CH 9: Data Breach Incident Plans Flashcards
Confirmed disclosure of data to unauthorized party. Requires notification to authorities and/or customers.
Data breach
A situation in which the confidentiality, integrity or availability of personal information may potentially be compromised. May not require notification.
Data incident
Average cost of data breach worldwide
3.92 million
data breach risks for an organization
1) loss of revenue
2) legal & regulator fines
3) loss of business
4) impact on business relationships
5) loss of customer trust
6) damage to public perception
data breach risks for an individual
emotional distress, identity theft, personal reputational harm, financial damage from misuse of credit/debit cards
What is the top cause of breaches?
Malicious or criminal attack.
How do breaches occur?
Malware (28%), internal actors (34%), hacking (52%), phishing (32)%, perpetrated by outsiders (62%)
How can you prepare for an incident?
Incident response team and plan in place, employee training, threat-sharing, BCM involvement, board-level buy-in
How can you prepare your team for an incident?
Training (e.g., tabletop exercises), be an active members of the incident response team, provide guidance on breach notification requirements
Who should fund training?
Leaders often disagree; consider a shared-cost arrangement
Who should receive training?
Different levels for different groups, but all employees should have a basic understanding
Who should lean incident response plan creation?
Privacy office or legal; with help from IT, communications, HR, senior management, etc. Stakeholders will vary by organization.
What guidelines, processes and procedures will you need to develop in order to create an incident response plan?
Roles & responsibilities (who will call the shots), severity ratings and triggers for escalation, team contact info (a breach will not happen at a convenient time), how to report suspicious communications/activity, regulatory requirements, how to interact with authorities, info on key vendors and counsel (who are your lawyers that you call straight away), integration with business continuity plan, and post-incident process
What are the steps to take in a breach?
Secure your operations (e.g., stop additional data loss, secure physical areas), notify appropriate parties, and fix vulnerabilities..
What are potential consequences of inconsistent messaging?
Evidence of poor planning, loss of trust, people make assumptions about what’s true, and legal liability issues.
Why should internal announcements be made at the same time as external?
To align messaging, avoid leaks, and demonstrate transparency.
What do employees need to know about an incident?
Information that affects their jobs, what to keep confidential,
What’s the nature of the breach? How many individuals impacted? Is information accessible and usable? Is breach likely to lead to harm? Can harm be mitigated?
Things to consider when deciding whether to make an external announcement if there is no legal obligation to do so.