Coordinated Response
Services and tools for incident response management

Senior Executive Involvement in Data Breach Response

The Ponemon Institute conducted a survey of 495 senior executives both in the United States and the United Kingdom. The findings identify the importance of executive involvement in an effective data breach response.

Key Findings

The following ingredients really apply to any organization evaluating their data security posture, not just law firms.

  1. Poor communications, lack of leadership and lack of board oversight are barriers to effective incident response.
  2. Current incident response plans are more reactive than proactive.
  3. Executive level oversight is critical to minimizing financial loss and protecting reputation and brand.
  4. Understanding the risk and approving incident response plans should be on the board of directors’ agenda.
  5. Negligent and malicious insiders are considered the biggest security risk.

This strongly suggests that senior executives need to be involved in the development and review of your incident response plan.

In one recent engagement, we developed and exercised an organization’s incident response plan. Senior executives were directly involved including the COO, two vice presidents of key business units, the chief risk officer, the CIO, and deputy legal counsel. Our client gained from this effort and so did we.

Coordinated Response

Let us help your organization develop, improve, and test your incident response capabilities.

The full study, “The Importance of Executive Involvement in Data Breach Response, (May 2015) is available at this link:

http://www.ponemon.org/blog/the-importance-of-senior-executive-involvement-in-breach-response

Cyber Incident Response – Executive Awareness

Raising executive awareness on the importance of incident response planning should raise executive support. This is one in a series of references that serve as tools for engaging your executives and gaining their support.

The full collection of references is available at this link:

https://coordinatedresponse.com/topics/incident-response-plan/executive-awareness//

6 Key Ingredients to a Law Firm Data Security Plan

Jeff Norris, Senior Director of IT Security for Lexis/Nexis Managed Technology Services identified 6 Key Ingredients to a Law Firm Data Security Plan on the Lexis/Nexis Business of Law web site (May 2015). An incident response plan was one of those ingredients.

Data Security Key Ingredients

The following ingredients really apply to any organization evaluating their data security posture, not just law firms.

  1. Clear Policy and Training Plan.
  2. Accurate Inventory.
  3. Access Controls.
  4. Keep Software Updated.
  5. Review Liability Coverage.
  6. Plan for Incident Response.

The first 4 ingredients are about Protect – protecting your data. The last 2 ingredients are about Respond – responding to a cybersecurity incident. This is a clear recognition of the likelihood of an incident.

Coordinated Response

Let us help your organization develop, improve, and test your incident response capabilities.

The full article by Daryn Teague (May 2015) is available at this link:

http://businessoflawblog.com/2015/05/law-firm-data-security/

Cyber Incident Response – Executive Awareness

Raising executive awareness on the importance of incident response planning should raise executive support. This is one in a series of references that serve as tools for engaging your executives and gaining their support.

The full collection of references is available at this link:

https://coordinatedresponse.com/topics/incident-response-plan/executive-awareness//

CFOs Need to Focus on Cybersecurity Risk

Incident Response – Executive Awareness.

An article on CFO.COM by Jeffrey Burchill, identifies cybersecurity risks associated with suppliers, service providers, and insiders.

Mr. Burchill, a CFO in the insurance industry, makes the case for CFO involvement in reviewing suppliers and service providers for potential cybersecurity vulnerabilities and risks. He raises a warning about the potential threat posed by insiders, malicious or inadvertent but still a threat.

Clearly, this article speaks to the CFO.

The article is available at: http://ww2.cfo.com/cyber-security-technology/2015/07/cfos-cybersecurity-risk-like-iceberg/

Cyber Incident Response – Executive Awareness

Raising executive awareness on the importance of incident response planning should raise executive support. This is one in a series of references that serve as tools for engaging your executives and gaining their support.

The full collection of references is available at this link:

https://coordinatedresponse.com/topics/incident-response-plan/executive-awareness//

Board of Directors – Responsibility for Cyber Risk

Incident Response – Executive Awareness.

