Get input from others affected by a security breach

Do you have a solid plan in place for if and when you experience a security breach? Does that plan include important contact information, and have you and your co-workers walked through the plan together? This step-by-step guide will help you to set an action plan in place.

It's easy to assume that you know everything that's needed for responding to security breaches; you probably do from a technical perspective. Just don't overlook the importance of input from other business managers, legal counsel and your marketing/PR folks. By involving the right people, you'll gain insight into business processes you probably weren't aware of, investigative steps you must follow based on the type of business your organization is in and what to say or not say to curious people when they call after getting wind of the problem. Also, you won't want to re-create the wheel so never overlook the value of third-party guides on the subject of incident response planning such as NIST's Special Publication 800-61.

Plan for a security breach, step by step

  Step 1: Define what "breach" means to your business
  Step 2: Don't overlook critical network infrastructure systems
  Step 3: Know who to contact and have that information available
  Step 4: Develop a simple yet methodical set of response steps
  Step 5: Get input from others affected by a security breach
  Step 6: Keep your momentum going

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at [email protected]>.

Read more on Hackers and cybercrime prevention