SlideShare a Scribd company logo

2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15

Cary Calderone, Esq., CIPP/US
Cary Calderone, Esq., CIPP/US
1 of 31
Download to read offline
New World Cyber Threats – Having a Good IG Foundation Can Help ARMA & IBM IG Track – Panel # 2 – July 14, 2015 Discussion Leader: Robert D. Brownstone Fenwick & West LLP Panelists: Cary Calderone SandHill Law Sylvia Johnson Wells Fargo Tyler Newby Fenwick & West LLP James Schellhase IBM July 13-14, 2015 San Francisco- Hyatt Regency 1
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency Outline/ Agenda  INTRODUCTION –Anthem & Sony Post-Mortems  I. Liability Risks  II. Proactive Preventative Measures  III. Frameworks/Resources  IV. Reactive Remediation (Incident-Response)  CONCLUSION/Questions 2
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRODUCTION – Anthem & Sony Post-Mortems  Breach Prevalence • “Chronology of Data Breaches” for 4/20/05 – 6/4/15 (≈ 816 M records; > 4,500 incidents) • “Office of Inadequate Security” • PricewaterhouseCoopers LLP (pwc), U.S. Secret Service al., US cybercrime: Rising risks, reduced readiness: Key findings from the 2014 US State of Cybercrime Survey (June 2014) • Ponemon Inst. o/b/o HP Enterprise Security, Cyber Crime Costs Continue to Grow (2014) 3
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Anthem & Sony Post-Mortems  Diagnoses of Causes of: • Anthem Breach  Eduard Kovacs, Industry Reactions to Anthem Data Breach (Security Week 2/6/15)  Joseph Conn, Legal liabilities in recent data breach extend far beyond Anthem, ModernHealthcare (2/23/15) • Sony Pictures Hack  Overview at below Slides 5-9  Sources at Slide 10 4
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  WHEN? • Started over a year before Dec ’14  WHO? • Might be combination . . . • Likely not nation-state (North Korea) • Attackers only latched onto “The Interview” after the media did (Rogers) • Skilled hackers use proxy machines and false IP addresses to cover their tracks or plant false clues inside their malware • Noisy announcement of themselves, including image of blazing skeleton posted to infected computers 5
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony (c’t’d)  WHO (c’t’d)? • Likely hacktivists: • One theory is that disgruntled former employees were involved; • Alternate theories of outsiders who disagreed with company’s policies and practices • Data dumped (posted to Pastebin, unofficial cloud repository of hackers) rather than IP sold or $ stolen from financial accounts . . . • VERY savvy re: web & social media 6
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony (c’t’d)  WHAT (in addition to emails)? • PII and PHI (SSN’s, DOB’s, medical conditions, etc.) • Lots of documents exfiltrated  List of employee salaries and bonuses  HR – employee performance reviews, criminal background checks and termination records  IP (script; films) • Twitter accounts taken over • Data destroyed (overwritten) by malware  Some wiped via commercially available product (RawDisk) 7
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  HOW? • Phishing? • Website vulnerabilities exploited • Means to achieve ends:  Hundreds of employees’ usernames and passwords  RSA SecurID tokens and certificates  Sensitive info. about network architecture  Masset list mapping the location of the company’s databases and servers around the world  List of routers, switches and load balancers and usernames and passwords administrators used to manage them 8
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  HOW (c’t’d)? • Inability of traditional AntiVirus to detect bespoke malware • Whatever Data Loss Prevention (DLP) solution Sony used missed transfers of terabytes of data out of the network • On-premise perimeter security appliances missed:  huge anomalies in network traffic, machine usage & host relationships  Sony’s own edge being hijacked and used as public bittorrent servers aiding the exfiltration of data?  WHAT NOW? • start over (every password key and certificate tainted) From below Rogers article 9
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  Sources for the above slides 5-9: • Zetter, Sony Got Hacked Hard: What We Know and Don’t Know So Far, Wired (12/3/14) • Sony Pictures, Dear SPR Employees (12/8/14) (letter now posted on Cal. Attorney General’s website) • Rogers, Why the Sony hack is unlikely to be the work of North Korea, Marc’s Security Ramblings (12/18/14) • Zetter, The Evidence That North Korea Hacked Sony Is Flimsy, Wired (12/18/14) • Wikipedia, Sony Pictures Entertainment hack (1/22/15) 10
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks  Litigation is just one expense • Business downtime • Infrastructure replacement • Loss of customer goodwill and contracts • Outside forensics • Notification costs • Contractual indemnities • Regulatory investigations 11
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks  Response & remediation costs are growing with size of breaches • Sony Pictures: $100+ million • Target: $138+ million • eBay: Expenses affected operating margin by 1.9% • Home Depot: $43 million • Sony PSN (2011): $171 million 12
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks  Lawsuits – Consumer class actions are just one of Hydra’s heads • Consumer class action settlement agreement with Target for $10 million, but . . . • MasterCard, Target breach $19M settlement agreement fell apart • Lawyers for the banks did not think it was enough! 13
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks (c’t’d)  Mastercard/Target (c’t’d) • Lawyers for the banks have estimated the total losses at more than $160 million, with approximately half that amount lost to fraud and half to the cost of reissuing nearly 9 million credit cards • In 2013, Target said the breach during the holiday shopping season compromised at least 40 million credit cards and may have resulted in the theft of personal information from as many as 110 million people • Target is still negotiating with Visa Inc. over losses from the breach  Joseph Ax, MasterCard, Target data breach settlement falls apart, Reuters (May 22, 2105) 14
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks (c’t’d)  FTC Enforcement • BJ’s Wholesale (FTC enforcement action): Companies with customer or employee info have a general obligation to protect PII with reasonable and appropriate security practices • FTC v. Wyndham Worldwide Corp.: FTC has authority to bring an enforcement action under Section 5 of the FTC Act • LabMD:  FTC has authority to investigate data security with investigative requests (Civil Investigative Demands)  FTC must share its standards with LabMD 15
