Hackers, fraud, and cybercrime continue to cause major problems for businesses and their IT departments. When experiencing a malicious data breach, it is incumbent upon the enterprise to execute its response plan. Organizations without a data breach response plan are at risk of failing to comply with legislation, suffering repeated breaches, losing revenue or staff productivity, and gaining unwanted publicity.
This research note discusses the strategy behind crafting a data breach response plan. Best practices and procedures covered by this note include:
- Business drivers behind the necessity of data breach response.
- Options available for computer forensics software.
- Freezing production data and hardware for investigation purposes.
- Dealing and liaising with authorities and law enforcement.
To investigate the cause of a data breach, use a defined process for effective response planning and include computer forensic data collection techniques.