際際滷

際際滷Share a Scribd company logo

IH - Privacy Incidents - Module 4 Powerpoint Presentation.pptx

Download as PPTX, PDF
T
trevor501353

IH - Privacy Incidents - Module 4 Powerpoint Presentation.pptx

1 of 24
Download to read offline
American Security and Privacy, LLC Incident Handler Certification Dr. Kevin F. Streff Founder and Managing Partner 1 Incident Handler Certification
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 2
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Agenda 3 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics
American Security and Privacy, LLC Incident Handler Certification Module 4 PRIVACY INCIDENTS 4
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Alteration of personal data when personal data has been unlawfully changed. This could be, for example, data that is incorrectly updated on a system accidentally or deliberately. 5
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Brute force attack when an attacker tries a large number of possible keyword or password combinations to gain unauthorized access to a system or file. 6
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Cryptographic flaw a weakness in the security of a system that would allow a hacker to access sensitive information. 7
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Data emailed to incorrect recipient where an email containing personal data is sent to the wrong email address. This could be data about one person or multiple individuals. 8
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Data of wrong data subject shown in client portal where personal information about one or more individuals is shown within the Online service area belonging to another person. 9
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Data posted or faxed to incorrect recipient where a fax or piece of post containing personal data is sent to the wrong fax number or postal address. This could be data about one person or multiple individuals. Denial of service when a network or server, such as a website, is maliciously flooded with manufactured traffic (typically using botnets) to either cause it to fail or flood it with so much traffic that legitimate users can't access it. Failure to redact when personal data was disclosed without the appropriate redaction, or if the redactions made were inadequate. Failure to use bcc when personal data was disclosed due to an organization not using blind carbon copy (bcc) recipients in an email. Usually bcc is used to ensure personal email addresses are not shared inappropriately with other customers, clients or organizations. 10
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Hardware/software misconfiguration any hardware or software misconfiguration leading to a disclosure of information. For example, permissions on a folder set incorrectly, or failing to use a robot.txt file. 11
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Incorrect disposal of hardware computers, laptops or other devices are not fully cleared of personal data or had any personal data it contains otherwise anonymized or encrypted. 12
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Incorrect disposal of paperwork paperwork containing personal data has been disposed of without it being shredded or otherwise destroyed. Personal information should not be identifiable once paper files have been disposed of. 13
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Loss/theft of device containing personal data an electronic device (for example laptop, phone or tablet) containing personal information of others has been misplaced or stolen. This may be of particular concern if the data is not sufficiently secure, for example the device has not been encrypted. 14
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Loss/theft of paperwork or data left in insecure location papers containing personal data are not secured, for example locking the paperwork in a cabinet or similar; or papers are misplaced or stolen. 15
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Verbal disclosure of personal data when personal data is shared or disclosed verbally to an inappropriate party. 16
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Malware足 a general term used to refer to a variety of forms of hostile or intrusive software including computer viruses, worms, Trojan horses, spyware, adware, scareware, and other malicious programs. Malware is short for malicious software. Phishing an attempt to obtain information by posing as a trustworthy entity, deceiving recipients into sharing sensitive information (such as usernames, passwords, or credit card details) or by encouraging them to visit a fake website. Ransomware a type of malware that unlawfully encrypts a users files and demands a ransom to unencrypt files, usually in the form of cryptocurrency. Unauthorized access an unauthorized individual has gained access to personal data. This can include unauthorized disclosures. This incident type is used both in instances where an individual has unlawfully accessed or disclosed information and where a third party has forcibly accessed a system. Privacy/Security Incidents 17
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incident s VIOLATING PRIMARY USE 18
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incident s UNAUTHORIZED DATA AGGREGATION 19
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Critical: A very high impact incident, such as a customer-facing service being down for all customers Major: A significant impact incident, such as a customer-facing service being unavailable for some customers Minor: A low impact incident, such as a minor inconvenience to customers Incident Response Levels 20
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Level 1 A critical incident that affects a large number of users in production. Level 2 A significant problem affecting a limited number of users in production. Level 3 Causes errors, minor problems for users, or a heavy system load. Level 4 A minor problem that affects the service but no serious impact on users. Level 5 A low-level deficiency that causes minor problems Levels 21
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification The financial institution determines how many levels, their definitions, and the steps that will be taken based upon these levels. Specific incidents can have more specific steps Risk-based program Levels 22
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Summary Both security and privacy incidents need to be reflected in your incident response and business continuity plans Risk-based approach Identify the potential issues prior to them occurring 23
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 24 American Security and Privacy, LLC

