Best Practices for Victim Response and Reporting of Cyber Incidents (source: Department of Justice, Cybersecurity Unit))
From the introduction:
Any Internet-connected organization can fall prey to a disruptive network intrusion or costly cyber attack. A quick, effective response to cyber incidents can prove critical to minimizing the resulting harm and expediting recovery. The best time to plan such a response is now, before an incident occurs.
This “best practices” document was drafted by the Cybersecurity Unit to assist organizations in preparing a cyber incident response plan and, more generally, in preparing to respond to a cyber incident. It reflects lessons learned by federal prosecutors while handling cyber investigations and prosecutions, including information about how cyber criminals’ tactics and tradecraft can thwart recovery. It also incorporates input from private sector companies that have managed cyber incidents. It was drafted with smaller, less well-resourced organizations in mind; however, even larger organizations with more experience in handling cyber incidents may benefit from it.
…
Best practice for using this paper:
- Annotate a it with the current state of your organization.
- Annotate a separate copy of it with the state of your organization after needed changes.
- Compare the two versions.
Remembering what you can’t measure you can’t manage. Nor can there be accountability in the absence of measurement.