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks (c’t’d)  Plaintiffs suing for data breaches use several different legal theories: • negligence • breach of express or implied contract • breach of express or implied warranty • unfair and deceptive trade practices act • data breach notification laws  Many suits fail early because plaintiffs cannot establish: • standing to sue • damages • causation 16
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency II. Proactive Preventative/ Precautionary Measures  Access Restrictions  Passwords  Encryption  Written Policies AND Training  Network Monitoring & Pen(etration) Tests  Cyber-Insurance . . . . 17
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency II. Proactive Measures (c’t’d) 18  Does your Commercial General Liability (CGL) Policy have you covered? • Probably not • IBM case - Recall Total Information Management Inc. v. Federal Insurance Co., 317 Conn. 46 (May 26, 2015) • Sony PlayStation case - Zurich American Insurance Co. v. Sony Corp. of America, 2014 WL 3253541 (Sup. Ct. N.Y. Cty. Feb. 24, 2014), appeal withdrawn on stipulation, 127 A.D. 3d 662 (Apr. 30, 2015)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Cyber-Insurance . . .  First Party Coverage? Third Party Coverage (clients, vendors, employees, etc.)?  Covered by Prop. Ins. Policy? CGL Policy?  Covered by D&O and/or E&O?  If not, get separate/special coverage?  Depends at least in part on: • Industry • Data types and volumes 19 II. Proactive Measures (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Role in a Security Program • Understand the program’s core elements • Draft/review/update policies and procedures • Develop training program • Investigate potential policy violations and breaches • Develop vendor and customer contract requirements • Influence legislative and rulemaking processes 20 II. Proactive Measures (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook • Preselect law firm(s) and forensic investigator(s) (see insurer’s panel, PCI approved list) • Preselect notification and call support vendor • Engage law firm(s) • Engage forensic investigator(s) 21 II. Proactive Measures (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency • APEC  APEC Privacy Framework • COBIT 5 – ISACA • ISO/IEC 27001 – “Information security management”  LegalSECTM – ILTA • NIST, Framework for Improving Critical Infrastructure Cybersecurity (2/12/14), per Pres. Obama’s Executive Order 13636 (2/12/13) 22 III. Frameworks/ Resources (in alpha order)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency 23 III. Frameworks/ Resources (c’t’d) • NIST  Special Publication 800-53, Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations (maps to ISO 27K)  Special Publication 800-61, Revision 2 – Computer Security Incident Handling Guide • SOC 2® Report — “Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” (AICPA)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency 24 III. Frameworks/ Resources (c’t’d)  Other Resources (in alpha order) . . . • Brownstone: • Data Security Breaches: Proactive Prevention and Reactive Remedies, AudioSolutionz Webinar slides (5/14/15) • Using Analytics to Clean Out the ESI Garage, Today’s General Counsel (Oct./Nov. 2014) (co-author) • Heartbleed: It’s 10 PM; Do You Know Where Your Data is? ITLawToday (5/6/14) • Cloud Security Alliance • Schneier on Security
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • Understand types of data that were compromised (e.g., customer data, proprietary data, employee data) • Contact regulators that require:  early warning, even before a breach is confirmed  notification after a breach is confirmed • Contact law enforcement if necessary or advisable • Contact Risk Management or notify insurer 25 IV. Reactive Remediation (Incident-Response)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • Draft any breach notice required by:  law  customer contracts  contract with a payment card acquiring bank • Draft any required SEC material event disclosure • Review external communications (press releases, press or media standby statement, website content, social media) 26 IV. Incident- Response (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • Attorney-Client Privilege and Attorney Work-Product  May not be appropriate for all / small incidents  The activity/assessment was initiated for the purpose of providing legal advice  The privilege is being claimed in an adversarial proceeding (not against a regulator)  Reports and communications are selectively distributed 27 IV. Incident- Response (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • ACP & AWP (c’t’d)  An attorney or an attorney’s subordinate (e.g., Compliance) is involved in day-to-day interactions (not sufficient to copy a lawyer)  The issue under review is selective and not routine (because routine assessments are a business function, not a legal function) 28 IV. Incident- Response (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency • ACP & AWP (c’t’d)  Create templates of self-executing instructions to incident-response (IR) team and PR team that investigation and public statements will be managed by counsel for the purpose of providing legal advice and protecting legal interests  Designate legal point person leading investigation  Forensic investigators (internal and external) should report results to counsel 29 IV. Incident- Response (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency • ACP & AWP (c’t’d)  Templates of self-executing instructions (c’t’d)  External crisis management PR should be engaged by counsel (in-house or outside) in a consulting role  Establish daily (or more frequently in early stages) meetings attended by counsel for status reporting  PR strategy and statements should be reviewed/approved by counsel  Consider creation of two forensic incident reports 30 IV. Incident- Response (c’t’d)
Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency CONCLUSION/ Questions Sylvia Johnson <Sylvia.Johnson@ wellsfargo.com> Cary Calderone <cary@sandhilllaw.com> Tyler Newby <tnewby@fenwick.com > 31 Robert D. Brownstone <rbrownstone@fenwick.com> <tinyurl.com/Bob-Brownstone-Bio> <www.ITLawToday.com> James Schellhase <jaschell@us.ibm.com> <ibmecmblog.com> <@ibm_ecm>

