Data Breach Response Plan

00:00

Welcome back to student data privacy fundamentals. This lesson covers data breach response plan.

00:07

In this video, you will learn objectives for the data breach response plan or D b R P.

00:12

Planning assumptions when creating a d b r P. How to organize your DB RPI team process for activating a D v R P Suggestions for notifying necessary parties of D B R P activation. How to best implement a D. V. R P and how to handle deactivation and evaluation of a d p r p.

00:32

The purpose of the data breach response plan is to enable the district to respond effectively and efficiently toe an actual or suspected data breach involving personally identifiable information, confidential or protected information district, identifiable information and other significant cybersecurity incidents.

00:51

The objectives of the DBR p R To convene the Incident Response Team or I R T is necessary

00:57

validating. Contain the data security breach. Analyzed the breach to determine scoping composition,

01:03

minimize impact to the staff and students after a breach has occurred.

01:07

Notification of data owners, legal counsel, state or federal agencies and law enforcement as deemed necessary.

01:15

The following planning assumptions were used in the development of the d P R P. Read through these and adjust for your organization.

01:26

The district will point the following people to the d. P R P i. R T.

01:30

Director of technology,

01:32

network administrator, network engineer and various database system administrators

01:38

in the event that D B R P is activated. Overall management of the responses delegated to this team.

01:45

Their primary responsibilities include determining the impact of the data breach, communicating the impactor loss and updates of progress to the district superintendent and other district leadership.

01:57

Communicative stakeholders were appropriate

02:00

oversight of the DBR P implementation and data breach resolution

02:05

allocation and management of technology staff during the event

02:08

work with vendors, third party providers etcetera.

02:15

Quiz time What differences are you seeing in the data breach response plan versus the technology disaster recovery plan that was discussed in the previous lesson

02:23

positivity, or to think about the differences

02:29

ready to discuss? The main difference would be that a data breach response plan is when data has been accessed by an unauthorized party, possibly with malicious intent, and that could be much more disastrous.

02:43

The Technology Disaster recovery plan is used when the technology fails due to critical failure of systems or tornado fire etcetera. And while still disastrous, it can usually be overcome without loss or major risk to user data.

02:58

The D B R P will be activated in the event of the following. A data breach has occurred and effects the district itself.

03:05

P II has been compromised. Personal health or financial information has been compromised,

03:12

Confidential or sensitive data has been compromised or the network has been hacked or intruded.

03:19

The Information Security officer I so will act as the Incident Response Manager or I R M.

03:25

If the ice it was not able to act as the ire. M, a member of the superintendent's leadership team, will assume the role of Iram with assistance from the Incident Response team.

03:35

The breach response of reporting process should be documented according to district board policy, state and federal requirements.

03:42

The isil and director of technology, if not one in the same will work with the communications or PR director to dispense and coordinate notification for public message.

03:52

The following groups will be notified in the event the plane has been activated.

03:55

Superintendent Superintendents, leadership team, technology staff, district employees, parents and students, then vendors.

04:04

Information will be disseminated to those groups through whichever means of communication deemed appropriate.

04:11

Email, social media, radio or television, first class mail or phone.

04:15

The DB RPI team will work with district leadership on which information will be conveyed to each group. The timing of that communication and what means

04:25

the DB RPI team has the following processes in place to contain the data breach in the least amount of time possible

04:31

that inventory of all systems containing sensitive data with a hard copy and a copy in the Cloud

04:38

Data Dictionary of All District hosted information systems

04:42

um, ain't had maintained spreadsheet of all server names, as well as a spreadsheet, herbal system administrator accounts, passwords and vendor contact information. With hard copies at the technology office and electronic copies in the cloud,

04:57

the members of the I. R T will be assembled once a data breach has been validated. Theory RT will be composed of the director of technology network engineer in various database administrators.

05:08

Additional members of the District Administrative Team and Technology Department may be designated to assist on the i. R T. Depending upon the scope of the breach,

05:18

the I R T will determine the status of the breach, Whether it's ongoing, active or post breach

05:24

for an active are ongoing breach, the I R T will initiate appropriate measures to prevent further data loss, and these measures include but are not limited to securing and blocking unauthorized access to systems or data tempers airing any and all evidence for investigation.

05:40

The I R T will work with the data managers and data owners to determine the scope and composition of the breach. Secure sensitive data, mitigate the damage that may arise from the breach and determine the root cause of the breach. To devise mitigating strategies and prevent further occurrences,

05:55

the Incident Response manager will work with legal counsel and the Super Intends Leadership team to determine appropriate course of action pursuant to state statue

06:05

collaboration between authorities and the I. R T will take place with the I R M.

06:11

The I R T will work the proper authorities to make sure any and all evidence is properly handled and preserved on advice from legal counsel. An outside party may be hired to conduct the forensic investigation of the breach,

06:24

and when the investigation has concluded, all evidence will be safely stored, recorded or destroyed.

06:30

All affected data machines and devices will be identified and removed from the network as deemed appropriate for the investigation.

06:39

Interviews will be conducted with key personnel, and facts of the incident will be documented and the evidence preserved for later examination.

06:46

The I R T will work with the communications or PR director to outline the notification of the data owners and those affected

06:53

communication will be sent how as director by legal counsel and advised by the District Communication team,

06:58

the types of communication may include but are not limited to. Email, text,

07:02

postal mail, substitute, noticed and or phone call.

07:06

The I R M in conjunction with I RT. Legal counsel in the Superintendent's leadership team will determine if notification of effective individuals is necessary. Once the determination is made to notify affected individuals, a letter will be written in accordance with all federal and state statutes per board policy.

07:26

If it is determined that identity theft or other fraud is not reasonably likely to occur as a result of the breach, such a determination shall be documented in writing and will be maintained for five years.

07:39

The DB RPI team will deactivate the plan once the data breach has been fully contained.

07:44

Once the breach has been mitigated, an internal evaluation of D B R P response will be conducted.

07:49

The I R T and Connect Junction with the I. R M and others that were involved will review the breach and all mitigation steps to determine the probable causes and minimize the risk of a future occurrence.

08:01

Feedback from the responders and affected into teas will be incorporated into an after action report and corrective action plan.

08:09

The result will be an update to the D. V, R P and other emergency response plans as appropriate.

08:15

Information security training programs will be modified to include countermeasures to mitigate and remediate previous breaches so that past breaches do not recur.

08:24

The reports. An incident review will be filed with all evidence of the breach and may prompt revision to applicability school board policies.

08:33

In today's video, we discussed the objectives of a DB RP planning assumptions when creating a D b R P specific to your district.

08:41

Who to assign to your DB

08:43

Data Breach Incident Response team what their responsibilities would be

08:48

process for activating a d b R P, including what events constitute a data breach

08:54

suggestions for notifying stakeholders of D B R P activation, including who to notify and in what order,

09:00

implementation best practices for a d, b R P.

09:03

How to deactivate the DBR P when recovery is achieved. And suggestions for evaluating and revising D'Vera P for better preparation in the future.