Symantec: Data breaches become a headache for business IT departments and it is now necessary for all staff to be constantly alert to security issues.
But while the businesses focus their efforts on deterring would-be attackers, it is important to also have a strategy in place to deal with a breach should it occur.
The first days and weeks after the violation are critical but also emotionally charged. Businesses typically react impulsively and start downloading logs, put servers offline while they are hurrying to repair the damage, ignoring that they can destroy important evidence. The truth is that the above measures may hamper research and cause greater problems. It is important for the company to be aware of the appropriate actions in the event of a breach, to apply best practices and to provide for a manual to deal with cases of breach.
One of the most important steps from the start is to have a clear process for it information του τμήματος ΙΤ σχετικά με τυχόν θέματα ασφαλείας που έχουν προκύψει στην επιχείρηση. Τις περισσότερες φορές, τα περιστατικά παραβίασης της ασφάλειας δεν γίνονται αντιληπτά από την ίδια την επιχείρηση. Συνήθως διαπιστώνονται από τις services compliance, trading partners such as payers, or even from customers, and do not quickly reach the office of the Chief Information Officer (CIO) because usually the person receiving the information does not know where to turn.
1 day to 1 week after violation:
Once informed about the violation by CIO, CISO and IT department staff, CISO has to follow a three-pronged process: To command the IT department to preserve the and to assess both the size and extent of the breach, to work with the legal department to decide what to disclose and to inform the Information Systems Manager and the Managing Director for the developments in order to inform the shareholders about the situation.