DOCSLIB.ORG

Personally Identifiable Information (PII)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Personally Identifiable Information (PII) Personally Identifiable Information (PII) MIS 5206 • In The News • Confidentiality Risk of Personally Identifiable Information • Team exercise • No Quiz to today https://www.theverge.com/2017/9/15/16315870/vevo-hack-celebrity-files-ourmine-posted http://thehackernews.com/2017/09/windows10-app-permissions.html https://www.schneier.com/blog/archives/2017/09/shadowbrokers_r.html http://www.independent.co.uk/life-style/gadgets-and-tech/news/petya-cyber-attack-world-global-destruction-money-ransomware-ukraine-chernobyl-wpp-merck- wannacry-a7816036.html https://www.infosecurity-magazine.com/news/fitbit-vulnerabilities-expose/ https://www.theverge.com/2017/9/18/16325202/ccleaner-hack-malware-security http://www.technewsworld.com/story/84818.html https://www.csoonline.com/article/3202071/security/pii-of-1-million-compromised-in-washington-state-university-safe-heist.html http://www.computerweekly.com/opinion/Security-Think-Tank-Cyber-resilience-cheaper-than-attack-recovery https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin http://money.cnn.com/2017/09/15/technology/china-bitcoin-exchanges-prices-crash/index.html http://www.technewsworld.com/story/83998.html http://www.businessinsider.com/cctv-camera-infrared-bypass-air-gap-exfiltrate-data-2017-9 https://www.darkreading.com/endpoint/how-apples-new-facial-recognition-technology-will-change-enterprise-security/a/d-id/1329908? http://www.politico.com/story/2017/09/20/sec-cybersecurity-breach-242956 https://www.washingtonpost.com/news/business/wp/2017/09/20/sec-reveals-it-was-hacked-information-may-have-been-used-for-illegal-stock- trades/?utm_term=.9e5b8baac0a5 http://www.techadvisor.co.uk/how-to/internet/what-is-dark-web-what-is-deep-web-how-can-you-access-it-3593569/ http://thehackernews.com/2017/08/hacking-secure-messenger-encryption.html http://www.securityweek.com/google-spotify-release-open-source-cloud-security-tools FIPS 199 Standards for Security Categorization • Focuses on confidentiality, integrity and availability impacts of a security breach involving a particular information system • The impact of confidentiality breach • Not limited to PII • Focuses on overall impact to • The organization • Organizational assets • Financial loss • Individuals NIST SP 800-122 – Guide to Protecting Confidentiality of PII • Specifically focused on: • Identifying PII • Determining PII confidentiality impact level needed to supplement the FIPS 199 confidentiality impact level of an information system • Specific organizational responsibilities for safeguarding PII confidentiality • Including incident response for breaches involving PII Personally Identifiable Information (PII) Any information about an individual maintained by an agency, including: 1. Any information that can be used 2. Any other information that is linked to distinguish (i.e. identify) or trace or linkable to the identifiers listed an individual‘s identity, such as: in #1: • Date of birth • Name • Place of birth • Identifying number • Race • Address • Religion • Asset identifier • Weight • Telephone number • Geographic indicators • Personal characteristics • Medical information • Personally owned property identifiers • Educational information • Financial information • Employment information Not all PII needs to have its confidentiality protected • Including information the organization has permission or authority to release publicly • (e.g., a published phone directory of employees‘ names and work phone numbers so that members of the public can contact them directly • In this case, the PII confidentiality impact level would be not applicable and would not be used to supplement a system‘s provisional confidentiality impact level PII confidentiality breach impacts include harm to 1. An individual whose PII was the subject of a loss of confidentiality, including any negative or unwanted effects that may be damaging • Socially • Financially • Physically Examples of types of harm to individuals include, but are not limited to, the potential for blackmail, identity theft, physical harm, discrimination, or emotional distress 2. An organization that maintains the PII, including but not limited to • Administrative burden • Financial losses • Loss of public reputation and public confidence • Legal liability Factors Determining PII Confidentiality Impact Level 1. Identifiability: How easily PII can be used to identify specific individual ? 