‘Don’t Say Breach in an Email’: Tips for Security Incident Response Plans

Minneapolis-area attorney Brad Hammer recalled an instance where a client’s chief information security officer (CISO) emailed him and the privacy officer, and said, “We’ve had a breach incident; we need to get on the phone.”

Eh, not the best way to start off responding to a security incident or breach, he said.

“First, don’t say breach in an email,” said Hammer, a privacy and security expert and founder of the Vakaris Group. In this case the CISO was “brand-new,” hired perhaps only two weeks prior, and she had a brand-new second-in-command.

“The first question that the privacy officer and I asked is, ‘Are you deploying the incident response plan?’ And they said, ‘We have an incident response plan?’”

Hammer was stunned by this response and told the privacy officer later that it was “concerning on so many levels, because, one, you would think that would be something that they would discuss in transition” because the old CISO was still around. “It wasn’t as if [the previous CISO] had left in shame. Arguably there should have been some meetings there where they talked about handing things over.”

Secondly, “I have concerns about the new CISO that [she] never asked if there was an incident response plan, especially as an incident was occurring. Maybe she hadn’t had a chance to dust it off yet, but she and the second-in-command were acting on any number of items” following a possible breach without the benefit of reviewing the incident response plan, Hammer said.

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field