Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

7 things to do when your business is hacked

Tim Greene | June 23, 2015
The first thing an IT security executive should do after the corporate network has been breached is fall back on the incident response plan that was put in place well before attackers got through the carefully constructed defenses.

Also messages should be tailored for individual recipients. Information about the breach that is told to the board should be tailored to answering the question, "How and how soon can business get back to normal?" he says.

Within a week of cleaning up a breach, the team should reassemble and discuss its actions, what went right, what went wrong and how to be better prepared the next time.

The positives should be highlighted and adopted as sound procedures for future use. Negatives should be noted and fixed. If they were part of the incident response plan, the plan should be updated.

These sessions should also include others who weren't involved directly in the response but who may offer informed perspectives that team members might miss. For example, those managers who supervise team members when they're not responding to an incident can be a good addition, Woolwine says. They have likely heard a version of the experience and may have helpful thoughts. Also including them may make them more receptive to freeing up team members the next time there's an incident.


Previous Page  1  2  3 

Sign up for MIS Asia eNewsletters.