SlideShare una empresa de Scribd logo

Working with law enforcement

Meg Weber
Meg Weber

This document summarizes a presentation on trends in cybercrime and preparing for data breaches. It discusses how companies that store covered information have regulatory requirements to protect that data and will likely experience a breach. If unprepared, a breach can be costly due to expenses of remediation, impact to brand, and business disruption. The presentation advises organizations to develop and regularly test breach response plans, audit all systems and data stores, and establish relationships with law enforcement agencies. Federal legislation is also being pursued to standardize breach notification across states. Resources for breach response and law enforcement assistance are provided.

1 de 13
Descargar para leer sin conexión
October 30, 2014 Don't be the next target
TO CATCH A CYBER CRIMINAL: TRENDS IN CYBER CRIME Andreas Kaltsounis, Special Agent Department of Defense, Inspector General Andrew Friedman US Department of Justice, Western District of Washington Craig Spiezle, CEO & Executive Director Online Trust Alliance Timothy Wallach, Supervisory Special Agent, Cyber Task Force Federal Bureau of Investigation
Laws of Data • Your company includes “covered information” • You have regulatory requirement(s) • You will have a data breach incident • If you are unprepared it will cost you • Direct expenses • Remediation • Brand • Business Shock © 2014 All rights reserved. Online Trust Alliance (OTA) Slide 3
Lack of a Breach Plan
So Who You Gonna Call?
Open Dialog • Contacting Law Enforcement • When, Who, Why, How • Regulatory Requirements – • State, FTC, FCC, SEC ….. & International • Incidents vs Attempts • The need for threat intel
Role of Law Enforcement • What specific assistance can LE responders provide during or after an incident that adds value to an organization's incident response? What is outside the scope of LE?
Forensics – “Do Not Try This At Home”
Status of Federal Breach Legislation • Two weeks ago President Obama stated, "Today, data breaches are handled by dozens of separate state laws, and it's time to have one clear national standard that brings certainty to businesses and keeps consumers safe."
Communications – Being Prepared
Summary • Be prepared! • Develop, test and update your plans quarterly • Complete an audit of all systems, data stores and cloud providers. • Develop a relationship with the appropriate Law Enforcement Agency in the next 72 hours! • Validate your Boards “Risk Appetite”
Resources • Data Breach Response Readiness Guide https://otalliance.org/breach • FBI Cybercrime Resources http://www.fbi.gov/about-us/investigate/cyber/cyber • InfraGard https://www.infragard.org/ • Internet Crime Complaint Center (IC3) http://www.ic3.gov/default.aspx • U.S. Department of Defense http://www.defense.gov/home/features/2013/0713_cyberdomain/
Contract Us • Andreas Kaltsounis Andreas.Kaltsounis@DODIG.MIL •Andrew Friedman Andrew.Friedman@usdoj.gov •Craig Spiezle +1 425-455-7400 craigs@otalliance.org •Timothy Wallach Timothy.Wallach@ic.fbi.gov

Recomendados

Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Shawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
Shawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
Dan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
Dan Michaluk
 

Recomendados

Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsCyber Security for Your Clients: Business Lawyers Advising Business Clients
Cyber Security for Your Clients: Business Lawyers Advising Business Clients
Shawn Tuma
 
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data EncryptionCybersecurity for Your Law Firm: Data Security and Data Encryption
Cybersecurity for Your Law Firm: Data Security and Data Encryption
Shawn Tuma
 
Cybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to KnowCybersecurity Legal Issues: What You Really Need to Know
Cybersecurity Legal Issues: What You Really Need to Know
Shawn Tuma
 
Cyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach ResponseCyber Liability Insurance Counseling and Breach Response
Cyber Liability Insurance Counseling and Breach Response
Shawn Tuma
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016Canadian Association of University Solicitors - Privacy Update 2016
Canadian Association of University Solicitors - Privacy Update 2016
Dan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
Dan Michaluk
 
Open Letter From EFF Opposing CISPA
Open Letter From EFF Opposing CISPA Open Letter From EFF Opposing CISPA
Open Letter From EFF Opposing CISPA
Small Business Trends
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Shawn Tuma
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
Dan Michaluk
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
Dan Michaluk
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
centralohioissa
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
centralohioissa
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys today
Dan Michaluk
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
David Doughty
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
David Strom
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
Advanced Imaging Solutions & Pinnacle
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull.com
 
HHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad NighHHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad Nigh
FRSecure
 
June 16 2015 P&S Update Webinar
June 16 2015 P&S Update WebinarJune 16 2015 P&S Update Webinar
June 16 2015 P&S Update Webinar
Michael R Geske
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ryan Boyles
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
William Gamble
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
Dan Michaluk
 
TAG Luncheon: A+ Washington
TAG Luncheon: A+ WashingtonTAG Luncheon: A+ Washington
TAG Luncheon: A+ Washington
Meg Weber
 
Deber de ingles
Deber de inglesDeber de ingles
Deber de ingles
Lidia Topa Cruz
 

Más contenido relacionado

La actualidad más candente

How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
June 16 2015 P&S Update Webinar
June 16 2015 P&S Update WebinarJune 16 2015 P&S Update Webinar
June 16 2015 P&S Update Webinar
Michael R Geske
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
TechSoup Canada
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
TechSoup Canada
 

La actualidad más candente (20)

Open Letter From EFF Opposing CISPA
Open Letter From EFF Opposing CISPA Open Letter From EFF Opposing CISPA
Open Letter From EFF Opposing CISPA
 
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
Cybersecurity (and Privacy) Issues - Legal and Compliance Issues Everyone in ...
 
