It’s a dangerous world for protected information, with major breaches in the news and a challenging cyber-threat environment behind the scenes. Organizations must be prepared to respond to data breaches, but effective response is no small matter. There are 10 different channels of response activity for an organization that has suffered a security breach: Security, Legal, Forensic, Law Enforcement, Regulators, Insurance Coverage, Public Relations, Stakeholders, Notification, and Personnel Management. Most of these activities are involved in every breach, and all must be dealt with in significant breaches. These activities are not sequential. They play out in parallel, with interrelated effects… and with the response clock ticking.
Many organizations have important elements already in place for certain Security activities. Larger organizations may have a Security Operations Center (SOC) within their IT function, and some may use a Security Information and Event Management (SIEM) tool to detect and evaluate network intrusions. Organizations may also have a Computer Security Incident Response Team (CSIRT or CIRT), usually with IT Security leadership, focused on computer security activities for incident response. Though important, these IT Security capabilities are typically neither designed nor adequate to manage the other nine activity channels crucial for breach response.
Deciding how to handle all of these interwoven activities in the midst of an actual breach, with no advance planning, is a guarantee for failure. There simply is no substitute for preparation. Effective breach response readiness requires that the organization understand what will be needed in each of the ten activity channels for its anticipated breach scenarios, and also how these activities will be managed simultaneously to avoid unnecessary risk, delay, and cost.
For a briefing paper on the 10 activity channels for data breach response, and how to achieve breach response readiness, click here.