2. Quantity: How many individuals are identified in the information (e.g., number of records) ? 3. Data Field Sensitivity: Organizations should evaluate the sensitivity of each individual PII data field, as well as the sensitivity of the PII data fields together • A MIT study demonstrated that 97% of the names and addresses on a voting list were identifiable using only ZIP code and date of birth 4. Context of Use: Purpose that provides a special meaning to particular sets of PII 5. Obligation to Protect Confidentiality: Laws, regulations, or other mandates may govern the organization’s obligations to protect personal information 6. Access to and Location of PII: Higher impacts can result to increased vulnerabilities resulting from the nature of access provided to the PII and its location during storage and transfer PII Operational Safeguards 1. PII policy and procedure creation • Access rules within a system • Retention schedules and procedures • Incident response and data breach notification • Privacy in the system development life-cycle process (SDLC) • Limiting collection, disclosure, sharing and use • Consequences for failing to follow privacy rules of behavior 2. PII education, training and awareness • PII definition • Applicable laws, regulations and policies • Restrictions on data collection, storage and use • Roles and responsibilities for using and protecting • Appropriate disposal • Sanctions for misuse • Recognizing a PII security or privacy incident • Retention schedules • Roles and responsibilities in responding and reporting PII incidents PII Privacy-specific safeguards 1. Minimizing the Use, Collection and Retention of PII 2. Conducting Privacy Impact Assessment (PIA) 3. De-Identifying Information 4. Anonymizing Information PII Security Controls table from SP 800-18 R2Guide for Developing Security Plans for Federal Information Systems Control Family: Access Control for PII PII – Confidentiality impact rating examples… Incident Response Roster Example • An organization maintains an electronic roster with contact information of its computer incident response team members • It makes the roster with its contact information available to all its employees on its main public web site • In the event that an IT staff member detects any kind of security breach, standard practice requires that the staff member contact the appropriate people listed on the roster • Because this team may need to coordinate closely in the event of an incident, the contact information includes names, professional titles, office and work cell phone numbers, and work email addresses PII – Confidentiality Impact Rating Example Incident Response Roster Identifiability: The information directly identifies a small number of individuals using names, phone numbers, and email addresses Quantity of PII: The information directly identifies fewer than twenty individuals Data field sensitivity: Although the roster is intended to be made available only to the team members, the individuals‘ information included in the roster is already available to the public on the agency‘s web site Context of use: The release of the individuals‘ names and contact information would not likely cause harm to the individuals, and disclosure of the fact that the agency has collected or used this information is also unlikely to cause harm. Access to and location of PII: The information is accessed by IT staff members who detect security breaches, as well as the team members themselves. The PII needs to be readily available to teleworkers and to on-call IT staff members so that incident responses can be initiated quickly. Impact Rating: LOW The agency determines that unauthorized access to the roster would likely cause little or no harm, and it chooses to assign the PII confidentiality impact level of LOW Team exercise BYE – see you next week! Thank you! Sorry for the technical difficulties this week. Refer to SP 800-122 Appendix A - Scenarios for PII Identification and Handling Focus on A.2 Scenarios (pages A-1 through A-3), and… develop a systematic solution for: 1. Answering questions 1 and 2 of each scenario 2. Viewing the PII inventory of each scenario 3. Determining the commonalities and differences among the PII of the scenarios Team exercise 1. Teams analyze problem + draft solutions: ~20 min 2. Class discussion of draft solutions: ~15 min 3. Teams implement solutions: 4. Teams present solutions:.
