Develop a simple yet methodical set of response steps
Do you have a solid plan in place for if and when you experience a security breach? Does that plan include important contact information, and have you and your co-workers walked through the plan together? This step-by-step guide will help you to set an action plan in place.
- Introduction outlining the purpose and scope of the plan
- A list of security incident response team members and full contact information mentioned above
- A list of the types of incidents that will cause you to invoke the plan mentioned above
- Technologies and operations in place to detect incidents
- Specific steps for containing incidents
- Procedures for investigating what happened. (Don't overlook the value of a formal cybercrime investigation if it appears to be serious enough; otherwise, you can end up overlooking things or ruining evidence.)
- High-level steps for eliminating the threats and associated vulnerabilities (ideally one set of steps for each type of incident)
- Specific steps for following up to ensure the threats and vulnerabilities are gone (such as virus scanning, port scanning, vulnerability testing and network analysis)
- Procedures for communicating with external parties such as customers, business partners and the media (this may be one of the first things your organization is required to do!)
- Requirements for retaining records related to security breaches
In the end, make sure your plan addresses these six major areas:
- Who does what?
- What must be done?
- When must it be done?
- Where must it be done?
- How must it be done?
- What's done when all is said and done?
![]()
Plan for a security breach, step by step
![]()
Introduction
Step 1: Define what "breach" means to your business
Step 2: Don't overlook critical network infrastructure systems
Step 3: Know who to contact and have that information available
Step 4: Develop a simple, methodical set of response steps
Step 5: Get input from others affected by a security breach
Step 6: Keep your momentum going
About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at kbeaver@principlelogic.com>.



The importance of web security
Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
Start the conversation
0 comments