From ITC Agent Conference 2016...
You need to take the security of your data seriously. You hold critical personally identifiable information about your clients that hackers want. Learn how to create a security plan to keep your agency and client information safe.
6. Inventory Assessment
• Hardware
(name the equipment)
• Software
(name the applications and provide quantity...make sure they're licensed)
• System interfaces
(e.g., internal and external connectivity; who do you connect to?)
• Type of Information
(what type of information do your systems hold)
• Critical & Confidential information
(is the department in receipt of confidential, private, or identity bearing data)
• "Owner“
(who uses or manages)
• Processes
(the processes performed by the IT system)
16. Evaluation & Audit
• Test
• Evaluate
• Report
• Rectify
• Repeat
• Certification of Audit
• Request from vendors.
17. When it goes wrong.
What do you do when it happens.
18. Don’t Panic
• Take immediate audit of the infrastructure.
• Retain logs.
• Contact law enforcement.
• Commit forensic analysis
• Determine impact.
• If notification is required, contact your lawyer, not
your insurance company.