Load more

Recommended publications
  • How to Use Hacker Persona's to Successfully Build Devsecops
    How to use hacker persona’s to successfully build DevSecOps Pipeline • Robin Yeman • Lockheed Martin Sr. Fellow • Lockheed Martin • twitter @robinyeman Agenda • DevOps and Pipeline • Securing the pipeline • Apply the practices 2 DevOps and delivery pipeline DevOps DevOps is “a cross-disciplinary community of practice dedicated to the study of building, evolving and operating rapidly-changing resilient systems at scale.” - Jez Humble Why DevOps Forsgren, Nicole. “DevOps Solutions | Google Cloud.” Google, Google, 22 Aug. 2019, https://cloud.google.com/devops/state-of- devops/. DevOps Pipeline Requirements / Design Version Control Build Tool(s) Continuous Integration Test Framework(s) API Library End to End Security Commit & Build Validate Deploy D Application Code & Build Application a s Integration Acceptance Production h Version Control Test Test Deploy b Environment o Commit & Build Validate Deploy Infrastructure Automation Package Infrastructure a Development Integrated r d API Library Configuration Environments Monitoring Artifact Repository Product Backlog Management Schedule Securing the delivery pipeline Threat Modeling • Identify Assets • Using IDDIL-ATC Methodology • Define the Attack Surface – Gain understanding • Decompose the System – Assess risk • Identify Attack Vectors – Justify security controls • List Threat Actors • Analysis & Assessment • Triage • Controls DevOps Pipeline Threat Model Attack Surfaces in the pipeline Requirements / Design Version Control Build Tool(s) Continuous Integration Test Framework(s) API Library
    [Show full text]
  • Information Provided by DHS Regarding Russian Scanning Was Incorrect Date: Wednesday, September 27, 2017 12:49:59 PM
    From: (b) (6) To: (b) (6) Subject: FW: Information Provided by DHS Regarding Russian Scanning was Incorrect Date: Wednesday, September 27, 2017 12:49:59 PM From: Secretary of State, Press Sent: Wednesday, September 27, 2017 2:58:05 PM To: Secretary of State, Press Subject: Information Provided by DHS Regarding Russian Scanning was Incorrect AP17:073 FOR IMMEDIATE RELEASE September 27, 2017 CONTACT: Jesse Melgar or Sam Mahood (916) 653-6575 Information Provided by DHS Regarding Russian Scanning was Incorrect SACRAMENTO – California Secretary of State Alex Padilla issued the following statement. “Last Friday, my office was notified by the U.S. Department of Homeland Security (DHS) that Russian cyber actors 'scanned' California’s Internet-facing systems in 2016, including Secretary of State websites. Following our request for further information, it became clear that DHS’ conclusions were wrong.” “DHS confirmed that Russian scanning activity had actually occurred on the California Department of Technology statewide network, not any Secretary of State website. Based on this additional information, California voters can further rest assured that the California Secretary of State elections infrastructure and websites were not hacked or breached by Russian cyber actors.” “Our notification from DHS last Friday was not only a year late, it also turned out to be bad information. To make matters worse, the Associated Press similarly reported that DHS has reversed itself and 'now says Russia didn’t target Wisconsin’s voter registration system,' which is contrary to previous briefings.” epic.org EPIC-17-03-31-DHS-FOIA-20180416-Production-1 000001 NPPD 000650 “The work of our intelligence agencies is critical in defending against cyber threats.
    [Show full text]
  • And You Thought It Could Not Get Worse
    And You Thought It Could Not Get Worse Joe Vigorito/Director, Mobility & Security Annese & Associates, Inc. Sad State of Security “Many cyberattacks can be mitigated by relatively simple measures. Unfortunately, some people fail to take what appear to be basic precautions–such as using strong passwords, applying patches, and running a security solution. In many cases, breaking into a company’s network is easier than it sounds.” Costin Raiu Director, Global Research & Analysis Team Kaspersky Lab “I could teach a third-grader to do it.” Darren Martyn aka “PwnSauce” LulzSec After hacking senate.gov in 2011 The Current State of Cybersecurity is Not Nearly Good Enough, and is getting worse all the time! Not getting worse? Lets look… • Yahoo! – Perpetrator unknown. 500 million accounts in Sept. ‘16, 1 billion in December. User names, email addresses, date of birth, passwords, phone #’s and security questions leaked Not getting worse? Lets look… • Yahoo! – Perpetrator unknown. 500 million accounts in Sept. ‘16, 1 billion in December. User names, email addresses, date of birth, passwords, phone #’s and security questions leaked • Mark Zuckerberg Hack – OurMine Group. His Pinterest and Twitter accounts were hacked multiple times because he used the password ‘dadada’ Not getting worse? Lets look… • Yahoo! – Perpetrator unknown. 500 million accounts in Sept. ‘16, 1 billion in December. User names, email addresses, date of birth, passwords, phone #’s and security questions leaked • Mark Zuckerberg Hack – OurMine Group. His Pinterest and Twitter accounts were hacked multiple times because he used the password ‘dadada’ • Oracle Micros Hack – Russian hacking group known for hacking banks compromised Oracle’s POS system code on one of the top 3 payment card systems globally Not getting worse? Lets look… • Yahoo! – Perpetrator unknown.
