Download   Report
  1. No category

How to Take Action When a Security Breach Hits

October 28, 2010
How to Take Action When
a Security Breach Hits
Photo here
Best Practices for Breach Incident
Response -- Forensics Investigation and
Risk Assessment & Remediation
PRESENTERS
Winston Krone, Esq.
Kai Lintumaa
Mahmood Sher-Jan
ID Experts
[email protected]
Kivu Consulting, Inc.
www.kivuconsulting.com
How to Take Action When a Data Breach Hits
October 28, 2010
2
TOPICS
» Introductions
» Data Breach Lifecycle
» Common data breach scenarios
• Managing the first 24 - 72 hours
• Determining if a breach has occurred
• Closing a network breach-v-preserving evidence
» Organizational Risk Assessment
• PHI/PII determination & harm
• Compliance to regulations
» Q& A
How to Take Action When a Data Breach Hits
October 28, 2010
3
COMPREHENSIVE DATA
BREACH SERVICES
Holistic approach
to addressing
data breach risk
Focused on
delivering the most
positive outcomes
How to Take Action When a Data Breach Hits
October 28, 2010
4
DATA BREACH LIFECYCLE
Risk Analysis & Planning
Risk
Assessment
Breach event
Investigation
Respond &
Assist customers
Legal
Notification
Compliance
Obligations
Media
How to Take Action When a Data Breach Hits
October 28, 2010
5
INVESTIGATING A DATA BREACH
Winston Krone, Esq.
Kai Lintumaa
Kivu Consulting, Inc.
How to Take Action When a Data Breach Hits
October 28, 2010
6
INVESTIGATING A DATA BREACH
• Different vectors of attack
• Educating your workforce
• An organization should be prepared
to learn of a data breach through
any of its communications channels.
How to Take Action When a Data Breach Hits
October 28, 2010
7
AREAS OF RESPONSE
• Contain/ Isolate/ Eradicate
• Assess the loss
• Collect Evidence
• Assess overall risk to organization
• Remediation/ Prevention
How to Take Action When a Data Breach Hits
October 28, 2010
8
INCIDENT RESPONSE PLAN
• “How to respond” = “Use your plan”
• Stay calm
• Technical Response v. Breach
Analysis
• Need for objective oversight
How to Take Action When a Data Breach Hits
October 28, 2010
9
RAISING THE ALARM
• Intrusion Detection Systems (IDS)
• IT anomalies/ network failure
• Complaints from end-users
How to Take Action When a Data Breach Hits
October 28, 2010
10
NETWORK ATTACKS – KEY POINTS
1. Opportunistic –v- targeted attacks
2. Hackers may not be after your
data
3. Network compromise does not
necessarily mean data loss
How to Take Action When a Data Breach Hits
October 28, 2010
11
RESPONSE IN FIRST 48 HOURS
»
Technical Response


