60 likes | 87 Views
Cyber security and data privacy practices discussed by an expert panel at Harvard Business School Association. Learn about risk avoidance, crisis management, prevention, response strategies, stakeholder communication, and regulatory compliance.
E N D
Cyber Security Practices: An Expert Panel Discussion Harvard Business School Association of Boston Gerry Leone February 12, 2015
Avoidance of risk and effective crisis management Cyber security and data privacy are enterprise-wide risk issues, to be treated as an organizational vertical (top-down) and horizontal (cross-department silos) priority. Preventing; Managing; and Mitigating Cyber Risks and Crises. Multi-Disciplined and Integrated Approach. Front end: Prevention and preparedness • 6 P’s • Policies • Practices • Procedures • Plans • Protocols • Programs See NIST Back end: Responsiveness • 4 C’s • Coordination • Collaboration • Cooperation • Communications See Messaging & Communications (Internal and External)
Avoidance of risk and effective crisis management External: Establishing and developing relationships and credibility • Government regulators • See MA AGO and FTC • Media Messaging and Communication – Before, During and After the Incident/Breach Internal: top-down and cross- department silos • Boards • Stakeholders • Employees • Clients • Suppliers/vendors • Consumers
Avoidance of risk and effective crisis management Communications takeaways—Internal and external • Engage early, and work with the MEDIA if necessary. • Holding Statements* • If you are going to deal with a crisis, you need INFORMATION. • Do not provide wrong INFORMATIONor say things you don’t know. • The best thing any organization can do is to BE PREPARED ON THE ONLINE SIDE. • Who is driving THE STORYand where are they going? • The INTERNETfavors negative commentary. (“Microsites”)
Avoidance of risk and effective crisis management • Best practices for leadership within an organization • SEPs, WISPs, and Privacy and Security Programs • Data Security and Safeguard Agreements (“DSSAs”) • Compliance with state and federal laws and regulations • Swift and appropriate response to data breach incidents (ID, manage, contain) • Enact critical security controls and know the most prominent threats to your organizations and systems • Take inventory of hardware and software • Limit administrative permissions and automating network monitoring
Thank you Gerry Leone T 617-345-6036gleone@nixonpeabody.com Nixon Peabody LLP100 Summer Street Boston, MA, 02110-2131