Damage caused by cyber-attacks is increasing exponentially and can cause huge losses for companies and consumers. Businesses must take cyber security seriously to avoid the threats that cybercrime possess to their networks and customers.

Damage caused by cyber-attacks is increasing exponentially and can cause huge losses for companies and consumers. Businesses must take cyber security seriously to avoid the threats that cybercrime possess to their networks and customers.

• • FBI new measures, such as embedding agents with police departments across Eastern Europe, including Estonia, Romania and Ukraine
• • Privacy and Civil Liberties Oversight Board- their role and functions
• • FCC - Small Biz Cyber Planner
• • The NIH Information Security and Privacy Training Courses
• • Up to the minute regulatory updates

Course Level: Intermediate
Prerequisite: None
Method Of Presentation: Group-Based-Internet
Developer: The Knowledge Group, LLC
Recommended CLE/CPE Hours: 1.75 - 2.0
Advance Preparation: Print and review course materials
Course Code: 124281
Recording Fee: $299 (Please click here for details)

 

Agenda  (click here to view more) Jim Halpert, Partner, DLA Piper • Hacking is a growing problem (perpetrated not only by "recreational hackers" but also by overseas competitors and sophisticated governmental actors) that companies need to take very seriously. If you find out that you are hacked, you need to conduct a thorough investigation to understand what has occurred and to ensure that you have restored the integrity of your system with no malware or vulnerabilities remaining in your system. • It is critical that before they are hacked organizations implement both strong information security programs and sound incident response plans. The incident response plan needs to draw on and involve key resources within your organization -- IT, legal, law enforcement liaison, corporate communications and, if client data are involved, the relationship team for those client. • For most organizations, it is a very good idea to engage a skilled computer forensics consultant to determine exactly what happened, to clean your IT infrastructure of vulnerabilities and detect and purge all malware. A key element of data security legal requirements is to adjust your system in light of actual and potential security threats. Failure to respond and learn from actual hacks will likely be considered as negligence. Furthermore, businesses have obligations under SOX to have business continuity plans and protections in place so as not to be crippled by cyber threats. Businesses in heavily targeted sectors (e.g. financial services and defense) should seriously consider going further and helping to raise the security of devices that interact with their servers. • It is very important to assess as quickly as possible whether the hack likely involves: (1) sensitive personal information triggering a security breach notice obligation to individuals and to government authorities, (2) PCI-DSS data, which triggers requirements to notify the payment card brands and potentially to indemnify them, pay for a special PCI audit and pay fines, (3) sensitive trade secret information serious enough to trigger an SEC requirement to notify shareholders, or (4) a compromise of the security of critical infrastructure, which can give rise to significant harm. The presentation will explain each of these four categories and the steps to take in each case. • It is also sometimes advisable with appropriate confidentiality assurances and obtaining trade secret protection, to share information about hacking incidents with law enforcement, particularly if you want to attempt to pursue the hacker. Adopting more aggressive counter-measures (for example to retrieve stolen data that is stored on an intermediary server) can sometimes be desirable, but it is important to review these measures for compliance with the law. In addition, organizations in targeted sectors often benefit from sharing information on potential and actual threats with colleagues in other organizations and potentially with government cyber-security authorities. Given the dynamic nature of cyber security threats, information sharing is very important to stay up to speed with evolving threats and to help protect the infrastructure. C. Kelly Bissell, Global Incident Response and U.S. IT Risk Management Leader, Deloitte & Touche LLP • Organizations are experiencing more frequent cyber incidents than ever before • Discuss costs and impacts to organizations • Discuss number and types of breaches • Discuss how to plan for and respond to cyber incidents including loss of data, security   breaches, fraud, and disruption of services Daimon E. Geopfert, National Leader, Security and Privacy Consulting, McGladrey LLP • Many organizations still rely almost exclusively on preventative controls (patching, anti-virus, IDS,   etc) while neglecting their detective (monitoring) and corrective (incident response) controls • The issue with this is that modern threats are purpose built to bypass preventative controls (zero-   days, rapidly mutating malware, IDS evasion, etc) • While the odds are low that any single organization will be targeted by an APT level threat, we are   seeing a "bleed-over" affect where APT-ish capabilities are being built into hacking toolkits   which are then wielded by the masses of malicious but un-skilled attackers • The focus on preventative controls contributes not only to the large number of breaches we've been   seeing, but also their duration. Some organizations are breached for years at a time   without knowing it. • Organizations should use the information in the public domain that describes how other companies   were breached, and they should run mock exercises to see if they would be capable of handling a   similar attack. They should as themselves, where would we have done better monitoring in order to   catch this attack? • Organizations need to plan to fail as all security solutions can eventually be breached. Their goal   should be to fail gracefully, by which I mean that they can quickly identify the breach and respond   before significant damage is done. Jonathan Fowler, EnCE, ACE , Director of Forensics, First Advantage Litigation Consulting • Internal Fallout The company needs to determine how the hack was carried out so that appropriate measures can be put in place to (a) prevent the hack from being carried out again and (b) ensure that corporate IT systems are no longer infected. Additionally, proactive measures should be taken to educate employees on potential dangers of hacking (including social engineering concepts). • External Fallout Depending on the type of data hacked, does the company have an obligation to report the incident, either to governmental regulators or to investors (or both). Outside counsel may need to be involved to assist the company in navigating through the various state and Federal regulations/requirements in reporting these incidents. • Proactive Steps Aside from corporate IT departments using proactive tools and techniques to monitor for attacks, corporations should form data breach incident teams that include personnel from IT, Risk Management, Legal, as well as business-group leaders to put together a set of standard procedures for the company to follow should an incident occur in the future. This may also involve outside vendors as well, such as computer forensic or cybersecurity specialists.