Cas cyber prez
Cas cyber prezCas cyber prez
Cas cyber prez
 
Cyber legal update oct 7 2015
Cyber legal update oct 7 2015Cyber legal update oct 7 2015
Cyber legal update oct 7 2015
 
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
Heather Enlow & Chris Ingram - Cybersecurity Act of 2015 and Other Hot Privac...
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's EnterpriseJustin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprise
 
Cybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys todayCybersecurity and data loss - It's not just about lost USB keys today
Cybersecurity and data loss - It's not just about lost USB keys today
 
David doughty presentation 181119
David doughty presentation 181119David doughty presentation 181119
David doughty presentation 181119
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
 
A Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for BusinessesA Guide to Disaster Preparedness for Businesses
A Guide to Disaster Preparedness for Businesses
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
 
HHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad NighHHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad Nigh
 
June 16 2015 P&S Update Webinar
June 16 2015 P&S Update WebinarJune 16 2015 P&S Update Webinar
June 16 2015 P&S Update Webinar
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache Ten Steps to Help Avoid a Major Privacy or Security Headache
Ten Steps to Help Avoid a Major Privacy or Security Headache
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
How to manage a data breach
How to manage a data breachHow to manage a data breach
How to manage a data breach
 

Destacado

2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
Meg Weber
 

Destacado (6)

TAG Luncheon: A+ Washington
TAG Luncheon: A+ WashingtonTAG Luncheon: A+ Washington
TAG Luncheon: A+ Washington
 
Deber de ingles
Deber de inglesDeber de ingles
Deber de ingles
 
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
2012 April Luncheon: Get Your Match On (Finding and Keeping the Talent You Need)
 
Small Business Administration Recommendations
Small Business Administration RecommendationsSmall Business Administration Recommendations
Small Business Administration Recommendations
 
Future of cyber in the board room: Michael Cockrill Presents
Future of cyber in the board room: Michael Cockrill PresentsFuture of cyber in the board room: Michael Cockrill Presents
Future of cyber in the board room: Michael Cockrill Presents
 
Cyber risk scorecards
Cyber risk scorecardsCyber risk scorecards
Cyber risk scorecards
 

Similar a Working with law enforcement

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Shawn Tuma
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
Resilient Systems
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
Amy Purcell
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 

Similar a Working with law enforcement (20)

Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
CYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMSCYBER SECURITY FOR LAW FIRMS
CYBER SECURITY FOR LAW FIRMS
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Government Notification of Data Breach
Government Notification of Data BreachGovernment Notification of Data Breach
Government Notification of Data Breach
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
CCIAOR Cyber Security Forum
CCIAOR Cyber Security ForumCCIAOR Cyber Security Forum
CCIAOR Cyber Security Forum
 
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially LitigatorsCybersecurity Issues All Lawyers Should Know -- Especially Litigators
Cybersecurity Issues All Lawyers Should Know -- Especially Litigators
 
NextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive BriefingNextLevel Cyber Security Executive Briefing
NextLevel Cyber Security Executive Briefing
 
Cyber Response and Planning for SMBs
Cyber Response and Planning for SMBsCyber Response and Planning for SMBs
Cyber Response and Planning for SMBs
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
 
2015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 202015 LOMA Conference - Third party risk management - Session 20
2015 LOMA Conference - Third party risk management - Session 20
 
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data LossLeadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
Leadership: Legal Counsel's Role in Guiding Through Cybersecurity and Data Loss
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
CERT Australia Update, by Scott Brown [APNIC 38 / Network Abuse BoF]
 
Cybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & ComplianceCybersecurity & Data Protection: Thinking About Risk & Compliance
Cybersecurity & Data Protection: Thinking About Risk & Compliance
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 

Más de Meg Weber

Cybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-smallCybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-small
Meg Weber
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
Meg Weber
 
5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks
Meg Weber
 
Nemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile ironNemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile iron
Meg Weber
 
2014 Economic Forecast: Leadership's Role in a Changing Economy
2014 Economic Forecast: Leadership's Role in a Changing Economy2014 Economic Forecast: Leadership's Role in a Changing Economy
2014 Economic Forecast: Leadership's Role in a Changing Economy
Meg Weber
 
TAG Luncheon: 2012 Tax Update
TAG Luncheon: 2012 Tax UpdateTAG Luncheon: 2012 Tax Update
TAG Luncheon: 2012 Tax Update
Meg Weber
 

Más de Meg Weber (20)

Ri cyber-security-for-your-small-business
Ri cyber-security-for-your-small-businessRi cyber-security-for-your-small-business
Ri cyber-security-for-your-small-business
 
