Incident Response to Data Breach, Part 1: Planning
by Brent Kirkpatrick
(Date Published: 11/17/2017. Revised: 4/24/2018)
Typically, the data breach needs to be reported to the people effected by it. Often a company will choose to re-secure their network before announcing the breach. This is because an announcement of data breach is often accompanied by an increase in hacking.
In this series of articles, we will consider the following questions: Who to involve in the response? How to coordinate? What strategic moves to consider? How to recover? When to investigate?
Response to a breach involves people, process and technology---your whole organization. Getting your PR and legal people involved early prevents siloing of the response in the technical realm. Know someone to call who specializes in incident response. Look for someone who has a strategy for their service, rather than someone who assume that a new piece of hardware will fix everything. Know which cybersecurity frameworks you are using, for example: NIST, PCS-DSS, SOX, etc. (More on legal frameworks.) Know your network topology.
Clean-Up (TM). Incident response driven by data.
Incident Response, Part 1: Planning