Who Should Attend?

- Chief Security Officers
- Senior Executives
- Chief Risk Officers
- IT Heads
- Other related Professionals

Why Attend?

This is a must attend event for anyone interested to learn the best practices for cyber security.

- Detailed guidance explained by the most qualified key leaders & experts
- Hear directly from key regulators & thought leaders
- Interact directly with panel during Q&A

Enroll in this course today by clicking the "Register" button below. Significant discounts apply to early registrants. Advanced registration is advised as space is limited.

(Click here for information on group registrations and discounts)

Disclaimer:
Please note, the event date is firm although it may be subject to change. Please click here for details.
The Knowledge Group, LLC is producing this event for information purposes only. We do not intend to provide or offer business advice. The contents of this event are based upon the opinions of our speakers. The Knowledge Congress does not warrant their accuracy and completeness. The statements made by them are based on their independent opinions and does not necessarily reflect that of The Knowledge Congress' views. In no event shall The Knowledge Congress be liable to any person or business entity for any special, direct, indirect, punitive, incidental or consequential damages as a result of any information gathered from this webcast.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Your Company Has Been Cyber Hacked! Strategies for Dealing With the Fallout
LIVE Webcast
Speakers and Partner Firms / Agency:

DLA Piper became one of the largest business law firms in the world in 2005 through a merger of unprecedented scope in the legal sector. We were built to serve clients wherever in the world they do business - quickly, efficiently and with genuine knowledge of both local and international considerations. Whether our clients require seamless coordination across multiple jurisdictions or delivery in a single location, they can count on us to deliver the right service and solutions.

Deloitte’s Audit & Enterprise Risk Services help organizations build value by taking a Risk Intelligent approach to managing financial, technology and business risks. This approach helps our clients focus on their areas of increased risk, bridge silos to effectively manage risk across organizational boundaries and seek not only risk mitigation, but also pursue intelligent risk taking as a means to value creation.

Deloitte’s Security & Privacy practice assists clients across all industries with information risk management, security, and privacy initiatives including:

• Information & Technology Security Management • Business Continuity Management • Privacy & Data Protection • Cyber Threat & Vulnerability Management • Identity & Access Management • Application Integrity

Its innovation center, the Deloitte Center for Security & Privacy Solutions, focuses on building innovative, transformational and sustainable solutions that address current management challenges posed. The Center has been developing new ways to help organizations align strategies, processes, and operations to improve operational resilience in uncertain environments.

Visit: http://www.deloitte.com/us/securityandprivacysolutions

McGladrey is the fifth largest U.S. provider of assurance, tax and consulting services, with nearly 6,500 professionals and associates in more than 70 offices nationwide. McGladrey is a licensed CPA firm, and is a member of RSM International, the sixth largest global network of independent accounting, tax and consulting firms. We have approximately 100 information assurance professionals nationwide dedicated exclusively to serving clients’ technology security- and risk-related needs. The McGladrey professionals who work with you have wide-ranging experience within the forensics and response fields, including law enforcement, military, intelligence and corporate investigations. Our professionals carry a multitude of industry recognized certifications, and several of our members are recognized thought leaders within the security industry. Our certifications include EnCase Certified Examiner (EnCE), GIAC Certified Incident Handler (GCIH), Certified Forensic Computer Examiner (CFCE) and various security certifications such as the Certified Ethical Hacker (CEH) and the Certified Information Security Systems Professional (CISSP).

