october 11 2018
play

October 11, 2018 #PBNCyberSummit GUEST MODERATOR Doug White - PowerPoint PPT Presentation

Aug 22, 2022 •232 likes •470 views

October 11, 2018 #PBNCyberSummit GUEST MODERATOR Doug White Chair, Cybersecurity and Networking, Roger Williams University & Podcast Personality, Security Weekly #PBNCyberSummit PANEL 1 Jason Albuquerque Colin Coleman Cindy Lepore

  1. October 11, 2018 #PBNCyberSummit

  2. GUEST MODERATOR Doug White Chair, Cybersecurity and Networking, Roger Williams University & Podcast Personality, Security Weekly #PBNCyberSummit

  3. PANEL 1 Jason Albuquerque Colin Coleman Cindy Lepore Chief Information Partner APV, Business Insurance Security Officer Partridge Snow & Hahn Marsh & McLennan Carousel Industries Agency PANELISTS Eric Shorr Francesca Spidalieri Jeffrey Ziplow President Senior Fellow, Cybersecurity Risk SecureFuture Cyber Leadership Assessment Partner Tech Solutions The Pell Center, Salve Regina BlumShapiro #PBNCyberSummit

  4. 15 Ways to Protect Your Business From A CYBER ATTACK Don’t be a sitting duck to Cyber Criminals!! #PBNCyberSummit

  5. Five Functions of NIST CSF #PBNCyberSummit 1

  6. Product Landscape #PBNCyberSummit 2

  7. Responsibility Landscape #PBNCyberSummit 3

  8. Cyber Resilience #PBNCyberSummit 4

  9. Blockchain Basics #PBNCyberSummit 5

  10. Big corporations may grab the headlines … …But small businesses have the most to lose in the aftermath of a data breach! 10 1 Marsh & McLennan Agency LLC

  11. Cyber tools are cheap, accessible, and easy to use Personal Identifiable Data is Available Access & Weapons are Available Services are Available 11 2 Marsh & McLennan Agency LLC

  12. The average organization takes approximately 206 days to identify that an incident has occurred and 73 days to contain it. The number one cause of cyber breaches are a company’s own employees! 3 Marsh & McLennan Agency LLC

  13. Cybersecurity awareness training Organizations are devoting more time and resources to raising awareness about cyber threats , investing in security measures, and training their employees about the risks of phishing, malware, and weak passwords. 1. Use two-factor authentication to log into emails, VPNs, databases, and important websites — it can prevent 99% of attempted account compromises, spam, & IP theft; 2. Use VPN when you’re not in the office or at home, especially when you’re somewhere with unsecured Wi-Fi or in a foreign country; 3. Don’t respond to any emails asking you for your passwords or other login credentials; 4. Never give someone remote access to your device , even if they say they’re calling from IT; 5. Double-check when clicking on links telling you to log into a company’s system — verify that the URL really is your company’s domain and that it has established a secure connection; 6. Don’t open suspicious attachments that you weren’t expecting to receive or that seem odd; 7. Enable full disk encryption on company’s devices and make sure they lock and require a password to access after being left untouched for five minutes; 8. Backup all important data, on a cloud-back storage AND a physical, offline backup system; 9. Never pay online extortion demands — it encourages crime and you might not get your data back anyway; 10. Be aware of any urgent online message or phone call with a request to provide money, gift cards, or personal information — take the time to verify things before responding. 4 Marsh & McLennan Agency LLC

  14. Training, training, training… 5 Marsh & McLennan Agency LLC

  15. 6 Marsh & McLennan Agency LLC

  16. “The greatest test lies not in the crisis itself but in the ways we respond” 7 Marsh & McLennan Agency LLC

