1 / 6

Effective Cyber Security Practices Discussion

Cyber security and data privacy practices discussed by an expert panel at Harvard Business School Association. Learn about risk avoidance, crisis management, prevention, response strategies, stakeholder communication, and regulatory compliance.

victorwhite
Download Presentation

Effective Cyber Security Practices Discussion

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Security Practices: An Expert Panel Discussion Harvard Business School Association of Boston Gerry Leone February 12, 2015

  2. Avoidance of risk and effective crisis management Cyber security and data privacy are enterprise-wide risk issues, to be treated as an organizational vertical (top-down) and horizontal (cross-department silos) priority. Preventing; Managing; and Mitigating Cyber Risks and Crises. Multi-Disciplined and Integrated Approach. Front end: Prevention and preparedness • 6 P’s • Policies • Practices • Procedures • Plans • Protocols • Programs See NIST Back end: Responsiveness • 4 C’s • Coordination • Collaboration • Cooperation • Communications See Messaging & Communications (Internal and External)

  3. Avoidance of risk and effective crisis management External: Establishing and developing relationships and credibility • Government regulators • See MA AGO and FTC • Media Messaging and Communication – Before, During and After the Incident/Breach Internal: top-down and cross- department silos • Boards • Stakeholders • Employees • Clients • Suppliers/vendors • Consumers

  4. Avoidance of risk and effective crisis management Communications takeaways—Internal and external • Engage early, and work with the MEDIA if necessary. • Holding Statements* • If you are going to deal with a crisis, you need INFORMATION. • Do not provide wrong INFORMATIONor say things you don’t know. • The best thing any organization can do is to BE PREPARED ON THE ONLINE SIDE. • Who is driving THE STORYand where are they going? • The INTERNETfavors negative commentary. (“Microsites”)

  5. Avoidance of risk and effective crisis management • Best practices for leadership within an organization • SEPs, WISPs, and Privacy and Security Programs • Data Security and Safeguard Agreements (“DSSAs”) • Compliance with state and federal laws and regulations • Swift and appropriate response to data breach incidents (ID, manage, contain) • Enact critical security controls and know the most prominent threats to your organizations and systems • Take inventory of hardware and software • Limit administrative permissions and automating network monitoring

  6. Thank you Gerry Leone T 617-345-6036gleone@nixonpeabody.com Nixon Peabody LLP100 Summer Street Boston, MA, 02110-2131

More Related