First Advantage Litigation Consulting is an international eDiscovery and managed review provider with extensive experience in litigation, antitrust, second requests, and internal and external investigations. The company supports law firms and corporations with cost-effective, end-to-end litigation services that include data collection, computer forensics, expert testimony, multi-lingual and on-site data processing, hosting and document review. Safe Harbor certified, the company can deploy its services rapidly and efficiently to clients anywhere in the world from offices and data centers in North America, Europe and Asia. For more information, please visit www.fadvlit.com.

Media Partner:

bestattorneysonline.com, a premium service provided by bestattorneysonline.com LLC, started in 2009, ranks law firms through research and evaluation to identify the most respectable and dedicated law teams in the United States. Our goal is to provide our users with a new way to locate and contact an attorney or a law firm while providing firms a way to get their image out and into the open. We advertise and provide access to the best law firms around the country and in specific areas and also list a directory showing many opportunities for a client to get in touch with legal help.

The Knowledge Group, LLC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Suite 700, Nashville, TN, 37219-2417. Website: www.nasba.org

We are an approved multi-event sponsor in the state of California. Our provider ID is: 14451. In Texas, Illinois, and Virginia, we submit programs for individual approval in advance. In all other states, once attendance is verified, participants are emailed an official certificate of attendance which they submit to their respective State Bar Associations. Our programs are created with continuing education in mind and are therefore designed to meet the requirements of State Bar Associations. The State Bars will have the final determination on whether to provide credit or not. If you have any questions, please email our CLE coordinator at: info@knowledgecongress.org Attention New York Attorneys: This program is approved for CLE credit under New York’s Approved Jurisdiction policy. The Knowledge Group, LLC is an approved sponsor in the state of California, a New York Approved Jurisdiction. This program fulfills the non-traditional format requirement of exceeding 60 minutes in length. Please note only experienced attorneys (more than 2 years) are eligible to receive CLE credit via non-traditional format learning platforms. The Knowledge Group will verify attendance during the webcast via secret words (3 per credit hour) and by auditing attendees log in and log out records. All verification instructions will be provided during the webcast. Once attendance verification requirements have been completed, the attendee will be issued a certificate of attendance be The Knowledge Group for the course with the recommended number of credit hours. The Certificate of Attendance is normally sent via email in 24 hours or less. To Claim Your CLE Credits: The attorney should simply include credits earned via Knowledge Group webcasts when computing the total number of CLE credits completed, and keep the Knowledge Group Certificate of Attendance for a period of at least four (4) years in case of audit. An attorney may count towards her/his New York CLE requirement credit earned through the Approved Jurisdiction policy without notifying the CLE Board. To learn more about New York’s Approved Jurisdiction policy. Please visit: http://www.nycourts.gov/attorneys/cle/approvedjurisdictions.shtml Attention Pennsylvania Attorneys: Knowledge Congress is not yet an Accredited Distance Learning Provider in PA, neither the instructors nor any PA attendees will receive credit for the course.

Enrolled Agents Sponsor ID Number: 7602U We have entered into an agreement with the Office of Professional Responsibility, Internal Revenue Service, to meet the requirements of 31 Code of Federal Regulations, section 10.6(g), covering maintenance of attendance records, retention of program outlines, qualifications of instructors, and length of class hours. This agreement does not constitute an endorsement by the Office of Professional Responsibility as to the quality of the program or its contribution to the professional competence of the enrolled individual.

The Knowledge Congress is a series of live webcasts produced by The Knowledge Group, LLC, which examine trends, regulatory, and technology changes across a variety of industries. "We bring together the world's leading authorities and industry participants through informative two-hour webinars to study the impact of changing regulations."

Copyright 2011-2012 The Knowledge Group LLC.  All Rights Reserved.  Privacy Policy.

 Upcoming events. Subscribe now.
 General Inquiries: info@knowledgecongress.org
 Registration Questions: register@knowledgecongress.org