  17. 8 Marsh & McLennan Agency LLC

  18. 9 Marsh & McLennan Agency LLC

  19. EU General Data California Consumer Protection Regulation (GDPR) Privacy Act (CCPA) Broad view of information “relating to an identified or identifiable Broad view of consumers’ personal information (PI). Definition of natural person ( data subject ),” including individual’s location, Excludes de-identified and aggregate PI and publicly Personal IP address, cookie identifier, RFID tags, political opinions, racial available data. Exempts PI collected by a business in Information or ethnic data. certain employment situations until 1 January 2021. Extraterritoriality : Applies to all entities that process personal Extraterritoriality : Applies to all businesses that collect or sell California residents’ PI, whether they are data of EU citizens, regardless of where they reside or where an Jurisdiction/ entity is located. located in CA or a different state/country, AND that It harmonizes data protection rules across all 28 EU member either: 1. earn $25M/year in revenue; 2. buy or sell 50K Applicability consumer’s records each year; or 3. derive 50% of their states. It also regulates the transfer of personal data outside the annual revenue by selling Californians’ PI. EU. Consumers have control over their data. They should be able to Consumers have control over their data. They have a Consumer monitor, check and, if desired, delete ( right to be forgotten ) right to know what data is being collected, how it is any information pertaining to them. Consent must be given in an being used, and decide if it can/cannot be shared or Protections/ sold, including from data brokers — businesses that easy-to-understand, accessible form, with a clear written Rights purpose for the user to sign off on, and there must be an easy collect and sell to third parties the PI of a consumer way for the user to reverse consent. with whom they do not have a direct relationship. Entities must provide a “reasonable” level of protection for Businesses must implement “reasonable security Risk-based measures” to safeguard Californians’ PI, and include a personal data, including pseudonymization and encryption of link that says “do not sell my data” at the bottom of any protected data; appoint a data Protection Officer (DPO); conduct practices a Data Protection Impact Assessment (DPIA). page where they collect PI. Data breaches that could “result in a risk for the rights and Breach The California breach notification law requires entities freedoms of individuals” must be reported within 72 hours of to report a breach within 45 days . Notification discovery. Data processors are required to notify consumers The CCPA includes a private right of action against Requirements “without undue delay.” businesses that suffer data breaches. Each EU Member State designated a supervisory authority Businesses that violate the CCPA will be liable for up responsible for monitoring the application of GDPR within its to $7,500 for each intentional violation. Breaches can Enforcement territory. Breaches can cost up to 4% of annual global cost up to $750/consumer/incident or actual damages & Penalties turnover or €20 million – whichever is greater – for violation of – whichever is greater – for failing to adopt reasonable 10 Marsh & McLennan Agency LLC GDPR’s requirements. 10 data breach security practices.

  20. Cloud Vendors-Service Organization Controls » Audit Report on Controls at a Service Organization. » Provides detailed information and assurance about the controls at the service organization. » Intended to meet the needs of a broad range of users » SOC-1 : Internal Controls relevant to Financial Reporting » SOC-2 : Security (Availability, Confidentiality, Processing Integrity, Privacy) » Restricted Use Reports (exception: SOC-3) » Type I Reports and Type II Reports 1

  21. Service Organization Controls » Type I Audit Report on Controls at a Service Organization. » Report on Controls Placed in Operation as of a point in time. » Are systems/controls fairly presented? » Are controls suitably designed? » Type II Audit Report on Controls at a Service Organization. » Report on Controls Placed in Operation and tests of Operating Effectiveness over a period. » Includes testing on a sample basis. » Includes results of testing. 2

  22. Simplifying SOC-2 Confidentiali ty Security Privacy Availability Processing Integrity 3

  23. Simplifying SOC-2 » Security (32 Mandatory Criteria) – Criteria and controls to protect against unauthorized access or disclosure of information, and damage to system that could compromise the ability to meet your commitments. Must be included in any SOC-2 Audit. » Availability (+3 Criteria) – Criteria and controls to assure the system is available for operation, use and retention. Think: Data Centers and SaaS providers. » Confidentiality (+2 Criteria) – Criteria and controls to assure information designated as confidential or nonpublic is protected to meet your commitments. Think: Law Firms, Mortgage Processors, Credit Bureaus, Health / Benefit Plans. » Processing Integrity (+5 Criteria) – Criteria and controls to assure that system inputs, processing and outputs are complete, valid, accurate, timely, and authorized to meet your commitments. Think: Payroll Providers, Data Integrators, Big Data, AI and Machine Learning » Privacy (+18 Criteria) – Criteria and controls to assure that personal information, typically that which is subject to privacy regulations, is collected, used, retained, disclosed, and disposed to meet the entity’s objectives. Think: Healthcare or Financial Services 4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

