In incidence policy, there is needed to come up with a way to solve a data breach sincethis could affect various types of data. Data breaches occur very often in a company and there isneed to establish regulatory requirements in an incident security policy. In case of a data breachthe following steps need to be followed.one triage and this determines the extend of a databreach. Data analysis in order to avoid misdiagnosis of the data breach, internal communicationis also very key then the company should resolve the problem and try to recover from theincident.in case of a data breach. Some laws that have been put in place could undergo violationin case of a data breach. Some of the laws could include the PCI compliance and the HIPAA thatprotect private information that is required to be kept private. There is need to establish a generaldata protection regulation that will be involved in dealing with the data breaches. Mitchell D.(2016)The types of data stolen include the business data, the medical or health care data that canbe found in the hospitals, the government or the military data whereby the data to federalemployees is accessed to. Banking data gotten from accountancy firms and also educational data
RESEARCH PAPER 4are the most common types of data that are stolen. IGP C & CIPP C. (2016).It is important toreport any data breach in an organization.Immediate Action Items:Collect applicable privacy, information security, incident response, communications andother relevant policies and procedures.Review any applicable incident response plans and determine requirements of thoseplans.Designate coordinator and team for incident response, e.g., Privacy Officer, CIO/IT, HR,legal, security, communications, internal audit/investigation, compliance, customerrelations, office of the CEO, etc.Inventory missing items and data.Interview relevant employees, vendors and others involved in the breach.Determine what physical security measures were in place and how such measures werecircumvented.Check security measures, including cameras, logs, access codes, elevator and garagerecords, telephone records, etc.Determine whether network access was compromised and ensure that loss of data doesnot allow future network intrusion.Determine whether the data were password protected and whether any encryption was inplace.Consider whether any global or local password changes are necessary or appropriate, andeffectuate necessary changes immediately.
RESEARCH PAPER 5Determine whether any third-party providers, agents, vendors, or consultants may beinvolved Draw on or develop relationships with forensic consultants, outside counsel, publicrelations advisors, credit monitoring services, website managers, etc.
You've reached the end of your free preview.
Want to read all 12 pages?