How To

Avoiding a Meltdown: The Management Incident Response Team

How your company handles a data breach can make the difference between survival and extinction.

By James Christiansen

August 01, 2006CSO

Over the past year we have seen many examples of breach notifications ranging up to millions of victims. Looking further into the business impact of the post-breach process we can quickly see that how the organization reacts to a security breach can make the difference between a minor financial impact and a complete corporate meltdown. "A firm's failure to communicate effectively after an emergency strikes can be more destructive than the emergency itself," writes Richard Bierck in Harvard Management Communication Letter.

The real costs in any security breach are the long-term financial impact of lost customers and potential negligence lawsuits—not the immediate remediation costs. Well after the event, you will still experience a productivity reduction due to increased oversight and audits by regulators, clients and business partners. (Recently, one such court-enforced penalty was biennial reviews over a 20-year period.) Whether that additional scrutiny shows an effectively managed organization deserving of the continued trust of your stakeholders is entirely in the hands of top management in the moments following a major emergency. Clearly, establishing good security measures and controls is the first priority. However, in the era of rapidly evolving cyberthreats, even a well-defended organization may suffer a breach at some point. Given that reality, your public reaction to any incident should be meticulously planned in advance.

Establishing a management incident response team (MIRT) is the key. The MIRT is sometimes called the crisis response team. This is very different from the commonly understood cyber incident response team (CIRT). The CIRT is focused on answering such questions as What happened? How did it happen? What damage has been done? And how do we prevent it from happening again? The primary task of the MIRT, on the other hand, is to take the information from the CIRT and begin the process of managing the event from the perspective of the critical stakeholder groups you depend on.

The MIRT is a cross-functional team consisting of the CISO/CSO, chief privacy officer, general counsel, chief compliance officer, business line presidents and public relations (or functional equivalents). The MIRT must first ensure that accurate and complete data is gathered concerning the incident and continue to get reports from the CIRT about necessary remediation. But the MIRT's primary role involves communicating to its stakeholders in a highly targeted manner. The team will determine the appropriate parties that must be notified both under the law and consistent with corporate values, as many organizations will decide to go beyond the legal or contractual requirements to protect the clients and consumers. The ultimate goal of all crisis communication is essentially to uphold long-standing relationships and assure key stakeholder groups that your company understands how the breach impacts them and what you intend to do about it.

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Solving Online Credit Fraud Using Device Reputation

Efficient - Flexible - Compliant

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Envision Identity-Based Access Control for the Datacenter

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Enabling Compliance with Converged Mainframe Security and Storage

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Understanding Data Location is Imperative for Data Loss Prevention

5 Steps to Secure Outsourced Application Development

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

Welcome to the age of Service-Oriented Security (SOS)

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

Secure your virtual and physical environments with the same software

Any company can promise identity protection. Only Debix can prove it

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

How Are Open Source Development Communities Embracing Security Best Practices?

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Get in Compliance With Government Data Regulations

Taking the Botnet Threat Seriously