Moderator: Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP Speakers: Keith Overly , Executive Director, Ohio Deferred Compensation Program Raj Patel, Partner, Plante & Moran, PLLC Bill Stewart, Senior Vice President, Booz Allen Hamilton Chris Jarmush, Area Vice President, Defined Contribution Practice Leader, Arthur J. Gallagher & Co. Cyber Security
21
Embed
Cyber Security - P&I EVENTS€¦ · Cyber Security. Ohio Deferred Compensation • Ohio Deferred Compensation is a plan sponsor and recordkeeper • Current Practices ... • Federal
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Moderator:Marla J. Kreindler, Partner, Morgan, Lewis & Bockius LLP
Speakers:Keith Overly, Executive Director, Ohio Deferred Compensation Program
Raj Patel, Partner, Plante & Moran, PLLCBill Stewart, Senior Vice President, Booz Allen Hamilton
Chris Jarmush, Area Vice President, Defined Contribution Practice Leader, Arthur J. Gallagher & Co.
Cyber Security
Ohio Deferred Compensation
• Ohio Deferred Compensation is a plan sponsor and recordkeeper
• Current Practices– Information Security Policy– Independent security audit
Ohio Deferred Compensation
• Information Security Policy– Physical and electronic security– Staff training– Data storage and destruction– Offsite use of computers– Data use by vendors
Ohio Deferred Compensation
• Independent Security Audit– Compliance review of actual procedures/practices– Penetration testing – Social engineering testing
Ohio Deferred Compensation
• Future Considerations– Move to cloud-based computing
• Federal Risk Authorization Management Program or FEDRAMP
– Standardized approach to security for cloud products– Third party assessment
– Cyber insurance
Weak InfrastructureWeak design (firewalls, wireless routers)Weak user authentication (users, passwords)Lack of Encryption (VPN, secure portals)Out-dated (patch management / anti-virus)Lack of periodic testing
User IgnoranceWeak user passwordsPoor judgmentPhishing attacksNot staying current on security trends
9 7 % o f B r e a c h e s We r e A v o i d a b l e Most victims aren’t overpowered by unknowable and unstoppable attacks. For the most part, we know them well enough and we also know how to stop them.Verizon Data Breach Investigations Report
Technology AdvancesMobile devicesCloud computing / public portalsData CollaborationSocial Media
Third Party VendorsWeak due diligenceNo Breach notificationNo Annual breach confirmation
House of Security
Different organizations view information security differently. Some of the differences are related to
varied risk and threat profiles impacting an organization — based on factors such as industry,
location, products/services, etc.
Other differences are related to management’s view of security based on its experience with prior
security incidents.
World of Security
1. Layer your network - Public, Sensitive, Confidential, Private
Last Thoughts• Strong password practices• Device security• Accessing from public places• Loss of hardware• Disposal of devices• Use of mobile technology• Incident response plan & team• 1-800 DATA BREACH