    [Show full text]
  • JAN 2017 Part B.Pdf
    Page | 1 CBRNE-TERRORISM NEWSLETTER – January 2017 www.cbrne-terrorism-newsletter.com Page | 2 CBRNE-TERRORISM NEWSLETTER – January 2017 Lost Nukes Present Opportunities for Terrorists Source: http://i-hls.com/2017/01/lost-nukes-present-opportunities-terrorists/ Jan 01 – Could Islamist terrorists get a hold of a nuclear bomb? Dozens of nuclear warheads have gone missing during the 1950s, 60s, 70s and 80s – with many confirmed the loss of at least eight atomic bombs – with a combined explosive force 2,200 times the Hiroshima bomb. According to The Sun, the Russians have never disclosed their missing weapons. However, according to the Berlin Information Centre for Transatlantic Security up to 50 nukes have been lost across the world since the 1950s. Most of these highly dangerous weapons are still lying on the ocean floor after military planes and subs sank without a trace. Experts claim that while they would probably be no use as weapons they could easily be salvaged, and the uranium would be used to build a “dirty” bomb (a weapon that combines radioactive material with conventional explosives). ISIS terror fanatics, who have been working to bolster their ranks with a team of jihadi scientists capable of creating a dirty bomb, have already launched chemical attacks. According to security service officials, finding a missing nuke would be a huge achievement for any terror group. Now, experts say the jihadis who want to develop nuclear weapons are the biggest threat to Europe since the end of the cold war. Moshe Kantor, head of the Luxembourg Forum on Preventing Nuclear Catastrophe, warned: “ISIS has already carried out numerous chemical weapons attacks in Syria.
    [Show full text]
  • 2017 Cybersecurity Predictions
    ATTACKS INTENSIFY REGULATION EMERGES FROM THE SHADOWS 2017 CYBERSECURITY PREDICTIONS Published: January 2017 SEEK TRUTH FIND RESILIENCE TABLE OF CONTENTS Intro Foreword ............................................................................................................................................................ 4 Scorecard for 2016 predictions ................................................................................................................. 5 2017 Predictions 1. Criminals harness IoT devices as botnets to attack infrastructure ...................................... 8 2. Nation state cyber espionage and information war influences global politics and policy ............................................................................................................................................................ 10 3. Data integrity attacks rise .................................................................................................................. 12 4. Spear-phishing and social engineering tactics become more crafty, more targeted and more advanced ............................................................................................................................... 14 5. Regulatory pressures make red teaming the global gold standard with cybersecurity talent development recognized as a key challenge ..................................... 16 6. Industry first-movers embrace pre-M&A cybersecurity due diligence ............................. 18 Conclusion Conclusion......................................................................................................................................................
