Getting breached does not determine whether or not you have a good security program in place, rather how you respond to one does. Before you begin to stress out about how to keep your head (and your job) intact when the worse case scenario happens, here are the top five tips for handling an organization’s first security breach.
Expect to have quality time with executives
Prepare yourself for some quality time with the executive team. During a security breach, you will find yourself interacting with an entire group of people that previously were merely names on your corporate organization chart. The executive management team will expect you to make confident decisions quickly. This will often drive you crazy because you are an engineer and as you know, the unknown always outweigh the known. You will be sought after to make decisive, quick assessments regarding the information and data that you have collected and be prepared to be held accountable for them afterwards.
Make sure you establish and record a timeline of events
Create a complete and detailed timeline of events because your responsibility is to determine “how” this happened. A comprehensive list of everything that happened within your network is crucial information that your management team needs from you. This is not an interpretation of “why” this happened. Additionally, know that this collected data will be essential for legal, PR and the board members, and will be the primary deliverable that the rest of the workflow is derived from.
Set clear expectations and don’t succumb to the endless requests for updates
Do not succumb to the endless requests for hourly updates because it can impact the organization’s productivity. Although you should expect to receive constant status update requests, you should not update too often because it can negatively affect your work. Make sure that the analysts are given enough space to conduct their actual analysis. You might insist that hourly status calls occur, but understand that a 15-minute phone call every hour can actually rob and interrupt you of 25 percent of your productivity in conducting actual forensics work. Do not be afraid to push back and give yourself time to gather and report accurate information. After all, your responsibility is to enable informed executive decisions at this point.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.