What to Do? Breach Response
Years ago, a business could plan to secure its enterprise. The IT department would harden the system and in most cases there would be a reasonable assurance the enterprise was relatively safe. Things have changed as technology has improved. This improvement has come at a price. The
speed of advancement has not been the easiest environment in which to apply security. This lack of applied security has promoted several issues. This has been noted in many breaches. This has clearly only grown in importance as the breaches the breaches are more common and the businesses provide more data to steal.
In the case of a breach, the first act is that the alleged breach must be verified to have occurred. If one did occur, the business needs to analyze what was affected. Not all breaches are reportable. If there happens to be data involved of a consumer confidential nature, there would need to be a notification. The trigger point would be the data having social security numbers, driver’s license numbers, financial account numbers, passwords, and other personally identifying information.
The business also may be required to notify the affected parties with in a specific amount of time. This period varies on the state and federal level, depending on the subject matter and jurisdiction. Many states instead of putting a number of this period, simply state this have to be done within a “reasonable” time period. This generally is accepted as 45 days. If there is HIPAA information involved, there may be a timeline in place for the notification.
Once the timeline is in place and divided on, the notice itself has to be written. This is also dependent on the jurisdiction. Certain states have requirements that have to be met. For instance, Rhode Island has for its notification law six items to be met. There may be a template or form letter to be used.
These events are not going to slow down in occurrence or magnitude. As the attackers have operationalized this as a business, it has proven itself to be a revenue producer, and popular as an attack tool.
About Charles Parker, II
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Mr. Parker has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.