    [Show full text]
  • Why Your Organization Should Treat Every Account As Privileged 2 Introduction
    CREATE POSITION Univers 55 Roman Depth is 2x width of “I” Standard IA Light Gray “I” 2x width of “I” Space between TM and logo is 1 x “I” 1x “I” Align with top of letter or top Why Your Organization of ribbon. Should Treat Every Account as Privileged Contents PAGE INTRODUCTION 3 YOU’VE BEEN LOOKING AT PRIVILEGED ACCESS ALL WRONG 5 YOUR BUSINESS SYSTEMS AND DATA ARE LESS SECURE THAN YOU THINK 7 IMPACT OF FAILING TO ACT 11 PROTECT YOUR ORGANIZATION WITH IDENTITY-DRIVEN SECURITY BEST PRACTICES 14 GET STARTED 18 Why Your Organization Should Treat Every Account as Privileged 2 Introduction There have been a slew of major data breaches in recent years. The number of records exposed in data breaches last year alone reached 174.4 million—close to five times the The hard truth is that 36.6 million records exposed in 2016.1 any unsafe system or individual puts Every time you turn around, another organization is in the headlines for having millions of everyone at risk. records compromised. Look no further than the recent Equifax breach in which sensitive information on more than 140 million individuals was stolen. This trend is expected to continue, with data breaches and other cybercrime costing the world $6 trillion per year by 2021, up from $3 trillion annually in 2015.2 In the vast majority of data breaches, stolen credentials for privileged accounts are the prime target for hackers. In fact, Forrester estimates that 80 percent of security breaches involve privileged accounts.3 Traditional privileged accounts are IT-based and have special active directory (AD) attributes.
    [Show full text]
  • Data Breaches in IT Systems
    Data Breaches in IT Systems Magdalena Neumann Betreuer: Heiko Niedermayer Seminar: Innovative Internettechnologien und Mobilkommunikation SS2016 Lehrstuhl Netzarchitekturen und Netzdienste Fakultät für Informatik, Technische Universität München Email: [email protected] KURZFASSUNG denen Kosten fur¨ Unternehmen, aber auch fur¨ die direkt Datenpannen haben sich im letzten Jahrzehnt zunehmend Betroffenen diskutiert. Abschließend werden die Ergebnisse zu einem schwerwiegenden Problem entwickelt. Obwohl der zusammengefasst und Erkenntnisse abgeleitet. Diebstahl von Daten nicht immer nur aus finanziellen Grun-¨ den erfolgt, entstehen meist hohe Kosten fur¨ die Gesch¨adig- 2. GRUNDLAGEN ten. Diese Arbeit ordnet den Begriff Datenpanne ein, stellt Mit der steigenden Zahl an Datenpannen ist es aus analyti- aktuelle Zahlen vor und besch¨aftigt sich mit der Frage, wie scher Sicht von großer Bedeutung, s¨amtliche gemeldete F¨alle sich der Trend in den letzten Jahren entwickelt hat. Dabei sinnvoll zu erfassen und einzuordnen. Dabei gilt es in erster werden zwei verschiedene Datensammlungen genauer unter- Linie zu uberpr¨ ufen,¨ ob es sich definitionsgem¨aß uberhaupt¨ sucht und Gemeinsamkeiten sowie vor allem Unterschiede um eine Datenpanne handelt und welcher Kategorie diese vorgestellt. Insgesamt wird die Problematik der Vergleich- zuzuweisen ist. Hierfur¨ werden in diesem Kapitel zun¨achst barkeit thematisiert. Zus¨atzlich wird der Umgang mit Da- verschiedene Definitionen vorgestellt. Anschließend werden tenpannen in der Realit¨at anhand zweier bekannter
    [Show full text]
  • Getting​​Personal
