The GAO in Congressional testimony made the recommendations
A report of the testimony is available from the GAO Web Site. For some interesting statistics from this report refer to GAO Statistics on Cyber Security.
Key Management Practices
- Establish a data breach response team;
rely on IT security staff for technical remediation;
identify an extended team that includes the information owner, the CIO,
the CISO, the privacy officer, public affairs, and legal counsel among others.
- Train employees on their role;
train of employees with access to sensitive data on their responsibilities;
train the response team on their role in the incident response plan.
Key Operational Practices
- Submit reports to appropriate entities;
prepare and submit reports for internal use, to the US-CERT within 1 hour of discovery,
and to other external entities as appropriate.
- Assess the impact both in breadth and in depth;
identify the nature of the data, the number of individuals, the likely potential for harm,
and the possibilities for mitigation; this assessment determines incident actions and reports.
- Offer affected individuals assistance;
as appropriate and as required, help mitigate the individual’s risk
through credit monitoring for example.
- Analyze the breach response; identify lessons learned.
With this information the response team makes informed decisions on what resources to apply and what actions to take. Refer to our Response Management Framework for added insight.
Let us help you with a response plan review that considers your information security risk assessment.