SEM02P-Preventing a Lawsuit by Preparing for a Breach (separate registration required) (236905937)

8/11/2019 SEM02P-Preventing a Lawsuit by Preparing for a Breach (separate registration required) (236905937)

http://slidepdf.com/reader/full/sem02p-preventing-a-lawsuit-by-preparing-for-a-breach-separate-registration 1/96

Security Professionals Conference 2014

SEM02P:PREVENTING A LAWSUIT

BY PREPARING FOR ABREACH

!"#$ &'"&()"*+,-"( ./01*$'2 340/* 5 6($7/*8$'2 ") 9,:,$ ‘ $

;"#$<=,:,$$>/#1 5 ?@A@B CDEFGHAA

!,8"( IJ$2,+,&()"*+,-"( ./01*$'2 .K/0$,L$8' 5 M,K$ ‘ "L,($ N"++1($'2 N"LL/O/,J$2,+,;<=,:,$$>/#1 5 ?@A@B PQHFC@RG

General Copyright Statement

S=$8 K*/8/(',-"( L/,7/8 '=/ 0"K2*$O=' ")'=/ 0"('/(' '" '=/ K*/8/('/*8> 6(L/88

"'=/*:$8/ ("'/# $( '=/ +,'/*$,L8T1KL",#/# 0"('/(' 0,**$/8 '=/ N*/,-7/N"++"(8 IU*$V1-"(FW"(N"++/*0$,LF.=,*/IL$J/ L$0/(8/T :=$0= O*,('8 18,O/

'" '=/ O/(/*,L K1VL$0 :$'= 8-K1L,'/#0*$'/*$,>

Session Outline

• X,0JO*"1(# – 6($7/*8$'2 ") 9,:,$ ‘ $ .28'/+

– 9,:,$ ‘ $ X*/,0= W"-Y0,-"( Z,: ?#/Y($-"(8B

• X*/,0=/8

• NL,88 I0-"( Z,:81$'

• &(8-'1-"(,L [/8K"(8/ ?.28'/+\N,+K18B – ./01*$'2 ]"8'1*/ I88/88+/(' – &()"*+,-"( ./01*$'2 ]*"O*,+

– I N,+K18^8 [/+/#$,-"(_ M,K$ ‘ "L,($ NN

Agenda - continued

• ]L,( )"* , X*/,0= ` Z,:81$' – &#/(-)2 M/2 ]L,2/*8 ` a/0$8$"( b,J/*8

– 6(#/*8',(#$(O '=/ c]L,$(-de

– &()"*+,-"( ./01*$'2 ]*"O*,+

– &(0$#/(' [/8K"(8/ ]L,(

– X*/,0= [/8K"(8/ ` W"-Y0,-"( ]L,(

– N"++1($0,-"(8 ]L,(

University of Hawaii System

• RA 0,+K18/8

• 3(/ [/8/,*0= 6($7/*8$'2 – bf(", ?g,O8=$K 0,+K18B

– GATAAA 8'1#/('8• S:" X,00,L,1*/,'/

6($7/*8$-/8 – 69 h/8' 3,=1_ GQAA

– 69 9$L"_ HAAA

• ./7/( N"++1($'2N"LL/O/8 – 9,:,$ ‘ $ NN_ QHAA

– 9"("L1L1 NN_ HQAA – M,K$‘ "L,($ NN_ @QAA

– M,1,$ NN_ RDAA – Z//:,*# NN_ PCAA

– b,1$ N"LL/O/_ HAAA

– h$(#:,*# NN_ GPAA

Information Technology Services

• .28'/+ 340/

• [/K"*' '" '=/ i$0/ ]*/8$#/(' ") &()"*+,-"(S/0=("L"O2 ` N=$/) &()"*+,-"( 340/*

REQ )1LL -+/ 8',d• RR@ 8'1#/(' /+KL"2//8

• H O*"1K8_ – S/0=("L"O2 &()*,8'*10'1*/

I0,#/+$0 S/0=("L"O$/8 – b,(,O/+/(' &()"*+,-"( .28'/+8

– I#+$($8'*,-7/ j*"1K

• &.3 #$*/0' */K"*' '" i] &S ` N&3

ITS Responsibilities

• .28'/+F:$#/ $()"*+,-"( 828'/+8 `8/*7$0/8 – .'1#/(' $()"*+,-"( 828'/+ – ]/*8"((/L 828'/+ – k$(,(0$,L 828'/+ – a,', :,*/="18/ \ "K/*,-"(,L #,', 8'"*/ – Z/,*($(O +,(,O/+/(' 828'/+ – l+,$LT :/VT $#/(-'2 +,(,O/+/('\#$*/0'"*2 8/*7$0/8T

0"('*,0' 8/*7$0/8T =/LK #/8JT #/8J'"K 81KK"*'T K="(/T8$'/ L$0/(8$(O

• W/':"*J &()*,8'*10'1*/• &()"*+,-"( ./01*$'2

Characteristics & Complexities

• l,0= 0,+K18\#/K,*'+/('\1($' $8 c1($m1/e

• 9$O=L2 #/0/('*,L$n/# – N,+K18/8\#/K,*'+/('8 8/' 1K '=/$* ":( 8/*7/*8 ,(#

8/*7$0/8

– N,( */m1/8' 18/ ") $(8-'1-"(,L #,',

• W" c,1'="*$'2e "7/* 0,+K18/8

• X1' #" +,(,O/ ` +,$(',$( '=/ 828'/+F:$#/ 8/*7$0/8 ,(# (/':"*J $()*,8'*10'1*/

HAWAI !I STATE LAWS

Hawai !i Revised Statutes 487-N

• a/Y($-"( ") ]/*8"(,L &()"*+,-"(_

&(#$7$#1,L^8 Y*8' (,+/ "* Y*8' $($-,L ,(# L,8'(,+/ $( 0"+V$(,-"( :$'= ,(2 "(/ "* +"*/") '=/ )"LL":$(O #,', /L/+/('8T :=/( /$'=/*'=/ (,+/ "* '=/ #,', /L/+/('8 ,*/ ("'/(0*2K'/#_ – ."0$,L ./01*$'2 W1+V/*o