A post on the Fredrikson & Byron law firm’s website identified: 4 Legal Considerations to Help Directors Manage Cyber Risk (Evan C. Berquist, September 2015).

Summary

“The United States Court of Appeals for the Third Circuit held that the Federal Trade Commission (FTC) has authority under Section 5 of the FTC Act to regulate cybersecurity.”

“The opinion is the latest development in a legal drama that began after Wyndham Worldwide Corp. (Wyndham) suffered three data breaches between 2008 and 2009. The breaches resulted in the improper disclosure of the personal information of more than 610,000 Wyndham customers.”

“The Wyndham litigation has underscored at least two significant new developments in cybersecurity: First: directors can be held individually liable for their failure to adequately manage cyber risks; and Second: government regulators, including the FTC, the Securities and Exchange Commission (SEC), among others, are making cybersecurity an increasingly important enforcement priority. And courts are ratifying the agencies’ broad assertion of regulatory authority.”

The article is available at: http://www.fredlaw.com/news__media/2015/09/09/995/4_key_legal_considerations_to_help_directors_manage_cyber_risks

Cyber Incident Response – Executive Awareness

Raising executive awareness on the importance of incident response planning should raise executive support. This is one in a series of references that serve as tools for engaging your executives and gaining their support.

The full collection of references is available at this link:

https://coordinatedresponse.com/topics/incident-response-plan/executive-awareness/

A Legal Perspective on Cyber Incident Response

Incident Response – Executive Awareness.

The law firm of Baker Hostetler often assists clients in responding to cybersecurity incidents. The firm publishes an annual report: Data Security Incident Response Report 2015.

Summary

The 2015 report provides statistics on incidents by industry, a list of probable causes, descriptions of the adverse outcomes, and valuable recommendations. It provides executives with a sense of the risks and potential impacts.

The top 5 causes of incidents experienced by the firm:

  1. Employee negligence,
  2. External theft of a device,
  3. Employee theft,
  4. Phishing, and
  5. Malware.

Every company is at risk from these attacks.

The law firm identifies seven proactive steps to be “compromise ready”. The first step is to develop and exercise an incident response plan. The second step is to engage an experienced security consultant to conduct a security assessment. Coordinated Response is well qualified to help with these steps and more.

The full article is available as a PDF file at:
https://www.bakerlaw.com/files/uploads/Documents/Data%20Breach%20documents/BakerHostetler-Data-Security-Incident-Response-Report-2015.pdf

 

Cyber Incident Response – Executive Awareness

Raising executive awareness on the importance of incident response planning should raise executive support. This is one in a series of references that serve as tools for engaging your executives and gaining their support.

The full collection of references is available at this link:

https://coordinatedresponse.com/topics/incident-response-plan/executive-awareness//

The Economist Urges Response Plan Development

Incident Response – Executive Awareness.

The Economist Intelligence Unit offers a valuable report for raising executive awareness:
Cyber Incident Response – Are Executives Ready?

Summary

This report makes a strong argument for incident response programs (Economist Intelligence Unit 2014). The Economist is recognized by most executives as high value information written with the executive in mind.

The Economist surveyed 360 senior executives. The key findings supported by the survey include:

· The frequency of cybersecurity incidents is on the rise.
· The emphasis on incident response is driving the formalization of plans and processes.

Despite the recommendations, nearly 40% of the respondents failed to plan and 35% lacked a formal response team. We can help address this.

The report is available on the Economist website:
http://www.economistinsights.com/technology-innovation/analysis/cyber-incident-response

 

Cyber Incident Response – Executive Awareness

Raising executive awareness on the importance of incident response planning should raise executive support. This is the first in a series of references that serve as tools for engaging your executives and gaining their support.

The full collection of references is available at this link:

https://coordinatedresponse.com/topics/incident-response-plan/executive-awareness//