SlideShare ist ein Scribd-Unternehmen logo

Best practices to mitigate data breach risk

Livingstone Advisory
Livingstone Advisory

Delivered at Trend Micro's Executive briefing events Sydney and Melbourne 5-6 June 2017 on Australia's new Mandatory Data Breach Notification legislation. YoutubeVideo available at https://youtu.be/j5nmY916H7k

Recht
1 von 26
EXECUTIVE BREAKFAST
Best practices to mitigate data breach risk Rob Livingstone Principal – Livingstone Advisory Fellow, University of Technology, Sydney
What I will be covering 1. Current data breach scenarios in Australia and New Zealand 2. The legal impacts on organisations and IT industry 3. Organisation’s responses to new legislation 4. Best practice & business strategies to deal with data breach prevention 5. Key takeaways
1. Current data breach scenarios in Australia and New Zealand Some Data Breaches hit the headlines - mostly: • Public Authorities – in the public interest / duty of care • Where the media pick up the story • Visible through legal proceedings
1. Current data breach scenarios in Australia and New Zealand Number of reported data breaches very low! https://www.oaic.gov.au/media-and-speeches/statements/mandatory-data-breach-notification
1. Current data breach scenarios in Australia and New Zealand NZ yet to implement mandatory data breach legislation It’s just a question of time, though
Hold information subject to legislation? DO ENOUGH TO ENSURE COMPLIANCE BUSINESS AS USUAL YES NO 2. The legal impacts on organisations and IT industry Privacy Amendment (Notifiable Data Breaches) Act 2016
2. The legal impacts on organisations and IT industry Real question to ask is: Does your organisation*: 1. Hold or transact information subject to privacy and data breach notification legislation? or 2. Have contractual obligations with other parties (eg: Customers, affiliates, business partners) to protect their information entrusted to your organisation? …. if “Yes” or “not absolutely sure” then …… * Pay careful attention to what legally defines your ‘organisation’
2. The legal impacts on organisations and IT industry … then consider the following actions (as a minimum)….. 1. Review / renegotiate supplier / outsource / cloud provider contracts as needed. What obligations do they have to meet the requirements of the new legislation? Overseas entities? (eg Panama) 2. Review all your terms of sale / customer contracts for existing customers 3. Update your privacy policy then publish it! 4. If you have inactive or old customer / privacy data that no longer serves a purpose - delete it (i.e. the risk of the ‘long tail’) 5. Review the terms of any business continuity, liability and indemnity insurance policies. (While you’re there, also Director’s indemnity)
2. The legal impacts on organisations and IT industry The legal implications for the IT industry as a whole will vary widely, however things to consider are: • What comprises is YOUR organisation’s IT ecosystem? Who are the key players and what is their role in mitigating data breaches? • What are the relevant IT ‘industry bodies’ doing about helping their constituents? Ask them. ………… and others.
3. Organisation’s responses to new legislation The effectiveness of any legislation is based on considerations such as the: 1. Deterrence factor 2. Actual protections afforded under the law and 3. Practicalities of enforcing the law. If the organisation that suffered a breach had in fact taken ‘reasonable steps’ to avoid a data breach the probability of falling foul of the law would be low. i.e.. Had implemented and were operating best of breed security technologies and business processes
3. Organisation’s responses to new legislation However, if the organisation “did not take reasonable steps to protect the personal information from unauthorised access*” it may be in breach of the legislation. In such instances, what constitutes “reasonable steps” may be open to interpretation in technologically complex or rapidly changing environments – or both. * Obligations under APP11 - https://goo.gl/LazlYl
3. Organisation’s responses to new legislation The bottom line for all organisations subject to breach legislation is to ensure that a well defined and effective action plan is triggered as soon as a breach has been detected and verified. Failing to do so will be significantly increase the likelihood of falling foul of the legislation Implement a breach response capability that: • Has an effective listening and proactive detection mechanism • Is quick to respond to identify and close the breach • Triggers a well defined stakeholder notification and remedial action process (customers, media, regulators, etc.)
4. Best practice & business strategies to deal with data breach prevention a) Data Breach: Don’t forget to look within your business b) Recognise that systemic risk contributes to data breaches c) Leadership, culture, incentives and accountabilities d) Integrate IT security with business processes e) Build an adaptive Enterprise Strategy and Architecture capability for constant change* f) Consider cyber insurance g) Legals * Read Chapter 1 of the book Adaptive Enterprise Strategy Journey Management
