Browse Definitions :
Definition

data breach response plan

A data breach response plan is a course of action intended to reduce the risk of unauthorized data access and to mitigate the damage caused if a breach does occur.

Here are 10 crucial steps of data breach response planning:

  1. Use resources such as business impact analysis (BIA) and disaster recover (DR) methods to identify your organization’s most sensitive data and implement actions to protect data based on the severity of the impact a breach would have.
  2. Perform a high-level risk assessment of your IT environment and identify vulnerable areas.
  3. Implement measures to reduce the likelihood of breaches caused by human error.
  4. Address security on multiple levels: Educate employees on social engineering tactics; ensure that data is encrypted. Make sure that processes involved are as streamlined and automatic as possible to maximize compliance.
  5. Learn the specifics of current federal and state data breach legislation.
  6. Ensure that the breach response team has authorization to take necessary steps immediately when a breach occurs so that crucial time isn’t lost obtaining permission for action.
  7. Test your response plan frequently and address any weak areas as soon as they are discovered.
  8. Find contact information for forensic companies, law enforcement agencies and legal and public relations firms that you will deal with in the event of a breach and establish relationships now.
  9. Provide training for responders on, for example, evidence collection. Ensure that any required certifications are in place.
  10. Create a plan for how a breach will be disclosed so that the news will be communicated swiftly, transparently and effectively. Include your solution to the problem and a way for those affected to contact you. 

 

This was last updated in July 2012

Continue Reading About data breach response plan

SearchCompliance
  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • risk avoidance

    Risk avoidance is the elimination of hazards, activities and exposures that can negatively affect an organization and its assets.

  • risk profile

    A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces.

SearchSecurity
SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • cloud archive

    A cloud archive is storage as a service for long-term data retention.

  • cache

    A cache -- pronounced CASH -- is hardware or software that is used to store something, usually data, temporarily in a computing ...

  • archive

    An archive is a collection of data moved to a repository for long-term retention, to keep separate for compliance reasons or for ...

Close