For the past several months, many agencies and organizations have been affected by system vulnerabilities and compromises that led to massive data breaches. Although notification of affected parties is a top priority, if done incorrectly backlash may ensue. Having a proper incident reporting plan in place is key to a smooth notification and may pave the way for future success.
Officials should be very mindful before making notification, a recent GovTech article advises. A cybercrime scene should be treated like a physical crime scene, and an incident reporting plan should include the following (summarized):
- A Thorough Review Of The Evidence Is Essential. This is a necessary part of the process that must be done before any conclusions can be drawn.
- Use Caution And Avoid Communicating Information Too Quickly. First, understand state breach notification laws, notification requirements set by federal law and industry standards, such as the Payment Card Industry’s Data Security Standard. In addition, make sure sufficient facts have been gathered before making a public statement.
- Accuracy Is Paramount. Do not rush evidence collection and analysis simply to provide immediate information to the public, as this information may eventually turn out to be erroneous or inaccurate. If the initial information you provide is later determined to be incorrect, this misinformation can ultimately damage your credibility and could complicate your ability to effectively manage the breach. Rushing the notification timeline also means running the risk of having to recant and explain earlier statements.
- Establish A Command Post To Host Team Meetings And Communicate Media Updates. Having a central location to meet is helpful when the stress of a breach arises.
- Establish An Incident Response Plan And Incident Response Team. The incident response plan is the playbook to be followed step-by-step should a security incident occur. Identify team members and then designate specific roles and responsibilities for multiple teams and team members, notification, and communication.
- Review The Incident Response Plan On An Annual Basis. The plan should undergo a comprehensive review and be modified as needed.
For more information on establishing a proper incident-reporting plan, see the full GovTech article.
- Security and Vulnerability Management
- Configuration, Compliance (FISMA, NIST) and Management
- Continuous Monitoring
- Incident Response
- Vulnerability Scanning and Testing
- Security Audits
- Self Assessments
- Penetration Testing
- Web Filtering
- Risk Assessment
- FISMA Reporting