Agencies, particularly those in the fast-developing field of data governance, must not assume that they’re safe from data breaches. According to research by the U.S. Government Accountability Office, involvement in a security incident may be a matter of when rather than if: information security events involving federal agencies increased from over 5,500 in 2006 to over 67,000 in 2014. Security incidents in the healthcare and information technology fields show similar growth, and most victims are unaware of their vulnerability.
Creating a Response Plan
Agencies must prepare for the eventuality of a security incident by designing an incident response plan that establishes basic processes for threat management. These include protocols for threat recognition, analysis, and recovery:
- Respond: Responding to an issue begins with defining security “events” and security “Incidents.” According to CEB, security events involve any occurrence within a secure system, while the term “incident” is reserved for events that pose an immediate threat to acceptable-use policies or basic computer security. Delineation between these two categories is important for planning a response process—incidents must be addressed, but not every event will need intervention.
- Investigate: Agencies must maintain consistency when responding to incidents. Standardized labels and categorization should be used for incidents to help agencies identify trends and patterns. This allows for more efficient problem identification and a faster overall response.
- Recovery: After categorization, agencies should prioritize recovery processes that mitigate damage and restore its systems efficiently. The recovery process itself is broken down into several phases:
- Preparation – Selection of a specialized team with a single point of contact for incident response. This also includes creating systems for tracking and analyzing emerging threats in the environment.
- Detection – Appropriate channels must be monitored to alert agencies to possible incidents.
- Removal – Workflows for various incidents must help response teams act efficiently. These processes will involve steps for the containment and eradication of recognized threats. Part of effective threat removal is to monitor each step taken and keep records for future threat analysis.
- Post-Recovery Response – After the threat is contained, agencies must assess the incident and determine how and why the breach occurred. This response is necessary to help agencies reinforce their security and generate new protocols for threat removal.
Security incidents can devastate unprepared healthcare and technology agencies. Incident response plans help safeguard privileged information and empower agencies to react quickly to threats. They also function as reporting systems to let each agency know how to better prepare their infrastructure to prevent more damage to an already compromised system.
Written by Desh Urs
Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.
As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.
Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.