4a. Data Breach: Don’t forget to look within your business - Security is not all about the technology. - A rising proportion of adverse cyber security events are coming from within the organisation – some say in excess of 60% - Common causes include: • human error, ‘tick the box’ security training, revolving door of part timers, contractors, short term employees • Poor vendor choices (e.g. consumer grade cloud) • Inappropriate IT and security architectures • ‘Shadow IT’
Technical Risk: “All systems are running perfectly, Captain!” Systemic Risk: “What iceberg Captain?” 4b. Systemic risk contributes to data breaches Move executive’s focus from technical risk to systemic risk
4b. Systemic risk contributes to data breaches - The combination of a number of events may adversely impact the whole organisation (or your organisation’s ecosystem). • This is a systemic view of the enterprise of which technology is only one element - The conventional approach to managing the ‘cyber risk register’ – which underpins Security certification such as ISO27001 – often fails to detect systemic risk effectively. - A systemic view of the cyber risk results in an improved perspective of what the actual business risk is rather than what you think the risk might be. - This requires a multidisciplinary and collaborative approach.
Assess and develop Strategic Leadership competencies for the digital era Are traditional business leadership practices failing today’s organisations facing rapid change and technology innovation? Industry research* drawn from 3,300 business across 106 countries Identified a 36% gap between leadership’s importance and readiness rating. * Bersin, J., (2015), “Global Human Capital Trends 2015”, Deloitte University Press. https://goo.gl/HpUYxr 4c. Leadership, culture, incentives and accountabilities
4c. Leadership, culture, incentives and accountabilities Recognise the importance of culture on cyber security capabilities Can you recognise the signs? • poor staff engagement and satisfaction, • adversarial cultures, • conflicted and inconsistent decision-making, • chronic inefficiency, • poor or ineffective cross functional collaboration, • continual state of crisis
4c. Leadership, culture, incentives and accountabilities Review the structure and intent of managerial and staff incentive schemes Primarily focusing on driving localised, short term targets can hamper or even undermine effectiveness of cyber security – enterprise wide. • If cyber security is important for your business and it’s seen by business stakeholders as someone else’s job, this will be your CEO’s starting point in defining executive incentives and business scorecards • Incentives drive temporary compliance. What does that say for developing, operating and maintaining ongoing security capabilities?
4c. Leadership, culture, incentives and accountabilities N > 400 : BDO and AusCERT 2016 Cyber Security Survey Australia and New Zealand https://goo.gl/671596 Define accountabilities for all aspects of information security across the organisation, and at all levels
4d. Integrate IT security with business processes Shift from “IT-Business Alignment” to “IT-Business Integration”. Likewise with security • By integrating IT security within and across business processes, the context and behaviours of system users and the IT ecosystem as a whole will be better understood. • This will improve the sensitivity and speed of detection of unusual events by the business, with the help of IT. • This will be a significant mitigating factor against falling foul of mandatory data breach notification laws
4e. Adaptive Enterprise Strategy and Architecture for change • Enterprises that develop an whole-of-business adaptive business strategy and architecture capability (which in turn drives IT security capabilities) are well equipped to deal with constantly changing : • Business value drivers • Customer and market requirements. • External cyber threats • Digital and IT ecosystems • A proactive, agile and adaptive IT security capability is a critical success factor for organisations dealing with sustained change
4f. Consider Cyber-insurance Why not transfer your (residual) risk? Consider these points, however: 1. Get your house in order first 2. Understand your business and its technology ecosystem well. 3. Meticulously read, understand and test any hypotheses 4. Set executive’s expectations that cyber insurance is not precise 5. Continually reassess the effectiveness of your cyber incident response team and process to minimise contributory negligence 6. Peer into your supply chain
4g. Legals
5. Key takeaways 1. Turn security to a business value driver, not a cost to be minimised. 2. Effective data breach protection requires a whole-of-organisation approach. IT’s not just the job of the CIO or CSO 3. To assess your readiness, separately ask each of your directors this question: Who will be standing in the courtroom defending our business in the event of a data breach – be that due to legislation or customer contract violation? - Then compare your answers.

