Shulou(Shulou.com)06/01 Report--

As the old saying goes, "it is never too late to mend." With the rapid development of information technology, the information security of enterprises is facing increasingly severe challenges. In recent years, many large enterprises have suffered accidents of leaking data, not to mention some small and medium-sized enterprises or individuals. The recent iCloud information disclosure incident has not only "tricked" many Hollywood actresses, but also once again sounded the data crisis alarm in the field of information security.

After the disclosure of data, especially to the outside world, if the situation is not handled correctly, it will worsen the situation, cause a second blow to the corporate brand and performance, and even bring legal risks. How to deal with it effectively is actually the content of the last three parts of ISO/IEC17799:2005: information security incident management, business continuity management and compliance.

Without the assistance of an external security management team

This is a common mistake made by many enterprises, and they do not pay enough attention to information security. Sometimes the severity of data leakage exceeds the enterprise's own processing capacity, and it is best for the enterprise to have the assistance of an external security service team. Especially for some small and medium-sized enterprises, it is still important when their own technology and strength are not enough.

This not only needs the support of the external security management team after the accident, but also requires the external security management team to provide information security advice and information security audit in the daily process of information security management. Such services should be taken into account in the development of business continuity / incident response plans.

Second, there is no only leader of information security.

Data leakage often involves many departments of the company, and each department has its own head. In the event of information security accidents with significant impact, such as data disclosure, each department is inefficient.

The enterprise should set up an information security committee, and there must be a position of chief information security officer, who can play a commanding role in the information security incident response plan, plan and coordinate the entire disaster recovery process, and ensure that the company's senior and ordinary team members are kept abreast of the latest developments.

Third, lack of communication plan

Communication is twofold, on the one hand, communication within the enterprise and within the business continuity planning team. On the other hand, it is the communication outside the enterprise, the communication to the consumers, users or the public, especially the communication of the media, which may be applicable to the enterprises serving the public.

The lack of transparent communication mechanism can lead to trouble, while the wrong communication information will lead to the wrong action, which will delay the processing speed of the whole incident and create new confusion. After the incident response team is established, everyone's responsibilities need to be clearly defined and a complete contact list is provided to external consultants, which is defined in the business continuity plan.

Enterprises should prepare a detailed and feasible media communication plan for data leakage. Fast and effective media communication can avoid false reports.

IV. Make a decision and move later

Data disclosure events often require a rapid response when the information is incomplete or the information changes rapidly. Enterprises should start the emergency response process at the same time when the data breach occurs, and the best opportunity may be missed by waiting for comprehensive information before taking action.

V. failure to provide remedial measures to consumers

Consumers should always be the core of information security accidents, which means that when information security accidents occur, such as after data leakage, enterprises should inform users through various channels to take correct measures to protect personal privacy data as far as possible to avoid greater losses.

6. Have a plan but cannot carry it out

Once the business continuity plan is established, it should be initially tested and updated to ensure that the BCP is updated and effective. At the same time, you need to make sure that all members of the team are aware of the plan, their responsibilities in business continuity and information security, and their roles after the program is launched. Only in this way can we "maintain troops for a thousand days and use troops for a while" when information security accidents occur. "

VII. No external legal adviser

In the event of a serious data breach, a lawsuit may be received from users or consumers. Unless your internal legal department knows all the data privacy laws like the back of your hand, it is almost necessary to appoint an outside lawyer with experience in data disclosure.

VIII. Lack of aftermath plan after the accident

Many enterprises often "forget the pain after getting rid of the scar". After the information security accident is dealt with, they should make a plan to deal with the aftermath, on the one hand, to maintain good communication with customers and stakeholders, and on the other hand, to find system vulnerabilities and actively repair them. to avoid this kind of incident happening again.

Share your investment and improvement in information security technologies and services with customers and investors, which will help to rebuild the brand and trust.

Interested friends can also refer to the "Information Security Management implementation Guide" to further discover the loopholes in their own enterprises in this respect, thank you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.