Recommended

2014 upstate ny trade conference & expo.select advanced export issues.13jun14
2014 upstate ny trade conference & expo.select advanced export issues.13jun142014 upstate ny trade conference & expo.select advanced export issues.13jun14
2014 upstate ny trade conference & expo.select advanced export issues.13jun14Jon Yormick
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
February 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureFebruary 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureJohn Priecko
 
When not if
When not ifWhen not if
When not ifDavid L. Fleck, Esq.
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Researchmarciahofmann
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
 
AZBIA & Traklight present "New Year, New Business" Open House
AZBIA & Traklight present "New Year, New Business" Open HouseAZBIA & Traklight present "New Year, New Business" Open House
AZBIA & Traklight present "New Year, New Business" Open HouseTraklight.com
 
Introduction to Police Technology
Introduction to Police TechnologyIntroduction to Police Technology
Introduction to Police TechnologyHi Tech Criminal Justice
 

Recommended

2014 upstate ny trade conference & expo.select advanced export issues.13jun14
2014 upstate ny trade conference & expo.select advanced export issues.13jun142014 upstate ny trade conference & expo.select advanced export issues.13jun14
2014 upstate ny trade conference & expo.select advanced export issues.13jun14Jon Yormick
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
February 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureFebruary 15-17, 2011 - ITAR Boot Camp Brochure
February 15-17, 2011 - ITAR Boot Camp BrochureJohn Priecko
 
When not if
When not ifWhen not if
When not ifDavid L. Fleck, Esq.
 
