Professional Documents
Culture Documents
Now What?
(State of Ohio 2007)
Sol Bermann, Privacy Officer
University of Michigan
Identify
Contain
Investigate
Remediate
Restore
Escalation
Communication
Collaboration
New CPO
1st specifically appointed
state CPO
New to state government
Planned to model role on
Clinton-era White House
Privacy Adviser (more
strategic than operational)
And Then
The Timeline
June 10: Back-up tape stolen
June 11: Stolen tape reported to supervisor
June 11: Car break-in reported to police (but not theft of
device)
June 11: OAKS leadership informs CIO and CPO
June 12: OBM leadership informed
June 14: Governor and DAS OAKS co-sponsor informed
June 14: State police informed
June 15: Governor issues Executive Order
June 15: Governors press conference #1 (of 5)
June 15: Inspector General starts investigation
July 20: Inspector Generals report findings
The Investigation
The Investigation
Internal (informal)
Internal (formal)
Inspector General
Law enforcement
3rd-party
Forensics
OAKS security posture
The Aftermath
Political Fallout
Disciplinary Actions
Security Awareness/Improvements
Lessons Learned
Be prepared
Stay calm
Escalate quickly
Be TransparentBUT...
Properly investigate with a skeptical eyeAND
Sacrifice speed for correctness
Ask for help
Own it
Be resilient
Learn and improve
Be prepared for next time
Do Your Part