Data Breach Incident Response Plan: University of Hertfordshire

Verified

Added on 2023/04/21

AI Summary

Incident Response Plan for
Data Breach Incident
Name of the Student
Name of the University

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Background
 The Department of Computer Science at the University
of Hertfordshire faces a data breach incident.
 The breach of data is focused at stealing critical data
assets.
 The data breach involves the loss of vital data of the
industry.

Data Breach Management
 The department should prepare their strategies in advance
for dealing with the incident.
 A co-ordinated, strategic and multi-disciplinary approach
should be implemented (Soomro, Shah and Ahmed 2016).
 This ensures an efficient, effective and customer-focused
incident response plan.

Data Breach Targets
 Personal Identifiable Information
 Intellectual Property of the organisation
 Competitive Information
 Legal Information
 IT Security Data
 Financial Information

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Data Breach Threats
 Internal data of the organisation would be put at stake.
 External mail accounts and cloud backed-up data would
be hacked primarily.
 Internal employees could leak sensitive data
 Malicious websites could be used for installation of
malware on employee computers.

Data Breach Consequences
 The data breach leaves a tremendous bad reputation for
the organisation.
 The pre-planned financial information would be put at
stake (Peters 2014).
 Educational strategies and pre-planned discussions
would be widely revealed.

Importance of Incident Response
Plan
 The plan would determine the scope and nature of the
incident.
 It would identify the type of information and the
affected systems.
 This plan would review the preliminary details needed
for the progress of investigation.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Details of Incident Response Service
(Fig 1: The Entire Incident Response Service)
(Source: Ruefle et al. 2014)

The Role of CISO
 A preliminary analysis based on assets and facts should be
evaluated.
 They would contact the head of the department and
conduct a thorough check on the affected systems
(Collette, Gentile and August 2016).
 Based on third party locations, there would be a need for
legal contract.

Preparing for the Data Breach
 Identification of the ways in which the breach had
happened.
 A detailed solutions should be forwarded to the security
team.
 Notifying the top officials within the department.
 Notifying of external agencies about the breach

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Build of Incident Response Team
The team Members involved within the incident response
team includes:
 Team of Executive Management
 Risk Management and Security
 Audit and Compliance
 Legacy and Privacy
 Public Relations

Hierarchy of Incident Response Team
(Fig 1: Hierarchy of the Entire Incident Response Team)
(Source: Ruefle et al. 2014)

Responses to the Data Breach
The following actions could be taken as a response to the data
breach incident. These include:
 Quick assessment and scaling of breach impact
 Seeking of legal advice and coordination of response
 Monitoring of activities on the Internet (Manworren, Letwat
and Daily 2016)
 Preservation of evidences and record of all actions
 Check on insurance policy and coverage of organisation

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Key Items for ensuring security
The following recommendations could be forwarded as
response to the data breach incident. These include:
 Putting forward of cyber security onto the agenda of the
discussion board
 Ensuring of proper mechanisms for tackling against the
breach (Tang et al. 2016)
 Audit over existing processes and security controls
 Ensuring backup of sensitive data

Strategies for turning data into actionable
analytics
Some strategies could be followed for the effective use of
data and analytics. These include:
 Measuring the goals of the business solution
 Stakeholders should have a transparent view over the
entire objective
 Discovery of the context of data set
 Constructing an effective hypothesis

Strategies for turning data into actionable
analytics
A solid optimization plan should be constructed. The Six
Sigma concept could be applied in the situation.
Define – The hypothesis, problem and scope of analysis
should be defined.
Measure – Conduction of basic analysis and relevant data
Analyse – Patterns and correlation among data sets
Improvement – Display of several options and insights
Control – Monitoring KPIs and deploying (A/B) tests

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

References
Collette, R., Gentile, M. and August, T.D., 2016. The CISO Handbook: A Practical Guide
to Securing Your Company. Auerbach Publications.
Manworren, N., Letwat, J. and Daily, O., 2016. Why you should care about the Target data
breach. Business Horizons, 59(3), pp.257-266.
Peters, R.M., 2014. So you've been notified, now what: The problem with current data-
breach notification laws. Ariz. L. Rev., 56, p.1171.
Ruefle, R., Dorofee, A., Mundie, D., Householder, A.D., Murray, M. and Perl, S.J., 2014.
Computer security incident response team development and evolution. IEEE Security &
Privacy, 12(5), pp.16-26.
Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), pp.215-225.
Tang, J., Cui, Y., Li, Q., Ren, K., Liu, J. and Buyya, R., 2016. Ensuring security and
privacy preservation for cloud data services. ACM Computing Surveys (CSUR), 49(1),
p.13.