Managing Third Party Cybersecurity

Original Air Date: Wednesday, April 11, 2018
 

Presenter: Seth Jaffe, vice president of incident response, LEO Cyber Security

Description:  The NCUA has commented that a "credit union must take appropriate steps to protect information that it provides to a service provider,” and it is not alone in issuing that guidance. Numerous authorities recommend or even mandate cybersecurity management of third parties.

This session will consider methods of implementing that oversight, discussing various organizational structures between the IT security department, procurement, legal, and the business unit. Security arrangements between a credit union and its vendors vest in the master agreement, and we will review certain contractual security provisions that dictate the relationship between them. But don’t worry; it will not be all law and compliance. We will have a bit of fun along the way as we learn how to protect our security programs against third-party breaches.

Key Takeaways:

• Understanding of a credit union’s obligations to impose security provisions
• Organizational structures for implementing a third-party security review program
• Overview of contractual security provisions

About the Presenter:

Seth Jaffe
VP/Incident Response
LEO Cyber Security

Seth Jaffe is vice president of the incident response practice at LEO Cyber Security. In his role at LEO, Seth assists clients in the preparation, maturation, testing, and training of all things incident response, leveraging his fifteen years’ experience in NASA’s Mission Control to bring a unique perspective to the industry.

Prior to LEO, Seth held the position of technology attorney at a major U.S. Airline, where he was the lead Legal team member on the Incident Response Team, tasked with developing incident response procedures and policies, facilitating effective emergency communication with other team members, and responding to actual incidents, should they occur. Seth also sat on an executive steering committee charged with making strategic decisions about the company incident response plan and socializing cyber security issues to executives.

Earlier in his career, Seth worked in Mission Control at NASA’s Manned Spaceflight Center, where he was certified on both the Space Shuttle and the International Space Station, and served the role of senior flight controller, evaluator, and instructor. In the Mission Control environment, Seth trained candidates to react to time-sensitive emergency situations. He took part in over 100 simulations and logged over 3000 hours flying the ISS, experience he draws upon in his incident response practice. Seth is also a Certified Business Continuity Professional.