URMIA 46th Annual Conference

Where there is data there is risk, and with ever increasing and evolving cybersecurity threats, data breaches have become fact of life and cost of doing business. With new regulatory requirements and legal precedents for liability in cases of breach, corporate well-being in 2015 will depend greatly on how organizations respond to the inevitable. Cybercrime is outpacing cyber security resulting in data breaches despite best efforts. Breaches have become an enterprise risk issue, and involving the board in breach risks early on will help from a governance perspective.

This session will outline how to develop and create the setting to run an effective data breach incident response test scenario. The scenario will incorporate actions companies can take to not only manage and handle a data breach to mitigate risk and better protect themselves and their customers, but also to streamline the incident response process. This session will walk attendees through the upfront preparation necessary to help boost defenses in the security-and-risk game, including the key strategies to mitigate breach risks. The session will explore a more methodical approach to breach preparedness and response that can help meet compliance requirements, minimize regulatory risks and penalties, protect reputation, and protect customers while making the best use of limited staff and financial resources.

As a result of participating in this session:
 Attendees will learn how to develop and implement a data breach incident response testing event.
 Learn how to reduce enterprise security risks by implementing procedures and processes that correspond with the phases of the incident’s lifecycle.
 Understand and learn how to define the roles and responsibilities of all involved in preparing for and managing data breaches.
 How creating a holistic team will help better align incident response, learn pre-breach planning best practices in order to maximize breach response effectiveness and minimize litigation as well as risks of regulatory fines/penalties.
 Learn take away resolution strategies to use during breach response events.

With the proliferation of mobile devices, Hamline University faced the challenge to manage mobile devices in a way that protects both personal and business data in a reasonable manner. This includes email, document files and other sensitive data. Working collaboratively with Hamline’s safety & security, information technology services, and finance and payroll departments, our progressive mobile device management operation is founded on a combination of policy, process and procedures.

In this presentation, we will share how mobile devices are added to our system in order to accommodate device and data security, as well as discuss the process of recovering a lost device.

As a result of participating in this session attendees will gain practical insight about:
 How a business is managing the use of mobile technology while protecting the interests of the University in terms of data access and utilization.
 How disparate business units have come together to solve a business challenge.
 How Hamline’s business units collaborate to recover lost or stolen equipment.

“We are under attack daily”. In fact, Symantec's "2013 Internet Security Threat Report" shows a 42 percent year-over-year increase in the number of data breaches and cyber attacks. The media coverage of cyber risks focuses on retail or financial institutions; however, educational institutions are at risk as well with sensitive financial information, medical information and intellectual property.

This session will cover an overview of the types of cyber threats, why cyber risk is on the rise, what’s at risk for universities, who is behind cybercrime, how to work with IT and other departments to manage risk, and how to recover faster if attacked.

As a result of participating in this session, participants will be able to:
 Take home discussion points and conversation starters to use with their IT and other departments to facilitate open dialogue on their organization's exposure to cyber risk.
 Have a basic framework for categorizing the types of cyber risks.
 Have examples they can share with their organizations about the significant cost and effort of recovering from a breach.

This is a panel discussion exploring the evolving landscape of the new Internet, expansive growth in social media options, challenges students and faculty create when they bring their own devices, and the many new portals this landscape creates for disruptive hacking. Among the panelists is a “white hat” hacker, someone who is hired to purposefully try to infiltrate an institution’s systems to assess and improve security.

As a result of participating in this session, attendees will better understand:
 The ways and means of hacking from a professional hacker.
 The risks and challenges of social media.
 Important considerations with the new Internet.
 The impact on the open flow of information, research and intellectual property.
 Insurance carrier solutions and services (pre-breach and post-breach), marketplace updates and alternative risk management solutions.