Hello and welcome to this I t Security Policy Training from Cyber Eri.
This is Porter module to the Security Incident Policy with myself. Troy Lemaire
The learning objective for this is going to be about confirming an incident,
the incident response team and ownership and responsibilities.
Looking at this data breach response policy, it was created by sand. So it's another template that you can use to modify as needed
and the purpose of the policy.
It's established goals and vision for the breach response process
in a clear to find who applies it under what circumstances include the definition of a breach, staff roles and responsibilities
organizations information security, intention for publishing a data breach response to focus significant attention on data security and data security breach and how the organization's established culture open distrust integrity should respond to such activities.
Is committed to protecting the employees, partners and the company from illegal or damaging action about individuals either knowingly or unknowingly.
Looking at the background. The policy mandates that any individual who suspects that a theft breach our exposure of protected data has occurred must immediately provide a description of what occurred. The email to and in this case you have the help desk, e mail and a phone number,
and you would want up update this information with the information that is relevant to your organization.
At that point, it says, the team will investigate all reported theft state reaching exposure to confirm if it has actually occurred.
If it has occurred, the Iast Security Administration will follow the appropriate procedures in place
with the scope of this policy applies to all who collect access, maintain information. Basically, anybody within an organization that is handling any type of P I or personal identifiable information r P h I personal health information.
Hey, so now that we're coming to actually the
verification of a breaches happen. Okay, Assumes the theft
has identified process removing all access that resource for began. The executive director will chair an incident response team to handle the breach
team will consist of these members. So again, this would be something that you would update for your organization to match with your
managers, directors, executives, whatever would be the highest level that you can have to put on this team.
If there is a confirmed theft, executive Derek will be notified of the theft
along with the designated forensic team and they were analyzed the breach exposure to determine the root cause.
Working with forensic investigators has provided by an organization Cyber Insurance, which if you don't have cyber security insurance,
I was highly, highly recommended. It will be what covers you and provide you with expertise that you need in the event of a breach.
But in this case, it says, then sure will need to provide access forensic investigators and experts that will determine how the breach occurred, the type of they'd involved. A number of individuals and systems that were impacted and then analyzed the breach and exposure. Determine the root cause.
Develop communication plan. Work with communications team, legal team and human resource is designed how to communicate the breach.
Now get in tow ownership in responsibilities So
your sponsors are the members of the community that our primary responsibility for maintaining any type of information resource
it could be designated by the executive in connection with the administration Respond responsibilities.
Information Security Administrator is that member of the organization,
UM provides administrative support for the implementation. Oversight of coordination of security procedures
usually include virtually all members of the organization
and the Incident Response Team shall be chaired by an executive management John Clue Bo not be limited to the following departments,
and this again is someplace that you would modify. What are the departments that you would want to be involved with this incident response team?
Any personal found in violation policy may be subject to disciplinary actions up to including termination of employment
in the third party partner company. Found violation may have their network connection terminated,
but these are the things that you want to put inside of your incident response plan.
So in summary in today's lecture, we discussed confirmed incident,
the Incident Response team and then ownership and responsibilities.
incident policy. Recap Question. Who should you work with? Want to breach has occurred,
and that would be your insurance carrier and or your forensic investigators.
Next policy Recap Question. Who should chair the incident response team,
and this would be a member of executive management or as highs up as you could get within the organization to where it has the
able to be able to look at the incident and be aware of it
looking far. Next lecture. We're going to cover another general policy. The disaster recovery policy.
If you have any questions for clarification about this policy or any of the training on cyber Harry, you can reach me on cyber. A message. My user name is that Troy Lemaire and thank you for attending this training on Cyber Eri.