Saturday, October 10, 2009

An effective incident response process

Thanks to the great people at SC Magazine for publishing this piece of mine.

Security and privacy incidents pose real risks to companies of any size and complexity.

These types of unwelcome events do not discriminate. The steps your company takes to deal with the response and remediation, however, will allow you to differentiate yourself from other companies who suffer the same fate.

An excellent first step in the incident response process is to simply define and understand what the terms violation, incident or breach mean in the context of your industry's lexicon. The terms may already be defined by regulations or laws that govern your industry or company. If so, you should align your understanding with these already-defined measures since you will probably be legally held to them in the case of an incident. It also will be beneficial to try and articulate the possible scenarios that are likely to occur in your line of work. While you cannot possibly define every likely incident, you should be able to imagine a short list of the ones within the realm of possibility.

Second, define, document and publish procedures that are to be followed in the event of an incident. However, the procedure should include steps to take in reaction to the incident that define who does what and when. The procedures don't necessarily need to be overly detailed or verbose, but they should avoid being subjective or too generic so as not to invite indecision or confusion during a time when you least want it. Having a single procedural guide on which to rely during incidents fosters accountability and follow-through.

Once a central point of contact is appointed, then a response team can be created. Depending on your company, this may be an army of one or a group of 25. If you don't have the luxury of dedicated resources, then a virtual team can be named that comes together in a time of crisis, and then just as quickly dissolves once the storm has passed. This process allows a company to harness the particular expertise of its employees, while still allowing them to do their day jobs.

In this age of free-flowing information, your customers and clients do not realistically expect you to never have a security or privacy breach. No rational person expects all of their data, in all its iterations, in all locations, to forever remain safe and secure. What those customers and clients do expect of you is to have a process in place to reasonably prevent the incident from happening and, when it does happen, have a plan in place to deal with the consequences. Part of those consequences involve notice to clients and customers of what happened, details on how you will rectify the current situation and, finally, plans to ensure that this same event does not happen in the future.



From the October 2009 Issue of SCMagazine  (http://www.scmagazineus.com/An-effective-incident-response-process/article/151825/)

No comments:

Post a Comment