Heidi Wachs

Vice President; Stroz Friedberg, an Aon Company
Heidi L. Wachs is Vice President in Stroz Friedberg's Washington, D.C. office, where she helps clients prepare for and respond to data breach and cybersecurity incidents and develop and implement data privacy and information security programs. Ms. Wachs, whose experience includes serving as a technical analyst and Chief Privacy Officer for a major research university, frequently speaks and writes on data privacy, information security, information governance, and best practices for data privacy and breach response. Ms. Wachs earned her B.A. in Journalism from Lehigh University and her J.D. from the Benjamin N. Cardozo School of Law and is a certified information privacy professional, CIPP/US.

Heidi's Session

Thursday, June 27
11:30 - 12:20 pm
Insider Threats: When Privacy, Security and Identity Management Collide
Privacy, security and identity management are three distinct fields. Yet, close coordination among their practitioners is essential for any robust IT operations program. Never is this more apparent than when an employee, contractor, or other “insider” is suspected of harming your environment or misappropriating your data. Privacy, security and identity management professionals must work together to investigate, address and remediate the incident by answering these (and other) questions: •Privacy: Was personal data involved? What are the laws, regulations, or company policies around the appropriate handling of that data? •Security: What controls were in place around the data? Were they evaded? Was a vulnerability exploited? •Identity Management: Who had access to the data? Did any individuals in question abuse authorized access? Were any access rights escalated? Was a privileged account involved? When was the last access review? The session will analyze each of the above questions in the context of scenarios based on real-life insider threat investigations. Audience members will be encouraged to participate by playing different roles involved in the incident investigation and response and strategizing from the perspective of a privacy, security and identity management professional.

Enter your details to receive email updates from Identiverse