Recommended

IH - Step 2 - Module 8 Powerpoint Presentation.pptx
IH - Step 2 - Module 8 Powerpoint Presentation.pptxIH - Step 2 - Module 8 Powerpoint Presentation.pptx
IH - Step 2 - Module 8 Powerpoint Presentation.pptx
trevor501353
IH - Step 1 - Module 7 Powerpoint Presentation.pptx
IH - Step 1 - Module 7 Powerpoint Presentation.pptxIH - Step 1 - Module 7 Powerpoint Presentation.pptx
IH - Step 1 - Module 7 Powerpoint Presentation.pptx
trevor501353
IH - Incident Response Overview - Module 6 Powerpoint Presentation.pptx
IH - Incident Response Overview - Module 6 Powerpoint Presentation.pptxIH - Incident Response Overview - Module 6 Powerpoint Presentation.pptx
IH - Incident Response Overview - Module 6 Powerpoint Presentation.pptx
trevor501353
IH - Security Incidents - Module 5 Powerpoint Presentation.pptx
IH - Security Incidents - Module 5 Powerpoint Presentation.pptxIH - Security Incidents - Module 5 Powerpoint Presentation.pptx
IH - Security Incidents - Module 5 Powerpoint Presentation.pptx
trevor501353
IH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptx
IH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptxIH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptx
IH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptx
trevor501353
IH - Laws and Regulations - Module 2 Powerpoint Presentation.pptx
IH - Laws and Regulations - Module 2 Powerpoint Presentation.pptxIH - Laws and Regulations - Module 2 Powerpoint Presentation.pptx
IH - Laws and Regulations - Module 2 Powerpoint Presentation.pptx
trevor501353
IH - Overview - Module 1 Powerpoint Presentation.pptx
IH - Overview - Module 1 Powerpoint Presentation.pptxIH - Overview - Module 1 Powerpoint Presentation.pptx
IH - Overview - Module 1 Powerpoint Presentation.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 9.pptx
Certified Banking Data Privacy Law and Regulation - Module 9.pptxCertified Banking Data Privacy Law and Regulation - Module 9.pptx
Certified Banking Data Privacy Law and Regulation - Module 9.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptxCertified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptxCertified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptxCertified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptxCertified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptxCertified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptxCertified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptxCertified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptxCertified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
trevor501353
Privacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptxPrivacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptx
trevor501353
Privacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptxPrivacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptx
trevor501353
Privacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptxPrivacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
Certified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint PresentationCertified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint Presentation
trevor501353
Certified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint PresentationCertified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint PresentationSecurity Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint PresentationSecurity Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint PresentationSecurity Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint PresentationSecurity Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint PresentationSecurity Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint PresentationSecurity Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint PresentationSecurity Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
trevor501353
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docxCHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
GellaBenson1
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptxMastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Career Communications Group

More Related Content

More from trevor501353 (20)

Certified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptxCertified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptxCertified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptxCertified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptxCertified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptxCertified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptxCertified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptxCertified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptxCertified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
trevor501353
Privacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptxPrivacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptx
trevor501353
Privacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptxPrivacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptx
trevor501353
Privacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptxPrivacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
Certified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint PresentationCertified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint Presentation
trevor501353
Certified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint PresentationCertified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint PresentationSecurity Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint PresentationSecurity Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint PresentationSecurity Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint PresentationSecurity Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint PresentationSecurity Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint PresentationSecurity Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint PresentationSecurity Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptxCertified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptxCertified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptxCertified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptxCertified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptxCertified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptxCertified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptxCertified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptxCertified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
trevor501353
Privacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptxPrivacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptx
trevor501353
Privacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptxPrivacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptx
trevor501353
Privacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptxPrivacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
Certified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint PresentationCertified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint Presentation
trevor501353
Certified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint PresentationCertified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint PresentationSecurity Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint PresentationSecurity Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint PresentationSecurity Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint PresentationSecurity Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint PresentationSecurity Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint PresentationSecurity Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint PresentationSecurity Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
trevor501353

Recently uploaded (20)

CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docxCHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
GellaBenson1
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptxMastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Career Communications Group
Mastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptxMastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptx
Career Communications Group
Employees Empowerment (Human Resource Management)
Employees Empowerment (Human Resource Management)Employees Empowerment (Human Resource Management)
Employees Empowerment (Human Resource Management)
Dr. Amar Nath Tiwari
Exploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic FunctionExploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic Function
Patrizia Bertini
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and StrategyTran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Ignite Capital
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
dagamijessamaedagle
Walmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptxWalmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptx
Siddhartha Chatterjee
Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]
xcfxghgfbvncvbhxcf
strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...
benmabroukarafet
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptxCOMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
Akshay Shetty
GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]
wkmbwmnk
Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.
CryptoMaster7
Group Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPTGroup Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPT
SagayaBinoshini
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
tanhphan5
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTSDIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
sherylmalek66
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Ignite Capital
ISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdfISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdf
SilatCersil
Gender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdfGender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdf
Lisa Bell
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
RaniT16
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docxCHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
GellaBenson1
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptxMastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Career Communications Group
Mastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptxMastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptx
Career Communications Group
Employees Empowerment (Human Resource Management)
Employees Empowerment (Human Resource Management)Employees Empowerment (Human Resource Management)
Employees Empowerment (Human Resource Management)
Dr. Amar Nath Tiwari
Exploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic FunctionExploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic Function
Patrizia Bertini
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and StrategyTran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Ignite Capital
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
dagamijessamaedagle
Walmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptxWalmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptx
Siddhartha Chatterjee
Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]
xcfxghgfbvncvbhxcf
strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...
benmabroukarafet
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptxCOMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
Akshay Shetty
GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]
wkmbwmnk
Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.
CryptoMaster7
Group Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPTGroup Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPT
SagayaBinoshini
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
tanhphan5
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTSDIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
sherylmalek66
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Ignite Capital
ISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdfISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdf
SilatCersil
Gender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdfGender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdf
Lisa Bell
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
RaniT16

