60 likes | 81 Views
Cyber Security Practices: An Expert Panel Discussion. Harvard Business School Association of Boston Gerry Leone February 12, 2015. Avoidance of risk and effective crisis management.
E N D
Cyber Security Practices: An Expert Panel Discussion Harvard Business School Association of Boston Gerry Leone February 12, 2015
Avoidance of risk and effective crisis management Cyber security and data privacy are enterprise-wide risk issues, to be treated as an organizational vertical (top-down) and horizontal (cross-department silos) priority. Preventing; Managing; and Mitigating Cyber Risks and Crises. Multi-Disciplined and Integrated Approach. Front end: Prevention and preparedness • 6 P’s • Policies • Practices • Procedures • Plans • Protocols • Programs See NIST Back end: Responsiveness • 4 C’s • Coordination • Collaboration • Cooperation • Communications See Messaging & Communications (Internal and External)
Avoidance of risk and effective crisis management External: Establishing and developing relationships and credibility • Government regulators • See MA AGO and FTC • Media Messaging and Communication – Before, During and After the Incident/Breach Internal: top-down and cross- department silos • Boards • Stakeholders • Employees • Clients • Suppliers/vendors • Consumers
Avoidance of risk and effective crisis management Communications takeaways—Internal and external • Engage early, and work with the MEDIA if necessary. • Holding Statements* • If you are going to deal with a crisis, you need INFORMATION. • Do not provide wrong INFORMATIONor say things you don’t know. • The best thing any organization can do is to BE PREPARED ON THE ONLINE SIDE. • Who is driving THE STORYand where are they going? • The INTERNETfavors negative commentary. (“Microsites”)
Avoidance of risk and effective crisis management • Best practices for leadership within an organization • SEPs, WISPs, and Privacy and Security Programs • Data Security and Safeguard Agreements (“DSSAs”) • Compliance with state and federal laws and regulations • Swift and appropriate response to data breach incidents (ID, manage, contain) • Enact critical security controls and know the most prominent threats to your organizations and systems • Take inventory of hardware and software • Limit administrative permissions and automating network monitoring
Thank you Gerry Leone T 617-345-6036gleone@nixonpeabody.com Nixon Peabody LLP100 Summer Street Boston, MA, 02110-2131