SlideShare una empresa de Scribd logo

Cyber Insurance and Incident Response Practice

Descargar como PPTX, PDF
Dan Michaluk
Dan Michaluk

Cyber incident scenario and questions designed for lawyers, insurance adjusters and claims managers and risk managers.

Derecho
1 de 15
Third Annual CICMA – CIAA – CDL – Joint Seminar November 14, 2017 Toronto Cyber Insurance and Incident Response Practice
Third Annual CICMA – CIAA – CDL – Joint Seminar November 14, 2017 Toronto Not like any other Monday
A hello from pr1m4 donn4 You’re the CAO of a mid-sized law firm. You’ve let your mail build-up over the weekend and are working though your inbox. There it is. Someone identifying herself as “pr1m4 d0nn4” says she’s got 2TB of the firm’s information. She’s attached a spreadsheet that shows all employee salaries. You quickly check and it matches what you have exactly. pr1m4 donn4 says that you have seven days pay 20 bitcoin (about $183,000) or your information will be released on the dark web.
A. The managing partner B. The police C. Your broker D. Your breach coach E. You mommy Who do you call first?
Congrats! You have an IRP Shortly after breaking the bad news to the managing partner, you consult your incident response policy. It identifies the response team as involving the managing partner, the CIO, the CFO (who is responsible for risk management) as members of the lean and mean incident response team. You call a breach coach from the firm of Bourk-Juneau- Michaluk – one of three pre-vetted firms listed in your policy.
A. Order a global password reset B. E-mail all partners to see if they have had any suspicious contact that might be the cause C. Assess network vulnerabilities D. Hire an IT forensic provider E. Hire a crises management communicator What’s the 1st thing the coach tells you to do?
At this point, what first party costs can you expect bear?
And the investigation shows… You’ve had a stellar response from your forensic IT provider. It’s only three days in and the vendor has confirmed that, indeed, 2TB of information was “exfiltrated” from an HR shared drive, a drive containing a wide range of employee personal information (including salary info by year, SIN numbers, DOB). The problem arose based on a phishing attack that exploited an un-patched sever vulnerability. The vendor has given its qualified opinion that the network is now secure and that no other information was likely taken by pr1ma4 donn4.
How do you deal with the hacker? A. Ask her some questions and try to buy time B. Bargain a reduction in price C. Pay the ransom D. Don’t pay the ransom E. Wait for contact and don’t reach out
And the investigation shows… You’ve decided not to pay the ransom or talk to the hacker at all. That gives you a whole four days before the information could be dumped on the dark web.
What do you do in anticipation of the deadline?
What can employees do to mitigate the risk of harm?
Angry Bob… Well done. Your response went over very well with the employees (and the Law Society). You had a series of town halls and the messaging was very forthright and clear. Now six months post incident no employees have reported any identity problems to you. Employee surveys show your employees trust you and are grateful for your approach to the incident. Unfortunately, a former employee (Angry Bob) had an outstanding wrongful dismissal against the firm has amended and sued for “breach of privacy”. He’s also threatened to “go public”.
Does Bob have a valid claim? For what?
Third Annual CICMA – CIAA – CDL – Joint Seminar November 14, 2017 Toronto Cyber Insurance and Incident Response Practice

Recomendados

Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborAdvanced Technology Consulting (ATC)
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 

Recomendados

Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
The internet as a corporate security resource
The internet as a corporate security resourceThe internet as a corporate security resource
The internet as a corporate security resourceDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Building Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborBuilding Cyber Resilience: No Safe Harbor
Building Cyber Resilience: No Safe HarborAdvanced Technology Consulting (ATC)
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breachDan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Dan Michaluk
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prezDan Michaluk
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board informationAprio
 
Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Dan Michaluk
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceDan Michaluk
 
The Future of Employment Law
The Future of Employment LawThe Future of Employment Law
The Future of Employment LawDan Michaluk
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
02 presentation-christianprobst
02 presentation-christianprobst02 presentation-christianprobst
02 presentation-christianprobstInfinIT - Innovationsnetværket for it
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Ee defamation prejudice
Ee defamation prejudiceEe defamation prejudice
Ee defamation prejudiceDan Michaluk
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationPECB
 
Accounting Information Systems 2
Accounting Information Systems 2Accounting Information Systems 2
Accounting Information Systems 2April Charlton
 
Chalkboard Writing Quotes. QuotesGram
Chalkboard Writing Quotes. QuotesGramChalkboard Writing Quotes. QuotesGram
Chalkboard Writing Quotes. QuotesGramErin Ross
 

Más contenido relacionado

La actualidad más candente

How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breachDan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Dan Michaluk
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Dan Michaluk
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board informationAprio
 
Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Dan Michaluk
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceDan Michaluk
 
The Future of Employment Law
The Future of Employment LawThe Future of Employment Law
The Future of Employment LawDan Michaluk
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionShawn Tuma
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemShawn Tuma
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Ee defamation prejudice
Ee defamation prejudiceEe defamation prejudice
Ee defamation prejudiceDan Michaluk
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationPECB
 

La actualidad más candente (20)

How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
Social media – issues and trends caus 2014
Social media – issues and trends caus 2014Social media – issues and trends caus 2014
Social media – issues and trends caus 2014
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Aprio cybersecurity and board information
Aprio cybersecurity and board informationAprio cybersecurity and board information
Aprio cybersecurity and board information
 
Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)Advantage ppt data breaches km approved - final (djm notes)
Advantage ppt data breaches km approved - final (djm notes)
 
Studentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus ViolenceStudentsat Risk Managingon Campus Violence
Studentsat Risk Managingon Campus Violence
 
The Future of Employment Law
The Future of Employment LawThe Future of Employment Law
The Future of Employment Law
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
 
Something is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid ThemSomething is Phishy: Cyber Scams and How to Avoid Them
Something is Phishy: Cyber Scams and How to Avoid Them
 
02 presentation-christianprobst
02 presentation-christianprobst02 presentation-christianprobst
02 presentation-christianprobst
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
Ee defamation prejudice
Ee defamation prejudiceEe defamation prejudice
Ee defamation prejudice
 
Cybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the RetaliationCybersecurity: The Danger, the Cost, the Retaliation
Cybersecurity: The Danger, the Cost, the Retaliation
 

Similar a Cyber Insurance and Incident Response Practice

Accounting Information Systems 2
Accounting Information Systems 2Accounting Information Systems 2
Accounting Information Systems 2April Charlton
 
Chalkboard Writing Quotes. QuotesGram
Chalkboard Writing Quotes. QuotesGramChalkboard Writing Quotes. QuotesGram
Chalkboard Writing Quotes. QuotesGramErin Ross
 
Cybersecurity Continuing Education Course Outline
Cybersecurity Continuing Education Course OutlineCybersecurity Continuing Education Course Outline
Cybersecurity Continuing Education Course OutlineNance L. Schick, Esq.
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Compliancy Group
 
January 2017 Printed Newsletter
January 2017 Printed NewsletterJanuary 2017 Printed Newsletter
January 2017 Printed NewsletterYigal Behar
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Logikcull.com
 
The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?Priyanka Aash
 
Bradley Family E.docx
Bradley Family E.docxBradley Family E.docx
Bradley Family E.docxjasoninnes20
 
P4Six Separate SubmissionsTerry Childs Case Review - write a o.docx
P4Six Separate SubmissionsTerry Childs Case Review - write a o.docxP4Six Separate SubmissionsTerry Childs Case Review - write a o.docx
P4Six Separate SubmissionsTerry Childs Case Review - write a o.docxkarlhennesey
 
Iapp cipmExact IAPP CIPM Questions And Answers
Iapp cipmExact IAPP CIPM Questions And AnswersIapp cipmExact IAPP CIPM Questions And Answers
Iapp cipmExact IAPP CIPM Questions And AnswersArmstrongsmith
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developerSteve Poole
 
Paradigm (DJ-7 24 14)
Paradigm (DJ-7 24 14)Paradigm (DJ-7 24 14)
Paradigm (DJ-7 24 14)Greg Wrenn
 
The Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfThe Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfBreachSiren
 
Crisis management plansIdentify first response stepsTact
Crisis management plansIdentify first response stepsTactCrisis management plansIdentify first response stepsTact
Crisis management plansIdentify first response stepsTactCruzIbarra161
 
Who Can Help Me Write An Essay - HelpcoachS Diary
Who Can Help Me Write An Essay - HelpcoachS DiaryWho Can Help Me Write An Essay - HelpcoachS Diary
Who Can Help Me Write An Essay - HelpcoachS DiaryDaniel Wachtel
 
Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...
Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...
Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...Dana Gardner
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Financial Poise
 
CompSec Direct Keynote-B-Sides-PR-2019
CompSec Direct Keynote-B-Sides-PR-2019CompSec Direct Keynote-B-Sides-PR-2019
CompSec Direct Keynote-B-Sides-PR-2019Jose Fernandez
 

Similar a Cyber Insurance and Incident Response Practice (20)

Accounting Information Systems 2
Accounting Information Systems 2Accounting Information Systems 2
Accounting Information Systems 2
 
Chalkboard Writing Quotes. QuotesGram
Chalkboard Writing Quotes. QuotesGramChalkboard Writing Quotes. QuotesGram
Chalkboard Writing Quotes. QuotesGram
 
Cybersecurity Continuing Education Course Outline
Cybersecurity Continuing Education Course OutlineCybersecurity Continuing Education Course Outline
Cybersecurity Continuing Education Course Outline
 
Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...Where security and privacy meet partnering tips for CSOs and privacy/complian...
Where security and privacy meet partnering tips for CSOs and privacy/complian...
 
