Data breach and Cybersecurity incident reporting regulations are becoming more widespread. The introduction of GDPR in May 2018, with its 72-hour reporting requirement, resulted in organizations having to review their incident response processes and more regional and industry-specific regulations are being introduced all the time. Security Operations and Privacy teams need to be aligned to meet these new requirements. Technology such as Security Orchestration and Automation is also being adopted to collaborate on the investigation and remediation of security incidents. This webinar, hosted by Privacy experts from Ovum and IBM, will look at how technology can close the gap between Privacy and Security to reduce the time to contain incidents and maintain compliance with complex breach laws. View the recording: https://event.on24.com/wcc/r/1930112/BE462033358FFF36C4B27F76C9755753?partnerref=LI

1. Bridging the Gap between Privacy and
Security: Using Technology to Manage
Complex Breach Disclosure Regulations

2. 2 IBM Security
Next-Generation SOAR Platform with Intelligent Orchestration
IBM Resilient: The Market Leader in Incident Response
Largest and most trusted
install base in the world
More than 350 customers globally
Customers in more than
30 countries
Part of the largest
enterprise security
organization in the world
Resilient is the hub of IBM Security’s
Immune System
Expanding customer support
and services resources
Only incident response
platform with built-in
intelligent orchestration
IBM Resilient Partner Ecosystem
delivered through IBM Security App
Exchange
Technology-agnostic platform delivers
enterprise-grade integrations with
IT and security tools
Includes orchestration and
automation capabilities

3. 3 IBM Security
Our Speakers
Monica Dubeau, CIPP/US
Privacy Program Director - Resilient, IBM
Alan Rodger
Senior Analyst, Ovum

4. Using Technology to Manage
Complex Breach Disclosure
Regulations
Alan Rodger
Senior Analyst
Ovum
27 February 2019

5. Ovum | TMT intelligence | informa5 Copyright © Informa PLC
Double danger - damaging breaches + escalating consequences
Dealing with breaches effectively, as a business
How solutions can help (Ovum Market Radar report)
Agenda

6. Ovum | TMT intelligence | informa6 Copyright © Informa PLC
What constitutes a breach? How common are they?
Many potential sources of data breaches:
• Cybersecurity attack
• Lost device
• Inadequate password protection
• Unauthorized use of data
59,000 data breaches reported in EU countries
(Source: DLA Piper survey results - 25 May ‘18 thru January ’19):
• NL – 15,400 (also highest per capita)
• DE – 12,600
• UK – 10,600
• Even small countries’ regulators are being notified of breaches (Lichtenstein,
Iceland and Cyprus)

7. Ovum | TMT intelligence | informa7 Copyright © Informa PLC
▪ Regulations are increasing the penalties
▪ In GDPR, up to 4% of global turnover, or EUR20M
▪ Timescale limitations add to the challenge
▪ We may see political ‘competition’ across regulatory jurisdictions
▪ These add to other direct and indirect financial impacts (internal and external):
▪ Operational costs
▪ Tying up expertise
▪ Delays to plans
▪ Trust and reputation
▪ Relationships and supply chain
Consequences of data breaches

8. Ovum | TMT intelligence | informa8 Copyright © Informa PLC
Information security is still a fundamental challenge
Source: Ovum ICT Enterprise Insights 2018/19 – Global: ICT Drivers and Technology Priorities

9. Ovum | TMT intelligence | informa9 Copyright © Informa PLC
▪ Complex operational planning, and commitment to compliance
▪ Access to right types (and levels) of expertise:
▪ DPO
▪ Legal / compliance (relationship with supervisory authorities, compliance oversight)
▪ HR (policy; training; employee issues, roles, and personal data)
▪ Marketing (customer relationship ‘owner’)
▪ Comms (media liaison, PR)
▪ IT (advisory on data, security, applications, and architecture)
Dealing with breaches effectively, as a business
▪ Awareness of responsibilities
▪ Leadership team ‘skin in the game’

10. Ovum | TMT intelligence | informa10 Copyright © Informa PLC
Solution schematic and value
Breach reporting:
- supervisory authority
- citizens affected
Processes /
capabilities
Information
/ insight /
expertise
Stakeholders
• Incidents
• Security logs
• Regulation context/advice
• Legal / compliance
• HR
• Marketing / comms
• Senior leadership
• IT
• Partners / service providers
• Organizational workflows
• Approvals
• Roles and contacts
• Scheduling / alerts
• Visibility / auditability
• Risk analysis
• Data integration
• Testing / modelling
• Visual design
• Templates
• Multiple supervisory contacts
• Digital submission

11. Ovum | TMT intelligence | informa11 Copyright © Informa PLC
▪ An early-stage market (with some mature solutions – but very few competing)
▪ Widespread adoption expected within a few years
▪ Alternatives (spreadsheets, checklists, manual processes) are inadequate
▪ Awareness will grow of non-compliance consequences
Ovum’s findings on Data Breach Management/Reporting solution market
▪ Our recommendations:
▪ Follow up earlier GDPR programs by spreading awareness of breach-reporting non-compliance risks, and the options available
▪ A successful compliance capability must:
▪ Ensure commitment of resources from across the organization, and external parties where needed
▪ Use a data breach management and reporting solution fully to maximize benefits
▪ Ensure that all parties are aware of their roles and responsibilities, should a data breach occur

12. Ovum | TMT intelligence | informa12 Copyright © Informa PLC
Thank you
alan.rodger@ovum.com

13. Privacy Module
Monica Dubeau
February 27, 2019
Privacy Program Director

14. 14 IBM Security
What is IBM Resilient Intelligent Orchestration?What is IBM Resilient Intelligent Orchestration?

15. 15 IBM Security
Over 160 global regulations in product
to help customers to remain compliant
with the complex breach notification
requirements
Privacy Module Capabilities
Integrated breach notification with the
wider Cyber Security Incident
Response plan – one central place of
incident management
Full simulation and table-top capabilities
to train Privacy & IR teams on
consistent, repeatable procedures
Reporting tools provide a clear
picture of the specific threats
facing the organization –
helping to identify gaps

16. 16 IBM Security
How It Works
Select data types lost

17. 17 IBM Security
How It Works
Select applicable jurisdictions

18. 18 IBM Security
Demonstrate a Consistent Process for Assessing Risk
Text box to document
conclusion
Guidance that helps
user assess risk

19. 19 IBM Security
Meet Short Notification Timelines
The breach notification timeline is
already set and counting down
Tasks can be assigned to team
members for accountability

20. 20 IBM Security
Notify in Phases

21. 21 IBM Security
Maintain Required Documentation

22. 22 IBM Security
Dashboards & Reporting

23. Q&A

24. ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind,
express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products
and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service
marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your
enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others.
No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems,
products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products
or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU