1 / 59

Lessons Learned from a Breach

Lessons Learned from a Breach. Eric van Wiltenburg University of Victoria @ e_vanwiltenburg. Let’s start with some exercise. Hey Eric, aren’t you embarrassed?. “Transparency is an asset.” Eric van Wiltenburg, January 31, 2012. OK, so what happened anyway?. +. +. =. 11845.

nijole
Télécharger la présentation

Lessons Learned from a Breach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lessons Learned from a Breach Eric van Wiltenburg University of Victoria @e_vanwiltenburg

  2. Let’s start with some exercise

  3. Hey Eric, aren’t you embarrassed?

  4. “Transparency is an asset.” Eric van Wiltenburg, January 31, 2012

  5. OK, so what happened anyway?

  6. +

  7. +

  8. =

  9. 11845

  10. employee names • employee numbers • Social Insurance Numbers • bank account • employee classification code • amount of last deposit

  11. January 2012 January 2010

  12. Lesson • Having good policies in place is very important, even if nobody reads them

  13. UVic Privacy Policy

  14. Privacy Breach Response Team

  15. University Secretary • Vice President Finance and Operations • Manager Privacy, Access and Policy • University Legal Counsel • Information Security Manager • Director, Communications • Associate Vice-President Human Resources • Associate Vice-President Faculty Relations • Assistant Director, Campus Security • Executive Director, Government Relations • Vice-President External Relations • Assistant Treasurer • Risk Analyst

  16. FIPPA OIPC

  17. Lesson • Effective external communication to {organization, staff, community} is important for {salvaging reputation, reassuring affected individuals, ensuring resolution}, even if the internal politics, communications and logistics cause friction.

  18. 250-472-4333 privacyinfo@uvic.ca

  19. uvic.ca/infobreach

  20. Regular bulletin updates • Information sent to current and former UVic employees, Jan. 9, 2012 • Letter from Vice-president Finance and Operations Gayle Gorrill, Jan. 10, 2012 • A message from President David Turpin, Jan. 11, 2012 • Jan. 12, 2012 update • Jan. 13, 2012 update • Jan. 19, 2012 update • Jan. 20, 2012 update - Launch of review • Jan. 23, 2012 update - Phishing attacks & fraud investigation • Jan. 25, 2012 update - Preliminary report to board • Jan. 27, 2012 update - Agreement reached on Credit Monitoring Service • Jan. 26, 2012 update - Saanich police release info • Feb. 3, 2012 update - Credit monitoring service available Monday • Feb. 6, 2012 update - Credit monitoring instructions

  21. Lesson • Bad guys and gals know how to read the news

  22. Lesson • Understand what “reasonable security arrangements” are

More Related