Symantec: Data breaches are becoming a headache for enterprise IT departments and it is now necessary for all staff to be constantly alert for themesecurity.
But while businesses focus their efforts on deterring potential intruders, it is important that they have a strategy to deal with any violation if they happen.
The first days and weeks after the breach are critical but also emotionally charged. Usually businesses react impulsively and start downloading archives καταγραφής, να θέτουν τους διακομιστές εκτός σύνδεσης ενώ σπεύδουν να αποκαταστήσουν τη βλάβη αγνοώντας ότι με τον τρόπο αυτό μπορεί να καταστρέψουν σημαντικά αποδεικτικά στοιχεία. Η αλήθεια είναι ότι τα παραπάνω μέτρα μπορεί να παρακωλύσουν τις έρευνες και να προκαλέσουν μεγαλύτερα problems. It is important for the business to know the appropriate actions in the event of a breach, to implement best practices and to have provision for a manual to deal with incidents of breach.
One of the most important steps from the outset is to have a clear process for informing the IT department about any security issues that have arisen in the business. Most of the time, security breach incidents are not noticed by the business itself. They are usually identified by compliance agencies, trading partners, such as agencies payments, or even from customers, and they don't reach the CIO's office quickly because usually the person receiving the information doesn't know where to turn.
1 day to 1 week after violation:
Once informed about the violation by CIO, CISO and IT department staff, CISO has to follow a three-pronged process: To command the IT department to preserve the and to assess both the size and extent of the breach, to work with the legal department to decide what to disclose and to inform the Information Systems Manager and the Managing Director for the developments in order to inform the shareholders about the situation.