January 2017 Printed Newsletter
January 2017 Printed NewsletterJanuary 2017 Printed Newsletter
January 2017 Printed Newsletter
 
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
Protecting Against Petya: Ransomware and the Future of Law Firm Cybersecurity
 
The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?The GDPR Is Only for Europe—Right?
The GDPR Is Only for Europe—Right?
 
Bradley Family E.docx
Bradley Family E.docxBradley Family E.docx
Bradley Family E.docx
 
P4Six Separate SubmissionsTerry Childs Case Review - write a o.docx
P4Six Separate SubmissionsTerry Childs Case Review - write a o.docxP4Six Separate SubmissionsTerry Childs Case Review - write a o.docx
P4Six Separate SubmissionsTerry Childs Case Review - write a o.docx
 
Iapp cipmExact IAPP CIPM Questions And Answers
Iapp cipmExact IAPP CIPM Questions And AnswersIapp cipmExact IAPP CIPM Questions And Answers
Iapp cipmExact IAPP CIPM Questions And Answers
 
Progscon cybercrime and the developer
Progscon cybercrime and the developerProgscon cybercrime and the developer
Progscon cybercrime and the developer
 
Social Media and the Law
Social Media and the LawSocial Media and the Law
Social Media and the Law
 
Paradigm (DJ-7 24 14)
Paradigm (DJ-7 24 14)Paradigm (DJ-7 24 14)
Paradigm (DJ-7 24 14)
 
The Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdfThe Ugly Secret about Third Party Risk Management.pdf
The Ugly Secret about Third Party Risk Management.pdf
 
Crisis management plansIdentify first response stepsTact
Crisis management plansIdentify first response stepsTactCrisis management plansIdentify first response stepsTact
Crisis management plansIdentify first response stepsTact
 
Who Can Help Me Write An Essay - HelpcoachS Diary
Who Can Help Me Write An Essay - HelpcoachS DiaryWho Can Help Me Write An Essay - HelpcoachS Diary
Who Can Help Me Write An Essay - HelpcoachS Diary
 
Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...
Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...
Heartland Payment Systems CSO Instills Culture That Promotes Proactive and Op...
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber Attack
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
 
CompSec Direct Keynote-B-Sides-PR-2019
CompSec Direct Keynote-B-Sides-PR-2019CompSec Direct Keynote-B-Sides-PR-2019
CompSec Direct Keynote-B-Sides-PR-2019
 

Más de Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Dan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coachDan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boardsDan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidenceDan Michaluk
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeDan Michaluk
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityDan Michaluk
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayDan Michaluk
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updateDan Michaluk
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violenceDan Michaluk
 
Responding to Data Breaches
Responding to Data BreachesResponding to Data Breaches
Responding to Data BreachesDan Michaluk
 

Más de Dan Michaluk (17)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 
Sexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and PracticeSexual Assault in Higher Education - Law Policy and Practice
Sexual Assault in Higher Education - Law Policy and Practice
 
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining CredibiliityStudent Conduct Investigations - Examining Evidence and Determining Credibiliity
Student Conduct Investigations - Examining Evidence and Determining Credibiliity
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys today
 
Privacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal updatePrivacy and breaches in health care - a legal update
Privacy and breaches in health care - a legal update
 
Cacuss 2015 sexual violence
Cacuss 2015 sexual violenceCacuss 2015 sexual violence
Cacuss 2015 sexual violence
 
Responding to Data Breaches
Responding to Data BreachesResponding to Data Breaches
Responding to Data Breaches
 

Último

Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueSkyLaw Professional Corporation
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptzainabbkhaleeq123
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm2020000445musaib
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)Delhi Call girls
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxMollyBrown86
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书E LSS
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881mayurchatre90
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceanilsa9823
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULEsreeramsaipranitha
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhaiShashankKumar441258
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsAurora Consulting
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书SS A
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx2020000445musaib
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书Fs Las
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General ProcedureBridgeWest.eu
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书Fs Las
 

Último (20)

Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top BoutiqueAndrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
Andrea Hill Featured in Canadian Lawyer as SkyLaw Recognized as a Top Boutique
 
Chp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .pptChp 1- Contract and its kinds-business law .ppt
Chp 1- Contract and its kinds-business law .ppt
 
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
Russian Call Girls Rohini Sector 7 💓 Delhi 9999965857 @Sabina Modi VVIP MODEL...
 
