BreachExchange mailing list archives
Security Think Tank: Three steps to effective incident response
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 3 Jul 2014 19:46:26 -0600
http://www.computerweekly.com/opinion/Security-Think-Tank-Three-steps-to-effective-incident-response Organisations fall into three categories: those that have suffered a data breach, those that haven’t (so far), and those that have but think they haven’t. As breaches become prevalent and exponentially larger, it begins to seem possible that an incident could compromise a billion records. Given this challenging environment, how can companies protect themselves and their customers? 1. Develop a plan The mere process of initial planning will reveal gaps in communication, policy, technical capability, roles and responsibilities that may require urgent attention. Any robust plan must involve multiple departments, including information security, legal and compliance, human resources, communications and vendor management. A core team of cross-departmental representatives should be selected to take the lead in responding to incidents. 2. Practice makes perfect Breaches will impact numerous departments, and all must be prepared to act quickly. eBay was heavily criticised for its response to a recent data breach, taking days to tell users to change passwords and appearing disorganised in its public communications. Simulation exercises can prevent this confusion by engaging with all the key stakeholders identified in step 1 to help to set clear expectations and post-breach actions and responsibilities. 3. Respond decisively Triage of compromised systems is crucial, and the accurate documentation of response activities is necessary for legal and law enforcement purposes. Once the basic facts have been established and initial forensic investigations are complete, it is time to go public. Customers and partners expect honesty about what has happened to their data, and prompt and clear communications during crisis situations are essential. Creating and testing response plans may attract interest from senior management, particularly if the organisation or a competitor has suffered an incident where reputational damage is likely. Resources such as the ISF Information Risk Analysis Methodology (IRAM) can assist with developing incident management plans to avoid making a difficult situation even worse.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Security Think Tank: Three steps to effective incident response Audrey McNeil (Jul 11)