Topic: How to implement a Security & Privacy incident management program
Speakers: Bobby Singh, SSHA
The purpose of the presentation is to provide an overview on how to build a comprehensive and integrated security and privacy incident management program. Privacy incidents such as accidental disclosure of patient health information are becoming more and more common, and but there are few case studies or documented examples on how to deal with these types of incidents available to help organizations effectively manage these incidents.
The presentation will cover key processes and work flows, and provide an understanding of important touch points inside the organization. Highlights include:
- Use cases – unauthorized or illegal use, collection, disclosure, or disposal of personal or personal health information
- Incident management work flows for various types of privacy breaches
- Identification of key areas of integration. The security & privacy incident management program must be integrated with other parts of the organization for it to function efficiently and effectively. Linkages could be established with security operations, help desk, etc.
- Lessons learned – sharing do’s and don’ts when building a privacy-focused incident management program
- How to maintain privacy of a privacy incident – how to triage an incident without revealing too much information to other parties
My goal is to have participants walk away with a good understanding of how to manage privacy breaches and what to do in their respective organizations to ensure an effective handling of these types of incidents.
Mr. Bobby Singh has 14 plus years experience in IT security with extensive experience in risk management, business operations, public relations, consulting and auditing. As the Director of Information Security for Smart Systems for Health Agency (SSHA), Mr. Singh’s role involves ensuring that security is built-in both at the organization-level and to SSHA products and services. He provides leadership in the development and promotion of security standards and practices within SSHA. Mr. Singh has broad experience developing and implementing security programs for public and private sector organizations. He is a frequent speaker at conferences and round tables. Prior to joining SSHA, Mr. Singh has held positions at Bank of America and Deloitte were he focused on delivering security services to clients and developing their security practice. Mr. Singh received his MBA from University of Pittsburgh and holds CISSP, CISM, CISA and CPA designations.
Topic: BlackHat Europe Review
Speakers: Jeremy Richards, Digital Defence
Jeremy recently attended the Blackhat conference in Amsterdam. He’ll be providing an overview of the European Blackhat community, speaking about training he received in reverse engineering malware, and setting the stage for Blackhat in Vegas!