1 / 13

“Playing Safely in the Cloud”

Explore the key steps to mitigate a data breach in the cloud. Learn how to handle a breach, notify affected parties, and protect against identity theft.

ania
Download Presentation

“Playing Safely in the Cloud”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Playing Safely in the Cloud” Mike Goetz City of Lynchburg Lessons Learned…Mitigating a Data Breach

  2. “Playing Safely in the Cloud” June 4, 2007… a Monday… Not a great way to start your week…

  3. “Playing Safely in the Cloud”

  4. “Playing Safely in the Cloud” My SSN Wife’s SSN Wife’s birthday

  5. “Playing Safely in the Cloud” Good to Know: • Data stored in Google cache is different from data stored in the index • Google Webmaster Tools https://www.google.com/webmasters/tools/docs/en/about.html • To remove data from cache • To limit the crawl of Googlebot • To generally control how your site interacts with Google search

  6. “Playing Safely in the Cloud” Suggested Actions (the human element) • Take responsibility! • Quantify the exposure • Notify those affected, but… Trade-offs with first containing incident • Admit and Apologize – multiple times! • Meet face-to-face: those affected with those highest in authority Have impartial, 3rd party support handy (CIO?)

  7. “Playing Safely in the Cloud” Suggested Actions (cont’d): • Disseminate information, lots of it • What is “identify theft”, what it is not • What to look out for (http://www.ftc.gov/bcp/edu/microsites/idtheft/) • Different levels of identify theft protection • Establish a web site, hotline, email address for questions • Buy credit monitoring service for those affected – for one year

  8. “Playing Safely in the Cloud” Lessons Learned: • No two incidents are identical • Recognize & determine legal and ethical obligations immediately! • Leverage others in problem solving and in determining how to manage • VITA, Secretary of Technology Office • UVa experience

  9. “Playing Safely in the Cloud” Lessons Learned (cont’d): • Go to the press – preemptive strike • If root cause is employee negligence, those affected will be looking for punishment! (Involve Attorney, HR to know the law & appropriate action) • Beware of ambulance chasers (Consultants, lawyers ready to help with mitigation)

  10. “Playing Safely in the Cloud” Lessons Learned(cont’d): • In our zeal to serve… Be Aware! • Of the info we have that is sensitive • In our zeal to serve… Be Wary! • Of the potential pitfalls & exposures • Educate employees • A mindset of caution • Take the time to be careful

  11. “Playing Safely in the Cloud” May you never experience this joy…

More Related