– a*$7/*^8 L$0/(8/ (1+V/* "* 9,:,$ ‘ $ &#/(-Y0,-"( W1+V/*o – I00"1(' (1+V/*T 0*/#$' "* #/V$' 0,*# (1+V/*T ,00/88

0"#/T "* K,88:"*# '=,' :"1L# K/*+$' ,00/88 '" ,($(#$7$#1,L^8 Y(,(0$,L ,00"1('o

HRS Definition of “Breach”

c./01*$'2 V*/,0=e +/,(8 ,( $(0$#/(' ") 1(,1'="*$n/#,00/88 '" ,(# ,0m1$8$-"( ") 1(/(0*2K'/# "*1(*/#,0'/# */0"*#8 "* #,', 0"(',$($(O K/*8"(,L

$()"*+,-"( :=/*/ $LL/O,L 18/ ") '=/ K/*8"(,L$()"*+,-"( =,8 "001**/#T "* $8 */,8"(,VL2 L$J/L2 '""001* ,(# '=,' 0*/,'/8 , *$8J ") =,*+ '" , K/*8"(>I(2 $(0$#/(' ") 1(,1'="*$n/# ,00/88 '" ,(#

,0m1$8$-"( ") /(0*2K'/# */0"*#8 "* #,', 0"(',$($(OK/*8"(,L $()"*+,-"( ,L"(O :$'= '=/ 0"(Y#/(-,LK*"0/88 "* J/2 0"(8-'1'/8 , 8/01*$'2 V*/,0=>

HRS Reporting Requirements

• ]*"7$#/ ("-0/ '" ,d/0'/# $(#$7$#1,L8 – a/80*$K-"( ") $(0$#/('

– S2K/ ") K/*8"(,L $()"*+,-"( $(7"L7/#

– [/+/#$,-"( ,(# K*/7/(-7/ ,0-"(8 ',J/( – N"(',0' K="(/ (1+V/* )"* ,##$-"(,L $()"*+,-"(

– I#7$0/ '" ,d/0'/# $(#$7$#1,L

• h*$U/( */K"*' '" 8','/ L/O$8L,'1*/ :$'=$(':/('2 #,28 ,p/* #$80"7/*2 ") 8/01*$'2V*/,0=

Other Hawai !i State Reporting

Requirements• b,(#,'"*2 [/K"*-(O ") ILL &()"*+,-"(

.28'/+8 :$'= ./(8$-7/ &()"*+,-"(

• [/K"*' ,LL 828'/+8 0"(',$($(O 8/(8$-7/$()"*+,-"( ,(# 1K#,'/ '=/ $()"*+,-"( ,'L/,8' ,((1,LL2

UH Information Security Policy

• .28'/+F:$#/ /q/01-7/ K"L$02• lG>GRH_ ./01*$'2 ` ]*"'/0-"( ") ./(8$-7/

&()"*+,-"(

• ]*"+1LO,'/# $( GAAP

• a/Y($-"( ` /q,+KL/8 ") 8/(8$-7/ $()"*+,-"(

• a,', 0,'/O"*$n,-"(_ K1VL$0 ` 8/(8$-7/

• ["L/8 ` [/8K"(8$V$L$-/8• k*,+/:"*J )"* 18/ ` K*"'/0-"( ") 8/(8$-7/

$()"*+,-"(

Also in UH Policy…

• N=,(0/LL"*8 ,(# i$0/ ]*/8$#/('8 ,*/*/8K"(8$VL/ )"* /L$+$(,-(O ,LL1((/0/88,*2 8'"*,O/ ") K/*8"(,L$()"*+,-"(

• IL8" */8K"(8$VL/ )"* $+KL/+/(-(O,KK*"K*$,'/ 8/01*$'2 +/,81*/8 )"*

828'/+8 1(#/* '=/$* K1*7$/: '=,' +18'*/',$( 8/(8$-7/ $()"*+,-"( )"* /88/(-,L6($7/*8$'2 "K/*,-"(8

THE BREACHES

Breach #1: April 2009Kapi !olani CC – 15,000 affected

• &S 8',d :,8 ("-Y/# '=,' , 0"+K1'/* :,8V/=,7$(O 8'*,(O/L2

• N"+K1'/* 18/# '" K*"0/88 Y(,(0$,L ,$#

,KKL$0,('8 $(K1r(O 8'1#/('^8 K/*8"(,L$()"*+,-"( $('" '=/ 6. a/K'> ") l#10,-"(^8Y(,(0$,L ,$# :/V8$'/

• N"+K1'/* ,L8" ,00/88/# , #/K,*'+/(',L

YL/8/*7/* '=,' 8'"*/# K/*8"(,L $()"*+,-"(• k"1(# +,L:,*/ :$'= , 8$O(,'1*/ '" c8'/,L 18/*s88/(8$-7/ #,', ,(# 0"++1($0,'/ :$'= 8K/0$Y/#$('/*(/' :/V8$'/8e

Breach #2: March 2010

Honolulu CC – 35 affected• N"+K*"+$8/# 0"+K1'/* 0"(',$(/# 0*/#$'

0,*# (1+V/* )"* 8'1#/('8 /(*"LL/# $(g$O=' '*,$($(O 0"1*8/

• .'"*,O/ ") 0*/#$' 0,*#8 :,8 1(,1'="*$n/#,(# $( 7$"L,-"( ") 69 K"L$02

Breach #3: July 2010

noa – 53,000 affected• ./*7/* :$'= 8/(8$-7/ $()"*+,-"( :,80"+K*"+$8/#

• a,',V,8/ 0"(',$(/# K/*8"(,L$()"*+,-"(T ..W8 "* 0*/#$' 0,*#$()"*+,-"( )"* ,(2"(/ :=" #$# V18$(/88:$'= '=/ ],*J$(O 340/ V/'://( RCC@

,(# !1(/ GAAC

July 2010: Executive Directive

• 69 ]*/8$#/(' $881/# ,( lq/01-7/ a$*/0-7/'" 69 ./($"* Z/,#/*8=$K ?i]8 ` N=,(0/LL"*8B

• Q*# J(":( V*/,0= 8$(0/ /(,0'+/(' ")

$#/(-'2 '=/p L,:• a$*/0'/# /7/*2 /q/01-7/ '" +,J/ $' , K*$"*$'2

'" K*"'/0' 8/(8$-7/ $()"*+,-"( V/0,18/ ")'=/ =$O=L2 #/0/('*,L$n/# "*O,($n,-"(

• b18' #/8$O(,'/ , 8$(OL/ $(#$7$#1,L '" "7/*8//1($'^8 $()"*+,-"( K*"'/0-"( ,(#0"+KL$,(0/ K*"O*,+

Executive Directive – cont.

