Please enable JavaScript.

Coggle requires JavaScript to display documents.

John and Sam - Coggle Diagram

- - - - Criminal record affect career
  - - - Potentially 500 different companies suing you for data leakage
      - Investigation
        Incident Response
        
        Detect
        
        · Detect and report a breach or compromise of the confidentiality, integrity or availability of organisational/personal data;
        · Complete initial investigation of the Data Breach or compromise;
        · Report the Data Breach or compromise formally to the correct team as a cyber incidents.
        
        Lost or stolen paperwork or hardcopies of data; · Other incidents that suggest data has been extracted outside of the network perimeter.
        Report the cyber incidents via the Service Desk. If a ticket does not exist already, raise a ticket containing minimum information.
        To report an incident, follow the process defined in the CIRP (Insert link to CIRP here).
        Classify the cyber incidents, based upon available information related to the Data Loss and the incident types (see CIRP).
        Report the Cyber incidents in accordance with the organisation’s CIRP.
        Consider the Intelligence value to other organisations and share on the Cisp
        Where appropriate consider reporting requirements to Information Commissioner’s Office (ICO), relevant regulator and or Competent Authority (NISD), National Cyber Security Centre (NCSC) and / or Police Scotland
        
        Initial Investigation of the incident
        
        Collate initial incident data including as a minimum for the following;
        · How was the cyber incidents reported; · What has caused the cyber incidents (i.e. lost laptop, suspected hacker, malware. Etc.);
        · Location of data, both physical and logical; · Quantity of data i.e. number of accounts, unique numbers, client names;
        · Is financial data included? i.e. credit card numbers, pins, expiry dates, etc.?
        · Is personal data included? i.e. names, address, postcodes, email address, etc.?
        · What is the format of the data i.e. redacted, encrypted, layout, length, etc.?
        · Was there any encryption around the data and if so how was this provided?
        · Preliminary business impact assessment; and
        · Any current action being undertaken
        
        Secure artefacts, including copies of the data, via secure download and screenshot.
        Review critical systems and assess for any indicators of similar data sets being compromised.
        Identify possible sources or owners of the data.
        Preliminary review of data involved to determine if personal data has been compromised.
        Research Threat Intelligence sources and consider Cyber Security Information Sharing Partnership (CiSP) submission to gain further intelligence and support mitigation by others.
        Review cyber incidents categorisation to validate the cyber incidents type as a Data Loss incident and assess the incident priority, based upon the initial investigation. (See CIRP for Incident Severity Matrix)
        
        Analyse
        
        · Analyse the cyber incidents to uncover the scope of the attack; · Identify and report potentially compromised data and the impact of such a compromise;
        · Establish the requirement for a full forensic investigation;
        · Develop a remediation plan based on the scope and details of the cyber incidents.
        
        Remediation – Contain, Eradicate and Recover
        Eradication to contain and eradicate alien technical mechanism
        
        Post incident phase
        
        The post-incident activities phase has the following objectives:
        · Complete an incident report including all incident details and activities;
        · Complete the lessons identified and problem management process;
        · Publish appropriate internal and external communications.
        · Review staff welfare
        
        You might ask, ‘how quickly should a data breach be reported?’
        If your personal data is included in a data breach and this could infringe on your rights, you should be informed without undue delay.
        Additionally, you should be told what information was included.
        You could also be told how the breach occurred and what is being done to put it right.
        
        Preparation phase (conducted on ongoing basis)
        
        · Prepare to respond to cyber incidents in a timely and effective manner
        ; · Inform employees of their role in remediating a Data Loss incident including reporting mechanisms.
    - - Company can be undercut
  - - - Under UK GDPR and the Data Protection Act 2018, every school must make its privacy
      - notices freely available to those whose personal data it handles.
      - A privacy notice explains:
      - • why a school needs to collect personal data
      - • what it plans to do with it
      - • how long it will keep it
      - • whether it will be sharing it with any other organisation
- - - - Put within the contract a clause that after leaving employes are forbidden to work notice "gardening leave"