Breach Notification and Incident Response: When and How

Next week I’ll be presenting on breach notification and incident response at Cyber Security World 2015 in downtown Washington, DC. This conference is about a mix of attack, defend, response and policy topics pitched slightly to the Federal audience. I’ll be onstage from 2:30 to 3:30 EDT.

ABSTRACT

————

Breach Notification and Incident Response: When and How

Following the Anthem breach of 80 million health insurance records reported in early 2015, 10 states wrote to the company. Adding to Anthem’s woes, the states complained Anthem had been too slow on consumer disclosure. For a time it appeared Federal guidelines might emerge, but as of now enterprises are still on their own in determining incident response and breach notification strategies.

In this session, attendees will learn about:

• Regulatory landscape overview and the case for early disclosure
• Incident response program basics for public and private sector organizations
• Recommendations on avoiding, and preparing for, breaches 
• Breach aftermath assessment: Staying Strategic

———–

The last bullet – breach aftermath assessment – refers to a new service offering that Security Architects Partners will be announcing shortly. It combines the strengths of high-level security program assessment with detailed forensic investigations to  develop optimal risk management and control improvement recommendations.