• a$*/0'/# '=/ #/8$O(,'/# 0,+K18/q/01-7/ '" /(81*/ )1LL 0"+KL$,(0/ '"_

– [/K"*' ]& 828'/+8 ?K/* 8','/ L,:B– ]1*O/ 1((/0/88,*2 ..W8o /(81*/ 0*/#$' 0,*#

K*"0/88$(O $( 0"+KL$,(0/ :$'= 69 K"L$02– [/7$/: ,(# 8'*/(O'=/( $('/*(,L 0"('*"L8 ,*"1(#

=,(#L$(O ") 8/(8$-7/ $()"*+,-"(

Breach #4: October 2010

UH West Oahu – 40,000 affected• 6($7/*8$'2 ("-Y/# V2 I,*"( S$'18T ]*$7,02

a$*/0'"* ") '=/ Z$V/*'2 N",L$-"(T , ("(FK*"Y' O*"1K V,8/# $( h,8=$(O'"( a>N>

• k$L/8 :/*/ #$80"7/*/# 18$(O , j""OL/ 8$'/8/,*0=

• k$L/8 :/*/ 1KL",#/# '" , 69h3 ),01L'2

:/V 8/*7/* $( a/0/+V/* GAAC V2 , ),01L'2+/+V/* :=" V/L$/7/# '=/ 8/*7/* :,88/01*/#

Google Search Results

http://www.staradvertiser.com/news/breaking/108760734.html

http://www.staradvertiser.com/news/20101118_Data_breaches_earn_UH_an_F.html

“The purpose of this Act is to strengthen the safeguards forsecurity breaches of personal information held by governmentagencies.”

Class Action Lawsuit

Complaint“Seeks an injunction: (a) forbidding UH from violatingthe constitutional rights of its students, faculty andguests, as protected by the right to privacy of the

United States and Hawaii Constitutions by theunauthorized released of private information,including but not limited to SSN and (b) mandatingthat the University of Hawaii take appropriatemeasures to ensure the protection of privateinformation within its possession.”

Class Action Lawsuit – cont.

“Seeks monetary damages to compensate classmembers for expenses including but not limited toenrollment in credit reporting monitoring

program(s), time spent in monitoring credit reports,credit card and bank statements, and identity theftinsurance.”

Lawsuit Progression &

Timeline• !1(/ GARR_ l()"*0/ L$-O,-"( ="L# "( ,LL$(7"L7/# /+,$L8 ?$( K*"0/88_ +$O*,-"( '"j""OL/B

• !1(/ GARR_ 69 YL/# +"-"( '" #$8+$88• !1L2 GARR_ 3(/ +"*/ V*/,0= t '=/p ")

K,K/* #"01+/('8 0"(',$($(O 0*/#$' 0,*#(1+V/*8 t GDAA ,d/0'/#

• !1L2\I1O GARR_ N"+K$L$(O L$8' ") IZZ,d/0'/# $(#$7$#1,L8 ?/8'> "7/* @AA +,(="1*8 t Q ://J8T @u K/"KL/B

Compiling List of AffectedIndividuals

• .',*'/# :$'= CPTAAAu $(#$7$#1,L */0"*#8

• i/*2 K*"VL/+,-0 t #$# ("' =,7/ /("1O=$()"*+,-"( '" 1($m1/L2 $#/(-)2 $(#$7$#1,L8

• l,*L2 V*/,0=/8 F K1*O/# 8/(8$-7/ #,', /L/+/('8• 9,# '" ,U/+K' '" */0*/,'/ #,', )*"+ +1L-KL/ #,',

8"1*0/8

• [/m1$*/# +,(1,L 7$81,L $(8K/0-"( ") v/,0=v

*/0"*# '" 0"**/0' $()"*+,-"( ,(# */+"7/#1KL$0,'/8

• l(#/# 1K :$'= CATAAAu /L$O$VL/ )"* 0*/#$'+"($'"*$(O

Timeline – cont.

• !,(> GARG_ h"*J$(O "( '/(',-7/ 8/UL/+/('

• !,(> GARG_ b"-"( )"* ]*/L$+$(,*2 IKK*"7,L") ./UL/+/('

• k/V> RT GARG_ N"1*' =/,*$(O "( b"-"( )"*]*/L$+$(,*2 IKK*"7,L

• k/V> RDT GARG_ N*/#$' +"($'"*$(O 8/*7$0/V/O$(8 +,$L$(O "1' ("-0/8 '" 8$O( 1K )"*8/*7$0/8o 8/*7$0/8 :"1L# V/O$( IkSl[ Y(,L0"1*' ,KK*"7,L

FINALLY SETTLED!

• b,*0= RT GARG_ ]1VL$0 ("-Y0,-"(_ ;"$('K*/88 */L/,8/T /+,$L VL,8' '" ,LL 69),01L'2\8',d\8'1#/('8T IL1+($I88"0$,-"(T K"8'8 "( 0,+K18 :/V 8$'/8T(/:8K,K/*8

• !"# %&' %(&%) *+,"- .//012"- 30",456

7,1 "//5"-8 0595+256:• G 2/,*8 ") 0"(-(1"18 0*/#$' +"($'"*$(O

` &a S=/p N"(81L',-"( ,(# [/8'"*,-"(

Lawsuit Lessons Learned

• I881+/ '=,' 0*/#$' +"($'"*$(O :$LL V/*/m1$*/#

• l(81*/ */0"*#8 0,( V/ 0*"88F:,LJ/# V,0J'" , 1($m1/ $(#$7$#1,L

• k"* 0*/#$' +"($'"*$(O */O$8'*,-"(K*"0/88T =,7/ ,( c/q0/K-"(e K*"0/#1*/

$( KL,0/ ?*/8"L1-"( )"* '="8/ '=,' '=$(J'=/2 ,*/ /L$O$VL/ ` #/+,(# '" V/*/O$8'/*/#B

Plaintiff’s Motivation?