October 12, 2018 October 11, 2018 October 13, 2018 KRMC Cerbat Conference Room KPD Training

October 12, 2018 October 11, 2018 October 13, 2018 KRMC Cerbat Conference Room KPD Training

October 12, 2018 October 11, 2018 October 13, 2018 KRMC Cerbat Conference Room KPD Training Room LWHS Practice Gym 12:00 PM 6:00 PM 10:00 AM Provide facts, not opinions, as they relate to: Proposition 412 Home Rule Option

817 views • 54 slides
CONSUMER PRICE INDEX OCTOBER 2018 Released on 26 th November 2018 Inflation rate for October 2018

CONSUMER PRICE INDEX OCTOBER 2018 Released on 26 th November 2018 Inflation rate for October 2018

NATIONAL BUREAU OF STATISTICS, MALDIVES CONSUMER PRICE INDEX OCTOBER 2018 Released on 26 th November 2018 Inflation rate for October 2018 Monthly percentage change between September 2018 and October 2018 Monthly inflation: -0.45%

340 views • 11 slides
State of the District Community Engagement October 10, 2018 October 16, 2018 6:00 to 8:00 PM

State of the District Community Engagement October 10, 2018 October 16, 2018 6:00 to 8:00 PM

State of the District Community Engagement October 10, 2018 October 16, 2018 6:00 to 8:00 PM 4:00 to 6:00 PM Childrens Museum Cafe Pittsburgh Westinghouse 10 Children's Way Allegheny 1101 N. Murtland Street Square, Pittsburgh PA 15208

279 views • 15 slides
2019 Budget As recommended by Mayor Frey on August 15, 2018 October 18, 2018 Department Overview

2019 Budget As recommended by Mayor Frey on August 15, 2018 October 18, 2018 Department Overview

Office of Emergency Management 2019 Budget As recommended by Mayor Frey on August 15, 2018 October 18, 2018 Department Overview October 18, 2018 City of Minneapolis Who we are and what we do October 18, 2018 2019 Change Items October 18,

386 views • 5 slides
Greyhound Integration into Centennial Plaza October 2018 October 2018 About Greyhound

Greyhound Integration into Centennial Plaza October 2018 October 2018 About Greyhound

Greyhound Integration into Centennial Plaza October 2018 October 2018 About Greyhound Largest provider of intercity bus transportation in North America In operation for 104 years Serving more than 3,800 destinations

369 views • 17 slides
Oc October er 2018 G Gathering EAA CHAPTER 643 OCTOBER 2018 MONTHLY GATHERING

Oc October er 2018 G Gathering EAA CHAPTER 643 OCTOBER 2018 MONTHLY GATHERING

Oc October er 2018 G Gathering EAA CHAPTER 643 OCTOBER 2018 MONTHLY GATHERING (MEETING) KEY HIGHLIGHTS Our October Monthly meeting began by welcoming two new members, Chris Racioppi and Mark Tolleson to our chapter. Our next Young

554 views • 11 slides
IS-BAO 2018 Standard Differences October 2018 Why are we here today? The IS-BAO 2018

IS-BAO 2018 Standard Differences October 2018 Why are we here today? The IS-BAO 2018

IS-BAO 2018 Standard Differences October 2018 Why are we here today? The IS-BAO 2018 Standards structure is significantly improved from previous editions. This training will highlight these changes and orient operators to the new

296 views • 27 slides
Sharing Marketplace A pilot 14 October 2018 Mariane Sndergaard -Jensen A PILOT / 14 OCTOBER