Old Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax RegimeOld Income Tax Regime Vs New Income Tax Regime
Old Income Tax Regime Vs New Income Tax Regime
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
Essentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmmEssentials of a Valid Transfer.pptxmmmmmm
Essentials of a Valid Transfer.pptxmmmmmm
 
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Nangli Wazidpur Sector 135 ( Noida)
 
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxxAudience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
Audience profile - SF.pptxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书一比一原版牛津布鲁克斯大学毕业证学位证书
一比一原版牛津布鲁克斯大学毕业证学位证书
 
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
Negotiable Instruments Act 1881.UNDERSTAND THE LAW OF 1881
 
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Singar Nagar Lucknow best sexual service
 
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULELITERAL RULE OF INTERPRETATION - PRIMARY RULE
LITERAL RULE OF INTERPRETATION - PRIMARY RULE
 
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
6th sem cpc notes for 6th semester students samjhe. Padhlo bhai
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书 一比一原版西澳大学毕业证学位证书
一比一原版西澳大学毕业证学位证书
 
Transferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptxTransferable and Non-Transferable Property.pptx
Transferable and Non-Transferable Property.pptx
 
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
如何办理(SFSta文凭证书)美国旧金山州立大学毕业证学位证书
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 
Debt Collection in India - General Procedure
Debt Collection in India - General ProcedureDebt Collection in India - General Procedure
Debt Collection in India - General Procedure
 
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
如何办理(USF文凭证书)美国旧金山大学毕业证学位证书
 

Cyber Insurance and Incident Response Practice

  • 1. Third Annual CICMA – CIAA – CDL – Joint Seminar November 14, 2017 Toronto Cyber Insurance and Incident Response Practice
  • 2. Third Annual CICMA – CIAA – CDL – Joint Seminar November 14, 2017 Toronto Not like any other Monday
  • 3. A hello from pr1m4 donn4 You’re the CAO of a mid-sized law firm. You’ve let your mail build-up over the weekend and are working though your inbox. There it is. Someone identifying herself as “pr1m4 d0nn4” says she’s got 2TB of the firm’s information. She’s attached a spreadsheet that shows all employee salaries. You quickly check and it matches what you have exactly. pr1m4 donn4 says that you have seven days pay 20 bitcoin (about $183,000) or your information will be released on the dark web.
  • 4. A. The managing partner B. The police C. Your broker D. Your breach coach E. You mommy Who do you call first?
  • 5. Congrats! You have an IRP Shortly after breaking the bad news to the managing partner, you consult your incident response policy. It identifies the response team as involving the managing partner, the CIO, the CFO (who is responsible for risk management) as members of the lean and mean incident response team. You call a breach coach from the firm of Bourk-Juneau- Michaluk – one of three pre-vetted firms listed in your policy.
  • 6. A. Order a global password reset B. E-mail all partners to see if they have had any suspicious contact that might be the cause C. Assess network vulnerabilities D. Hire an IT forensic provider E. Hire a crises management communicator What’s the 1st thing the coach tells you to do?
  • 7. At this point, what first party costs can you expect bear?
  • 8. And the investigation shows… You’ve had a stellar response from your forensic IT provider. It’s only three days in and the vendor has confirmed that, indeed, 2TB of information was “exfiltrated” from an HR shared drive, a drive containing a wide range of employee personal information (including salary info by year, SIN numbers, DOB). The problem arose based on a phishing attack that exploited an un-patched sever vulnerability. The vendor has given its qualified opinion that the network is now secure and that no other information was likely taken by pr1ma4 donn4.
  • 9. How do you deal with the hacker? A. Ask her some questions and try to buy time B. Bargain a reduction in price C. Pay the ransom D. Don’t pay the ransom E. Wait for contact and don’t reach out
  • 10. And the investigation shows… You’ve decided not to pay the ransom or talk to the hacker at all. That gives you a whole four days before the information could be dumped on the dark web.
  • 11. What do you do in anticipation of the deadline?
  • 12. What can employees do to mitigate the risk of harm?
  • 13. Angry Bob… Well done. Your response went over very well with the employees (and the Law Society). You had a series of town halls and the messaging was very forthright and clear. Now six months post incident no employees have reported any identity problems to you. Employee surveys show your employees trust you and are grateful for your approach to the incident. Unfortunately, a former employee (Angry Bob) had an outstanding wrongful dismissal against the firm has amended and sued for “breach of privacy”. He’s also threatened to “go public”.
  • 14. Does Bob have a valid claim? For what?
  • 15. Third Annual CICMA – CIAA – CDL – Joint Seminar November 14, 2017 Toronto Cyber Insurance and Incident Response Practice