;<=>?==<@A)

"#$ %& '(&')( '*+,*( - )-.,*/01

Evaluation of Cause of

Breaches• l,0= V*/,0= "001**/# +, 2+1-"B1, 1C ?D

/1-+9#• N"+K1'/*\8/*7/* 3. "* ,KKL$0,-"(8 ("'

+,$(',$(/#• ./(8$-7/ #,', ("' =,(#L/# $(

,00"*#,(0/ :$'= 69 K"L$02

• W" #,', */'/(-"( 80=/#1L/• c.0"K/F0*//Ke )"* 18,O/ ") #,',o #,',

J/K' )"* cK"88$VL/e */F18/ L,'/*

Information Security

Landscape in 2010• ]*/L$+$(,*2 ,(,L28/8 ") $(0$#/('8_

– h/,J #/8J'"K 0"+K1'/* 8/01*$'2 K*,0-0/8 – &(8/01*/ "K/*,-"(,L K*,0-0/8

&()"*+,-"( */',$(/# L"(O/* '=,( (//#/# – N,(("' $#/(-)2 :=" =,8 ,00/88 "* K"88/88$"( ") 69 8/(8$-7/

$()"*+,-"( ?$(0L1#$(O '*,0J$(O &[X */m1/8'8B

– ./*7/*8_ b$818/# "* ("' +,(,O/# ,KK*"K*$,'/L2

– 69 K"L$02 ("' )"LL":/# "* /q$8'/(0/ 1(J(":(

• l(# ") GARA_ */',$(/# /q'/*(,L 0"(81L',(' '"K/*)"*+ ,( $()"*+,-"( 8/01*$'2 K"8'1*/,88/88+/('

Need to Address

• 3L#T 1(18/#T 1((//#/# */K"8$'"*$/8 ")8/(8$-7/ $()"*+,-"(

• 6(+,(,O/#T 1(+,$(',$(/# 8/*7/*8

• ]/*+$88$"( '" 18/ $(8-'1-"(,L 8/(8$-7/$()"*+,-"( ?":(/*8=$K ,(# ,1'="*$'2B

• Z,0J ") ,:,*/(/88 ") K"L$0$/8

Already In Place:

• ]=,8/# "1' 18/ ") ..W8 ,8 K*$+,*2 $#/(-Y/*8

• &#/(-Y/# 0,+K18 L/,#/*8=$K )"* K*"'/0-"( ")8/(8$-7/ $()"*+,-"(

• &#/(-Y/# '/0=($0,L L/,#8 )"* K*"'/0-"( ")8/(8$-7/ $()"*+,-"(

• &(8-'1'/# +,(#,'"*2 */K"*-(O ") */K"8$'"*$/8") 8/(8$-7/ $()"*+,-"(

Ongoing Efforts

• I0m1$8$-"( ") &#/(-'2 k$(#/* )"*80,(($(O )"* 8/(8$-7/ $()"*+,-"(

• .',*'/# a,', j"7/*(,(0/ $($-,-7/• &( 0"(',0' :$'= c)1(0-"(,Le O*"1K8 ?]3T

k3T I3T +,(,O/*$,L\/q/01-7/ '/,+8T0,+K18 O*"1K8T /'0>B

Consultant: Scope of WorkcS=/ 6($7/*8$'2 ") 9,:,$$ ?69B $8 0"++$U/# '"$+KL/+/(-(O , 828'/+:$#/ $()"*+,-"( 8/01*$'2K*"O*,+ '" */KL,0/ '=/ 01**/(' #/0/('*,L$n/#,KK*",0=> S=$8 K*"O*,+ +18' L/7/*,O/ V/8' K*,0-0/8'" +,q$+$n/ $()"*+,-"( 8/01*$'2 :=$L/ 0"(-(1$(O '"81KK"*' '=/ K*$(0$KL/8 ") ,0,#/+$0 )*//#"+ ,(#"K/((/88 0/('*,L '" , 1($7/*8$'2s8 01L'1*/ ,(# +$88$"(>69 V/L$/7/8 $' /88/(-,L '" V/O$( :$'= ,( $+K,*-,L/qK/*' ,88/88+/(' '" #/7/L"K , KL,( )"* , ="L$8-0828'/+:$#/ ,KK*",0=> S=$8 ,88/88+/(' :$LL ,88/8801**/(' K"L$0$/8T 01**/(' K*,0-0/8 ,(# 01**/(' 0,+K18,:,*/(/88 ,8 '=/ V,8$8 ") */0"++/(#,-"(8 )"*$+K*"7/+/('8 $( 8/01*$'2 K"L$0$/8T K*,0-0/8 ,(#/#10,-"(>e

Services Provided:• [/7$/: /q$8-(O $('/*(,L ,(# /q'/*(,L

#"01+/(',-"( $(0L1#$(O */K"*'8T K"L$0$/8 ,(#L/O$8L,-"(

• &('/*7$/: J/2 8',J/="L#/*8

• &#/(-)2 '=/ +,;"* &S 8/01*$'2 $881/8 ),0/# V269 ,(# V/8' K*,0-0/8 )"* 8"L1-"(8

• ]*$"*$-n/ 8"L1-"(8 )"* $++/#$,'/ ,0-"(

• ]*"7$#/ */0"++/(#,-"(8 )"* =": 69 8="1L#$+KL/+/(' , 0"+K*/=/(8$7/ 828'/+:$#/,KK*",0= '" $()"*+,-"( 8/01*$'2

Summary of Findings:

• I 8$O($Y0,(' 1(#/*F$(7/8'+/(' $($()"*+,-"( 8/01*$'2 */8"1*0/8

• S*2$(O '" "K/*,-"(,LL2 +,(,O/$()"*+,-"( 8/01*$'2 ,8 , )1LL2 #/F0/('*,L$n/# ,0-7$'2

Overarching Recommendation

ca/7/L"K , K*"K/*L2 )1(#/#T8'*,'/O$0,LL2 "*$/('/#T 1($7/*8$'2F

:$#/ $()"*+,-"( 8/01*$'2 K*"O*,+'=,' $8 0/('*,LL2 +,(,O/# ,(#"K/*,'/8 $( 0"LL,V"*,-"( :$'= '=/+,(2 #/F0/('*,L$n/# 1($'8'=*"1O="1' '=/ 1($7/*8$'2>e

UH Information SecurityProgram

• S""J :=,' :/ ,*/ ,L*/,#2 #"$(O

• I##/# 0"(81L',('^8 8K/0$Y0 */0"++/(#,-"(8

• a/7/L"K 8'*,'/O$0 ,*/,8_ – a,', j"7/*(,(0/ ,(# 37/*8$O='

– &()"*+,-"( ./01*$'2 I1#$'8 ` [$8J I88/88+/('8

– &()"*+,-"( ./01*$'2 ]"L$0$/8 ` ]*"0/#1*/8

– &#/(-'2 b,(,O/+/(' ̀ I00/88 N"('*"L8

&()"*+,-"( ./01*$'2 S*,$($(O ,(# I:,*/(/88• =UK_\\:::>=,:,$$>/#1\$()"8/0\

$()"8/0K*"O*,+>='+L

Resulting Projects

• a,', j"7/*(,(0/ 8'*10'1*/ ` a,', .=,*$(O*/m1/8' K*"0/#1*/8 – =UK_\\:::>=,:,$$>/#1\,K$8\/K\/G\/GGRD>K#)