Sharing Marketplace A pilot 14 October 2018 Mariane Sndergaard -Jensen A PILOT / 14 OCTOBER

A PILOT / 14 OCTOBER 2018 / SLIDE 1 Building a Capacity Sharing Marketplace A pilot 14 October 2018 Mariane Sndergaard -Jensen A PILOT / 14 OCTOBER 2018 / SLIDE 2 Whos in the room? ECAs ABGF EH GERMANY OeKB CREDIT OMAN AOFI EKF

385 views • 10 slides
2018 ETF Think Tank Boston Wednesday, October 3, 2018 09:0009:15 Welcome and Introduction to

2018 ETF Think Tank Boston Wednesday, October 3, 2018 09:0009:15 Welcome and Introduction to

Wednesday, October 3, 2018 8:30 6:30 p.m. (All times Eastern Standard Time) 2018 ETF Think Tank Boston Wednesday, October 3, 2018 09:0009:15 Welcome and Introduction to ETFs Presented by Richard Kerr and Peter Shea 09:1510:15

171 views • 3 slides
2019 Budget . October 22, 2018 Department Overview . October 22, 2018 City of Minneapolis

2019 Budget . October 22, 2018 Department Overview . October 22, 2018 City of Minneapolis

Municipal Building Commission 2019 Budget . October 22, 2018 Department Overview . October 22, 2018 City of Minneapolis Who we are and what we do MBC Board Director Office Support Accountant Specialist Project Coordinator Project

432 views • 13 slides
Q3 2018 PRESENTATION 26 th October 2018 Leif Gustafsson, CEO Aku Rumpunen, CFO Q3 2018

Q3 2018 PRESENTATION 26 th October 2018 Leif Gustafsson, CEO Aku Rumpunen, CFO Q3 2018

Q3 2018 PRESENTATION 26 th October 2018 Leif Gustafsson, CEO Aku Rumpunen, CFO Q3 2018 Highlights Organic sales growth of 6.3% was supported by both business divisions Comparable EBITA improved by 3.5% to EUR 41.6 (40.2) million

358 views • 25 slides
Third Quarter 2018 BM BMV: RASSINI www www.rassin ini. i.com October r 23 23, , 20 2018

Third Quarter 2018 BM BMV: RASSINI www www.rassin ini. i.com October r 23 23, , 20 2018

Third Quarter 2018 BM BMV: RASSINI www www.rassin ini. i.com October r 23 23, , 20 2018 18 1 Fir irst t nin ine month ths of f 2018 H Hig ighlights ts Millio illion Peso esos Net revenue climbed to $14,243 million or 5%

210 views • 20 slides
COLLEGE BATTLEFIELDS TRIP TH 23 RD 2018 OCTOBER 19 TH 23 RD 2018 IMPORTANT INFORMATION:

COLLEGE BATTLEFIELDS TRIP TH 23 RD 2018 OCTOBER 19 TH 23 RD 2018 IMPORTANT INFORMATION:

BASSINGBOURN VILLAGE COLLEGE BATTLEFIELDS TRIP TH 23 RD 2018 OCTOBER 19 TH 23 RD 2018 IMPORTANT INFORMATION: Frday 19 th October - be at school between 4am and 4.15am for a 4.30am departure. We are travelling with Galleon Travel. Their tel

598 views • 28 slides
SUPERINTENDENTS RECOMMENDATIONS October 23, 2018 #112LEADS 2016-2018 2018 Unofficial Data -

SUPERINTENDENTS RECOMMENDATIONS October 23, 2018 #112LEADS 2016-2018 2018 Unofficial Data -

Long-Range Planning SUPERINTENDENTS RECOMMENDATIONS October 23, 2018 #112LEADS 2016-2018 2018 Unofficial Data - 2018 data to be shared by state of IL 10/30/2018 www.illinoisreportcard.com 2018 54% of 3rd-8th grade students meet/exceed