    ​ ​​ ​​ ​​ ​ Getting​ ​Personal The impact of cybercrime on executive leadership. ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ Executive​ ​Risk​ ​Whitepaper Corporate leaders and directors are often the targets of cyber crime. Sometimes they​ ​are​ ​just​ ​collateral​ ​damage.​ ​​ ​In​ ​either​ ​case,​ ​it​ ​can​ ​be​ ​costly​ ​and​ ​career​ ​ending. EXECUTIVE​ ​RISK​ ​WHITEPAPER Contents ​ ​[2]​​ ​​ ​​Executive Summary [3]​ ​​ ​​Take​ ​it​ ​from the​ ​top ​ ​​ ​​ ​​ ​​ ​[6]​ ​​ ​​A​ ​Broken​ ​Circle of​ ​Trust [7]​​ ​​ ​​Accidents Happen [8]​ ​​ ​​Sent​ ​Packing [9]​ ​​ ​​Spare​ ​Me [10]​ ​​ ​​Conclusion ©​ ​2017​ ​4iQ,​ ​Inc.​ ​All​ ​rights​ ​reserved. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​​ ​​[​​ ​1​​ ​] EXECUTIVE​ ​RISK​ ​WHITEPAPER Executive Summary When it comes to cyber threats, the C-suite and board room have a lot to worry about. What would a breach do to our company’s reputation? What could happen to our stock price? What if our intellectual property is stolen? How could the cost of a breach affect our financials? Or our viability​ ​as​ ​a​ ​company? These are all important questions, and smart companies consider how to answer them before an incident occurs. But there is one question that few executives think to ask​ ​until​ ​it’s​ ​too​ ​late: What​ ​if​ ​I​ ​am​ ​the​ ​source​ ​of​ ​the​ ​breach? When a CEO’s account is breached, it can trigger an earthquake for the entire enterprise. Aftershocks often include phishing scams, exfiltrated intellectual property, exposed stolen customer lists, and countless other incidents that cause severe​ ​financial​ ​and​ ​reputational​ ​damage​. 4iQ’s unique, outside-in approach can keep you and your company safe. We scour the full attack surface to uncover lost, leaked or​ ​stolen​ ​credentials​ ​and​ ​data. ©​ ​2017​ ​4iQ,​ ​Inc.​ ​All​ ​rights​ ​reserved. ​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​ ​​​ ​​[​​ ​2​​ ​] EXECUTIVE​ ​RISK​ ​WHITEPAPER Take​ ​it​ ​from​ ​the​ ​Top Increasingly, cyber criminals are targeting company leadership to gain access to networks, information, notoriety and money.
    [Show full text]
  • 'Even Facebook Is Hackable': Social Networking Website's Twitter Page Was Compromised 10 February 2020, by Dalvin Brown
    'Even Facebook is hackable': Social networking website's Twitter page was compromised 10 February 2020, by Dalvin Brown Security researcher Jane Manchung Wong captured the incident in real-time, uploading a screengrabbed video soon after it ended. Facebook Messenger's Twitter page was hacked in a similar manner along with Facebook's Instagram account. The tech giant's official website was not hacked. Facebook wasn't immediately available for comment, however, a spokesperson for Twitter told The Verge the takeover happened through a third- party platform. "As soon as we were made aware of the issue, we Credit: CC0 Public Domain locked the compromised account and are working closely with our partners at Facebook to restore them," Twitter said in a statement. Another day, another hack. According to screenshots of the tweets, the third- party platform may have been linked to the social Some of Facebook's official social media accounts media management site Khoros. were temporarily hijacked by a firm that has compromised accounts belonging to other high- OurMine is known for breaking into social profile tech companies. networking accounts belonging to celebrities and media companies. In 2017, the team of "white hat" Late Friday evening, the hacking firm OurMine hackers compromised several HBO official Twitter cracked into Facebook's official handle on Twitter profiles, including the official Game of Thrones and tweeted, "Hi, we are OurMine. Well, even page. Netflix, Marvel and the NFL have also been Facebook is hackable but at least their security is targeted. better than Twitter." OurMine says it has no bad intentions and claims The firm says its agenda is to generate awareness that its purpose is to help companies secure about cyber vulnerabilities.