Legal Issues in Mobile Security Research
Legal Issues in Mobile Security ResearchLegal Issues in Mobile Security Research
Legal Issues in Mobile Security Researchmarciahofmann
 
Keeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightKeeping an Eye On Risk - Current Concerns and Supervisory Oversight
Keeping an Eye On Risk - Current Concerns and Supervisory OversightCBIZ, Inc.
 
AZBIA & Traklight present "New Year, New Business" Open House
AZBIA & Traklight present "New Year, New Business" Open HouseAZBIA & Traklight present "New Year, New Business" Open House
AZBIA & Traklight present "New Year, New Business" Open HouseTraklight.com
 
Introduction to Police Technology
Introduction to Police TechnologyIntroduction to Police Technology
Introduction to Police TechnologyHi Tech Criminal Justice
 
Awareness of extraordinary consequences in ordinary immigration proceedings, ...
Awareness of extraordinary consequences in ordinary immigration proceedings, ...Awareness of extraordinary consequences in ordinary immigration proceedings, ...
Awareness of extraordinary consequences in ordinary immigration proceedings, ...Rajiv Khanna
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?Logikcull.com
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfDEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfJames Arlen
 
Information security overview
Information security overviewInformation security overview
Information security overviewPonum Raja
 
A Brief History of Police Technology
A Brief History of Police TechnologyA Brief History of Police Technology
A Brief History of Police TechnologyHi Tech Criminal Justice
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborTurner and Associates, Inc.
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptxssusera5ade5
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDDATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDPriyanka Aash
 
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationDouglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationTurner and Associates, Inc.
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 

More Related Content

What's hot

Awareness of extraordinary consequences in ordinary immigration proceedings, ...
Awareness of extraordinary consequences in ordinary immigration proceedings, ...Awareness of extraordinary consequences in ordinary immigration proceedings, ...
Awareness of extraordinary consequences in ordinary immigration proceedings, ...Rajiv Khanna
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?Logikcull.com
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-dataNumaan Huq
 
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfDEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfJames Arlen
 
Information security overview
Information security overviewInformation security overview
Information security overviewPonum Raja
 

What's hot (6)

Awareness of extraordinary consequences in ordinary immigration proceedings, ...
Awareness of extraordinary consequences in ordinary immigration proceedings, ...Awareness of extraordinary consequences in ordinary immigration proceedings, ...
Awareness of extraordinary consequences in ordinary immigration proceedings, ...
 
What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?What is in store for e-discovery in 2015?
What is in store for e-discovery in 2015?
 
wp-follow-the-data
wp-follow-the-datawp-follow-the-data
wp-follow-the-data
 
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfDEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
 
Information security overview
Information security overviewInformation security overview
Information security overview
 
A Brief History of Police Technology
A Brief History of Police TechnologyA Brief History of Police Technology
A Brief History of Police Technology
 

Similar to 2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselCasey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counselbugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborTurner and Associates, Inc.
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksTechWell
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsPriyanka Aash
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119David Doughty
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDDATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDPriyanka Aash
 
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationDouglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationTurner and Associates, Inc.
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Shawn Tuma
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Vivastream
 

Similar to 2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15 (20)

Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas JamborData Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
Data Breaches - Sageworks, Inc., Webinar Series by Douglas Jambor
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal RisksPrivacy and Data Security: Minimizing Reputational and Legal Risks
Privacy and Data Security: Minimizing Reputational and Legal Risks
 
Evidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five ControlsEvidence-Based Security: The New Top Five Controls
Evidence-Based Security: The New Top Five Controls
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
nerfslides.pptx
nerfslides.pptxnerfslides.pptx
nerfslides.pptx
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPAREDDATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
DATA BREACH LITIGATION HOW TO AVOID IT AND BE BETTER PREPARED
 
Douglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity PresentationDouglas Jambor Sageworks Cybersecurity Presentation
Douglas Jambor Sageworks Cybersecurity Presentation
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
 

2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15

  • 1. New World Cyber Threats – Having a Good IG Foundation Can Help ARMA & IBM IG Track – Panel # 2 – July 14, 2015 Discussion Leader: Robert D. Brownstone Fenwick & West LLP Panelists: Cary Calderone SandHill Law Sylvia Johnson Wells Fargo Tyler Newby Fenwick & West LLP James Schellhase IBM July 13-14, 2015 San Francisco- Hyatt Regency 1
  • 2. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency Outline/ Agenda  INTRODUCTION –Anthem & Sony Post-Mortems  I. Liability Risks  II. Proactive Preventative Measures  III. Frameworks/Resources  IV. Reactive Remediation (Incident-Response)  CONCLUSION/Questions 2
  • 3. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRODUCTION – Anthem & Sony Post-Mortems  Breach Prevalence • “Chronology of Data Breaches” for 4/20/05 – 6/4/15 (≈ 816 M records; > 4,500 incidents) • “Office of Inadequate Security” • PricewaterhouseCoopers LLP (pwc), U.S. Secret Service al., US cybercrime: Rising risks, reduced readiness: Key findings from the 2014 US State of Cybercrime Survey (June 2014) • Ponemon Inst. o/b/o HP Enterprise Security, Cyber Crime Costs Continue to Grow (2014) 3
  • 4. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Anthem & Sony Post-Mortems  Diagnoses of Causes of: • Anthem Breach  Eduard Kovacs, Industry Reactions to Anthem Data Breach (Security Week 2/6/15)  Joseph Conn, Legal liabilities in recent data breach extend far beyond Anthem, ModernHealthcare (2/23/15) • Sony Pictures Hack  Overview at below Slides 5-9  Sources at Slide 10 4
  • 5. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  WHEN? • Started over a year before Dec ’14  WHO? • Might be combination . . . • Likely not nation-state (North Korea) • Attackers only latched onto “The Interview” after the media did (Rogers) • Skilled hackers use proxy machines and false IP addresses to cover their tracks or plant false clues inside their malware • Noisy announcement of themselves, including image of blazing skeleton posted to infected computers 5
  • 6. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony (c’t’d)  WHO (c’t’d)? • Likely hacktivists: • One theory is that disgruntled former employees were involved; • Alternate theories of outsiders who disagreed with company’s policies and practices • Data dumped (posted to Pastebin, unofficial cloud repository of hackers) rather than IP sold or $ stolen from financial accounts . . . • VERY savvy re: web & social media 6
  • 7. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony (c’t’d)  WHAT (in addition to emails)? • PII and PHI (SSN’s, DOB’s, medical conditions, etc.) • Lots of documents exfiltrated  List of employee salaries and bonuses  HR – employee performance reviews, criminal background checks and termination records  IP (script; films) • Twitter accounts taken over • Data destroyed (overwritten) by malware  Some wiped via commercially available product (RawDisk) 7
  • 8. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  HOW? • Phishing? • Website vulnerabilities exploited • Means to achieve ends:  Hundreds of employees’ usernames and passwords  RSA SecurID tokens and certificates  Sensitive info. about network architecture  Masset list mapping the location of the company’s databases and servers around the world  List of routers, switches and load balancers and usernames and passwords administrators used to manage them 8
  • 9. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  HOW (c’t’d)? • Inability of traditional AntiVirus to detect bespoke malware • Whatever Data Loss Prevention (DLP) solution Sony used missed transfers of terabytes of data out of the network • On-premise perimeter security appliances missed:  huge anomalies in network traffic, machine usage & host relationships  Sony’s own edge being hijacked and used as public bittorrent servers aiding the exfiltration of data?  WHAT NOW? • start over (every password key and certificate tainted) From below Rogers article 9
