Day 32 - What Should I Make Public?

Published: 2008-11-01
Last Updated: 2008-11-03 15:34:20 UTC
by Koon Yaw Tan (Version: 1)
0 comment(s)

We have now completed the recovery phase. What's next? Before we call it a day, we should look back to what has really happened. Is there anything that can or should be improved? This is not meant to be finger pointing phase but rather what can be done better to prevent incidents from happening again.

For the next three days, we will cover the lesson learned. For a start, we talk about what should make public. Incidents could be caused by human mistakes. It is also never a good pleasant experience to disclose what has happened too. Sometimes you also have no choice as the incident could already make public. It is therefore important to be prepared what information should make public.  

What would you want to make public? Have you ever over disclose or under disclose information? How much is consider good enough? Do you have any experiences to share? Please send your suggestions to us.

Update:

From one reader:
The public message that you give out in the event of a data breach or other IT disaster is extremely important and is often overlooked. If you have a marketing/communications department, then they need to take the lead in conjunction with IT and legal. I think these basic rules are important:

1) Do not lie. Note that this is not the same as disclosing 100% of what happened, but what you do choose to disclose must be the truth.
2) Be consistent. Do not say one thing then another. If in doubt, say nothing and get back to them.
3) Inform everyone. If the nature of the problem has become public, you should tell all staff how they should respond to inquiries, and who they should pass queries to.
4) Come up with an action plan. If there are potential ID theft victims, then determine how you will deal with that and make it public. If other sensitive data has been lost, explain how you are going to prevent it from happening again. You need to convince people that it is not going to happen again.

Did I mention "do not lie"? That's the #1 rule for a reason.

---------------------------------

From another reader:
From the standpoint of someone not in the Incident Response field (right now), I would hope that the team makes the basic facts of the case public.  They don't need to go overboard, but they should at least hit the highlights.

Things like a general description of what happened, amount of records (or files) that were compromised, how long were the records exposed, and that everything is back up and running.

During the incident, they should just make a blanket statement about upgrading systems, and then release the facts after it's fixed.

One thing that should be emphasized is this:  Make sure that EVERYONE who is going to have public access to media, blogs, or web sites has their ducks in a row.  The Best Western Incident this year is an example of not following this advice.  One person said it's millions of records, while someone else says it's 120 records at the most.  Everyone needs the same story, so things don't get confused.

Keywords: Awareness2008
0 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives