Download
lessons learned from a breach n.
Skip this Video
Loading SlideShow in 5 Seconds..
Lessons Learned from a Breach PowerPoint Presentation
Download Presentation
Lessons Learned from a Breach

Lessons Learned from a Breach

68 Views Download Presentation
Download Presentation

Lessons Learned from a Breach

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Lessons Learned from a Breach Eric van Wiltenburg University of Victoria @e_vanwiltenburg

  2. Let’s start with some exercise

  3. Hey Eric, aren’t you embarrassed?

  4. “Transparency is an asset.” Eric van Wiltenburg, January 31, 2012

  5. OK, so what happened anyway?

  6. +

  7. +

  8. =

  9. 11845

  10. employee names • employee numbers • Social Insurance Numbers • bank account • employee classification code • amount of last deposit

  11. January 2012 January 2010

  12. Lesson • Having good policies in place is very important, even if nobody reads them

  13. UVic Privacy Policy

  14. Privacy Breach Response Team

  15. University Secretary • Vice President Finance and Operations • Manager Privacy, Access and Policy • University Legal Counsel • Information Security Manager • Director, Communications • Associate Vice-President Human Resources • Associate Vice-President Faculty Relations • Assistant Director, Campus Security • Executive Director, Government Relations • Vice-President External Relations • Assistant Treasurer • Risk Analyst

  16. FIPPA OIPC

  17. Lesson • Effective external communication to {organization, staff, community} is important for {salvaging reputation, reassuring affected individuals, ensuring resolution}, even if the internal politics, communications and logistics cause friction.

  18. 250-472-4333 privacyinfo@uvic.ca

  19. uvic.ca/infobreach

  20. Regular bulletin updates • Information sent to current and former UVic employees, Jan. 9, 2012 • Letter from Vice-president Finance and Operations Gayle Gorrill, Jan. 10, 2012 • A message from President David Turpin, Jan. 11, 2012 • Jan. 12, 2012 update • Jan. 13, 2012 update • Jan. 19, 2012 update • Jan. 20, 2012 update - Launch of review • Jan. 23, 2012 update - Phishing attacks & fraud investigation • Jan. 25, 2012 update - Preliminary report to board • Jan. 27, 2012 update - Agreement reached on Credit Monitoring Service • Jan. 26, 2012 update - Saanich police release info • Feb. 3, 2012 update - Credit monitoring service available Monday • Feb. 6, 2012 update - Credit monitoring instructions

  21. Lesson • Bad guys and gals know how to read the news

  22. Lesson • Understand what “reasonable security arrangements” are