Review: Data Breach Preparation and Response
About the author
Kevvie Fowler is a Partner and National Cyber Response Leader for KPMG Canada and has over 19 years of IT security and forensics experience. He is a SANS lethal forensicator and sits on the SANS Advisory Board where he guides the direction of emerging security and forensics research.
Inside Data Breach Preparation and Response
Despite the fact that only one author is named on the book’s cover, this is a book that’s been compiled with the help of five other experts in several fields: crisis and risk management, technology law, cyber threat analysis and forensics, and cyber insurance.
The book starts with a chapter defining what is a data breach, the data breach lifecycle, and the most typical sources of data breaches. Readers will get a short overview of what kind of data attackers are after, what they do with it, and where they sell it. Finally, it includes an overview of the various costs that are usually associated with a data breach, helpful tips on how to minimize them, as well as a list of the most common challenges encountered when managing a breach.
The next two chapters deal with the preparation to develop and the actually development of a Computer Security Incident Response (CSIR) Plan. They give insight into things like how to gain executive support, build a CSIR team, identify critical assets and breach scenarios, evaluate the extent of the need for cyber insurance, but also how to develop the company’s data breach response policy, and how to develop and test the CSIR plan (testing it is crucial, as it leads to improvement and the plan keeping pace with the evolution of the organization, the technology, and cyber criminals’ attack techniques and tactics). Here the readers will see why the preparation for the plan is more time-consuming than the actual formulation of the plan, and will discover all the big and small details the CSIR plan must cover.
Then comes the breach investigation – how to start it, how to choose which third parties to involve (and how to manage them), how to determine the scope of the breach – and breach containment (including how to remove sensitive information leaked online).
Communication before, during and after a breach gets a whole chapter, and rightly so – preparation in critical, and here you’ll get an insight in how to do it right, and ultimately tailor the message for each party involved. Next, the authors address the issue of restoring business services after a breach, and restoring trust inside the company and, at the very end, how to prepare for breach litigation, and recommendations on how to avoid it altogether.
IT security specialists have already internalized and made peace with the fact that data breaches are almost inevitable, and this book will, I believe, be a welcome addition to their shelf.
The topic is covered beautifully and thoroughly, and approached from many different angles. Despite that, the language and explanations are easy to grasp fo everyone, and not just infosec pros. There are several chunks of this book that business managers and executives should definitely read, as to make their choices more informed.
Rare are the authors that know how to explain complex topics in a simple manner and know how to avoid boring the reader, but these authors belong to that category.