SlideShare ist ein Scribd-Unternehmen logo

Role of a breach coach

Als PPTX, PDF herunterladen
Dan Michaluk
Dan Michaluk

I hate the term "breach" - please call it a "security incident" - but the term "breach coach" is certainly ingrained. Posting today's presentation on the role of the coach as I step out the door to an insurance sector event.

Recht
1 von 16
Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk
Incident Response and the Role of a Breach Coach An Incident Response Primer: The Linear Model 2 Prepare Identify Contain & Restore Analyze Mitigate & Remedy
Incident Response and the Role of a Breach Coach An Incident Response Primer: The Analytical Model 3 Feedback (affected persons, media, regulators, government and other stakeholders) Input Witness statements, system data, system specs, existing policy and procedure, law, intelligence re malicious actors Process What is the exposure? What was the cause? Output Contain and restore, mitigate, remedy, communicate • Contained or restored • Reasonably understood • All reasonable steps taken
Incident Response and the Role of a Breach Coach Enter… the “breach coach” • A breach coach is • a lawyer • who knows the incident response process • and provides counsel on the process 4
Incident Response and the Role of a Breach Coach Why use a breach coach? • You’ll support you process with • Legal advice • Breadth of experience • Objectivity • Confidentiality 5
Incident Response and the Role of a Breach Coach When do I call? AFTER… • …you’ve confirmed that you have an “incident” (i.e. a real, non-trivial failure or problem) BEFORE… • … you take any containment steps other than those that must be taken • … you take any external action • … you let a large group of people know internally 6
Incident Response and the Role of a Breach Coach What to expect on that first call • The coach will determine what you know and assess what you don’t know • The coach will conduct a preliminary assessment of scope, exposure and “clock speed” • The coach will recommend a communication protocol • The coach will make recommendations on next steps 7
Incident Response and the Role of a Breach Coach The clock speed concept Fast-moving incident • SIN and DOB likely taken by a hacker • Errant e-mail sent to 1000 parents • PI included on envelope Slow-moving incident • Video surveillance system left unsecured • Former employee e-mailed payroll information home for work purposes… unclear if retained 8
Incident Response and the Role of a Breach Coach Communication and privilege • Privilege gives lawyers and clients a zone of privacy • Solicitor-client – communications for purpose of giving and receiving legal advice • Litigation – dominant purpose is to address contemplated litigation 9
Incident Response and the Role of a Breach Coach Communication and privilege PRIVILEGED • Client to lawyer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! NOT PRIVILEGED • IT staffer to IT staffer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! 10
Incident Response and the Role of a Breach Coach Communication and privilege • Elements of good protocol • Size of internal response team limited • Written communication outside the scope of privilege limited • Outside experts retained by the organization for the coach 11
Incident Response and the Role of a Breach Coach Outside experts • IT forensics • Communications • Response and notification services • Security consulting 12
Incident Response and the Role of a Breach Coach Going to the regulator • Go on the advice of your coach • Regulators a mandate to hold you accountable • A regulator is not a freely-available breach coach • It may be appropriate to go to the regulator at the outset • But if you do, your clock speed will immediately increase and you may lose control 13
Incident Response and the Role of a Breach Coach Going to the police • Go on the advice of your coach • Will rarely discharge your own duty to investigate and take reasonable steps • Can invite a loss of control over a situation over which you have control (e.g. known student hacker) • But when you are at an end there may be little downside to engaging the police and trying to get some help 14
Incident Response and the Role of a Breach Coach The press and external communications • Can be used against you • All external messages should be controlled • In general, messages • Are factual and appropriately qualified for uncertainties • Do not misrepresent or mislead • Demonstrate (by conveyance of facts) genuine concern 15
Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk

Empfohlen

Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
Fundamentals of Claims Management
Fundamentals of Claims ManagementFundamentals of Claims Management
Fundamentals of Claims Management
Sedgwick
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
Case IQ
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
Dan Michaluk
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
Marc S. Sokol
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
Dan Michaluk
 

Empfohlen

Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
Dan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
Dan Michaluk
 
Fundamentals of Claims Management
Fundamentals of Claims ManagementFundamentals of Claims Management
Fundamentals of Claims Management
Sedgwick
 
Cyber Recovery - Legal Toolkit
Cyber Recovery - Legal ToolkitCyber Recovery - Legal Toolkit
Cyber Recovery - Legal Toolkit
Kevin Duffey
 
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
“New” Misconduct Challenges and Solutions for Investigating as We Move to a ...
Case IQ
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
Dan Michaluk
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
Marc S. Sokol
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
Dan Michaluk
 
The BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecConThe BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecCon
Michael Gough
 
