Step 2: Circle the wagons: Deploy the rapid response team
Once your organization is hit by a data breach, it is time to jump into immediate action.
If your organization has not previously set up a rapid response team, to handle all aspects and fallout over a data breach, it's now time to do so in quick manner.
If a rapid response team is in place, make sure that the following areas are covered:
- Human Resources
- Information Technology (IT)
- Public Relations
- Legal Counsel
- Risk Management
- Financial Managers
- Corporate Management
- Branch Management (if applicable)
- Digital investigators
Each organization's response team will vary, however each area should be covered, so your organization knows how to spin the fallout from a data breach.
Two of the most sensitive areas are Public Relations and IT. Most of the time, it's the PR representative who must make a written and verbal statement concerning the breach.
In addition, IT personnel have a spotlight on them too, especially if the breach occurred within the IT environment. Documentation is key, when it comes to an IT-based breach, and it is a best practice to train in-house IT personnel about how to respond to a suspected incident. Every time there is a change to the IT environment, the IT team should document it.
In addition, any organization should either have forensic specialists on the IT team, who are educated and certified in digital forensi
cs, or be able to hire third-party companies to handle forensics as well as other aspects of the response plan.
Most forensics experts-within an IT environment-are typically certified to use the two primary tools for performing digital forensics: Guidance Software's Encase, and Access Data's Ultimate Forensics Toolkit (FTK).
"If you go to any IT person, this is a big concern," says Chris Ramos a compliance consultant with First Advantage/Security Incident Response Network (SIRN). "There is a blame game out there, there are liabilities and an aftermath."
Under the umbrella of First Advantage-the nation's largest reseller of credit card information to financial institutions-SIRN is a St. Petersburg, FL-based third-party fulfillment service that assists organizations after a data breach. They handle rapid consumer notification and help to minimize the potential impact of a consumer data security breach.
"Most organizations we do business with, actually have experience in data breach material," says Ramos. "They understand that they need policies, but they don't know how to execute those policies...if a company has experienced a data breach, that doesn't always mean that they will follow their procedures."
Ramos emphasized that the organization should, first, get their response team organized, whether they use a third-party vendor like SIRN or not.
"There are legal issues, PR issues, and SIRN is really there as an aid and to compliment their current policies," he continued.
"We don't go in and write the policies, and we have our own internal processes, so we can take over for them, but we like to work with the organization's response team...we urge organizations to create their own response and notification plan, first."
 Print this page
 Send this page to a friend
|
