BY CLYDE HEWITT, CISSP, CHS ON MAR 5, 2018, SecurityInfoWatch.com
Many organizations have adopted a herd mentality by assigning the security incident responsibility to the Chief Information Officer (CIO) or senior security official (CISO). Unfortunately, this myopic approach is a prescription for the organization to make serious errors and delay responding based on two key observations.
March Special: 30% Off IFPO Homeland Security Certifications!
First, not all security incidents result in a breach of confidential data, nor do all breaches start with a security incident. Second, all incidents require human interaction at some point early in the process. Since the fog of uncertainty is thickest at the start, the first individuals at the scene do not typically have access to enough data to determine if the incident will result in a security or privacy issue. For these reasons, any incident response process should address all types of security and privacy incidents, as well as engage key stakeholders from many disciplines.
Discussion
By now, all organizations that create or store sensitive information should be aware that they are vulnerable to many types of security and privacy incidents. As organizations respond to these incidents, they must consider their legal, regulatory, and contractual obligations. While disaster recovery plans are designed to perform a technical recovery, there are other obligations beyond a technical recovery that must be considered including government, client, and/or individual notifications.
IFPO grads can now continue learning through Kaplan University
Many of the security and operational frameworks published by the National Institute of Standards and Technology (NIST), International Standards Organization (ISO) — as well as industry-specific regulations, such as Health Insurance Portability and Accountability Act (HIPAA) — require organizations to implement policies and procedures to address security incidents. Implementation first implies a process has been developed and documented, and then all key stakeholders have received meaningful periodic training in their roles.
Securing the Best: Raising the Bar with IFPO Certification
Training is most effective when the key decision makers participate. If an organization were to experience a major ransomware attack, the CIO can expect at a minimum the CEO, CFO, COO, and HR to all be impacted. Many others are needed to help with recovery and communications, including procurement, HR, public affairs, and IT. Finally, the General Counsel and the compliance team are needed to analyze information from many sources and recommend decisions.
