The continued frequency of high-profile cyber breaches, such as Yahoo!, Tesco Bank, LinkedIn and even the NSA, emphasises the need for all organisations to dedicate significant time and resources to developing pro-active information security policies and practices. However, no matter how watertight these might appear to be on paper, cyber threats are becoming increasingly sophisticated so that even the most diligent companies recognise that it is a case of "when" not "if" their cyber-security systems will be compromised.
In parallel, increased regulatory scrutiny across Europe and the US, and the pending introduction of the Network & Information Security Directive and the General Data Protection Regulation in 2018, are imposing additional burdens in terms of information security compliance. A growing media interest in mass cyber breaches and a trend towards more litigation arising out of them will only add to the pressure companies are finding themselves under in this area.
To be armed and ready for the inevitable, sound preparation should include a multi-team incident response strategy, which sets out plans for both immediate and longer-term responses to a crisis and makes provision for practice runs. This session aims to demonstrate why this is essential preparation.
This event will walk delegates through the hypothetical crisis and cover the following topics:
- Conduct of initial investigation into a cyber-incident – collection, transfer and analysis of forensic evidence, preservation of legal privilege and management of HR/employee-related issues
- Communication and PR strategies to control information-spread and protect corporate reputation
- Legal remedies available on an urgent basis to "stop the bleeding"
- Applicable laws and guidance that require notifications to regulators and customers
- Follow-on litigation by customers/clients/employees, or against Info-sec suppliers
This SIG is championed by Ali Ramadan of Bird & Bird.