Empfohlen

IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance TemplateFlevy.com Best Practices
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
E Discovery Risks for Risk Managers
E Discovery Risks for Risk ManagersE Discovery Risks for Risk Managers
E Discovery Risks for Risk ManagersFred Travis
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Winston & Strawn LLP
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatImperva
 

Empfohlen

IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance TemplateFlevy.com Best Practices
 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessJoel Cardella
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareDoug Copley
 
E Discovery Risks for Risk Managers
E Discovery Risks for Risk ManagersE Discovery Risks for Risk Managers
E Discovery Risks for Risk ManagersFred Travis
 
Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Information Governance – What Does a Modern Program Look Like?
Information Governance – What Does a Modern Program Look Like?Winston & Strawn LLP
 
The Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatThe Insider's Guide to the Insider Threat
The Insider's Guide to the Insider ThreatImperva
 
10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance Nirvana10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance NirvanaChristian Buckley
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!Tammy Clark
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009Jeff Kubacki
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteGlobus
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001SelectedPresentations
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBsGFI Software
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber securityBrian Matteson, CISSP CISA
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover StoryPatrick Spencer
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessmentHappiest Minds Technologies
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 

Weitere ähnliche Inhalte

Was ist angesagt?

10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance Nirvana10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance NirvanaChristian Buckley
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcareComtech TCS
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!Tammy Clark
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsOxfordCambridge
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersJack Nichelson
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Graham Mann
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber securityHelen Carpenter
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteGlobus
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesDiane M. Metcalf
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardSecurityScorecard
 

Was ist angesagt? (20)

10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance Nirvana10 Steps Toward Information Governance Nirvana
10 Steps Toward Information Governance Nirvana
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare Cybersecurity
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcare
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
 
How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!How Do You Create A Successful Information Security Program Hire A Great Iso!!
How Do You Create A Successful Information Security Program Hire A Great Iso!!
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Information Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & MetricsInformation Security Governance: Concepts, Security Management & Metrics
Information Security Governance: Concepts, Security Management & Metrics
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009
 
Protecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the BeefeatersProtecting the Crown Jewels – Enlist the Beefeaters
Protecting the Crown Jewels – Enlist the Beefeaters
 
Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2Boards' Eye View of Digital Risk & GDPR v2
Boards' Eye View of Digital Risk & GDPR v2
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
Enabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest KeynoteEnabling Science with Trust and Security – Guest Keynote
Enabling Science with Trust and Security – Guest Keynote
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware Practices
 
Security and SMBs
Security and SMBsSecurity and SMBs
Security and SMBs
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
July 2010 Cover Story
July 2010 Cover StoryJuly 2010 Cover Story
July 2010 Cover Story
 
It risk assessment
It risk assessmentIt risk assessment
It risk assessment
 
Forrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the StandardForrester Webinar: Security Ratings Set the Standard
Forrester Webinar: Security Ratings Set the Standard
 

Ähnlich wie Best practices to mitigate data breach risk

Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Livingstone Advisory
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...AIIM International
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security ManagementMark Conway
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFLaurie Mosca-Cocca
 
9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdfSoniaCristina49
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Item46763
Item46763Item46763
Item46763madunix
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...EC-Council
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsRobert 'Bob' Reyes
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceNational Retail Federation
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseCGTI
 

Ähnlich wie Best practices to mitigate data breach risk (20)

Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
[Webinar Slides] Data Privacy for the IM Practitioner - Practical Advice for ...
 
A to Z of Information Security Management
A to Z of Information Security ManagementA to Z of Information Security Management
A to Z of Information Security Management
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDFGT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
GT11_ATT_GuideBk_CyberSecurity_FINAL_V.PDF
 
9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf9-Steps-Info-Sec-Whitepaper-final.pdf
9-Steps-Info-Sec-Whitepaper-final.pdf
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Item46763
Item46763Item46763
Item46763
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
Global CCISO Forum 2018 | Anthony Dupree "Evolving Role of the CISO: Reshapin...
 
Challenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act BringsChallenges & Opportunities the Data Privacy Act Brings
Challenges & Opportunities the Data Privacy Act Brings
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
Role of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve HowseRole of The Board In IT Governance & Cyber Security-Steve Howse
Role of The Board In IT Governance & Cyber Security-Steve Howse
 

Mehr von Livingstone Advisory

How to setup and lead digital transformation capability (CIOs perspectives)
How to setup and lead digital transformation capability (CIOs perspectives)How to setup and lead digital transformation capability (CIOs perspectives)
How to setup and lead digital transformation capability (CIOs perspectives)Livingstone Advisory
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionLivingstone Advisory
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...Livingstone Advisory
 
