Developing an Incident Response Plan for an Information Security Breach

We’ve all heard the news concerning the breach at Equifax. It isn’t a matter of "if" but "when", when it comes to an event that exposes confidential customer or corporate information. Any breach regardless of the type or size can be potentially devastating. Financial losses are not the only concern, what about your reputation? Financial institutions are particularly vulnerable by the very nature of the business. You have information that thieves want, information they can parlay into cold hard cash, if not the cash itself. Despite the fact that rapid response is key to successfully responding to a data breach and minimizing the negative effects, the financial services industry is mandated to implement security controls that include identifying potential risks, monitoring for and detecting unauthorized access, mitigating the outcome, and notifying customers, law enforcement, and regulators when it does happen. Examiners will be looking for your plan now more than ever.

Covered Topics:

  • Key regulatory requirements including state level data breach notification laws
  • Key elements of an Incident Response Plan
  • Computer Incident Response Team
  • Roles and Responsibilities
  • Overview of types of incidents
  • Response steps
  • Things you can do that may help prevent a breach

Who Should Attend?

Senior management, audit, compliance, risk management, security officers, operations, IT or anyone responsible for developing and executing the incident response plan or involved in the handling of an incident.