Deeper Security, Broader Privacy

How firms use the latest Co3 features to automate incident response

Page 2

Agenda

• Introductions

• Security module updates

• Privacy module updates

Page 3

Introductions: Today’s Speakers

• Ted Julian, Chief Marketing Officer

• Gant Redmon, Esq. CIPP/US, General Counsel, Co3 Systems

• Allen Rogers, VP Engineering

Page 4

IR opportunities / challenges

• Dramatically improve response times• “Socialize” IR workflow and collaboration• Ensure privacy breach compliance in a fraction of the time• Document best practices / IR procedure with a click• Establish buy-in with compelling reports / dashboards• Do more and do it better, with the team you already have• Replace static binder with actionable, repeatable platform

1 Gartner Security Summit, Keynote Address - June 20132 “Seven Habits of Highly Effective Incident Response Teams” - April 2013

“If you are going to invest in one thing, it should be incident response”

GARTNER – JUNE 2013

1

“You can’t afford ineffective incident response”

FORRESTER RESEARCH – APRIL 2013

2

Page 5

The complete process – based on E.R. standards

PREPARE

Improve Organizational Readiness• Appoint team members• Fine-tune response SOPs • Escalate from existing systems• Run simulations (firedrills / table

tops)

MITIGATE

Document Results & Improve Performance• Generate reports for management,

auditors, and authorities • Conduct post-mortem• Update SOPs• Track evidence• Evaluate historical performance• Educate the organization

ASSESS

Identify and Evaluate Incidents• Assign appropriate team members• Evaluate precursors and indicators• Correlate threat intelligence• Track incidents, maintain logbook• Prioritize activities based on criticality• Generate assessment summaries

MANAGE

Contain, Eradicate, and Recover• Generate real-time IR plan• Coordinate team response• Choose appropriate containment

strategy• Isolate and remediate cause• Instruct evidence gathering and

handling• Log evidence

Page 6

System overview

Dashboards and Reporting

SSAE-16 SOC2

certified hosting facility

Trouble Ticketing

SIM

Web Form

Email

Entry Wizar

d

AutoAnalysis

IR - Engine

Threat Intel

Auto-Correlation

IT

Marketing

Legal/Compliance

HR

Trouble Ticketing

SIM

GRC

POLLIs updating your IR process a current priority?

SECURITY MODULE

New Features

Page 9

What’s New in Co3’s Security Module

• Incident Timeline and Milestones• Artifacts and Threat Intel integrations• Related incidents• Configurable Dashboards• System task overrides and task reordering• IP address limiting

Coming Soon• Configurable Reports• Chart Drill-downs

DEMO

Page 11

Coming Soon: Custom Reports

Page 12

Coming Soon: Chart Drill-Down

POLL

What aspect(s) of your IR process do you struggle with?

PRIVACY MODULE

New Features

Page 15

What’s New in Co3’s Privacy Module

• EU Jurisdictions• PII in the EU

Coming Soon• Asia-Pacific

Page 16

Jurisdiction: US & Canadian

• US• Federal (industry based) – HIPAA and GLB• State (residency based) – “doing business in”

• Canada• PIPEDA – national (though no notification obligation)• Provincial - (residency based)

Page 17

Jurisdiction: EU

• The EU generally looks at where the controller of information is based and where the information is being processed.

• Location based rather than industry or residency based• Comprehensive Notification: If you are a UK company

processing personal information in UK and you lose that info, you then have to notify everyone whose information went out the door. It doesn’t matter where they live.

Page 18

Jurisdiction: EU

• Not all EU countries have adopted the EU Privacy Directive (Directive 95/46/EC)

• Austria, Denmark, Germany, Ireland, Norway, Spain, and UK• Telcos are a different story: Directive 2002/58 on Privacy

and Electronic Communications, otherwise known as E-Privacy Directive, is an EU mandate to notify officials and affected individuals of data breaches affecting person information.

Page 19

Jurisdiction: EU

Page 20

What is PII in Canada and the EU

• California, USA: personal information is a person’s name plus SSN or driver’s license number, financial number, or medical information.

• Alberta, Canada: personal information is information about an identifiable individual.

• UK: personal information is any information concerning the personal or material circumstances of an identified or identifiable natural person.

Page 21

What is PII in Canada and the EU

Page 22

What is PII in Canada and the EU

Page 23

Coming Soon: Privacy Module Updates

• Asia-Pac Privacy Breach Regulations

QUESTIONS

The information and images contained in this document are of a proprietary and confidential nature. The disclosure, duplication, use in whole, or use in part, of the document for any purposes other than client evaluation without the written permission of Co3 Systems, Inc. is strictly prohibited.

© Co3 Systems Inc. 2013 All Rights Reserved.

One Alewife Center, Suite 450

Cambridge, MA 02140

PHONE 617.206.3900

WWW.CO3SYS.COM

“Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”

PC MAGAZINE, EDITOR’S CHOICE

“Co3…defines what software packages for privacy look like.”

GARTNER

“Platform is comprehensive, user friendly, and very well designed.”

PONEMON INSTITUTE

“One of the most important startups in security…”

BUSINESS INSIDER – JANUARY 2013

“One of the hottest products at RSA…”

NETWORK WORLD – FEBRUARY 2013

“an invaluable weapon when responding to security incidents.”

GOVERNMENT COMPUTER NEWS “Adding the Security Module... to this otherwise fine suite of services, Co3 has done better than a home-run...it has knocked one out of the park.”

SC MAGAZINE