This month, the Department of Justice issued a fairly comprehensive set of pre and post cyber security incident recommendations. For all you total geeks, you can get the whole thing here. For those of you preoccupied with, well, other news, here’s some highlights.
Pre-incident, the DOJ recommends having a breach response plan. We’ve all heard this repeatedly at this point, and many companies and firms still do not have actionable response plans. Some of the important components of these plans highlighted by the DOJ include: (1) identifying your most vital resources and prioritizing their protection; (2) having a clear internal and external reporting structure that focuses on containing the incident, mitigating its effects and preserving information to later understand the scope and source of the incident; (3) identifying and establishing relationships with applicable law enforcement authorities and regulators who have jurisdiction in your industry or jurisdiction; and (4) finally hammering out appropriate policies and procedures for the use of and access to key information assets, as well as investing in appropriate technical protections.
Post incident, DOJ basically recommends – wait for it – following the plan you established pre-incident.
While there isn’t exactly earth-shattering news here, the notion that preparation and execution of a pre-existing response plan is among the most, if not the most, important component of cyber security today is no longer debatable. While cyber insurance was interestingly not highlighted in the DOJ’s publication, most underwriters and adjusters at this point would likely agree that breach response time is a primary driver of breach cost. Having an understood, disseminated and (if you are really on top of your you know what) rehearsed breach response plan is vital to containing an incident and mitigating its consequences.
Now, turn your TV back on. I hear there is a big vote of some sort coming up…