.png)
Steps to Eliminate the Threat Posed by Data Breach
·
Identify the threat type
·
Risk posed by data breach?
o
Verify the data breach
o
Analyse the scope the breach
§
Identify the initial access point used to
compromise the system and perform a detailed inspection
§
Identify the amount of data that may have been
compromised.
o
Mitigate the effects of the breach
§
Notify company management and all concerned
stakeholders
o
Depending on the initial vector, eliminate the
cause of the breach to prevent similar attacks in the future:
§
Fix any vulnerabilities found
§
Disable accounts if the attacker gained access
using actual credentials
§
Ensure that all the latest patches are installed
§
If forensic analysis is required, isolate the
system containing the breached data.
o
Prepare remediation and lessons learned document
§
Conduct root-cause analysis to ensure that all
possible methods to prevent the incident from happening again.
§
Analyse whether your current threat model is
relevant. Review your current procedures and policies and compliance with
security controls.
§
Analyse organisation's current prevention
measures, such as intrusion detection systems, and antimalware solutions.
§
Review accesses and rights.
§
Eliminate vulnerabilities.
§
Change passwords for affected accounts and
systems and enforce a strict password policy.
§
Monitor network traffic to detect if an attacker
attempts to initiate a connection again.
§
Continue monitoring the Dark Web to find
re-publications of the same breaches on different forums.
§
Implement a program to improve staff awareness
in information security, and conduct periodic training to monitor the awareness
of each employee.
Post a Comment