Re: post breach communications best practices

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

Hi Barbara,

We have a Speakers Bureau with a list of available speakers: 
https://wiki.internet2.edu/confluence/display/2014infosecurityguide/Speakers+Bureau

Also of interest may be this data breach session that was recorded during our 2013 Security Professionals Conference.
http://www.educause.edu/events/security-professionals-conference/2013/2013/breaches-and-lawsuit-institutions-road-recovery

Finally, we have several data breach and data protection resources available in the Information Security Guide 
(www.educause.edu/security/guide<http://www.educause.edu/security/guide>), including the Data Incident Notification 
Toolkit: https://wiki.internet2.edu/confluence/display/itsg2/Data+Incident+Notification+Toolkit

Please feel free to contact me directly with any questions.
Thank you,
Valerie

Valerie Vogel Program Manager

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | educause.edu<http://www.educause.edu/>

From: <McCrary>, Barbara <bmccrary () OSRHE EDU<mailto:bmccrary () OSRHE EDU>>
Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Date: Friday, May 9, 2014 at 2:11 PM
To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: [SECURITY] post breach communications best practices

In Oklahoma City, we have a need for a person that can speak about 45 minutes on best practices in communication 
following a data breach or vulnerability in the higher ed realm … e.g. what are the key information points and the best 
methods for informing those who are impacted?  What is the best approach in working with media following an incident?  
How can a public information officer communicate the situation most effectively and offer sage counsel to campus 
leadership?  Please respond, if you are or know a person with the expertise, that would be willing to perform this 
community service.  Thank you.
Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+
bmccrary () osrhe edu<mailto:bmccrary () osrhe edu>

Protecting data is a shared responsibility!

INSTALL antivirus and antispyware software.
USE strong passwords.
KNOW who you are dealing with online.
STORE confidential and sensitive data on encrypted devices only.
SHUT DOWN home computers or disconnect from the Internet when not in use.

Oklahoma State Regents for Higher Education
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In 
addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt 
from disclosure under applicable law,including, but not limited to, the Privacy Act of 1974.  If you are not the 
intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, 
disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify 
the sender and immediately, delete this communication from your system.