• No results found

MANAGING CYBERSECURITY INVESTIGATIONS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "MANAGING CYBERSECURITY INVESTIGATIONS"

Copied!
20
0
0

Loading.... (view fulltext now)

Download now ( 20 Page )

Full text

(1)

www.dlapiper.com May 12, 2016 0

May 12, 2016

MANAGING CYBERSECURITY

INVESTIGATIONS

Tara Swaminatha, Of Counsel, Washington, DC Sam Millar, Partner, London

If you cannot hear us speaking, please make sure you have called into the teleconference number on your invite information.

• US participants: 1 800 893 0176 • Outside the US: 212 231 2928

• The audio portion is available via conference call. It is not broadcast through your computer.

*This webinar is offered for informational purposes only, and the content should not be construed as legal advice on any matter.

(2)

Speakers

Tara Swaminatha

Of Counsel, Washington, DC

Sam Millar

(3)

www.dlapiper.com May 12, 2016 2

 Contact inside and outside counsel early (ideally before a breach)

 In the wake of a suspected or actual breach, using counsel (properly) allows you to keep things under wraps until you have a chance to get facts straight

– As you triage internally, keep your internal discussions and documents confidential

– Better to take a minute and sort out game plan before saying anything

*Privilege is not automatic simply by using counsel

 Fact-specific inquiry

 Requires adherence to protocol

(4)

 Purpose

 Roles and responsibilities

 Escalation procedures

 Types of incidents

 Incident-specific response procedures

 Communications plan

 Contact information (consider alternative methods of communication)

(5)

www.dlapiper.com May 12, 2016 4

 Response plan “cheat sheets” organized by role

 Proper training for team members

 Vendors engaged through counsel

 Privileged protocol established

 Pre-existing relationships with law enforcement

 Tabletop/security drill

 Continually revise and adapt plans and protocol

Other important elements of strong IR plan

(improves efficacy of investigations)

(6)

` ``

Phase 1 Phase 2 Phase 3 Phase 4

Role Role Role Role Role Role

(7)

www.dlapiper.com May 12, 2016 6

Security incident triage guidelines

(8)
(9)

www.dlapiper.com May 12, 2016 8

Chain of custody

(10)

 Assemble an incident response team (IRT)

 Contact inside and outside counsel to establish a “privileged” reporting and communication channel

 Coordinate with legal counsel to bring in cybersecurity experts and forensic examiners

 Stop additional data loss

 Secure evidence

 Preserve computer logs

 Document the breach

 Define legal obligations

 Contact law enforcement (possibly)

Data breach incident response quick start guide

 Conduct interviews of personnel involved

 Reissue or force security access changes

 Do not probe computers and affected systems

 Do not turn off computers and affected systems

 Do not image or copy data, or

connect storage devices/media, to affected systems

 Do not run antivirus programs or utilities

(11)

www.dlapiper.com May 12, 2016 10

 Confidential discussions or documents (“privileged communications”)

 Write and distribute documents within organization with reduced likelihood of disclosure

 Forensic exam analysis kept confidential

 Tradeoffs in a risk analysis

 Purpose of attorney-client privilege

Importance of attorney-client privilege and

confidentiality (in USA)

(12)

 External team engaged through counsel

– PR/communications experts

– Forensic cybersecurity experts

 Internal team – IT – Legal – HR – PR/communications – Customer relations – Risk management

– Operations (physical breaches)

– Finance (company financial information lost)

Discuss confidentiality procedures

(13)

www.dlapiper.com May 12, 2016 12

 Recent launch of two UK government schemes to help companies choose a cybersecurity incident response supplier – CESG/CPNI CIR and CREST CSIR. Recognized set of professional qualifications and best practice standards

 Technical expertise to carry out sophisticated security incident investigations quickly and effectively

 Expert forensic ability

 Consider which elements of the investigation will be outsourced and which will be dealt with in-house

 Consider location of investigation e.g., does the business require a forensic vendor with international reach and ability to deploy teams globally?

