Cyber Insurance: What is Its Role in Your Security Program?
- Thursday, November 19th, 2015 at 3:00 PM EST (20:00:00 UTC)
- John Pescatore, Benjamin Wright and Gary R. Hayslip
You can now attend the webcast using your mobile device!
Two high-profile lawsuits are today pending between enterprises and their cyber insurers. In each case the enterprise paid for so-called 'cyber insurance,' but after a cyber attack happened, the insurer ultimately said the policy did not provide significant coverage. These lawsuits raise substantial questions about the role of cyber insurance in your security program. Is the insurance worth the investment? What should it cover? What should it not cover? Does it provide benefits beyond simple 'coverage' of risk? How does it compare to other commercial insurance? How do you evaluate the different components of a policy to determine what is right for your enterprise? What is the practical meaning of the different legal clauses in a policy? What is the role of negotiation in getting a good return on investment? How does cyber insurance stack up against other risk management techniques?
John Pescatore joined SANS as director of emerging security trends in January 2013, bringing with him over 35 years of experience in computer, network and information security. Prior to SANS, he was Gartner's lead security analyst for more than 13 years, working with Global 5000 corporations, government agencies and major technology and service providers. In 2008, John was named one of the top 15 most influential people in security and has frequently testified before Congress on issues relating to cybersecurity.
Gary R. Hayslip
As Chief Information Security Officer (CISO) for the City of San Diego, Gary advises the City of San Diego's executive leadership consisting of Mayoral, City Council, and 40+ city departments and agencies on protecting city government information resources.
Gary oversees citywide cyber security strategy and the enterprise cyber security program, cyber operations, compliance and risk assessment services. His mission includes creating a "risk aware" culture that places high value on securing city information resources and protecting personal information entrusted to the City of San Diego.
Gary is involved in the cybersecurity and technology start-up community in San Diego where he is the Co-Chairman for Cybertech, the parent organization that houses the Cyber incubator Cyberhive and the Internet of Things incubator iHive. He also serves on the board of Brier & Thorn International, a cloud based Managed Security Services Company and is Co-Chairman of Securing Our eCity's Critical Infrastructure Work-group.
Gary is an active member of the professional organizations ISSA, ISACA, OWASP, and is on the Board of Directors for INFRAGARD. Gary holds numerous professional certifications including: CISSP, CISA, and CRISC, and holds a Bachelor of Science in Information Systems Management & Masters in Business Administration. Gary has over 28 years of experience in Information Security, Enterprise Risk Management, and Data Privacy.
Benjamin Wright, a SANS senior instructor, practicing attorney and author of several technology law books, including Business Law and Computer Security, teaches the Law of Data Security and Investigations course for the SANS Institute. This unique five-day course trains security, forensic and legal professionals to cope with the risks surrounding data breaches, digital investigations, electronic discovery and technology contracts. With 26 years in private law practice, he has advised many organizations, large and small, on privacy, e-commerce, computer security, and email discovery. He has been quoted in publications around the globe, from the Wall Street Journal to the Sydney (Australia) Morning Herald. Benjamin maintains a popular blog at http://hack-igations.blogspot.com.