IGPC Data Breach Planning braindump
•
1 like•538 views
Slides from the Data Governance Exchange - Berlin - Nov14
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Viewers also liked
Viewers also liked (15)
Similar to IGPC Data Breach Planning braindump
Similar to IGPC Data Breach Planning braindump (20)
More from James '-- Mckinlay
More from James '-- Mckinlay (11)
Recently uploaded
Recently uploaded (20)
IGPC Data Breach Planning braindump
- 2. YOUR SPEAKER •JAMES MCKINLAY IS CURRENTLY THE HEAD OF INFORMATION SECURITY AT ATOS WORLDLINE. •HE SITS ON THE GLOBAL DATA PROTECTION OFFICERS COMMITTEE AND THE GLOBAL SECURITY STEERING COMMITTEE, CONTRIBUTING TO THE GLOBAL SECURITY KPI PROGRAM AS WELL AS DATA PROTECTION TRAINING, AWARENESS AND COMMUNICATIONS. •HE IS RESPONSIBLE FOR THE DEVELOPMENT OF INFORMATION SECURITY STRATEGY ACROSS ALL UK PRODUCTS, PLATFORMS AND SERVICES WHILST SUPPORTING THE GLOBAL 27001 INITIATIVE. •JAMES WAS PREVIOUSLY RESPONSIBLE FOR CISO LEVEL INCIDENT RESPONSE CONSULTANCY WHERE HE ADVISED ON SOC, CIRT AND SIEM PROJECTS AND FOR MANAGING THE INFORMATION SECURITY MONITORING TEAMS AT A NUMBER OF HOUSEHOLDS NAMES SUCH AS ASDA, MANCHESTER AIRPORTS GROUP AND NETFLIGHTS.COM
- 3. AGENDA HOW DATA BREACH PLANNING CAN BUILD IMPORTANT BRIDGES ACROSS YOUR ORGANISATION •BACKGROUND, •INFORMATION SYSTEMS VIEW, •& BUSINESS VIEW
- 4. DEFINITIONS CSIRT Computer Security Incident Response Team SOC Security Operations Centre PCIDSS Payment Card Industry Data Security Standard DFIR Digital Forensics Incident Response LEA Law Enforcement Agency SIEM Security Information Event Management SANS System Administrator Network Security Institute NSM Network Security Monitoring Others JDI JIT SEP NMP TARFUN
- 5. DATA BREACHES IN THE NEWS •NOVEMBER 14TH – WESTLAW •NOVEMBER 14TH – TURKISH POWER ADMINISTRATION •NOVEMBER 13TH – PARASOLE RESTAURANT HOLDINGS •NOVEMBER 13TH – THOMAS COOK BELGIUM •NOVEMBER 13TH – FINALEASE CAR CREDIT •NOVEMBER 13TH - MENSURA •NOVEMBER 13TH – HSBC TURKEY •NOVEMBER 12TH – ONSIGHT HEALTH DIAGNOSTICS •NOVEMBER 12TH – EASTERN IOWA AIRPORT •NOVEMBER 10TH – GRAND CASINO MILLE LACS
- 6. DATA BREACH NEWS SOURCES
- 10. TOP 20 CRITICAL CONTROLS CSC 18: Incident Response and Management Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems. http://www.counciloncybersecurity.org/critical-controls/
- 11. CYBER WORKFORCE http://www.counciloncybersecurity.org/workforce/cybersecurity-roles/ http://energy.gov/cio/downloads/essential-body-knowledge-ebk
- 13. ENTERPRISE SECURITY MONITORING •CREDIT : DAVID BIANCO, BSIDESDC PRESENTATION, 2013
- 15. DFIR BLOGS •HTTP://BLOG.HANDLERDIARIES.COM/ •HTTPS://WWW.ALIENVAULT.COM/BLOGS/
- 16. OTA DATA BREACH READINESS GUIDE •HTTPS://OTALLIANCE.ORG/RESOURCES/2014-DATA-PROTECTION-BREACH-READINESS-GUIDE-OVERVIEW
- 17. PEOPLE YOU NEED TO MAKE FRIENDS WITH •DPO ( AS REGISTERED WITH ICO) OR AS CHOSEN WITHIN THE ORG •CONTRACTS MANAGER (LEGAL) (SECURITY IN SUPPLY CHAIN REVIEW) •PRIVACY EXPERT (LEGAL) (COMPOSING LETTERS, PRESS RELEASES, MEETING REGULATORY TIMELINES) •HEAD OF RISK – GET DATA LOSS ON THE CORPORATE RISK REGISTER •HEAD OF INTERNAL AUDIT – GET DATA PROTECTION AUDITS ON THEIR AGENDA •SERVICEDESK MANAGER – AN ITIL INCIDENT IS NOT ALWAYS A CSIRT INCIDENT •BCM – PANDEMIC PLAN, BIA, BC PLAN, MAJOR INCIDENT PLAN, MODEL FOR DATA BREACH PLAN •INTERNAL COMMS TEAM - (PREVENT RUMOURS, GET QUICK AND ACCURATE MESSAGE OUT INTERNALLY) •EXTERNAL COMMS TEAM – (LAW ENFORCEMENT AS WELL AS MEDIA AND CUSTOMER) •LEARNING AND DEVELOPMENT – (MANDATORY TRAINING) •INSURANCE BROKER
- 18. AT HOME
- 19. FIND ME •ON LINKEDIN •UK.LINKEDIN.COM/IN/JMCK4CYBERSECURITY/