(14)

 Strong security culture – whistleblowing

 Businesses should have a robust set of policies and procedures to manage cyber security risks. Having such policies is not enough – companies need to ensure that they are implemented correctly by monitoring compliance

 Regular training on cybersecurity issues linked to these policies is also important

 Screening: pre-employment and at regular intervals for employees and contractors to help manage "insider threat"

 Physical/digital security – strong link

 Portable devices – ban? encryption?

(15)

www.dlapiper.com May 12, 2016 14

 Clear accountability for cybersecurity risk within the business

 Contract management to incorporate security controls

 User privileges

 Anti-virus software/malware detection

 Audit: security audits to include insider threat audit

 Incident management planning

(16)

 The FCA has identified cybercrime as a priority in its 2016-2017 Business Plan

 EY's Global Information Security Survey 2015 indicates that the threats people are most concerned about are phishing and malware

 The Panama Papers leak highlights the risk of cybersecurity/data breaches for law firms

 Increased coordination and information sharing between the police and the NCA in responding to and managing cybersecurity threats

 CPNI, GCHQ, BIS and the Cabinet Office have published an updated '10 Steps to Cyber Security' – practical steps businesses can take to improve the security of their networks and the information carried on them

 Increased reporting

(17)

www.dlapiper.com May 12, 2016 16

 Key provisions include:

Harmonization: single set of rules, directly applicable in all EU member states

Enforcement: power for regulators to levy heavy financial sanctions of up to 4% of the annual worldwide turnover of the organization. This significantly increases the risk associated with privacy non-compliance

Offshore processing: application of EU regulatory framework to companies established outside the EU if they target EU citizens

Governance: increased responsibility and accountability on organizations to manage how they control and process personal data

One-stop-shop: ability to nominate a single national data protection

authority as the lead regulator for all compliance issues in the EU, where the organization has multiple points of presence across the EU

(18)

Consent: adoption of a more active consent based model to support lawful processing of personal data

Right to be forgotten: a statutory “right to be forgotten” which will allow individuals the right to require a controller to delete data files relating to them if there are not legitimate grounds for retaining it

(19)

www.dlapiper.com May 12, 2016 18

Questions?

Tara Swaminatha Of Counsel, Washington, DC [email protected] +1 202 799 4323 Sam Millar Partner, London [email protected] +44 (0)20 7153 7714

(20)

References

Download now ( PDF - 20 Page - 336.91 KB )

Related documents

Terrorism in America - Brent Smith

Consequently, federal courts have allowed upward adjustments under the new sentencing guidelines for a variety of behaviors relevant to terrorism: cases in which the defendant

PET/MR imaging of hypoxic atherosclerotic plaque using 64Cu-ATSM

Hypoxia but not inflammation augments glucose uptake in human macrophages: Implications for imaging atherosclerosis with 18fluorine-labeled 2-deoxy-D-glucose positron

National Pollutant Inventory. Emission estimation technique manual for. Fossil Fuel Electric Power Generation

Table 1 7 NPI Substances expected to be relevant to Fossil Fuel Electric Power Generation ....5 7 Table 1 8 Indicative Coal Properties for Black Coals used in the

Im Sorry Letter To Boyfriend

Stupid of hurt because im letter to know how genuinely sorry for boyfriend from, it is the truth, i will always an idiot thing i never by.. Track and heart because im sorry letter

The Land and Maritime Delimitation of the Court of The Hague in the Affairs of Costa Rica v. Nicaragua, in Light of Their Proposals (February 2, 2018)

For these reasons, the Court considered it appropriate to adjust the provi- sional equidistance line for the exclusive economic zone and the continental shelf, specifying - as it

Organizational Behavior- Comparison Between 2 Companies

express the core values that are shared b y the majority of the organization’s member. One of y the majority of the organization’s member. One of key key observation was GP

Autism and social movements in France : exploring cross-cultural differences

The first association of autistic persons, Autism Network International (ANI), set up in 1991 in the U.S., defends the idea that autism is neither a disease nor a

Between Art-Object, situations and performativity investigating performativity as an ontological and psychoanalytic process within trans- disciplinary art practices.

 These processes constitute the conditions for exploring composite, participatory art practice as a durational event, through three key focus areas: (1) performativity as