How to Audit Your Incident Response Plan
Download as PPTX, PDF3 likes4,341 views
The document outlines an incident response plan audit agenda, highlighting its importance for organizations in managing data breaches and ensuring compliance. It discusses key components of an effective plan, necessary checklist items for audit, and strategies for improving incident response readiness. The necessity of regular updates in response to new legislation, organizational changes, and third-party assessments is also emphasized.
More Related Content
Similar to How to Audit Your Incident Response Plan (20)
How to Audit Your Incident Response Plan
- 1. How To Audit Your Incident Response Plan
- 2. Agenda • Introductions • Incident Response Plans • Audit Checklist • Q&A Page 2
- 3. Introductions: Today‟s Speakers • Ted Julian - Chief Marketing Officer, Co3 • Security / Compliance entrepreneur • Security industry analyst • Michael Bruemmer – Vice President, Experian® Data Breach Resolution • CIPP/US, CHC • IAPP Certification Advisory Board Page 3
- 4. Co3 Automates Breach Management PREPARE ASSESS Improve Organizational Quantify Potential Readiness Impact, Support Privacy • Assign response team Impact Assessments • Describe environment • Track events • Simulate events and incidents • Scope regulatory requirements • Focus on organizational gaps • See $ exposure • Send notice to team • Generate Impact Assessments REPORT MANAGE Document Results and Easily Generate Detailed Track Performance Incident Response Plans • Document incident results • Escalate to complete IR plan • Track historical performance • Oversee the complete plan • Demonstrate organizational • Assign tasks: who/what/when preparedness • Notify regulators and clients • Generate audit/compliance reports • Monitor progress to completion Page 4
- 5. Experian® Data Breach Resolution Pre-Breach Risk Forensics Assessment Breach Response & Fraud Resolution • Inventory of • Preservation of Systems evidence • Incident Management • Threat and • Reconstruction of vulnerability data sources • Notification assessment • Forensic analysis • Call Center of preserved or • Evolution of Support reconstructed controls data sources • Identity Theft • Risk Ranking • Searches for Protection suspected kinds • Fraud Resolution • Communicating of PII and Monitoring • Aggregation of • Reporting identified PII Page 5
- 6. Incident Response Plan • Crucial to have in place • Streamlines the process • What to Include: • The Team and Responsibilities • Testing / Fire drills • Third Party Support • Outside counsel • Compliance • Forensics • Data Breach Resolution Vendor Page 6
- 7. Why Auditing Your IR Plan Is A Must • Ensures you have accurate, up-to-date information • Allows the process to be refined • Identifies errors in advance • Ensures everything in order before a breach occurs • Doesn‟t cut into crucial response time post-breach Page 7
- 8. 7 Checklist Items To Keep In Mind • Update your internal contact list • Verify that your plan is comprehensive • Double check your vendor contracts • Review notification guidelines(State and Federal) • Check up on third parties that have access to your data • Evaluate IT security • Review staff security awareness Page 8
- 9. Update Your Contact List • Make sure the contact info for each member is up-to-date • Internal • External • Note department heads • People are 100% committed during a breach • Re-distribute list once updated Page 9
- 10. Verify That Your Plan Is Comprehensive • Plan Revisions • Major company changes • New departments • Data management policy adjustments • Ensure Departments Know Their Roles • Fire Drillls / Rehearsals Page 10
- 11. Double Check Your Vendor Contracts • Forensics Team • Attorneys • Data Breach Resolution Provider • Law Enforcement • Current / Accessible • Ensure They Still Match Your Needs Page 11
- 12. Review Notification Guidelines • Ensure your plan reflects the latest state legislation • Notification letter templates address new laws • Update contact list • State AGs • Government Agencies • Media • Healthcare Providers: DHHS and OCR contacts • Response team should understand reporting procedures Page 12
- 13. Check On 3rd Parties With Access To Your Data • Are they following your protection rules? • Educate them on any new relevant legislation • Stress the importance of immediate notification • Go over the resolution process • Healthcare companies: HIPAA requirements • Establish Business Associate Agreements (BAAs) Page 13
- 14. Evaluate IT Security • Re-evaluate where sensitive / regulated data is stored • Ensure proper access controls are in place • Check that software and system updates are installed • Verify that monitoring / reporting systems are working and up-to-date • Ensure back-ups are securely stored Page 14
- 15. Review Staff Security Awareness • Are Initial Background Checks valid? Random updates? • Regular employee Security Awareness Training • Practice and audit proper information disposal(hard & soft) • Train staff to identify cyber threats • Require password changes every three months • Physical security for all devices Page 15
- 16. POLL
- 17. How Often You Should Audit? • HCCA recommends regular monitoring where PHI handled • Monitoring is part of any risk assessment plan • Audit when objective results needed and integrity is critical • Independent (outside) audits provide the best perspective • OIG - „annual audit to minimize risk‟ Page 17
- 18. POLL
- 19. When Should You Update Your Response Plan? • When new legislation passes (state, federal, and industry regulators) • When response team members leave the company • When new vendors join the process • When new security procedures are implemented Page 19
- 20. QUESTIONS
- 21. “Co3 Systems makes the process of planning for a nightmare scenario as painless as possible, making it an Editors‟ Choice.” PC MAGAZINE, EDITOR’S CHOICE One Alewife Center, Suite 450 “Co3…defines what software packages Cambridge, MA 02140 for privacy look like.” PHONE 617.206.3900 GARTNER WWW.CO3SYS.COM “Platform is comprehensive, user friendly, and very well designed.” PONEMON INSTITUTE Michael Bruemmer, Vice President, Experian® Data Breach Resolution [email protected] www.Experian.com/DataBreach Blog: www.Experian.com/DBBlog