  • 10. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency INTRO (c’t’d) – Sony Breach  Sources for the above slides 5-9: • Zetter, Sony Got Hacked Hard: What We Know and Don’t Know So Far, Wired (12/3/14) • Sony Pictures, Dear SPR Employees (12/8/14) (letter now posted on Cal. Attorney General’s website) • Rogers, Why the Sony hack is unlikely to be the work of North Korea, Marc’s Security Ramblings (12/18/14) • Zetter, The Evidence That North Korea Hacked Sony Is Flimsy, Wired (12/18/14) • Wikipedia, Sony Pictures Entertainment hack (1/22/15) 10
  • 11. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks  Litigation is just one expense • Business downtime • Infrastructure replacement • Loss of customer goodwill and contracts • Outside forensics • Notification costs • Contractual indemnities • Regulatory investigations 11
  • 12. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks  Response & remediation costs are growing with size of breaches • Sony Pictures: $100+ million • Target: $138+ million • eBay: Expenses affected operating margin by 1.9% • Home Depot: $43 million • Sony PSN (2011): $171 million 12
  • 13. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks  Lawsuits – Consumer class actions are just one of Hydra’s heads • Consumer class action settlement agreement with Target for $10 million, but . . . • MasterCard, Target breach $19M settlement agreement fell apart • Lawyers for the banks did not think it was enough! 13
  • 14. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks (c’t’d)  Mastercard/Target (c’t’d) • Lawyers for the banks have estimated the total losses at more than $160 million, with approximately half that amount lost to fraud and half to the cost of reissuing nearly 9 million credit cards • In 2013, Target said the breach during the holiday shopping season compromised at least 40 million credit cards and may have resulted in the theft of personal information from as many as 110 million people • Target is still negotiating with Visa Inc. over losses from the breach  Joseph Ax, MasterCard, Target data breach settlement falls apart, Reuters (May 22, 2105) 14
  • 15. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks (c’t’d)  FTC Enforcement • BJ’s Wholesale (FTC enforcement action): Companies with customer or employee info have a general obligation to protect PII with reasonable and appropriate security practices • FTC v. Wyndham Worldwide Corp.: FTC has authority to bring an enforcement action under Section 5 of the FTC Act • LabMD:  FTC has authority to investigate data security with investigative requests (Civil Investigative Demands)  FTC must share its standards with LabMD 15
  • 16. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency I. Liability Risks (c’t’d)  Plaintiffs suing for data breaches use several different legal theories: • negligence • breach of express or implied contract • breach of express or implied warranty • unfair and deceptive trade practices act • data breach notification laws  Many suits fail early because plaintiffs cannot establish: • standing to sue • damages • causation 16
  • 17. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency II. Proactive Preventative/ Precautionary Measures  Access Restrictions  Passwords  Encryption  Written Policies AND Training  Network Monitoring & Pen(etration) Tests  Cyber-Insurance . . . . 17
  • 18. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency II. Proactive Measures (c’t’d) 18  Does your Commercial General Liability (CGL) Policy have you covered? • Probably not • IBM case - Recall Total Information Management Inc. v. Federal Insurance Co., 317 Conn. 46 (May 26, 2015) • Sony PlayStation case - Zurich American Insurance Co. v. Sony Corp. of America, 2014 WL 3253541 (Sup. Ct. N.Y. Cty. Feb. 24, 2014), appeal withdrawn on stipulation, 127 A.D. 3d 662 (Apr. 30, 2015)
  • 19. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Cyber-Insurance . . .  First Party Coverage? Third Party Coverage (clients, vendors, employees, etc.)?  Covered by Prop. Ins. Policy? CGL Policy?  Covered by D&O and/or E&O?  If not, get separate/special coverage?  Depends at least in part on: • Industry • Data types and volumes 19 II. Proactive Measures (c’t’d)
  • 20. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Role in a Security Program • Understand the program’s core elements • Draft/review/update policies and procedures • Develop training program • Investigate potential policy violations and breaches • Develop vendor and customer contract requirements • Influence legislative and rulemaking processes 20 II. Proactive Measures (c’t’d)
