[BreachExchange] How to Draft an Effective Data Breach Incident Response Plan

Inga Goddijn inga at riskbasedsecurity.com
Wed May 25 18:52:15 EDT 2016


http://www.jdsupra.com/legalnews/how-to-draft-an-effective-data-breach-65740/

The best way to handle any emergency is to be prepared. When it comes to
data breaches, incident response plans are the first step organizations
take to prepare. Furthermore, many organizations are required to maintain
one. For example, any organization that accepts payment cards is most
likely contractually required to adopt an incident response plan.  Even
Start-ups need to be prepared!

A good incident response plan does not attempt to predict every type of
breach that may occur. Rather, the fundamental components of an incident
response plan are that it establishes the framework for who within an
organization is responsible for investigating a security incident, what
resources that person has at his or her disposal (inside and outside of the
organization), and when a situation should be elevated to others within the
organization. They can also provide a reference guide for the type of
actions common to most security investigations.

*What are organizations’ top concerns when it comes to incident response
plans?*

1. The plan has little relationship to how the organization actually
handles security incidents.
2. The plan has never been tested.
3. The plan does not cover all of the issues that arise in a data security
incident.

*Checklist for drafting an effective incident response plan:*

1. The plan assigns a specific person or group to lead an investigation.
2. The plan provides a clear plan for escalating information about an
incident.
3. The plan discusses the need for preserving evidence.
4. The plan incorporates legal where appropriate to preserve
attorney-client privilege.
5. The plan discusses how the organization will communicate externally
concerning an incident.
6. The plan includes contact information for internal resources.
7. The plan includes contact information for pre-approved external
resources.
8. The plan is reviewed annually.
9. The plan is tested.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160525/2d26ecbb/attachment.html>


More information about the BreachExchange mailing list