• ./*7/* */O$8'*,-"( ` 80,(($(O ?*,(#"+,1#$'8B – =UK_\\:::>=,:,$$>/#1\$'8\8/*7/*\*/O$8'*,-"(\

• W/':"*J 80,(8 )"* 8/*7/*8 ?+,K ,O,$(8'

*/O$8'/*/# 8/*7/*8B• [/7$/: ") K"L$0$/8

– =UK_\\:::>=,:,$$>/#1\$()"8/0\K"L$0$/8>='+L

Projects - continued

• I1'"+,'/# #/K*"7$8$"($(O 7$, $#/(-'2+,(,O/+/('

• l7,L1,-"( ` $+KL/+/(',-"( "),##$-"(,L (/':"*J 8/01*$'2'/0=("L"O$/8

• N"+KL$,(0/ ` [$8J I88/88+/('8 )"*

c=$O= *$8Je ,*/,

Awareness & Training

• b,(#,'"*2 $()"*+,-"( 8/01*$'2,:,*/(/88 '*,$($(O )"* 69 /+KL"2//8 :$'=,00/88 '" 8/(8$-7/ $()"*+,-"( ?V2

)1(0-"(B• N"(7/(/ c"1'*/,0= O*"1K8e_ ,KKL$0,-"(T

:/VT #,',V,8/ #/7/L"K/*8 '" $()"*+ '=/+") (/: K"L$0$/8\K*"0/#1*/8 ,(# 8"L$0$'

)//#V,0J "( 1K0"+$(O K*";/0'8• ]*"7$#/ 8K/0$Y0 '*,$($(O )"* ',*O/'/#

O*"1K8

Develop Project Plan &Priorities

• k1(#$(O_ i] &S ` N&3 :"*J/# :$'= lq/01-7/Z/,#/*8=$K ?]*/8\i]\N=,(0/LL"*8B '" ,88/88 /,0=0,+K18 t V1$L#$(O $( '" )1(#$(O +"#/L )"* "'=/*828'/+ $()"*+,-"( 828'/+8

• .',4(O_ ,##/# G ,##$-"(,L K"8$-"(8

• W//# &S. L/,#/*8=$K 81KK"*' )"* c8/01*$'2eK*";/0'8_ N*/,'/# &S. ./01*$'2 ]*"O*,+ Z/,#8

• I(2 K*";/0' (//#8 O*"1K ,KK*"7,L V/)"*/K*"0//#$(O

• ]*";/0'8 (//# '" V/ $(0L1#/# $( "7/*,LL &S.K*$"*$-/8 L$8'

Security @ the Campuses• .',*-(O '" +,J/ 8/01*$'2 , K*$"*$'2

• iN\a$*/0'"*\N&3 L/,#/*8=$K K"8$-"(8

• l,0= 0,+K18 =,8 , c8/01*$'2e L/,#

• kL,O8=$K 0,+K18_ N"LL/O/\a/K,*'+/('./01*$'2 Z/,#

• 9"("L1L1 NN $8 :"*J$(O "( 0,+K18 K"L$0$/8

!IX.3b ?.0=""L ") b/#$0$(/B• M,K$‘ "L,($ NN /8',VL$8=/# '=/$* ":( 0,+K18

$()"*+,-"( 8/01*$'2 L/,#

KAPI !OLANI COMMUNITYCOLLEGE

KCC Overview

• I7/*,O/ @DAA .'1#/(' K"K1L,-"(

• DAA k,01L'2 ,(# .',d

• 37/* RRAA 0"+K1'/*8 "( 0,+K18

Breaches

• IK*$L GAAC_ RDTAAA [/0"*#8

• !1L2 GARR_ GTDAA [/0"*#8

Our First Breach… Yeah3( IK*$L RDT , 0"+K1'/* '=,' =,# ,00/88 '" K/*8"(,L$()"*+,-"( ") Y(,(0$,L ,$# ,KKL$0,('8 :,8 )"1(# '" V/$()/0'/# :$'= , 8K/0$Y0 K$/0/ ") +,L:,*/ '=,' $8V/L$/7/# '" =,7/ '=/ 0,K,V$L$'2 '" 8'/,L 18/*w8 8/(8$-7/#,', ,(# 0"++1($0,'/ :$'= 8K/0$Y/# &('/*(/':/V8$'/8> h=$L/ '=/ $()/0'/# 0"+K1'/* #$# ("' $'8/L)8'"*/ ,(2 8/(8$-7/ $()"*+,-"(T $' :,8 "( , L"0,L(/':"*J :=/*/ 8/(8$-7/ $()"*+,-"( :,8 8'"*/# )"*Y(,(0$,L ,$# K*"0/88$(O> S=/ 0"+K1'/* :,8 */+"7/#)*"+ '=/ (/':"*J $++/#$,'/L2 ,(# , )"*/(8$0$(7/8-O,-"( $($-,'/#> S=/ $(7/8-O,-"( K*"7$#/# ("/7$#/(0/ '=,' ,(2 8/(8$-7/ $()"*+,-"( :,8 ,0'1,LL2,00/88/# V2 '=/ $()/0'/# 0"+K1'/*T 2/' $' ,L8" #$# ("'*1L/ "1' '=,' K"88$V$L$'2>

Aren’t Issues a Blast?

• N,+K18 W/':"*J

• N"+K1'/* +,(,O/+/(' $8 ("'

0/('*,L$n/#• k,01L'2 ,(# 8',d =,7/ I#+$( *$O='8

• W" Y*/:,LL 2/'

• 68/*8

Who Do You Call:IDENTITY FINDER!

• Q b"('=8 ") k,LL GARR

• .0,((/# G@A +,0=$(/8 ?$(0L1#$(O

8/*7/*8B• S,*O/'/# ,#+$($8'*,'"*8 ,(# 18/*8

'=,' +,2 V/ '"10=$(O ]/*8"(,LL2

&#/(-Y,VL/ &()"*+,-"( ?]&&B

Wait For It

• 37/* Q b$LL$"( ..W

• 37/* RTGAA N*/#$' N,*# W1+V/*8

• 37/* PAA a*$7/* Z$0/(8/

Help Desk Changes

• i$*18 ]*"0/#1*/8

• ]*/$(8',LL/# K*"O*,+8 V/)"*/ #/KL"2+/(' ")(/: +,0=$(/8

R> l*,8/*G> &#/(-'2 k$(#/*Q> S*1/N*2K'

H> b0I)//D> b,L:,*/X2'/8

IF USERS DON’TCHANGE…

I WILL CRY!

