Understand key aspects of incident response and the legal, contractual, and reputational risks of a data breach.
The headlines are awash with news about new cybersecurity incidents affecting every economic sector, and organizations large and small. While not every data security incident is newsworthy, every incident requires a response. What seems like an insignificant incident could be just the beginning of a major data breach. This topic will offer you an overview of current and emerging cyber threats and the evolving legal landscape. You will also hear about practical tactics for incident readiness, including the importance of building an incident response team and organizational culture. Next, the material will cover key aspects of incident response and the legal, contractual, and reputational risks of a mismanaged response, based on lessons learned from infamous incidents. Then, the information will review how to document lessons learned by identifying and remediating gaps in incident response policies and procedures.
Agenda
Cybersecurity Threats: What’s New and Evolving
- Ransomware
- Remote Working
- Nation-State Actors
Data Security Basics
The Cybersecurity Incident Legal Landscape - What’s New
Updating Your Cybersecurity Incident Response Playbook
- The Information Security and Legal Team Alliance
- Key Elements of Incident Response Policies and Procedures
- Vendor Assessment, Contracting, and Management
- The Role and Value of Industry Frameworks
Incident Readiness: Preparing for the Inevitable?
- Incident vs. Breach
- Assembling the Team
- The Role and Value of a Table-Top Exercise
Incident Response
- Legal Privilege
- Documenting the Response
- Knowing Who, When, and How to Notify
- Ransomware: To Pay or Not to Pay, That Is the Question
Lessons Learned
- Incident Response Log and Recordkeeping
- Policy and Procedure Refresh