Breaches: Planning + Recovery = Resiliency

Higher education information security professionals have to cope with very complex threat landscapes combined with open, networked environments and decentralized governance over information assets, which makes it extremely difficult to protect the institution from a data breach and equally difficult to recover from one. This seminar will focus on "breach resiliency" by looking at prevention, preparation, and recovery. The session will begin by looking at the current cyberthreat landscape including management of end-of-life issues (e.g., Windows XP) and zero-day vulnerabilities (Heartbleed, Shellshock, POODLE) to help prevent a breach. The session will then focus on strategies to help prepare for and recover from a breach. These resiliency strategies include risk/crisis/incident management, communications plans, and discussions around cyberinsurance/retainer contracts and the roles of the CIO/CISO and other administrators. Participants will have the opportunity to assess and discuss their institutions' policies and procedures and identify gaps as they develop their own resiliency strategies.