What to Drill into UsersHeads

• 9[. ,(# 69 ]"L$0$/8

• h=,' $8 ]&&

• a" 2"1 (//# '" J//K ]&&

• 9": '" J//K ]&& 1(#/* K"L$0$/8

• 9": '" K*/7/(' ,("'=/* 0,+K18 V*/,0=

• X/8' K*,0-0/8

• N"(7/($/(0/ i. [$8J• .0,*/ S,0-08

DON’T SHAKE THE TREE!

It’s Time for Training

• HF@ h"*J8="K8 K/* ./+/8'/*• &(#$7$#1,L S*,$($(O• a/K,*'+/(' S*,$($(O• h"*J8="K )"* W/: k,01L'2 3*$/(',-"(• Z/0'1*$(O 18/*8 '=,' =,# '=/$* +,0=$(/8

$()/0'/#

S1'"*$,L_=UK_\\0/LU>J,K$"L,($>=,:,$$>/#1\8/01*$'2F$()"*+,-"(\

Wait! Did you say secondbreach? *aghhhhhhh!!*

I :"*J/* ("-0/# '=,' V"q/8 ") 8/(8$-7/ Y(,(0$,L*/0"*#8 :/*/ "1' ") KL,0/> ."+/ V"q/8 :/*/#$80"7/*/# '" V/ +$88$(O ,(# "40$,L8 V/O,( 8/,*0=$(O)"* '=/+ "( !1L2 R> S=/ V*/,0= :,8 */K"*'/# '"

8'1#/('8 #1*$(O '=/ Y*8' ://J ") I1O18'> &' $8 1(0L/,*:=/( '=/ V"q/8 :/*/ ',J/( ,(# '=/*/ :,8 (" 8$O( "))"*0/# /('*2 $('" '=/ ,*/, :=/*/ '=/2 :/*/ 8'"*/#> S=/YL/8 0"(',$(/# (,+/8T ,##*/88/8T 8"0$,L 8/01*$'2(1+V/*8 ,(# 0*/#$' 0,*#8> ]/"KL/ :=" +,#/'*,(8,0-"(8 :$'= 0*/#$' 0,*#8 V/'://( k/V*1,*2 ,(#W"7/+V/* ") GARA )"* ("(F0*/#$' 0L,88/8T '*,(80*$K'*/m1/8'8 "* K,2+/(' ") ("(F*/8$#/(' )//8 :/*/,d/0'/#>

I Forgot about Hard Copy

• .'*/(O'=/( +2 :"*J8="K8 '" $(0L1#/9,*# N"K2

• X/O$(($(O k,LL GARQ 8',*'/# ,(&('/*(,L I1#$'

It’s Already 2014

• h/ ,*/ ,' L/,8' PDx V/U/* '=/(GAAC

• IL:,28 +"*/ '" #" "( '=/ &S ,(#68/*8 /(#

• a$# '=/ 68/*8 0=,(O/y

Information SecurityGovernance

• a,', ./01*$'2 Z/,#/*8=$K N"1(0$L – IKK"$('/# V2 N,+K18 N=,(0/LL"*

– ./($"* N,+K18 Z/,#/*8=$Ko i$0/ N=,(0/LL"*

– [/8K"(8$VL/ )"* 8/01*$'2 ") 8/(8$-7/ #,', "( '=/$*0,+K18

– b18' 7/' '=/ */'/(-"( ") 8/(8$-7/ $()"*+,-"(*/K"8$'"*$/8 ̀ 8/*7/*8

– b//'8 GFQ -+/8 , 2/,*

Technical Security Oversight

• 69 &S ./01*$'2 Z/,#8 – a/8$O(,'/# V2 '=/ 0,+K18 a,', ./01*$'2 Z/,#/*

– Z/,# '/0=($0,L 8',d "( , 0,+K18

– lq0/K-"(_ bf(", N,+K18 F X&j `#/0/('*,L$n/#

– bf(", a/,(8 ` a$*/0'"*8 #/8$O(,'/# "(/ "*+"*/ '/0=($0,L 8',d )*"+ /,0= ") '=/$* 1($'8

– [/8K"(8$VL/ )"* $+KL/+/(-(O '/0=($0,L 8/01*$'2K*"0/#1*/8 ` ,#7$8$(O '=/$* a,', ./01*$'2Z/,#/*8

– b//' GFQ -+/8 , 2/,*o 8"+/-+/8 :$'= a.ZN

Sample Agenda• ./*7/* */O$8'*,-"( 1K#,'/ ?$(0L1#$(O *,(#"+

,1#$'8Bo!"# !%&' #()

• .1++,*2 ") &()"*+,-"( ./01*$'2 N"+KL$,(0/I88/88+/('8o !%*(+%,- ./01*

• a,', j"7/*(,(0/ ` a,', .=,*$(O [/m1/8' ]*"0/886K#,'/o 21+3 2,*, 4'5(+%,%)(

• kl[]I ]"L$02 6K#,'/o 67 8(91:*+,+

• a/7/L"K/*8 ` &#/(-'2 ` I00/88 b,(,O/+/('?&IbB 1K#,'/o !"# !.; ;,%,9(+

• ["LL"1' ") &#/(-'2 k$(#/* )"* #/8J'"K8o !"# !%&'#()

Server Registration

• [/O$8'*,-"(\7,L$#,-"( */m1$*/#,((1,LL2 – ]*$+,*$L2 #,',V,8/T :/VT YL/ 8/*7/*8

– a"/8 8/*7/* 0"(',$( 8/(8$-7/ $()"*+,-"(y

– .0,( )"* ..W8 ` 0*/#$' 0,*# (1+V/*8 :$'= &#/(-'2k$(#/*

– .0,( )"* 71L(/*,V$L$-/8 :$'= 3K/(iI.