555 views • 33 slides
2019 Budget As recommended by Mayor Frey on August 15, 2018 October 10, 2018 Department Overview

2019 Budget As recommended by Mayor Frey on August 15, 2018 October 10, 2018 Department Overview

City Attorney Department 2019 Budget As recommended by Mayor Frey on August 15, 2018 October 10, 2018 Department Overview October 10, 2018 City of Minneapolis Who we are and what we do October 10, 2018 2019 Change Items October 10, 2018

574 views • 8 slides
Random graph methods October 16, 2018 Random graph methods October 16, 2018 1 / 37 Graphs and

Random graph methods October 16, 2018 Random graph methods October 16, 2018 1 / 37 Graphs and

Random graph methods October 16, 2018 Random graph methods October 16, 2018 1 / 37 Graphs and Trees a poetic point of view A dead tree, cut into planks and read from one end to the other, is a kind of line graph, with dates down one side

592 views • 34 slides
On Using Existing Time - Use Study Data for Ubiquitous Computing Data for Ubiquitous Computing

On Using Existing Time - Use Study Data for Ubiquitous Computing Data for Ubiquitous Computing

On Using Existing Time - Use Study Data for Ubiquitous Computing Data for Ubiquitous Computing Applications Kurt Partridge, Philippe Golle Presented by: Minh Huynh CS525 CS525m Mobile and M bil d Ubiquitous Computing Introduction

721 views • 19 slides
1 T9 : Problems Whats best? Ambiguity persists Low KSPC Inconsistent

1 T9 : Problems Whats best? Ambiguity persists Low KSPC Inconsistent

Text Messaging TiltText : Using Tilt for Text Input Estimated 500,000,000,000 text messages in 2003 worldwide to Mobile Phones More popular outside North America Daniel Wigdor & Ravin Balakrishnan 2 Ambiguity Solutions

382 views • 5 slides
User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the

User Datagram Protocol (UDP) Standard connectionless protocol for the transport layer of the Internet architecture Only adds demultiplexing capability to basic best-effort delivery provided by IP Needs to identify target process

834 views • 36 slides
Dark Forces at New Experimental Frontiers The Search for New States and Forces of Nature

Dark Forces at New Experimental Frontiers The Search for New States and Forces of Nature

Dark Forces at New Experimental Frontiers The Search for New States and Forces of Nature Conference, GGI, October 2009 Philip Schuster (SLAC Theory Group) with J.D. Bjorken, R. Essig, and N. Toro (0906.0580) R. Essig, and N. Toro (0903.3941)

634 views • 39 slides
talking about information "the age of information" history of information January 22,

talking about information "the age of information" history of information January 22,

talking about information "the age of information" history of information January 22, 2011 1 Thursday, January 20, 2011 administrative matters wait list check with departments class website

674 views • 56 slides
Nowhere to hide? Mix-Zones for Private Pseudonym Change using Chaff Vehicles Christian Vaas 1 ,

Nowhere to hide? Mix-Zones for Private Pseudonym Change using Chaff Vehicles Christian Vaas 1 ,

Nowhere to hide? Mix-Zones for Private Pseudonym Change using Chaff Vehicles Christian Vaas 1 , Mohammad Khodaei 2 , Panos Papadimitratos 2 , Ivan Martinovic 1 University of Oxford 1 , KTH, Stockholm 2 VNC, 6 December 2018 Motivation: Vehicle

421 views • 18 slides
Better partnerships between the NHS and the private sector:

Better partnerships between the NHS and the private sector:

Better partnerships between the NHS and the private sector: corporates, SMEs and start ups Sir Ian Carruthers, CEO, NHS South of England Simon

650 views • 19 slides
Where Can We Turn To Learn?" An introduction to online learning about climate change and

Where Can We Turn To Learn?" An introduction to online learning about climate change and

Where Can We Turn To Learn?" An introduction to online learning about climate change and transition studies 12 July 2018 In todays session we will touch upon these topics. 1. The nature of climate and transition studies

866 views • 60 slides

More recommend