Beyond containment, eradication and recovery – What’s next when you’re the victim of a breach

This has been a tough month for the industry in terms of data breaches. The most significant incident was the Capital One breach, in which over 100 million consumers were affected. Most businesses have a plan to contain the damage, eradicate the malware and recover the business to a normal state after a breach occurs. However, a critical step is often missed as the business continues to deal with fallout and other issues related to the breach.

Learning and improving is a critical, but often neglected phase of incident response. At the very least, every business should hold and document a “lessons learned” meeting with representatives of all parties involved with or affected by a breach incident. It’s not uncommon to find response teams that are so happy to have production running again, that they rest on their laurels and skip this step.

This is all about continuous improvement. In the 80s, a tool was developed which is still in use today; it is commonly called the Plan-Do-Check-Act (PDCA) cycle. The key here is that every time you use the plan, you should identify the strengths and weaknesses and make changes as necessary.


continue reading »