Classification

19 Mitigation – Be Ready to Respond
Incident Response Plan More about this in a moment Before the Incident occurs Restrict ‘lateral movement’ in the Network (IT) Identify an individual to take charge Identify partners (3rd Party) that you might need Legal counsel ● Public Relations IT Forensics After the Incident – Review your policies and procedures

20 Exercise 3 What should be in an Incident Response Plan? Think
Who do you call? What do you do, in what order? Who does what?

21 Data Breach Almost 157,000 TalkTalk customers had their personal details hacked. When the cyber-attack was revealed, TalkTalk said it did not know how many customers were affected, raising concerns that hundreds of thousands of customers could be at risk. The company was criticised for its lack of information and for failing to take precautions after being hacked twice before this year. Two teenage boys arrested 

22 Response Plan Incident Lead, Incident Team
Individual Roles and Responsibilities Contact List of People that might need to be involved Protocols During a Breach How to assess scope of breach How to Collect Evidence How to stop the Data Loss Forms to Record Details / Action Communications (Internal, Customers, DPC, Press) Review – Learn from Incidents / Exercises

23 Notification (Art 33) Describe nature of the personal data breach
Number of subjects concerned Categories and numbers of records Communicate name of the DPO / contact Describe likely consequences of breach Describe means taken / proposed to be taken to address Including mitigation of ‘side-effects’ Can provide information in phases Document breach and action taken.

24 Communication (Art 34) Where there is high risk to data subject, communicate to data subject without delay. Clear and plain language Nature of the breach Contact details for DPO / contact Likely consequences Measures taken Not required if Technical measures make info unintelligible Disproportionate. Can be a public communication

25 Risk Controls – Data Breach
Policy Monitor Feedback Response Plan Unauthorised Access Procedures Measure Service Privacy Impact Training & Education Monitor Network Traffic Notification Plan Employee - Intentional Checks Data Breach Intrusion Prevention Communications Plan Employee - Unintentional Anti-Virus Software Maintain Good Comms Collect Evidence Strong Access Control IT Glitch Monitor Data Integrity Review Controls Encryption Monitor Press / SocMed Document Action Data Classification

26 To Do List Assign management responsibilities
Identify all assets that need protection Conduct an impact assessment Review access rights incl. privilege access rights Review update/patching policy Review if malware detection up-to-date Policy & procedures for continuous monitoring of network Consider implementing intrusion detection tools Procedure for reporting ‘events’ Response Plan

27 Thank You

Download ppt "Managing a Data Breach Prevention-Detection-Mitigation"

Similar presentations

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.

SMARTER. TOGETHER. Skimming Prevention: Overview of Best Practices August 5, 2014.
Network security policy: best practices

Network security policy: best practices
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Introduction.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Friday, October 23, 2015. Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

Similar presentations

Ads by Google