    [Show full text]
  • Research on Pre-Electoral Intervention by Foreign Countries in a Digital World
    Research on Pre-Electoral Intervention by Foreign Countries in a Digital World The Harvard community has made this article openly available. Please share how this access benefits you. Your story matters Citation Gilani, Syed. 2018. Research on Pre-Electoral Intervention by Foreign Countries in a Digital World. Master's thesis, Harvard Extension School. Citable link http://nrs.harvard.edu/urn-3:HUL.InstRepos:42004033 Terms of Use This article was downloaded from Harvard University’s DASH repository, and is made available under the terms and conditions applicable to Other Posted Material, as set forth at http:// nrs.harvard.edu/urn-3:HUL.InstRepos:dash.current.terms-of- use#LAA Research on Pre-Electoral Intervention by Foreign Countries in a Digital World Syed Gilani A Thesis in the Field of International Relations for the Degree of Master of Liberal Arts in Extension Studies Harvard University November 2018 © 2018 Syed Gilani Abstract The election is now over, The result is now known. The will of the people Has clearly been shown. Let’s all get together; Let bitterness pass. I’ll hug your Elephant; And you kiss my Ass. —Hillary Clinton, 2018 The 2016 U.S. presidential election is long over, but the will of the people is still being contested in the media and by many in the general public. Bitterness has severely divided the nation along ideological fault lines, and hugs and kisses are far from reality. Alleged Russian intervention in the U.S. national elections, in favor of Republican nominee Donald J. Trump, has been named as one of the major problems of this recent post-election discord across America.
    [Show full text]
  • Accounting and Financial Reporting for Fiduciary Activities Gasb-84
    GOVERNMENTAL UPDATE, AUDITING UPDATE AND THINGS THAT KEEP US UP AT NIGHT State of Maine Eric S. Berman, MSA, CPA, CGMA, Partner [email protected] 208.424.3524 AGENDA – GASB UPDATE June 30, 2018 Year Ends: GASB 81 – Irrevocable Split-Interest Agreements GASB 75 – Accounting and Financial Reporting for Postemployment Benefits Other than Pensions (OPEB) GASB 85 – Omnibus 2017 GASB 86 – Certain Debt Extinguishment Issues Implementation Guide Update 2017-1 OPEB Employers’ Implementation Guide June 30, 2019 and beyond GASB-83 – Asset Retirement Obligations GASB-84 – Fiduciary Activities GASB-87 – Leases GASB 88 – Debt Disclosure and Direct Borrowing GASB 89 – Accounting for Interest Cost during the Period of Construction Likely GASB 90 - Accounting and Financial Reporting for Majority Equity Interest The Latest on the Financial Reporting Model Project These seminar materials are intended to provide the seminar participants with guidance in accounting and financial reporting matters. The materials do not constitute, and should not be treated as professional advice regarding the use of any particular accounting or financial reporting technique. Every effort has been made to assure the accuracy of these materials. Eide Bailly LLP and the author do not assume responsibility for any individual's reliance upon the written or oral information provided during the seminar. Seminar participants should independently verify all statements made before applying them to a particular fact situation, and should independently determine consequences of any
    [Show full text]
  • Cyber Security
    Cyber security How to keep ahead of the threats……… Warren Dunn, Partner, Forensic Technology (FIDS) There has never been a more exciting time to be…… 2 What’s in a name ►Anonymous ►Computer Chaos Club (CCC) ►Energetic Bear ►Wannacry ►globalHell ►ILOVEYOU ►LulzSec ► Code Red ►Lizard Squad ► Melissa ►Magic Kitten ► Sasser ►Network Crack Program Hacker ► Zeus Group ► Conficker ►Numbered Panda ► Stuxnet ►OurMine ► Mydoom ►Syrian Electronic Army ► CryptoLocker ►The Level Seven Crew ► Flashback ►TeaMp0isoN 3 Copyright © 2017 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation 4 Copyright © 2017 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation 5 Copyright © 2017 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation 6 Copyright © 2017 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation Page 7 Page 8 Page 9 10 Copyright © 2017 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation 11 Copyright © 2017 Ernst & Young Australia. All Rights Reserved. Liability limited by a scheme approved under Professional Standards Legislation EY’s Global Information Security Survey: It is no longer possible to prevent attacks or breaches ► Cybercrime is growing and damages an organisation and its brands
    [Show full text]