Carol DiBattiste - PowerPoint PPT Presentation

About This Presentation
Title:

Carol DiBattiste

Description:

Title: Public Representation Policy Author: Melissa Floyd Last modified by: euma123 Created Date: 8/11/2006 2:26:56 PM Document presentation format – PowerPoint PPT presentation

Number of Views:82
Avg rating:3.0/5.0
Slides: 12
Provided by: Meliss253
Category:

less

Transcript and Presenter's Notes

Title: Carol DiBattiste


1
  • Carol DiBattiste
  • General Counsel and Chief Privacy Officer
  • ChoicePoint

2
Responding to Security Breaches
  • Information security breaches are a nationwide,
    industry-wide problem affecting
  • Government/Military
  • Educational Institutions
  • Health Care
  • Banking/Credit/Financial Services
  • Businesses
  • Non Profits
  • Information security breaches reported during the
    past three years
  • 2005, approximately 151
  • 2006, approximately 314
  • 2007, 186 (as of July 2, 2007)

3
Responding to Security Breaches
  • Responding to an information security breach
  • Crisis response plan
  • Notification plan
  • Investigations/lawsuits
  • Conduct enterprise-wide review of privacy and
    security programs

4
Responding to Security Breaches
  • Seven Point Plan to Assist in Protecting
    Information Against Fraudulent Access and/or
    Misuse

5
Responding to Security Breaches
  • Limit access to Sensitive Personally Identifiable
    Information (SPII)
  • Exit high risk markets
  • Remove or truncate SPII when possible
  • Restrict resellers access to certain data

6
Responding to Security Breaches
  • 2. Credential Customers, Employees and Vendors
  • Centralized credentialing
  • Internal and external verification
  • Site visits
  • Recredentialing program
  • Third party service provider self-assessment
    questionnaire

7
Responding to Security Breaches
  • 3. Establish Corporate Accountability
  • Chief Privacy Officer reports to Board of
    Directors Privacy and Public Responsibility
    Committee
  • Working groups
  • Security Advisory Committee (Senior Leadership)
  • Security Working Group (Key Managers)
  • Policy, risk and credentialing sub-working groups
  • Privacy and security positions within business
    units

8
Responding to Security Breaches
  • Execute Policies, Procedures and Guidelines
  • Data access, protection, transport, restriction,
    retention, and classification
  • Incident response
  • Credentialing and recredentialing
  • Physical security
  • Information security
  • Public representations
  • Code of Conduct

9
Responding to Security Breaches
  • Self Regulate Through Audit and Compliance
  • Third party audits
  • In-house audits
  • Customer
  • Consumer sampling
  • Random
  • Suspicious activity
  • Event driven
  • Policy
  • Regulatory compliance

10
Responding to Security Breaches
  • Implement Technology Solutions
  • Network security
  • External web server scans and application
    scanning services
  • Encryption
  • Data classification tool
  • Password assessments
  • Risk Management Control Framework

11
Responding to Security Breaches
  • Enhance Education and Outreach
  • Mandatory annual training programs with
    assessment
  • Privacy
  • Information Security
  • Code of Conduct
  • Relationship building with privacy advocates,
    media, government, educational institutions,
    consumers and customers.
Write a Comment
User Comments (0)
About PowerShow.com