Sc slides
Sc slidesSc slides
Sc slides
York University - Osgoode Hall Law School
 
Precarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law SocietyPrecarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law Society
Richard Moorhead
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
Financial Poise
 
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Financial Poise
 
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
fahadansari131
 
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Case IQ
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
John Stauffacher
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
East Midlands Cyber Security Forum
 
Ra7solution 2010
Ra7solution 2010Ra7solution 2010
Ra7solution 2010
NSCAfrica
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
MARRY7
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
Specialized Carriers & Rigging Association
 
healthcare and safety in environmental engineering
healthcare and safety in environmental engineeringhealthcare and safety in environmental engineering
healthcare and safety in environmental engineering
arslanMaqbool4
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2
HCEfareham
 
When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)
Britton Gallagher
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 
Social care claims club, October/November 2017
Social care claims club, October/November 2017Social care claims club, October/November 2017
Social care claims club, October/November 2017
Browne Jacobson LLP
 
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Dan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
Dan Michaluk
 

Weitere ähnliche Inhalte

Ähnlich wie Role of a breach coach

How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
Financial Poise
 
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Financial Poise
 
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Case IQ
 
Ra7solution 2010
Ra7solution 2010Ra7solution 2010
Ra7solution 2010
NSCAfrica
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
MARRY7
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
Evan Francen
 
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
Specialized Carriers & Rigging Association
 
healthcare and safety in environmental engineering
healthcare and safety in environmental engineeringhealthcare and safety in environmental engineering
healthcare and safety in environmental engineering
arslanMaqbool4
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
Resilient Systems
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Paul C. Van Slyke
 

Ähnlich wie Role of a breach coach (20)

The BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecConThe BIG ONE 2.0 - HouSecCon
The BIG ONE 2.0 - HouSecCon
 
Sc slides
Sc slidesSc slides
Sc slides
 
Precarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law SocietyPrecarious professionalism 17 Sep 14 to Law Society
Precarious professionalism 17 Sep 14 to Law Society
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
I Know What You Did Last Summer: Workplace Investigations (Series: Protecting...
 
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
Workplace Investigations (Series: Protecting Your Employee Assets: The Life C...
 
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14Accident investigation BY Muhammad Fahad Ansari 12IEEM14
Accident investigation BY Muhammad Fahad Ansari 12IEEM14
 
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
Hybrid Workplace Harassment: Are You Protecting Your Company from Hidden Thre...
 
Janitor vs cleaner
Janitor vs cleanerJanitor vs cleaner
Janitor vs cleaner
 
What to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breachWhat to do when get hacked or suffer a cyber breach
What to do when get hacked or suffer a cyber breach
 
Ra7solution 2010
Ra7solution 2010Ra7solution 2010
Ra7solution 2010
 
Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx Incident ResponseAs a security professional, you will.docx
Incident ResponseAs a security professional, you will.docx
 
People are the biggest risk
People are the biggest riskPeople are the biggest risk
People are the biggest risk
 
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
2017 CRW: Is Your Company Prepared for Litigation? (Fred Marcinak)
 
healthcare and safety in environmental engineering
healthcare and safety in environmental engineeringhealthcare and safety in environmental engineering
healthcare and safety in environmental engineering
 
Safeguarding week 2
Safeguarding week 2Safeguarding week 2
Safeguarding week 2
 
When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)When Violence Invades Your Family Entertainment Center (FEC)
When Violence Invades Your Family Entertainment Center (FEC)
 
5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan5 Steps to Improve Your Incident Response Plan
5 Steps to Improve Your Incident Response Plan
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
Social care claims club, October/November 2017
Social care claims club, October/November 2017Social care claims club, October/November 2017
Social care claims club, October/November 2017
 

Mehr von Dan Michaluk

Mehr von Dan Michaluk (20)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
 

Kürzlich hochgeladen

一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
seri bangash
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
SS A
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
ca2or2tx
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
nyabatejosphat1
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
SS A
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
E LSS
 

Kürzlich hochgeladen (20)

Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt3 Formation of Company.www.seribangash.com.ppt
3 Formation of Company.www.seribangash.com.ppt
 
589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf589308994-interpretation-of-statutes-notes-law-college.pdf
589308994-interpretation-of-statutes-notes-law-college.pdf
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptxMunicipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
Municipal-Council-Ratlam-vs-Vardi-Chand-A-Landmark-Writ-Case.pptx
 
PowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptxPowerPoint - Legal Citation Form 1 - Case Law.pptx
PowerPoint - Legal Citation Form 1 - Case Law.pptx
 
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
8. SECURITY GUARD CREED, CODE OF CONDUCT, COPE.pptx
 
Clarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo forClarifying Land Donation Issues Memo for
Clarifying Land Donation Issues Memo for
 
INVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptxINVOLUNTARY TRANSFERS Kenya school of law.pptx
INVOLUNTARY TRANSFERS Kenya school of law.pptx
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptxMOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
MOCK GENERAL MEETINGS (SS-2)- PPT- Part 2.pptx
 
Relationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdfRelationship Between International Law and Municipal Law MIR.pdf
Relationship Between International Law and Municipal Law MIR.pdf
 
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptxPresentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
Presentation on Corporate SOCIAL RESPONSIBILITY- PPT.pptx
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
 
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptxIBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
IBC (Insolvency and Bankruptcy Code 2016)-IOD - PPT.pptx
 
Performance of contract-1 law presentation
Performance of contract-1 law presentationPerformance of contract-1 law presentation
Performance of contract-1 law presentation
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 

Role of a breach coach

  • 1. Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk
  • 2. Incident Response and the Role of a Breach Coach An Incident Response Primer: The Linear Model 2 Prepare Identify Contain & Restore Analyze Mitigate & Remedy
  • 3. Incident Response and the Role of a Breach Coach An Incident Response Primer: The Analytical Model 3 Feedback (affected persons, media, regulators, government and other stakeholders) Input Witness statements, system data, system specs, existing policy and procedure, law, intelligence re malicious actors Process What is the exposure? What was the cause? Output Contain and restore, mitigate, remedy, communicate • Contained or restored • Reasonably understood • All reasonable steps taken
  • 4. Incident Response and the Role of a Breach Coach Enter… the “breach coach” • A breach coach is • a lawyer • who knows the incident response process • and provides counsel on the process 4
  • 5. Incident Response and the Role of a Breach Coach Why use a breach coach? • You’ll support you process with • Legal advice • Breadth of experience • Objectivity • Confidentiality 5
  • 6. Incident Response and the Role of a Breach Coach When do I call? AFTER… • …you’ve confirmed that you have an “incident” (i.e. a real, non-trivial failure or problem) BEFORE… • … you take any containment steps other than those that must be taken • … you take any external action • … you let a large group of people know internally 6
  • 7. Incident Response and the Role of a Breach Coach What to expect on that first call • The coach will determine what you know and assess what you don’t know • The coach will conduct a preliminary assessment of scope, exposure and “clock speed” • The coach will recommend a communication protocol • The coach will make recommendations on next steps 7
  • 8. Incident Response and the Role of a Breach Coach The clock speed concept Fast-moving incident • SIN and DOB likely taken by a hacker • Errant e-mail sent to 1000 parents • PI included on envelope Slow-moving incident • Video surveillance system left unsecured • Former employee e-mailed payroll information home for work purposes… unclear if retained 8
  • 9. Incident Response and the Role of a Breach Coach Communication and privilege • Privilege gives lawyers and clients a zone of privacy • Solicitor-client – communications for purpose of giving and receiving legal advice • Litigation – dominant purpose is to address contemplated litigation 9
  • 10. Incident Response and the Role of a Breach Coach Communication and privilege PRIVILEGED • Client to lawyer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! NOT PRIVILEGED • IT staffer to IT staffer: I’m really worried we screwed up. We knew this was a problem eight months ago and didn’t fix it! 10
  • 11. Incident Response and the Role of a Breach Coach Communication and privilege • Elements of good protocol • Size of internal response team limited • Written communication outside the scope of privilege limited • Outside experts retained by the organization for the coach 11
  • 12. Incident Response and the Role of a Breach Coach Outside experts • IT forensics • Communications • Response and notification services • Security consulting 12
  • 13. Incident Response and the Role of a Breach Coach Going to the regulator • Go on the advice of your coach • Regulators a mandate to hold you accountable • A regulator is not a freely-available breach coach • It may be appropriate to go to the regulator at the outset • But if you do, your clock speed will immediately increase and you may lose control 13
  • 14. Incident Response and the Role of a Breach Coach Going to the police • Go on the advice of your coach • Will rarely discharge your own duty to investigate and take reasonable steps • Can invite a loss of control over a situation over which you have control (e.g. known student hacker) • But when you are at an end there may be little downside to engaging the police and trying to get some help 14
  • 15. Incident Response and the Role of a Breach Coach The press and external communications • Can be used against you • All external messages should be controlled • In general, messages • Are factual and appropriately qualified for uncertainties • Do not misrepresent or mislead • Demonstrate (by conveyance of facts) genuine concern 15
  • 16. Incident Response and the Role of a Breach Coach Incident Response and the Role of a Breach Coach September 29, 2017 Dan Michaluk

Hinweis der Redaktion

  1. 1
  2. -incident response is a process -various models -they all look like this -this one, I believe is from, ISO/IEC 27035 ... -the last three are linear -but they are iterative and loop -to be clear, analysis supports both containment, mitigation and remediation
  3. 16