I recently presented at the IT Committee of the Southeast University Research Association (SURA), thanks to a gracious invitation from one of our member CIOs.
The meeting focused on the hazards in IT, which we all know are a daunting combination of vast, treacherous, and unpredictable. I presented on preparing for a data breach and discussed the IT Breach Preparation and Response Toolkit that our team published earlier this year.
CIOs and CISOs gave positive feedback that the toolkit provided actionable and relevant advice. They found the implementable practices and strategies helpful across institution types—including those strapped for resources—and thought they would translate to a more prepared campus.
Want to learn more about the IT Forum? Speak with an expert.
A Toolkit to Help Prepare You for a Response
A plan tailored to a specific institution and the particulars of its data and systems architecture isn’t difficult to build—if you start with some key frameworks. Four high-value components should be included in your IT breach response plan:
1. Systems and workflow strategy
A systems and workflow strategy starts by defining critical priorities around systems and assets. It also should designate staff members to lead incident response, while providing guidelines for decision making. Building this foundation will support a rapid and coordinated response to breach events.
2. Plan for mobilizing resources
Having a plan for mobilizing resources can limit the damage when a breach occurs. This process often helps shorten response time by assembling the response team, empowering them to make certain decisions, and beginning the documentation process immediately. Teams should also agree on a process for resource escalation based on incident severity.
3. Breach notification methodology
Pre-drafted, approved communication language for all constituents and necessary partners will save time, energy, and headaches. Consult your legal and PR departments, make sure the messaging strikes the right tone, and refer to our list of tips to prevent missteps.
It’s also important to keep these documents updated; the last thing you need during a breach is to send out misinformation.
4. Resolution and analysis framework
Setting the measures for a standard response (e.g., system downtime) and operational metrics (e.g., time between compromise and detection) allows you to establish goals and show improvement in this area.
Capturing and tracking this data can help build new threat indicators and incorporate lessons learned into future plans.
Pro tip: Make a habit of refreshing your plans
The best laid plans will wither if they aren’t updated regularly. Each component and sub-component has its own specific timeframe, but checking in on the entire process on a quarterly basis is a good rule of thumb. An updated plan will allow you to have more confidence if you ever have to use it.
Access the full IT Breach Preparation and Response Toolkit to get an in-depth look at effective breach response preparation, and to learn how other universities have designed their plans.