Lessons learned from a breach
This presentation is the property of its rightful owner.
Sponsored Links
1 / 59

Lessons Learned from a Breach PowerPoint PPT Presentation


  • 39 Views
  • Uploaded on
  • Presentation posted in: General

Lessons Learned from a Breach. Eric van Wiltenburg University of Victoria @ e_vanwiltenburg. Let’s start with some exercise. Hey Eric, aren’t you embarrassed?. “Transparency is an asset.” Eric van Wiltenburg, January 31, 2012. OK, so what happened anyway?. +. +. =. 11845.

Download Presentation

Lessons Learned from a Breach

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Lessons learned from a breach

Lessons Learned from a Breach

Eric van Wiltenburg

University of Victoria

@e_vanwiltenburg


Lessons learned from a breach

Let’s start with some exercise


Lessons learned from a breach

Hey Eric, aren’t you embarrassed?


Lessons learned from a breach

“Transparency is an asset.”

Eric van Wiltenburg, January 31, 2012


Lessons learned from a breach

OK, so what happened anyway?


Lessons learned from a breach

+


Lessons learned from a breach

+


Lessons learned from a breach

=


Lessons learned from a breach

11845


Lessons learned from a breach

  • employee names

  • employee numbers

  • Social Insurance Numbers

  • bank account

  • employee classification code

  • amount of last deposit


Lessons learned from a breach

January 2012

January 2010


Lesson

Lesson

  • Having good policies in place is very important, even if nobody reads them


Lessons learned from a breach

UVic Privacy Policy


Lessons learned from a breach

Privacy Breach Response Team


Lessons learned from a breach

  • University Secretary

  • Vice President Finance and Operations

  • Manager Privacy, Access and Policy

  • University Legal Counsel

  • Information Security Manager

  • Director, Communications

  • Associate Vice-President Human Resources

  • Associate Vice-President Faculty Relations

  • Assistant Director, Campus Security

  • Executive Director, Government Relations

  • Vice-President External Relations

  • Assistant Treasurer

  • Risk Analyst


Lessons learned from a breach

FIPPA

OIPC


Lesson1

Lesson

  • Effective external communication to {organization, staff, community} is important for {salvaging reputation, reassuring affected individuals, ensuring resolution}, even if the internal politics, communications and logistics cause friction.


Lessons learned from a breach

250-472-4333

[email protected]


Lessons learned from a breach

uvic.ca/infobreach


Regular bulletin updates

Regular bulletin updates

  • Information sent to current and former UVic employees, Jan. 9, 2012

  • Letter from Vice-president Finance and Operations Gayle Gorrill, Jan. 10, 2012

  • A message from President David Turpin, Jan. 11, 2012

  • Jan. 12, 2012 update

  • Jan. 13, 2012 update

  • Jan. 19, 2012 update

  • Jan. 20, 2012 update - Launch of review

  • Jan. 23, 2012 update - Phishing attacks & fraud investigation

  • Jan. 25, 2012 update - Preliminary report to board

  • Jan. 27, 2012 update - Agreement reached on Credit Monitoring Service

  • Jan. 26, 2012 update - Saanich police release info

  • Feb. 3, 2012 update - Credit monitoring service available Monday

  • Feb. 6, 2012 update - Credit monitoring instructions


Lesson2

Lesson

  • Bad guys and gals know how to read the news


Lesson3

Lesson

  • Understand what “reasonable security arrangements” are


Lesson4

Lesson

  • If you don’t need it, get rid of it (or don’t collect it).

  • Data minimization


Lesson5

Lesson

  • Effective project management helps ensure the last mile is completed.


Lesson6

Lesson

  • Keeping momentum once the storm blows over can be difficult


Lesson7

Lesson

  • Centralized command and control for privacy and security is necessary, even in a decentralized environment


Lesson8

Lesson

  • A crisis can be a platform for change


Lesson9

Lesson

  • Having good policies in place is very important, and everybody should read them


Remember

Remember…

  • It’s not IF you’re going to have a breach, it’s WHEN you’ll have a breach and HOW you respond to it and what you LEARN from it that really matters.


  • Login