  • 21. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook • Preselect law firm(s) and forensic investigator(s) (see insurer’s panel, PCI approved list) • Preselect notification and call support vendor • Engage law firm(s) • Engage forensic investigator(s) 21 II. Proactive Measures (c’t’d)
  • 22. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency • APEC  APEC Privacy Framework • COBIT 5 – ISACA • ISO/IEC 27001 – “Information security management”  LegalSECTM – ILTA • NIST, Framework for Improving Critical Infrastructure Cybersecurity (2/12/14), per Pres. Obama’s Executive Order 13636 (2/12/13) 22 III. Frameworks/ Resources (in alpha order)
  • 23. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency 23 III. Frameworks/ Resources (c’t’d) • NIST  Special Publication 800-53, Revision 4 – Security and Privacy Controls for Federal Information Systems and Organizations (maps to ISO 27K)  Special Publication 800-61, Revision 2 – Computer Security Incident Handling Guide • SOC 2® Report — “Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy” (AICPA)
  • 24. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency 24 III. Frameworks/ Resources (c’t’d)  Other Resources (in alpha order) . . . • Brownstone: • Data Security Breaches: Proactive Prevention and Reactive Remedies, AudioSolutionz Webinar slides (5/14/15) • Using Analytics to Clean Out the ESI Garage, Today’s General Counsel (Oct./Nov. 2014) (co-author) • Heartbleed: It’s 10 PM; Do You Know Where Your Data is? ITLawToday (5/6/14) • Cloud Security Alliance • Schneier on Security
  • 25. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • Understand types of data that were compromised (e.g., customer data, proprietary data, employee data) • Contact regulators that require:  early warning, even before a breach is confirmed  notification after a breach is confirmed • Contact law enforcement if necessary or advisable • Contact Risk Management or notify insurer 25 IV. Reactive Remediation (Incident-Response)
  • 26. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • Draft any breach notice required by:  law  customer contracts  contract with a payment card acquiring bank • Draft any required SEC material event disclosure • Review external communications (press releases, press or media standby statement, website content, social media) 26 IV. Incident- Response (c’t’d)
  • 27. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • Attorney-Client Privilege and Attorney Work-Product  May not be appropriate for all / small incidents  The activity/assessment was initiated for the purpose of providing legal advice  The privilege is being claimed in an adversarial proceeding (not against a regulator)  Reports and communications are selectively distributed 27 IV. Incident- Response (c’t’d)
  • 28. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency  Lawyer’s Incident Response Playbook (c’t’d) • ACP & AWP (c’t’d)  An attorney or an attorney’s subordinate (e.g., Compliance) is involved in day-to-day interactions (not sufficient to copy a lawyer)  The issue under review is selective and not routine (because routine assessments are a business function, not a legal function) 28 IV. Incident- Response (c’t’d)
  • 29. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency • ACP & AWP (c’t’d)  Create templates of self-executing instructions to incident-response (IR) team and PR team that investigation and public statements will be managed by counsel for the purpose of providing legal advice and protecting legal interests  Designate legal point person leading investigation  Forensic investigators (internal and external) should report results to counsel 29 IV. Incident- Response (c’t’d)
  • 30. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency • ACP & AWP (c’t’d)  Templates of self-executing instructions (c’t’d)  External crisis management PR should be engaged by counsel (in-house or outside) in a consulting role  Establish daily (or more frequently in early stages) meetings attended by counsel for status reporting  PR strategy and statements should be reviewed/approved by counsel  Consider creation of two forensic incident reports 30 IV. Incident- Response (c’t’d)
  • 31. Legaltech West Coast July 13-14, 2015 San Francisco- Hyatt Regency CONCLUSION/ Questions Sylvia Johnson <Sylvia.Johnson@ wellsfargo.com> Cary Calderone <cary@sandhilllaw.com> Tyler Newby <tnewby@fenwick.com > 31 Robert D. Brownstone <rbrownstone@fenwick.com> <tinyurl.com/Bob-Brownstone-Bio> <www.ITLawToday.com> James Schellhase <jaschell@us.ibm.com> <ibmecmblog.com> <@ibm_ecm>