This month, the Department of Justice issued a fairly comprehensive set of pre and post cyber security incident recommendations. For all you total geeks, you can get the whole thing here. For those of you preoccupied with, well, other news, here’s some highlights.
Pre-incident, the DOJ recommends having a breach response plan. We’ve all heard this repeatedly at this point, and many companies and firms still do not have actionable response plans. Some of the important components of these plans highlighted by the DOJ include: (1) identifying your most vital resources and prioritizing their protection; (2) having a clear internal and external reporting structure that focuses on containing the incident, mitigating its effects and preserving information to later understand the scope and source of the incident; (3) identifying and establishing relationships with applicable law enforcement authorities and regulators who have jurisdiction in your industry or jurisdiction; and (4) finally hammering out appropriate policies and procedures for the use of and access to key information assets, as well as investing in appropriate technical protections.
Post incident, DOJ basically recommends – wait for it – following the plan you established pre-incident.