[PDF]Presentation - Rackcdn.com96bda424cfcc34d9dd1a-0a7f10f87519dba22d2dbc6233a731e5.r41.cf2.rackcdn.com/...
0 downloads
283 Views
279KB Size
BRAZILIAN-AMERICAN CHAMBER OF COMMERCE OF FLORIDA PRESENTS:
SURVIVING A CYBERSECURITY BREACH: A “REAL LIFE” SIMULATION
JUNE 23, 2015
Panelists CHARLES BEARD Principal, PricewaterhouseCoopers
CODY SWIDLER Information Security Risk Management and Business Continuity Leader, Transitioning
AURORA FAGAN Assistant U.S Attorney, US, Attorney’s Office for the Southern District of Florida
JOSEPH MAMOUNAS Associate, Bilzin Sumberg
Fictional Corporation Overview • Tech company is headquartered in Miami. • Registered in Delaware and listed on the NYSE and London Stock • • • •
Exchange $25B in revenue 65% of revenues from high-tech manufacturing globally directly and through distributions channels 35% of revenues from an IT services division in LatAm Holding Company structure and governance
Quarter 1: Planning Phase • Cyber security risks are factored into the broader risk
management portfolio • How much risk are we willing to absorb? • The Corporate CIO is an SVP who reports to the COO • Each operating company has its own CIO
Quarter 2: Monitoring Compliance • Risk reviews are conducted each month • Board Risk Committee gets a briefing report each quarter • Minor events have been detected on both business and
corporate networks, however nothing substantial • Significant events are happening in the industry, but thus far the company has been spared
Quarter 3: Incident Response We now have an event
• A review of the logs indicates the attacker has been
in the company since we acquired and integrated a $200M firm in Europe • Servers with personal information of global
employees and customers have been accessed • Files with proprietary intellectual property may have
been misappropriated • The Company’s e-commerce platform compromised • Management does not believe that anyone outside
of the company is aware the event has occurred • The FBI gets a notice from the company, but knows
from other sources magnitude is much greater
Quarter 4: The Investigation • What actions were taken and what were the results
regarding: • Customers • Business Partners • Investors • Employees • Government
• How can/will the FBI/DOJ help? • How will regulators respond?
Quarter 5: The Post-Mortem • What would you have done differently that would have
prevented this from happening? • Any best practices?
Questions?