Back to Basics: Planning for a Breach Edition

Summary

This presentation discusses the two core requirements of breach management: controlled and uncontrolled. It argues that the current Cyber Security Incident Response Plan (CSIRP) is often ineffective due to these unmet requirements, and proposes that identifying key individuals by name in contracts or law is crucial for notification and establishing responsible parties.

IFF Assessment

FRIEND

The article focuses on improving breach management and incident response planning, which are essential for defenders to mitigate the impact of security incidents.

Defender Context

Defenders should focus on developing robust and practical incident response plans that clearly define roles and responsibilities for both controlled and uncontrolled aspects of a breach. Proactive identification of key personnel and their notification obligations is vital for effective incident management.

Read Full Story →