Interop Las Vegas 2016

Build Your Conference Agenda

Use this free scheduler to get an overview of all of the sessions available or to find specific sessions, speakers and special events for this year's conference.

By signing up for the Scheduler, you can add sessions to your "Favorites" and develop your own personalized schedule for Interop Las Vegas 2016. This personalized schedule will be synced with the official Interop Mobile App.

Please note: Registration accounts are separate from Session Scheduler. Even if you've registered, you will need to create a Scheduler account.

All SessionsSpeakersMy Schedule
View Sessions As:
  
  • Avoiding Legal Landmines Surrounding Your IT Infrastructure: Policies and Protocols

    Jason Straight  |  SVP, Credit Risk Solutions and Chief Privacy Officer, UnitedLex
    Location:  Lagoon K
    Session Type: Conference Session
    Track: Security
    Pass type: 3-Day Pass, 5-Day Pass - Get your pass now!
    Vault Recording: TBD

    Balancing employee privacy, business interests, third-party risk and employee/vendor access is a challenge for any CISO on a good day -- but watch your step! In today's business and IT environment, there are legal and regulatory "landmines" surrounding your business and IT initiatives that either were not there a few short years ago, or that have recently surfaced after several years of mega-breaches.

    Navigating these landmines can be a nightmare -- especially for those who are unaware of their existence. This presentation will illuminate some of these legal landmines, and provide steps on how to avoid or diffuse them to protect yourself and your organization. It will also reveal one of the IT organization's biggest allies and most under-utilized resources: your legal team.

    The presentation will be organized into the following four themes:

    1. Learning the legal landscape: Understanding your IT organization's current legal exposure and risk, meeting the expectations of regulatory bodies such as the SEC, FTC or Congress, and preparing for the future. It will also provide an overview of potential regulatory actions that could be taken by these bodies, as well as litigation risks and the business impact of such litigation.
    2. The legal implications of incident response and recovery operations: Identifying common errors made by information security personnel during the incident response process that may increase legal exposure and prompt more aggressive regulatory actions. Such errors include careless email communications, failure to preserve log and event information, failure to preserve end-point evidence prior to wiping and reimaging, and more.
    3. Leaning on legal throughout the cybersecurity lifecycle to protect yourself and your organization: Partnering with legal will help you navigate the legal and regulatory landmines that they know well. The more familiar they are about your IT systems, processes and protocols, the better they will be able to identify short-comings prior to a breach and shield your organization in the aftermath.
    4. "Speaking legal" when communicating risk to executive stakeholders: In order to facilitate budget approval and buy-in or to accurately represent the full extent of a breach, including legal ramifications. By establishing a solid legal precedent for future IT purchases, you are much more likely to receive approval from top execs and the board, who can be held personally accountable for any organizational failures leading to a breach. And by simultaneously presenting both the IT and legal outcomes of a breach, you can help the C-suite or Board avoid premature conclusions or make uninformed decisions.

    It will conclude with best practices for preemptive risk management, collaborative incident response and how to successfully protect against business exposure, legal liabilities and regulatory action all while training IT and information security staff to approach their role while "thinking legal."