2.5 Security Incident Policy

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
2 hours 23 minutes
Difficulty
Beginner
CEU/CPE
3
Video Transcription
00:01
Hello and welcome to this I t Security Policy Training from Cyber Eri.
00:05
This is Porter module to the Security Incident Policy with myself. Troy Lemaire
00:11
The learning objective for this is going to be about confirming an incident,
00:15
the incident response team and ownership and responsibilities.
00:24
Looking at this data breach response policy, it was created by sand. So it's another template that you can use to modify as needed
00:32
and the purpose of the policy.
00:34
It's established goals and vision for the breach response process
00:38
in a clear to find who applies it under what circumstances include the definition of a breach, staff roles and responsibilities
00:45
till the
00:47
organizations information security, intention for publishing a data breach response to focus significant attention on data security and data security breach and how the organization's established culture open distrust integrity should respond to such activities.
01:00
Is committed to protecting the employees, partners and the company from illegal or damaging action about individuals either knowingly or unknowingly.
01:11
Looking at the background. The policy mandates that any individual who suspects that a theft breach our exposure of protected data has occurred must immediately provide a description of what occurred. The email to and in this case you have the help desk, e mail and a phone number,
01:26
and you would want up update this information with the information that is relevant to your organization.
01:34
At that point, it says, the team will investigate all reported theft state reaching exposure to confirm if it has actually occurred.
01:40
If it has occurred, the Iast Security Administration will follow the appropriate procedures in place
01:47
with the scope of this policy applies to all who collect access, maintain information. Basically, anybody within an organization that is handling any type of P I or personal identifiable information r P h I personal health information.
02:06
Hey, so now that we're coming to actually the
02:10
verification of a breaches happen. Okay, Assumes the theft
02:15
has happened
02:15
has identified process removing all access that resource for began. The executive director will chair an incident response team to handle the breach
02:23
team will consist of these members. So again, this would be something that you would update for your organization to match with your
02:30
managers, directors, executives, whatever would be the highest level that you can have to put on this team.
02:38
If there is a confirmed theft, executive Derek will be notified of the theft
02:43
along with the designated forensic team and they were analyzed the breach exposure to determine the root cause.
02:50
Working with forensic investigators has provided by an organization Cyber Insurance, which if you don't have cyber security insurance,
02:55
I was highly, highly recommended. It will be what covers you and provide you with expertise that you need in the event of a breach.
03:04
But in this case, it says, then sure will need to provide access forensic investigators and experts that will determine how the breach occurred, the type of they'd involved. A number of individuals and systems that were impacted and then analyzed the breach and exposure. Determine the root cause.
03:21
Develop communication plan. Work with communications team, legal team and human resource is designed how to communicate the breach.
03:29
Now get in tow ownership in responsibilities So
03:31
your sponsors are the members of the community that our primary responsibility for maintaining any type of information resource
03:39
it could be designated by the executive in connection with the administration Respond responsibilities.
03:46
Information Security Administrator is that member of the organization,
03:50
UM provides administrative support for the implementation. Oversight of coordination of security procedures
03:55
usually include virtually all members of the organization
03:59
and the Incident Response Team shall be chaired by an executive management John Clue Bo not be limited to the following departments,
04:05
and this again is someplace that you would modify. What are the departments that you would want to be involved with this incident response team?
04:15
Any personal found in violation policy may be subject to disciplinary actions up to including termination of employment
04:20
in the third party partner company. Found violation may have their network connection terminated,
04:26
but these are the things that you want to put inside of your incident response plan.
04:33
So in summary in today's lecture, we discussed confirmed incident,
04:39
the Incident Response team and then ownership and responsibilities.
04:45
The Security and
04:46
incident policy. Recap Question. Who should you work with? Want to breach has occurred,
04:51
and that would be your insurance carrier and or your forensic investigators.
04:57
Next policy Recap Question. Who should chair the incident response team,
05:02
and this would be a member of executive management or as highs up as you could get within the organization to where it has the
05:11
leadership advisory
05:14
able to be able to look at the incident and be aware of it
05:18
looking far. Next lecture. We're going to cover another general policy. The disaster recovery policy.
05:25
If you have any questions for clarification about this policy or any of the training on cyber Harry, you can reach me on cyber. A message. My user name is that Troy Lemaire and thank you for attending this training on Cyber Eri.
Up Next