»
Fix the problem(s)
Restore the system
Breach Analysis




What happened?
What data might have been exposed?
What data was definitely exposed?
Available safeguards?
How to Take Action When a Data Breach Hits
October 28, 2010
12
EVIDENCE COLLECTION
1. Volatile memory
2. Forensic images/ metadata
3. Logs/ traffic analysis
4. IT testimony/ documentation
How to Take Action When a Data Breach Hits
October 28, 2010
13
THE STOLEN LAPTOP
• Confirming details of the loss –
problems with the “human element”
• Possible need for skilled
investigators/ interviewers
• Determining contents of a lost
laptop
• Reviewing protocols
• Forensic comparison w/ other laptops
• Any protection or mitigation?
How to Take Action When a Data Breach Hits
October 28, 2010
14
LIAISING WITH LAW ENFORCEMENT
 Lose control of investigation
 Lose focus on priorities
 You’re doing something
 Speedier subpoena responses
How to Take Action When a Data Breach Hits
October 28, 2010
15
Organizational Risk Assessment
Best Practices
Beyond Forensics Investigation
How to Take Action When a Data Breach Hits
October 28, 2010
16
DATA BREACH REGULATORY
COMPLEXITY
» HITECH Act -- the biggest change to the health
care privacy and security
» 46 states with breach notification laws & a few
include PHI
» Courtesy notices are a thing of the past as more
agencies are getting interested
» More rule changes expected
How to Take Action When a Data Breach Hits
October 28, 2010
17
BEST PRACTICE BREACH RESPONSE
PROCESS
Data
Legal
Risk
Analysis
Response
RISK MITIGATION
How to Take Action When a Data Breach Hits
October 28, 2010
18
DATA RISK ANALYSIS
Data
PHI / PII Segmentation & Confirmation
•
Unknowns
Data Sensitivity Level & Context
Legal
Risk
Analysis
Limited Data Set (LDS)
De-Identified Data
Response
How to Take Action When a Data Breach Hits
October 28, 2010
19
Ready for Data Breaches Under the HITECH Act?
September 23, 2010
20
LEGAL OBLIGATIONS
Federal – HITECH Act
Data
State privacy laws
Legal
Risk
Analysis
Contractual (Agent v Independent)
Downstream sub-contractors
Response
Reporting/Notice Requirements
How to Take Action When a Data Breach Hits
October 28, 2010
21
ORGANIZATIONAL RISK ANALYSIS
Severity of the incident
Data
Sensitivity of the data
Legal
Context of the incident
Risk
Analysis
Response
Incident resolution status
Safe-Harbor & Exceptions
- Federal Law
- State Law
How to Take Action When a Data Breach Hits
October 28, 2010
22
Ready for Data Breaches Under the HITECH Act?
September 23, 2010
23
RESPONSE SCOPE ANALYSIS
Affected Population Segments & Size
- Demographic
- Special Needs Considerations
- ID Theft Protection Services(?)
Data
Legal
Risk
Analysis
Response
Notification & Tracking Methods
- Timeline (Fed vs. State)
- Letter / Email
- Substitute Notice
- Call Center
- Website
- Tracking & Archiving
Inquiries & Investigations
- Fed & State
- Media
How to Take Action When a Data Breach Hits
October 28, 2010
24
HHS INVESTIGATION-REQUESTED DATA ELEMENTS
• Primary designated contact with OCR
• Detailed explanation of the breach
• Copy of Notice of Privacy Practices (NPP)
• Copy of policies & procedures for safeguarding PHI
• Copy of policies & procedures for accounting of PHI disclosures
• Number of patients served annual
• Copy of notification of the breach as required by 45 C.F.R. 164.404
• Copy of media notification as required by 45 C.F.R. 164.406
• Evidence of any action taken to determine root cause of the breach
• Evidence of any steps to ensure it does not recur
• Evidence & tracking of the notification of affected individuals
How to Take Action When a Data Breach Hits
October 28, 2010
25
26
BREACH RESPONSE BEST PRACTICES
SUMMARY
Investigate & Determine Root Cause
• Preserve evidence
Assess Overall Organizational Risks
• Fed & state law requirements
• Document risk analysis
Execute Incident Response Plan (IRP)
• Report; Notify & track as required
Handle Post Incident Response Investigations
• Evidence of compliance
How to Take Action When a Data Breach Hits
October 28, 2010
27
CONCLUSION
» Q&A
Winston Krone, Esq.
Kai Lintumaa
Mahmood Sher-Jan
ID Experts
[email protected]
Kivu Consulting, Inc.
www.kivuconsulting.com
How to Take Action When a Data Breach Hits
October 28, 2010
28
The Data Breach: How to Stay Defensible Alex Ricardo, CIPP/US

The Data Breach: How to Stay Defensible Alex Ricardo, CIPP/US

NOTICE OF BREACH OF CONTRACT & GUIDE Included:

NOTICE OF BREACH OF CONTRACT & GUIDE Included:

SERVICES LEVEL AGREEMENT LEGAL PROTECTION FOR YOUR BUSINESS

SERVICES LEVEL AGREEMENT LEGAL PROTECTION FOR YOUR BUSINESS

DIVORCE SETTLEMENT AGREEMENT TABLE OF CONTENTS 1 Parties ...................................................................................................................... 1

DIVORCE SETTLEMENT AGREEMENT TABLE OF CONTENTS 1 Parties ...................................................................................................................... 1

BASIC PRINCIPLES OF ENGLISH CONTRACT LAW

BASIC PRINCIPLES OF ENGLISH CONTRACT LAW

Emerging Risks for Healthcare P&C Brokers April 3, 2014

Emerging Risks for Healthcare P&C Brokers April 3, 2014

Document 30096

Document 30096

HIPAA/HITECH and the Omnibus Final Rule: The Seven Most Important Things

HIPAA/HITECH and the Omnibus Final Rule: The Seven Most Important Things

bizM3 Private Label Service Agreement

bizM3 Private Label Service Agreement

Sales Representative Agreement

Sales Representative Agreement

Fire Island Inlet to Moriches Inlet Stabilization Non-Shorefront Coastal Inundation Damage

Fire Island Inlet to Moriches Inlet Stabilization Non-Shorefront Coastal Inundation Damage

abcdocz.com

© Copyright 2024