Anyone who has suffered a recent data breach involving regulatory or legislative data knows the investigation can be an excruciating process. The investigation is subject to time constraints as to how long it takes time to prepare and notify affected individuals. Statutes may apply to the company requiring customers to be notified within X number of days. And, of course, breaches never occur when it's convenient for the victim. So what can you do to streamline the investigative process and make

John H. Sawyer, Contributing Writer, Dark Reading

April 24, 2009

2 Min Read

Anyone who has suffered a recent data breach involving regulatory or legislative data knows the investigation can be an excruciating process. The investigation is subject to time constraints as to how long it takes time to prepare and notify affected individuals. Statutes may apply to the company requiring customers to be notified within X number of days. And, of course, breaches never occur when it's convenient for the victim. So what can you do to streamline the investigative process and make it less painful?"Five Ways To Survive a Data Breach Investigation," by Bill Brenner, does a good job of covering some of the stages of response that can certainly help organizations get back on their feet. The highlights include designing your response plan to be quick, not touching anything, involving legal counsel, deciding whether the investigation should be loud or silent, and educating employees. Great advice, but I think there is a piece missing -- public relations.

Having a response plan built for speed should include a team made up of not only techies, but at least one person from general counsel and one from the PR group. The PR rep is there to help with the game plan on how to handle releasing the information to the public, writing the notification letters, and setting up scripts for the call center (which may be necessary to handle the inquiries from concerned customers/clients).

I also recommend that the team meet a couple of times a year to review and update the response plan to address changes in corporate policy, legislation, or regulations that impact what must be done if certain types of data are breached (like personal or health info). The response workflow needs to have all parties plugged in to be successful.

Definitely take a look at Bill's article, and see if your incident response plan includes those items and the PR aspect I mentioned above. If not, then you could be in for a world of hurt when it's your turn to be the victim of a breach.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

About the Author(s)

John H. Sawyer

Contributing Writer, Dark Reading

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights