While your company may have taken the necessary steps to prevent a data breach, is it equally prepared for an incident response should a breach actually occur?
Do you have a documented plan and dedicated resources to investigate, gauge your exposure and complete notification requirements?
The PCI DSS Requirement 12.10 of the PCI Security Standards provides guidance on how to create a thorough incident response plan so that you can respond immediately to a system breach.
- Without a thorough security incident response plan that is properly disseminated, read, and understood by the parties responsible, confusion and lack of a unified response could create further downtime for the business, unnecessary public media exposure, as well as new legal liabilities.
- Your incident response plan should be tested annually. Examine the incident response plan and related procedures to verify your organization is prepared to respond immediately to a system breach.
- Limiting exposure and preserving evidence is ESSENTIAL. When a data breach occurs, companies are required to notify payment card brands and acquirers. Are there contractual notifications that must be made? Do your contracts require specific evidence? This information should be included in your incident plan.
Working with a PCI Forensic Investigator (PFI)
Does your company have a PFI contracted? If your PFI is not required to be on site, then your evidence will have to be securely transferred to the PFI site. The PFI will report on whether deficiencies in compliance with PCI DSS requirements were observed during his or her investigation.
Do’s and Don’ts to Remember
- Do NOT access or alter compromised system(s). Do not log onto the compromised or change passwords. Do not log in as ROOT, admin, etc. To avoid losing critical data, it is highly recommended that the compromised system(s) not be used.
- DO preserve all evidence and logs, security events, web, database, firewall, and so on. Make sure the integrity of the evidence is not impacted by any tools used in the collection and analysis process. Document all actions taken, including dates, times, and individuals involved.
About the Author