How to manage projectsUnravel ‘04 HOW TO MANAGE PROJECTS Hooman Katirai · Unravel 2004 · Toronto.
How to manage a data breach
-
Upload
dan-michaluk -
Category
Law
-
view
2.252 -
download
1
Transcript of How to manage a data breach
![Page 1: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/1.jpg)
How to manage a data security incident - Ten tips from a breach practitioner
Dan MichalukSeptember 24, 2015
![Page 2: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/2.jpg)
How to manage a data security incident
1INITATE RESPONSE ASAP
![Page 3: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/3.jpg)
How to manage a data security incident
Initiate response ASAP
• Time is one of your two most important assets• You will start in a hole if the incident is not
identified and escalated immediately• Have a policy with a clear duty• Train to the duty
![Page 4: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/4.jpg)
How to manage a data security incident
2DON'T REST ON ASSUMPTIONS
![Page 5: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/5.jpg)
How to manage a data security incident
Don't rest on assumptions
• Information is your other important asset• Probe in areas of discomfort*• Find the facts and the evidence• Ask, "What data elements are we dealing with?"• Ask, "Who is affected?"• Ask, "What is the risk to the affected?"
*vendor breaches raise special considerations
![Page 6: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/6.jpg)
How to manage a data security incident
3KEEP THE BALL MOVING
![Page 7: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/7.jpg)
How to manage a data security incident
Keep the ball moving
• Incidents can be complicated• You deserve reasonable time to understand • Your timeliness, however, may be judged• So strive for progress and constant movement
![Page 8: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/8.jpg)
How to manage a data security incident
4DON'T RUSH
![Page 9: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/9.jpg)
How to manage a data security incident
Don’t rush
• Once you put information on the public record you are stuck with it
• Once you put information on the record you suffer a loss of control
• Never go to the regulator for advice before you know what you are dealing with
• Strive for a confidence level of 90%• If you need to, send a "placeholder" notice
![Page 10: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/10.jpg)
How to manage a data security incident
5OBTAIN OBJECTIVE INPUT
![Page 11: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/11.jpg)
How to manage a data security incident
Obtain objective input
• You are human correct?• You may be influenced by a feeling of guilt• You may suffer a temptation to downplay a
problem• Enlisting an outside lawyer and/or crises
communication professional may help
![Page 12: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/12.jpg)
How to manage a data security incident
6OBTAIN TECHNICAL INPUT
![Page 13: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/13.jpg)
How to manage a data security incident
Obtain technical input
• IT investigating IT can be a problem, especially in smaller organizations
• If "who" and "how" need to be determined, you may need technical (forensic) help
![Page 14: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/14.jpg)
How to manage a data security incident
7TAKE A BROAD VIEW OF NOTIFICATION
![Page 15: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/15.jpg)
How to manage a data security incident
Take a broad view of notification
• Consider statutory and professional obligations• Consider the forseeability of harm• Consider whether people are going to find out• Yes, there are cases in which notification is not
appropriate
![Page 16: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/16.jpg)
How to manage a data security incident
8PUT YOURSELF IN THEIR SHOES
![Page 17: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/17.jpg)
How to manage a data security incident
Put your self in their shoes
• And ask, "What would I want to know about this?"• Describe all data elements clearly• Include all of the basic facts that shed light on the
risk
![Page 18: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/18.jpg)
How to manage a data security incident
9DEMONSTRATE COMMITMENT TO DOING BETTER
![Page 19: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/19.jpg)
How to manage a data security incident
Demonstrate commitment to doing better
• Please avoid platitudes like "we value your privacy"
• Demonstrate your commitment by saying what you are going to do
• Draw on a strong root cause analysis and make a genuine commitment to things that will be effective
![Page 20: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/20.jpg)
How to manage a data security incident
10APOLOGIZE
![Page 21: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/21.jpg)
How to manage a data security incident
Apologize
• Beware of your jurisdictional exposure when considering statutory privileges
• Good information supports a good apology• Acknowledge, accept responsibility, express
regret• By a senior spokesperson who can demonstrate
empathy
![Page 22: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/22.jpg)
How to manage a data security incident - Ten tips from a breach practitioner
Dan MichalukSeptember 24, 2015
![Page 23: How to manage a data breach](https://reader035.fdocuments.net/reader035/viewer/2022062316/588216c11a28ab3f4c8b59cf/html5/thumbnails/23.jpg)
How to manage a data security incident - Ten tips from a breach practitioner
Dan MichalukSeptember 24, 2015