Influence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in ITInfluence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in ITLivingstone Advisory
 
Career resilience is the name of the game
Career resilience is the name of the gameCareer resilience is the name of the game
Career resilience is the name of the gameLivingstone Advisory
 
The ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologiesThe ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologiesLivingstone Advisory
 
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Livingstone Advisory
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Livingstone Advisory
 
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...Livingstone Advisory
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Livingstone Advisory
 
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...Livingstone Advisory
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Livingstone Advisory
 
Exposing the systemic risks in enterprise cloud computing
Exposing the systemic risks in enterprise cloud computingExposing the systemic risks in enterprise cloud computing
Exposing the systemic risks in enterprise cloud computingLivingstone Advisory
 
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...Livingstone Advisory
 
Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?Livingstone Advisory
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Livingstone Advisory
 
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...Livingstone Advisory
 
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Livingstone Advisory
 
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...Livingstone Advisory
 

Mehr von Livingstone Advisory (20)

How to setup and lead digital transformation capability (CIOs perspectives)
How to setup and lead digital transformation capability (CIOs perspectives)How to setup and lead digital transformation capability (CIOs perspectives)
How to setup and lead digital transformation capability (CIOs perspectives)
 
Career implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruptionCareer implications for the Business Analyst in the age of digital disruption
Career implications for the Business Analyst in the age of digital disruption
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
 
Thriving in the world of Big Data
Thriving in the world of Big DataThriving in the world of Big Data
Thriving in the world of Big Data
 
Influence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in ITInfluence, Power, Integrity and your career in IT
Influence, Power, Integrity and your career in IT
 
Career resilience is the name of the game
Career resilience is the name of the gameCareer resilience is the name of the game
Career resilience is the name of the game
 
The ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologiesThe ‘success trap’ of new, emerging and disruptive technologies
The ‘success trap’ of new, emerging and disruptive technologies
 
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...Future Tech: How should enterprise avoid the 'success trap' of the next big t...
Future Tech: How should enterprise avoid the 'success trap' of the next big t...
 
Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...Exploring the opportunities and pitfalls of new and emerging technologies in ...
Exploring the opportunities and pitfalls of new and emerging technologies in ...
 
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
Exploring the opportunities and pitfalls of Cloud Computing in Australian loc...
 
Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...Maximising the opportunities offered by emerging technologies within the chan...
Maximising the opportunities offered by emerging technologies within the chan...
 
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
Why the systemic risks in Enterprise Cloud Computing could cripple your busin...
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
 
Exposing the systemic risks in enterprise cloud computing
Exposing the systemic risks in enterprise cloud computingExposing the systemic risks in enterprise cloud computing
Exposing the systemic risks in enterprise cloud computing
 
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
Cloud Security Keynote: Cloud-Mobile Convergence: IT's Next Horizon, CISO's N...
 
Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?Where worlds collide: Agile, Project Management, Risk and Cloud?
Where worlds collide: Agile, Project Management, Risk and Cloud?
 
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
Navigating the risks in implementing Hybrid Cloud, Agile and Project Manageme...
 
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
Your Leadership Brand - The CIO as Business Strategist driving innovation. CI...
 
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012 Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
Map of the Cloud minefield - Banktech Sydney Summit 17 july 2012
 
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
Rob Livingstone Advisory - The risks of a fractured cloud strategy within th...
 

Kürzlich hochgeladen

pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxPSSPRO12
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersJillianAsdala
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxRRR Chambers
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx2020000445musaib
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentationKhushdeep Kaur
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxnyabatejosphat1
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhaiShashankKumar441258
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfKelechi48
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书E LSS
 
Doctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddpptDoctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddppt2020000445musaib
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxRRR Chambers
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategyJong Hyuk Choi
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteDeepikaK245113
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxSHIVAMGUPTA671167
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptzainabbkhaleeq123
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfPoojaGadiya1
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxfilippoluciani9
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptxPamelaAbegailMonsant2
 

Kürzlich hochgeladen (20)

pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptxpnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
pnp FIRST-RESPONDER-IN-CRIME-SCENEs.pptx
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptxCOPYRIGHTS - PPT 01.12.2023 part- 2.pptx
COPYRIGHTS - PPT 01.12.2023 part- 2.pptx
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
 
Doctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddpptDoctrine of Part-Performance.ddddddddddppt
Doctrine of Part-Performance.ddddddddddppt
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
The doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statuteThe doctrine of harmonious construction under Interpretation of statute
The doctrine of harmonious construction under Interpretation of statute
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
Appeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdfAppeal and Revision in Income Tax Act.pdf
Appeal and Revision in Income Tax Act.pdf
 
Human Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptxHuman Rights_FilippoLuciani diritti umani.pptx
Human Rights_FilippoLuciani diritti umani.pptx
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 

Best practices to mitigate data breach risk

  • 2. Best practices to mitigate data breach risk Rob Livingstone Principal – Livingstone Advisory Fellow, University of Technology, Sydney
  • 3. What I will be covering 1. Current data breach scenarios in Australia and New Zealand 2. The legal impacts on organisations and IT industry 3. Organisation’s responses to new legislation 4. Best practice & business strategies to deal with data breach prevention 5. Key takeaways
  • 4. 1. Current data breach scenarios in Australia and New Zealand Some Data Breaches hit the headlines - mostly: • Public Authorities – in the public interest / duty of care • Where the media pick up the story • Visible through legal proceedings
  • 5. 1. Current data breach scenarios in Australia and New Zealand Number of reported data breaches very low! https://www.oaic.gov.au/media-and-speeches/statements/mandatory-data-breach-notification
  • 6. 1. Current data breach scenarios in Australia and New Zealand NZ yet to implement mandatory data breach legislation It’s just a question of time, though
  • 7. Hold information subject to legislation? DO ENOUGH TO ENSURE COMPLIANCE BUSINESS AS USUAL YES NO 2. The legal impacts on organisations and IT industry Privacy Amendment (Notifiable Data Breaches) Act 2016
  • 8. 2. The legal impacts on organisations and IT industry Real question to ask is: Does your organisation*: 1. Hold or transact information subject to privacy and data breach notification legislation? or 2. Have contractual obligations with other parties (eg: Customers, affiliates, business partners) to protect their information entrusted to your organisation? …. if “Yes” or “not absolutely sure” then …… * Pay careful attention to what legally defines your ‘organisation’
  • 9. 2. The legal impacts on organisations and IT industry … then consider the following actions (as a minimum)….. 1. Review / renegotiate supplier / outsource / cloud provider contracts as needed. What obligations do they have to meet the requirements of the new legislation? Overseas entities? (eg Panama) 2. Review all your terms of sale / customer contracts for existing customers 3. Update your privacy policy then publish it! 4. If you have inactive or old customer / privacy data that no longer serves a purpose - delete it (i.e. the risk of the ‘long tail’) 5. Review the terms of any business continuity, liability and indemnity insurance policies. (While you’re there, also Director’s indemnity)
  • 10. 2. The legal impacts on organisations and IT industry The legal implications for the IT industry as a whole will vary widely, however things to consider are: • What comprises is YOUR organisation’s IT ecosystem? Who are the key players and what is their role in mitigating data breaches? • What are the relevant IT ‘industry bodies’ doing about helping their constituents? Ask them. ………… and others.
  • 11. 3. Organisation’s responses to new legislation The effectiveness of any legislation is based on considerations such as the: 1. Deterrence factor 2. Actual protections afforded under the law and 3. Practicalities of enforcing the law. If the organisation that suffered a breach had in fact taken ‘reasonable steps’ to avoid a data breach the probability of falling foul of the law would be low. i.e.. Had implemented and were operating best of breed security technologies and business processes
  • 12. 3. Organisation’s responses to new legislation However, if the organisation “did not take reasonable steps to protect the personal information from unauthorised access*” it may be in breach of the legislation. In such instances, what constitutes “reasonable steps” may be open to interpretation in technologically complex or rapidly changing environments – or both. * Obligations under APP11 - https://goo.gl/LazlYl
  • 13. 3. Organisation’s responses to new legislation The bottom line for all organisations subject to breach legislation is to ensure that a well defined and effective action plan is triggered as soon as a breach has been detected and verified. Failing to do so will be significantly increase the likelihood of falling foul of the legislation Implement a breach response capability that: • Has an effective listening and proactive detection mechanism • Is quick to respond to identify and close the breach • Triggers a well defined stakeholder notification and remedial action process (customers, media, regulators, etc.)
