Data Breach Incident Response Project
Has your data breach incident response plan been reviewed and updated?
What to do?
Consider the following:
When was the most recent data breach training at the organisation involving executives, Board members, and other key individuals listed in the breach response plan?
Are all roles and responsibilities during a data breach clearly specified and up to date?
Is there clear escalation procedures and established arrangements to involve internal or external incident response specialists in place?
Does the organisation's data breach response plan have sufficient detail and guidance to address deliberate and accidental data breach incidents? Does it also cover internal and external originating threats?
Are there protocols in place to capture and analyse logs and other records from critical systems in the event of a suspected breach?
Does the entity's response plan provide sufficient guidance on how to approach internal and external communications, particularly with media and customers?