IH - Privacy Incidents - Module 4 Powerpoint Presentation.pptx

  • 1. American Security and Privacy, LLC Incident Handler Certification Dr. Kevin F. Streff Founder and Managing Partner 1 Incident Handler Certification
  • 2. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 2
  • 3. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Agenda 3 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics
  • 4. American Security and Privacy, LLC Incident Handler Certification Module 4 PRIVACY INCIDENTS 4
  • 5. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Alteration of personal data when personal data has been unlawfully changed. This could be, for example, data that is incorrectly updated on a system accidentally or deliberately. 5
  • 6. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Brute force attack when an attacker tries a large number of possible keyword or password combinations to gain unauthorized access to a system or file. 6
  • 7. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Cryptographic flaw a weakness in the security of a system that would allow a hacker to access sensitive information. 7
  • 8. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Data emailed to incorrect recipient where an email containing personal data is sent to the wrong email address. This could be data about one person or multiple individuals. 8
  • 9. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Data of wrong data subject shown in client portal where personal information about one or more individuals is shown within the Online service area belonging to another person. 9
  • 10. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Data posted or faxed to incorrect recipient where a fax or piece of post containing personal data is sent to the wrong fax number or postal address. This could be data about one person or multiple individuals. Denial of service when a network or server, such as a website, is maliciously flooded with manufactured traffic (typically using botnets) to either cause it to fail or flood it with so much traffic that legitimate users can't access it. Failure to redact when personal data was disclosed without the appropriate redaction, or if the redactions made were inadequate. Failure to use bcc when personal data was disclosed due to an organization not using blind carbon copy (bcc) recipients in an email. Usually bcc is used to ensure personal email addresses are not shared inappropriately with other customers, clients or organizations. 10
  • 11. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Hardware/software misconfiguration any hardware or software misconfiguration leading to a disclosure of information. For example, permissions on a folder set incorrectly, or failing to use a robot.txt file. 11
  • 12. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Incorrect disposal of hardware computers, laptops or other devices are not fully cleared of personal data or had any personal data it contains otherwise anonymized or encrypted. 12
  • 13. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Incorrect disposal of paperwork paperwork containing personal data has been disposed of without it being shredded or otherwise destroyed. Personal information should not be identifiable once paper files have been disposed of. 13
  • 14. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Loss/theft of device containing personal data an electronic device (for example laptop, phone or tablet) containing personal information of others has been misplaced or stolen. This may be of particular concern if the data is not sufficiently secure, for example the device has not been encrypted. 14
  • 15. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Loss/theft of paperwork or data left in insecure location papers containing personal data are not secured, for example locking the paperwork in a cabinet or similar; or papers are misplaced or stolen. 15
  • 16. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incidents Verbal disclosure of personal data when personal data is shared or disclosed verbally to an inappropriate party. 16
  • 17. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Malware足 a general term used to refer to a variety of forms of hostile or intrusive software including computer viruses, worms, Trojan horses, spyware, adware, scareware, and other malicious programs. Malware is short for malicious software. Phishing an attempt to obtain information by posing as a trustworthy entity, deceiving recipients into sharing sensitive information (such as usernames, passwords, or credit card details) or by encouraging them to visit a fake website. Ransomware a type of malware that unlawfully encrypts a users files and demands a ransom to unencrypt files, usually in the form of cryptocurrency. Unauthorized access an unauthorized individual has gained access to personal data. This can include unauthorized disclosures. This incident type is used both in instances where an individual has unlawfully accessed or disclosed information and where a third party has forcibly accessed a system. Privacy/Security Incidents 17
  • 18. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incident s VIOLATING PRIMARY USE 18
  • 19. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privacy Incident s UNAUTHORIZED DATA AGGREGATION 19
  • 20. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Critical: A very high impact incident, such as a customer-facing service being down for all customers Major: A significant impact incident, such as a customer-facing service being unavailable for some customers Minor: A low impact incident, such as a minor inconvenience to customers Incident Response Levels 20
  • 21. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Level 1 A critical incident that affects a large number of users in production. Level 2 A significant problem affecting a limited number of users in production. Level 3 Causes errors, minor problems for users, or a heavy system load. Level 4 A minor problem that affects the service but no serious impact on users. Level 5 A low-level deficiency that causes minor problems Levels 21
  • 22. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification The financial institution determines how many levels, their definitions, and the steps that will be taken based upon these levels. Specific incidents can have more specific steps Risk-based program Levels 22
  • 23. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Summary Both security and privacy incidents need to be reflected in your incident response and business continuity plans Risk-based approach Identify the potential issues prior to them occurring 23
  • 24. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 24 American Security and Privacy, LLC
AboutCopyright
息 2025 際際滷