Department of Homeland Security Guidance
Department of Homeland Security GuidanceDepartment of Homeland Security Guidance
Department of Homeland Security Guidance
 
Reasons to be secure
Reasons to be secureReasons to be secure
Reasons to be secure
 
FCC Guidelines on Cyber Security
FCC Guidelines on Cyber SecurityFCC Guidelines on Cyber Security
FCC Guidelines on Cyber Security
 
DHS Guidelines
DHS GuidelinesDHS Guidelines
DHS Guidelines
 
Online Trust Alliance Recommendations
Online Trust Alliance RecommendationsOnline Trust Alliance Recommendations
Online Trust Alliance Recommendations
 
Cybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-smallCybersecurity brochure flyer version-small
Cybersecurity brochure flyer version-small
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
 
5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks5 questions ce os should ask about cyber risks
5 questions ce os should ask about cyber risks
 
Welcome to the Cyber Risk Summit
Welcome to the Cyber Risk SummitWelcome to the Cyber Risk Summit
Welcome to the Cyber Risk Summit
 
WCC Programs Overview
WCC Programs OverviewWCC Programs Overview
WCC Programs Overview
 
Audit summary from security solutions and ovation tech
Audit summary from security solutions and ovation techAudit summary from security solutions and ovation tech
Audit summary from security solutions and ovation tech
 
Jb hunt case study
Jb hunt case studyJb hunt case study
Jb hunt case study
 
Nemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile ironNemours case study nemours embraces app innovation with mobile iron
Nemours case study nemours embraces app innovation with mobile iron
 
State of indiana case study
State of indiana case studyState of indiana case study
State of indiana case study
 
Mark Anderson on Cyber Security
Mark Anderson on Cyber SecurityMark Anderson on Cyber Security
Mark Anderson on Cyber Security
 
Jimmy johns infractions
Jimmy johns infractionsJimmy johns infractions
Jimmy johns infractions
 
Can we be faster than disaster bill boyd
Can we be faster than disaster bill boydCan we be faster than disaster bill boyd
Can we be faster than disaster bill boyd
 
2014 Economic Forecast: Leadership's Role in a Changing Economy
2014 Economic Forecast: Leadership's Role in a Changing Economy2014 Economic Forecast: Leadership's Role in a Changing Economy
2014 Economic Forecast: Leadership's Role in a Changing Economy
 
TAG Luncheon: 2012 Tax Update
TAG Luncheon: 2012 Tax UpdateTAG Luncheon: 2012 Tax Update
TAG Luncheon: 2012 Tax Update
 

Working with law enforcement

  • 1. October 30, 2014 Don't be the next target
  • 2. TO CATCH A CYBER CRIMINAL: TRENDS IN CYBER CRIME Andreas Kaltsounis, Special Agent Department of Defense, Inspector General Andrew Friedman US Department of Justice, Western District of Washington Craig Spiezle, CEO & Executive Director Online Trust Alliance Timothy Wallach, Supervisory Special Agent, Cyber Task Force Federal Bureau of Investigation
  • 3. Laws of Data • Your company includes “covered information” • You have regulatory requirement(s) • You will have a data breach incident • If you are unprepared it will cost you • Direct expenses • Remediation • Brand • Business Shock © 2014 All rights reserved. Online Trust Alliance (OTA) Slide 3
  • 4. Lack of a Breach Plan
  • 5. So Who You Gonna Call?
  • 6. Open Dialog • Contacting Law Enforcement • When, Who, Why, How • Regulatory Requirements – • State, FTC, FCC, SEC ….. & International • Incidents vs Attempts • The need for threat intel
  • 7. Role of Law Enforcement • What specific assistance can LE responders provide during or after an incident that adds value to an organization's incident response? What is outside the scope of LE?
  • 8. Forensics – “Do Not Try This At Home”
  • 9. Status of Federal Breach Legislation • Two weeks ago President Obama stated, "Today, data breaches are handled by dozens of separate state laws, and it's time to have one clear national standard that brings certainty to businesses and keeps consumers safe."
  • 11. Summary • Be prepared! • Develop, test and update your plans quarterly • Complete an audit of all systems, data stores and cloud providers. • Develop a relationship with the appropriate Law Enforcement Agency in the next 72 hours! • Validate your Boards “Risk Appetite”
  • 12. Resources • Data Breach Response Readiness Guide https://otalliance.org/breach • FBI Cybercrime Resources http://www.fbi.gov/about-us/investigate/cyber/cyber • InfraGard https://www.infragard.org/ • Internet Crime Complaint Center (IC3) http://www.ic3.gov/default.aspx • U.S. Department of Defense http://www.defense.gov/home/features/2013/0713_cyberdomain/
  • 13. Contract Us • Andreas Kaltsounis Andreas.Kaltsounis@DODIG.MIL •Andrew Friedman Andrew.Friedman@usdoj.gov •Craig Spiezle +1 425-455-7400 craigs@otalliance.org •Timothy Wallach Timothy.Wallach@ic.fbi.gov