– [/+/#$,-"( 8','18 */m1$*/# – ]*"7$#/ #/K,*'+/(' ̀ '/0=($0,L 0"(',0'

$()"*+,-"(

– N,+K18 L/,#/*8=$K +18' c,KK*"7/e

Server Registration Followup

• [,(#"+ I1#$' – ./L/0'/# D 8/*7/*8 )*"+ */O$8'/*/# 8/*7/*8

• ]*"7$#/ 3K/(iI. 80,( */81L'8 ,(#&#/(-'2 k$(#/* 80,( */81L'8 – k/: 8/*7/*8 :$'= ]&&

– k/: 8/*7/*8 :$'="1' ]&&

– k/: 8/*7/*8 )*"+ 0,+K18/8 '=,' */K"*'/# (" ]&&"( ,(2 8/*7/*8

• j33a Wlh.z ILL :/*/ $( 0"+KL$,(0/z

Information SecurityCompliance Assessments

• &('/*(,L I1#$' ',J$(O L/,#• j/(/*,L ]*"0/88_

– N"(',0' '=/ */8K/0-7/ 6($' '" #$80188 80"K/,(# -+$(O>

– N"+KL/-"( ") ;,1%*(%,%)( '& #(%:1<5(!%&'+=,<'% #/+5(> >

– N"(#10' +//-(O ,(# 8$'/ 7$8$' :$'= 6($'> – &()"*+ '=/ 6($' ") "V8/*7,-"(8 \

*/0"++/(#,-"(8

Assessments Status

• h"*J ]/*)"*+/# #1*$(O !,(1,*2 t b,*0= GARQ

• ./L/0'/# a/K,*'+/('8\.0=""L8 – k$(,(0$,L I$# ./*7$0/8 ?ILL N,+K18/8B

– N"++1($'2 N"LL/O/8 t W"(FN*/#$' ]*"O*,+8

– !"=( I> X1*(8 .0=""L ") b/#$0$(/

• .1*7/28 0"+KL/'/# ,(# 8$'/ 7$8$'8 )"* 3w,=11($'8 0"+KL/'/#>

• b/+" 0"(',$($(O "V8/*7,-"(8 :,8 0$*01L,'/#'" ,LL 1($'8

• [/K"*' 81V+$U/# '" '=/ X",*# ") [/O/('8

Assessment Observations

• W" O1$#,(0/ "( :=/(\=": '" #"V,0JO*"1(# 0=/0J8

• [/0"*# */'/(-"( ") 8/(8$-7/ $()"*+,-"(

$(0"(8$8'/(' ,+"(O */8K"(#/('8• 6($'8 8-LL 18$(O 8'*$KF01' 8=*/##/*8 "* ("'8=*/##$(O ,' ,LL

• W"' ,L:,28 8/01*$(O K=28$0,L K,K/* YL/80"(',$($(O 8/(8$-7/ $()"*+,-"(

• W"' ,L:,28 /(0*2K-(O /L/0'*"($0'*,(8+$88$"( ") 8/(8$-7/ $()"*+,-"(

IA Next Assessment

• 9&]II a/'/*+$(,-"( .1*7/2 – k1*($8=T V$LL "* */0/$7/ K,2+/(' )"* c=/,L'= 0,*/ey

– S*,(8+$' ,(2 0"7/*/# '*,(8,0-"(8 /L/0'*"($0,LL2y

– 9,7/ ,( ,O*//+/(' :\ , 0"7/*/# /(-'2 "* V18$(/88

,88"0$,'/y – ]/*)"*+/# , *$8J ` 71L(/*,V$L$'2 ,88/88+/(' ") /L/0'*"($0

0"7/*/# '*,(8,0-"(8y

• 3) PD 1($'8 81*7/2/#T RH ,*/ K"'/(-,LL281V;/0' '" 9&]II

• k"LL":F1K ,88/88+/(' :$LL V/ 0"(#10'/#

• [/K"*' 81V+$U/# '" X",*# ") [/O/('8

* Exercise

• IL"=, 6($7/*8$'2 b/#$0,L N/('/*

• N"+K*"+$8/# 0"+K1'/* – b,$( 0"+K1'/* 18/# '" /('/* K,-/(' $()"*+,-"(

$(0L1#$(O K,-/(' +/#$0,L */0"*#8 ` $(81*,(0/ V$LL$(O$()"*+,-"(

– k"1(# *""'J$'T 7$*18 J(":( '" V/ 18/# V2 02V/*0*$+$(,L8T L"O8 $(#$0,-(O /qYL'*,-"( ") YL/8

– 3. ` :/V V*":8/*8 ("' K,'0=/#o 0"+K1'/* 18/# )"*("(F:"*J 18/8

• h=,' #" 2"1 #"y

* Exercise Responses?

• k"LL": $(0$#/(' */8K"(8/ K*"0/#1*/• &#/(-Y0,-"(o W"-)2 J/2 8',J/="L#/*8

• a,+,O/ 0"(',$(+/(' ` #,', /qK"81*/

,88/88+/('o a/7/L"K */8K"(8/ `0"++1($0,-"(8 KL,(

• l*,#$0,-"( ` */0"7/*2

• W"-Y0,-"(o a/7/L"K kI{ t 0"(8$8'/('+/88,O/o ][\b/#$,o N,LL N/('/*

• &(0$#/(' ,(,L28$8 ` (/q' 8'/K8

WHAT DOES THIS MEANFOR MY INSTITUTION?

(SO NOW WHAT?)

Visible Due Diligence

• 9,7/ , KL,( ,(# K"L$02 ?"* K"L$0$/8B '"K*"'/0' 8/(8$-7/ $()"*+,-"(

• 9,7/ , KL,( '" */#10/ 8/(8$-7/$()"*+,-"( ?,(# /q/01'/ $'zB

• 9,7/ , +/'*$0 "* +/0=,($8+ '" ,88/88*$8J '" 8/(8$-7/ $()"*+,-"(

• 9,7/ , :,2 '" */K"*' "( '=/ c.','/ ")&()"*+,-"( ./01*$'2e

Response Elements

• [/8K"(8/ -+/ $8 N[&S&NIZ• M(": 2"1* Ml| #/0$8$"( +,J/*8 ` KL,2/*8

• X/ K*/K,*/#_ W"' $) , V*/,0= :$LL "001* t

h=,' :$LL 2"1 #" h9lW $' "001*8y – 9l&.N &()"*+,-"( ./01*$'2 j1$#/_

=UK8_\\:$J$>$('/*(/'G>/#1\0"(g1/(0/\#$8KL,2\$'8OG\9"+/

– a,', &(0$#/(' W"-Y0,-"( S""LJ$'_=UK8_\\:$J$>$('/*(/'G>/#1\0"(g1/(0/\#$8KL,2\$'8OG\9"+/

– ./(8$-7/ a,', lqK"81*/ &(0$#/(' N=/0JL$8'_=UK8_\\:$J$>$('/*(/'G>/#1\0"(g1/(0/\#$8KL,2\$'8OG\&(0$#/('uN=/0JL$8'

EDUCAUSE HEISC Resources

• 9l&.N_ 9$O=/* l#10,-"( &()"*+,-"(./01*$'2 N"1(0$L

• &()"*+,-"( ./01*$'2 j1$#/ – =UK8_\\:$J$>$('/*(/'G>/#1\0"(g1/(0/\#$8KL,2\$'8OG\

9"+/ – a/7/L"K/# ` +,$(',$(/# V2 la6NI6.l ./01*$'2

h"*J$(O j*"1K ` N"++1($'2 b/+V/*8

– b,KK/# '" $(#18'*2 8',(#,*#8_ &.3T W&.ST N3X&ST ]N&Fa..

