On Demand Audio

Protecting Your Domain Name System (DNS) Security To Avoid Data Loss & Insider Threat

(102 reviews)

Produced on August 27, 2019

Taught by
$ 59 Privacy & Cybersecurity In Stock
Get started now

$299 / year - Access to this Course and 1,500+ Lawline courses

or

Course Information

Time 63 minutes
Difficulty Intermediate

Course Description

The importance of the Domain Name System (DNS) to your organization’s cybersecurity cannot be understated. Communications between your organization’s computers and the Internet (web, email, and file server traffic) depend on DNS to get to their intended destinations. Man in the Middle DNS attacks, DNS hijacking, DNS denial of service attacks and backdoor command and control malware/data exfiltration using DNS can be devastating. Malicious employees and other insiders may abuse DNS. Loss of critical business information, data breach of protected information, reputational harm and collateral damage to your business partners/customers may result in long-lasting effects. HIPAA, the Gramm Leach Bliley Act, the GDPR and State cybersecurity laws and regulations, including California, Massachusetts, New York (DFS), and Colorado require covered organizations to consider risks to DNS as part of an overall risk assessment and implement reasonable administrative, technical, and physical safeguards. This webinar will discuss how to anticipate, prevent, and respond to attacks on your organization’s DNS systems and comply with applicable legal requirements.

The program is presented by Brian Cesaratto, an attorney in Epstein Becker Green’s Privacy, Cybersecurity and Data Asset Management practice. He is a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH).


Learning Objectives:

  1. Review the importance of Domain Name System security
  2. Discuss common types of attacks on DNS systems
  3. Anticipate, prevent, and respond to attacks on your organization’s DNS systems

Credit Information

After completing this course, Lawline will report your attendance information to {{ accredMasterState.state.name }}. Please ensure your license number is filled out in your profile to ensure timely reporting. For more information, see our {{ accredMasterState.state.name }} CLE Requirements page . After completing this course, {{ accredMasterState.state.name }} attorneys self-report their attendance and CLE compliance. For more information on how to report your CLE courses, see our {{ accredMasterState.state.name }} CLE Requirements FAQ .

Faculty

Brian Cesaratto

Epstein Becker & Green, P.C.

Brian G. Cesaratto is a Member of the Firm in the Litigation and Employment, Labor & Workforce Management practices, in the New York office of Epstein Becker Green. His practice focuses on cybersecurity and data privacy, computer and electronic data misappropriation, breach and forensics, technology and software licensing, internal and law enforcement investigations, and litigation.

Mr. Cesaratto is a Certified Information Systems Security Professional (CISSP). He was awarded this information technology security audit certification by the International Information Systems Security Certification Consortium (see www.isc2.org). He is a Certified Ethical Hacker (CEH), a certification awarded by EC-Council, the world's largest cyber security technical certification body. He is also a Certified CSF Practitioner, a designation given by the Health Information Trust Alliance (HITRUST), an organization that provides training to develop and maintain effective security programs for health care, life sciences, and other companies that comply with security laws, regulations, and standards, including HITECH, HIPAA, PCI, JCAHO, CMS, ISO, NIST, GDPR, and various other federal, state, and business requirements (including New York State Department of Financial Services cybersecurity regulations).

In his practice, Mr. Cesaratto has:

  • Provided legal advice on preventing cybersecurity and data privacy issues
  • Conducted cybersecurity and data privacy risk assessments
  • Assisted clients with developing and implementing information security management programs, including insider threat programs and security incident response plans
  • Investigated cybersecurity incidents and data breaches
  • Assisted clients with the complexity of issues involving the handling of electronically stored information (ESI) on their networks and e-discovery obligations and litigated those issues
  • Advised clients in the negotiation of software licensing, cybersecurity, and technology related agreements, including SaaS, Service Level Agreements (SLAs), and third-party vendor agreements
  • Conducted internal investigations into misappropriation and breach of proprietary information and financial misconduct
  • Provided legal advice to organizations concerning electronic data misappropriation and computer forensics, including use of forensic software in workplace investigations
  • Represented targets of internal, regulatory, and criminal investigations and prosecutions
  • Provided legal advice on a wide range of technology, commercial, compliance, unfair competition, and personnel issues
  • Litigated all aspects of commercial and employment related lawsuits up to and through trial, including business disputes, employment discrimination and whistleblowing, theft of trade secrets, and breach of restrictive covenants

Mr. Cesaratto draws on a diverse legal background that includes private practice with national law firms, lengthy solo practice, and serving as an Assistant District Attorney in Bronx County, New York, where he directed investigations into financial fraud, identity theft, theft of intellectual property, credit card fraud, and consumer fraud. In addition to his CISSP and CEH certifications, he has completed extensive training courses in computer forensics software, including recovery of deleted electronic documents and indicia of unauthorized data transfer.