Know who to contact and have that information available

Do you have a solid plan in place for if and when you experience a security breach? Does that plan include important contact information, and have you and your co-workers walked through the plan together? This step-by-step guide will help you to set an action plan in place.

When something bad happens, you don't want to have to scramble to find the relevant contact information for colleagues, management and others in order to notify them of the security breach. The same goes for cybercrime investigators at your local, state and federal law enforcement levels. You'll want to document contact information -- work, mobile and home phone numbers as well as personal email and IM addresses -- for all key players.

Ideally, you'll want all incident response roles and responsibilities defined within your plan so that everyone knows who does what and when. This will not only make it more convenient for notifying the powers-that-be about what has happened, but it'll also help set everyone's expectations so they're not caught off guard when they need to step in to help in the middle of the night. You'll want your contact information documented in your plan; just make sure it's stored somewhere else in addition to your workstation, server or PDA. Those systems may not be accessible in the midst of a breach.

Plan for a security breach, step by step

  Step 1: Define what "breach" means to your business
  Step 2: Don't overlook critical network infrastructure systems
  Step 3: Know who to contact, have that information available
  Step 4: Develop a simple yet methodical set of response steps
  Step 5: Get input from others affected by a security breach
  Step 6: Keep your momentum going

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at [email protected]>.

Read more on IT risk management