Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Security and Privacy Mate During Incident Response

I recently got off the road from two weeks of travel. The first week I was in sunny San Francisco for the annual RSA Security conference, a massive gathering of security wonks and sales people in a maelstrom of light and sound. The second week I was in rainy Washington DC for the far more manageable summit of the International Association of Privacy Professionals (IAPP). The scale of these two conferences is vastly different, but the content is edging closer each year.

I recently got off the road from two weeks of travel. The first week I was in sunny San Francisco for the annual RSA Security conference, a massive gathering of security wonks and sales people in a maelstrom of light and sound. The second week I was in rainy Washington DC for the far more manageable summit of the International Association of Privacy Professionals (IAPP). The scale of these two conferences is vastly different, but the content is edging closer each year. RSA is a security conference with a privacy track and IAPP is a privacy conference with a security track. But my biggest take away from the RSA conference was the shift from prevention and detection to response.

Don’t get me wrong. Good defenses and robust detection are still critical. No reason to drain the moat, unlock the gates and fire the lookouts. But the hoard making it over the wall every now and then is inevitable. That’s what folks I spoke with at RSA were saying. Breaches happen. Then the question becomes what you do about it. And that’s where incident response comes in.

Security and Privacy in Incident Response

Incident response comes after that “oh shoot” moment when you realize something is missing, your family jewels are up on some random website, or you get a call from a chap willing to trade your million dollars for your own information. Sophisticated companies have incident response teams that are incident type specific. Some of these sophisticated companies even have incident response plans that are specific to each incident type. But truth be told, most companies aren’t that sophisticated. For many, an incident response plan is contained within a binder that mostly serves to gather dust on the shelf. Inside may be a list of team members, or the name of someone who owns the Chief Privacy Officer title along with their day job at the company. Perhaps this plan will undergo a yearly review before once again being shelved.

Also, typically, management of incidents is done on spreadsheets, email, conference calls, and maybe a support ticketing system. Perhaps this may have worked in simpler times. However, folks are learning that there are tools that organize incident response better. Breaches are becoming increasingly more common and severe and the regulatory atmosphere is becoming increasingly restrictive. Firms need to develop and practice a more consistent, repeatable approach or face suffocation by regulations.

Privacy is baked into more sophisticated tools and processes for incident response. If it wasn’t, the privacy breach would often times go undetected because many privacy incidents start as security incidents. That’s why any security incident response plan needs to have a privacy track included. Ideally, this plan should be practiced quarterly—making sure to run different scenarios to see that all parts of the plan are working well with each other.

Mating privacy and security during an incident shouldn’t be as hard as it seems to be for many people. Your written or electronic process needs to have a stage at which you ask whether personal information or personal health information is involved in the incident. If it is, what is the nature of that information, was it encrypted and what harm could result from its disclosure? If the answers to these questions lead to a triggering of state or federal breach notification laws, then a privacy incident can be run in parallel with the security incident. However, while asking questions as to the nature of the data at risk is a simple one, the answer is like opening a wall in an old house. What you tend to find is a new set of problems and a host of components that while operational, no longer are in compliance with the current code, or in this case business policies – be they internal or regulatory. This requires new team members to hop onto what is already a speeding locomotive.

Back to my travel schedule. Being a seasoned business traveler, I am prepared with schedules, contact information, plans and backup plans – and am well versed in the mechanics of the roads and airports I will traverse. Even with a heavy schedule and two snowstorms snarling a couple of legs of my trip, in total I have had two relatively smooth and incredibly productive weeks. What’s my point? Think of your incident response like a business trip. Sometimes you can see it coming, sometimes it’s a spot trip, but regardless you travel the roads and airways and navigate meetings all the time. And for those you don’t, you make an extra effort to understand them in advance – be it by use of tools like GPS or the Internet to research a meeting contact.

Just like travel, incident response is a business responsibility. You need to understand in advance, and practice, your plans, your responsibilities, your points of engagement and the tools you have at your disposal, to meet your ultimate goals in the most effective way.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...