Seminar 07A - Incident vs. Breach: A Guided Discussion

Tuesday, October 12, 2010 | 9:30AM–1:00PM | Meeting Room 207B
Session Type: E2010
At every university, a mountain of personally identifiable information (PII) just waits to be found. This seminar will help attendees understand how to avoid unnecessary disclosure notifications and related expense as well as meet the legal and regulatory requirements when the inevitable accidental disclosure occurs. Attendees will share their perspective and experiences on breach management policies. Using real life examples, a CIO and CISO will lead discussions covering relevant questions such as: What is the threshold for victim and attorney general notification? Is a breach insurance policy a good strategy? Should institutions pursue third-party agreements for credit monitoring, postbreach forensics, or other services? What is "risk of harm" analysis? Is there safety in the cloud? Attendees will be able to explain the difference between information security incidents and breaches, identify the key parts of an incident response plan, identify pertinent laws and regulations, and describe the process for conducting a risk of harm analysis.

Presenters

  • Sharon Blanton

    Vice President of Operations, The College of New Jersey

  • Craig Schiller