Get free samples written by our Top-Notch subject experts for taking Assignment Helper services.
The severity levels of potential data breaches for the company
- Infosec helps organizations in protecting digital and analog informations. Infosec can cover the security of various platforms such as social media, network information related to private, corporate, and financial information, cryptography, and mobile computing.
- Severity levels of potential data breaches can be classified into three categories such as low, medium, and high (Veselova, 2019). The basic elements related to severity levels of data breaches are data breach type, the reason behind the incident, and the nature of the population related to a data breach.
- Names and credit card details that are termed personally identifiable information can be easily replaced. Such an incident is termed financial identity theft and it is a medium-level theft. Security glitches during payment can expose personal data on an external site without any unauthorized access. This element can be classified as a low category due to a lack of criminal intent. The nature of the breached population is connected with the brand’s loyalty and reputation so it can be classified as a high severity level.
The groups that are involved in incident response
- A team responsible for preventing data breaches is formed with IT experts for reacting in case of emergency due to a data breach in an organization.
- The incident response team is responsible for developing a proper plan for resolving vulnerabilities of a system (Sando et al., 2018). It is mainly classified into two categories such as public incidents and corporate incidents. Public incidents are classified as natural disasters, terrorist attacks, widespread pandemics, and so on. Corporate incidents can be classified as cybersecurity attacks, physical locations threats, and so on.
- There are several team members that can be involved in incident response related to a data breach. People from different sectors of a company can be involved such as the technical team, IT security team, incident sponsor, executive sponsor, forensic analyst, communications coordinators, external consultant, legal representatives, and other employees having technical expertise.
A plan for disaster recovery and business continuity
- Online assets related to IT need to be protected during a disaster. Disaster recovery plans can be classified into four elements.
- Understanding of disaster recovery requirements
- Data back up with 24*7*365
- Constant monitoring of disaster recovery activity
- A suitable plan for disaster recovery through flexible and effective resources.
Measures to contain, recover and prevent similar incidents from occurring in the future
- Every second is important in case of a data breach incident. Ransomware and malware infections can cause severe damage to the user data, and attackers can get access to sensitive information.
- In case of a cybersecurity attack, it is very important to inform relevant parties as quickly as possible.
- Legal, press, and executive-level employees should be involved based on the severity of the breach. Other departments such as customer services, finance and IT need to take action in case of emergencies (Zou et al., 2018).
- There are mainly six steps that can be followed to contain, recover and prevent similar incidents from occurring in the future such as team assembling, detecting the source, containing and recovering, assessing the severity, beginning of notification process, and action to prevent such incidents in future.