Do you know how to identify and respond to security incidents?
Check out the newest primer produced by the team of Opice Blum, Bruno and Vainzof Advogados Associados, which presents the 15 steps to be taken for the process to be successful. Also learn about the recommendations of the ANPD (National Data Protection Authority) and other regulatory bodies in relation to the notification of incidents. To facilitate consultation, all content is presented in a didactic and visual way.
Identifying an incident is not always simple and quick. It is not uncommon for events in which systems have been invaded and under threat for a few months, before their breach was effectively detected. Another very common situation is the company is informed by email (as a rule, the contact email available on the website or the email from the press office) by the fraudster about the incident.
According to research released by IBM, the average global time for incident identification and containment is about 280 days; looking only at Brazil, that number rises to 380 days.
Those responsible for Information Security organizations must have routines implemented and checked frequently (including analyzing the alerts issued by defense tools), so that it is possible to identify the incident internally, and not by third parties.
Once the incident is confirmed, it is necessary to understand its extent in greater detail, with multisectoral action for the appropriate response previously defined by the organization.
From the outset, we recommend that the team responsible for this work must, at a minimum, contain representatives from the Departments of Technology, Information Security, Legal and Public Relations and Communications, professionals who must be called upon to compose the “Crisis Committee”, with the execution of the necessary actions to respond efficiently to the incident.
To learn more and check out each of these actions, download the free primer entitled “How to identify and respond to security incidents”.