– ]*"7$#/8 , L$V*,*2 ") 7,L1,VL/ c'""LJ$'8e "( , :$#/7,*$/'2 ") '"K$08

– c9"' S"K$08e K*"7$#/ -+/L2 $()"*+,-"( "( 01**/('81V;/0'8

Plan, Plan, Plan!

• 9,7/ ,( &(0$#/(' [/8K"(8/ ]L,(• 9,7/ , X*/,0= [/8K"(8/ ]L,( '=,' $(0L1#/8

, c][e KL,(_ – [/K1',-"( b,(,O/+/(' ?O/' ,=/,# ") '=/ (/O,-7/

+/#$, 020L/B – N"++1($0,-"(8 KL,(

• ]*,0-0/ '=/ KL,(8z ?S,VL/'"K /q/*0$8/8o=,(#8F"( 02V/* 8/01*$'2 #*$LL8B

• I(,L2n/ IW| $(0$#/('o #/7/L"K +$-O,-"(8'*,'/O2o $(0"*K"*,'/ $('" 2"1* &()"*+,-"(./01*$'2 ]*"O*,+

Address “Plaintiff” Perceptions& Motivations

• .:$p K1VL$0 */8K"(8/o V/ ,K"L"O/-0 ,(#/+K,'=/-0o =D@E FD.F G@? >.HIJ

• N*/#$' +"($'"*$(O $8 /qK/0'/#o =,7/]"$('8 ") N"(',0'8 "* */',$(/*8 )"* 0*/#$'+"($'"*$(O 8/*7$0/8

• a" ("' 18/ , */8K"(8/ '/+KL,'/o $)

+1L-KL/ V*/,0=/8T +/88,O/ ,KK/,*8c*/K/--7/e :$'= (" $+K*"7/+/('8 – c6()1LYLL/# ]*"+$8/8e ?Z$V/*'2 N",L$-"( [/K"*'B

Doing it “Right”

http://www.washingtonpost.com/local/college-park-shady-grove-campuses-affected-by-university-of-maryland-security-breach/2014/02/19/ce438108-99bd-11e3-80ac-63a8ba7f7942_story.html

Security Professionals Conference 2014http://www.commerce.senate.gov/public/?a=Files.Serve&File_id=b92bba0e-787f-426d-b1ce-14f2c73f9f13

LAWSUITS APLENTY…

Target Class Action Lawsuit

http://bit.ly/QWhOvm

And…

• =UK_\\:::>80+,O,n$(/>0"+\0L,88F,0-"(F81$'F,$+/#F,'F+000#F)"*F#/L,2/#F("-Y0,-"(F$(FV*/,0=\,*-0L/\QHQDEC

Your Plans?

• a" 2"1 =,7/ ,( $(0$#/(' */8K"(8/ KL,(y

• h=,' ,V"1' , V*/,0= */8K"(8/ `("-Y0,-"( KL,(y

• a" 2"1 J(": :=" '" 0"(',0'y vIWav:=,' '" '/LL '=/+y

• 9": :$LL 2"1 0"++1($0,'/ '" '=/

,d/0'/# $(#$7$#1,L8 ,(# '" '=/ K1VL$0y?b/#$, 0"++1($0,-"( KL,(B

Don’t Forget…

• .K//# $8 ") '=/ /88/(0/o $+K/*,-7/ '"=,7/ 8:$pT #/0$8$7/ ,0-"(8

• X/ 8$(0/*/L2 ,K"L"O/-0T 0"(0/*(/#T

0,*$(O• X/8' $) '=/ =$O=/8' *,(J$(O ,#+$($8'*,'"*

$881/8 '=/ ("-0/

• l(81*/ '=,' ,LL */+/#$,-"( ,0-"(8 ,*/0"+KL/'/# ,(# #"01+/('/#

SEM02P-Preventing a Lawsuit by Preparing for a Breach (separate registration required) (236905937)

Documents

Transcript of SEM02P-Preventing a Lawsuit by Preparing for a Breach (separate registration required) (236905937)

To Catch A Thief: Preventing the Next Fortune 500 Data Breach Catch a Thief... · To Catch A Thief: Preventing the Next Fortune 500 Data Breach 16 Please take a few minutes to fill

Target Data Breach Lawsuit Filed in Dallas

Goldman Lawsuit

Pinterest lawsuit

Breach Prevention: The Root Cause of the Data Breach Epidemic€¦ · Breach Prevention: The Root Cause of the Data Breach Epidemic According to the 2012 Verizon Data Breach Investigations

Into the Breach: Preventing Data Theft Strong Bear LLC Palisade, Colorado June 2010.

Dell Lawsuit

Benjamin lawsuit

Risperdal Lawsuit Loan Funding - Risperdal Lawsuit Settlements

Strategies for Preventing and Responding to a Data Breach...have taken a proactive approach to preventing data breaches by having policies, procedures and plans in place for incident

INFORMATION SECURITY AND SECURITY BREACH ......Preventing, Preparing for, and Responding to Breaches of Information Security The Office of Illinois Attorney General Lisa Madigan has

CYBER LIABILITY: DEFENDING THE DATA BREACH LAWSUITc.ymcdn.com/sites/ · CYBER LIABILITY: DEFENDING THE DATA BREACH LAWSUIT ... •Plaintiffs’ Attorney’s Strategy/Causes of Action

Linens 'n Things Lawsuit Lawsuit

Privacy Breach vs. Security Breach

Heartland Credit Card Security Breach Lawsuit

Breach, breach, breach…

Circumcision Lawsuit

How to Aggresively Defend Against Lender Liability ... is true for any lawsuit, ... purported breach of oral commitment to lend money or ... How to Aggresively Defend Against Lender

HDCP Lawsuit

Secure, Empower, Protect: Preventing attacks and breaches...Data Breach • Stolen credentials, Malware • Access online or on‐premise systems • Conduct additional attacks or