  • 14. 4. Best practice & business strategies to deal with data breach prevention a) Data Breach: Don’t forget to look within your business b) Recognise that systemic risk contributes to data breaches c) Leadership, culture, incentives and accountabilities d) Integrate IT security with business processes e) Build an adaptive Enterprise Strategy and Architecture capability for constant change* f) Consider cyber insurance g) Legals * Read Chapter 1 of the book Adaptive Enterprise Strategy Journey Management
  • 15. 4a. Data Breach: Don’t forget to look within your business - Security is not all about the technology. - A rising proportion of adverse cyber security events are coming from within the organisation – some say in excess of 60% - Common causes include: • human error, ‘tick the box’ security training, revolving door of part timers, contractors, short term employees • Poor vendor choices (e.g. consumer grade cloud) • Inappropriate IT and security architectures • ‘Shadow IT’
  • 16. Technical Risk: “All systems are running perfectly, Captain!” Systemic Risk: “What iceberg Captain?” 4b. Systemic risk contributes to data breaches Move executive’s focus from technical risk to systemic risk
  • 17. 4b. Systemic risk contributes to data breaches - The combination of a number of events may adversely impact the whole organisation (or your organisation’s ecosystem). • This is a systemic view of the enterprise of which technology is only one element - The conventional approach to managing the ‘cyber risk register’ – which underpins Security certification such as ISO27001 – often fails to detect systemic risk effectively. - A systemic view of the cyber risk results in an improved perspective of what the actual business risk is rather than what you think the risk might be. - This requires a multidisciplinary and collaborative approach.
  • 18. Assess and develop Strategic Leadership competencies for the digital era Are traditional business leadership practices failing today’s organisations facing rapid change and technology innovation? Industry research* drawn from 3,300 business across 106 countries Identified a 36% gap between leadership’s importance and readiness rating. * Bersin, J., (2015), “Global Human Capital Trends 2015”, Deloitte University Press. https://goo.gl/HpUYxr 4c. Leadership, culture, incentives and accountabilities
  • 19. 4c. Leadership, culture, incentives and accountabilities Recognise the importance of culture on cyber security capabilities Can you recognise the signs? • poor staff engagement and satisfaction, • adversarial cultures, • conflicted and inconsistent decision-making, • chronic inefficiency, • poor or ineffective cross functional collaboration, • continual state of crisis
  • 20. 4c. Leadership, culture, incentives and accountabilities Review the structure and intent of managerial and staff incentive schemes Primarily focusing on driving localised, short term targets can hamper or even undermine effectiveness of cyber security – enterprise wide. • If cyber security is important for your business and it’s seen by business stakeholders as someone else’s job, this will be your CEO’s starting point in defining executive incentives and business scorecards • Incentives drive temporary compliance. What does that say for developing, operating and maintaining ongoing security capabilities?
  • 21. 4c. Leadership, culture, incentives and accountabilities N > 400 : BDO and AusCERT 2016 Cyber Security Survey Australia and New Zealand https://goo.gl/671596 Define accountabilities for all aspects of information security across the organisation, and at all levels
  • 22. 4d. Integrate IT security with business processes Shift from “IT-Business Alignment” to “IT-Business Integration”. Likewise with security • By integrating IT security within and across business processes, the context and behaviours of system users and the IT ecosystem as a whole will be better understood. • This will improve the sensitivity and speed of detection of unusual events by the business, with the help of IT. • This will be a significant mitigating factor against falling foul of mandatory data breach notification laws
  • 23. 4e. Adaptive Enterprise Strategy and Architecture for change • Enterprises that develop an whole-of-business adaptive business strategy and architecture capability (which in turn drives IT security capabilities) are well equipped to deal with constantly changing : • Business value drivers • Customer and market requirements. • External cyber threats • Digital and IT ecosystems • A proactive, agile and adaptive IT security capability is a critical success factor for organisations dealing with sustained change
  • 24. 4f. Consider Cyber-insurance Why not transfer your (residual) risk? Consider these points, however: 1. Get your house in order first 2. Understand your business and its technology ecosystem well. 3. Meticulously read, understand and test any hypotheses 4. Set executive’s expectations that cyber insurance is not precise 5. Continually reassess the effectiveness of your cyber incident response team and process to minimise contributory negligence 6. Peer into your supply chain
  • 26. 5. Key takeaways 1. Turn security to a business value driver, not a cost to be minimised. 2. Effective data breach protection requires a whole-of-organisation approach. IT’s not just the job of the CIO or CSO 3. To assess your readiness, separately ask each of your directors this question: Who will be standing in the courtroom defending our business in the event of a data breach – be that due to legislation or customer contract violation? - Then compare your answers.