Explore the ecosystem of technologies available to privacy professionals, including innovative technology that streamlines and accelerates incident response. Click here to get the full text in PDF format.
Below is an excerpt from this report.
Businesses today face new and increasingly complex privacy and security challenges. Hackers have targeted everything from healthcare systems to nation states. The threat of privacy and security incidents is growing, with the potential to do serious harm to operations, reputation, and revenue. According to Forrester Research, 88% of the S&P 500 market value consists of goodwill and intangible assets such as reputation, brand, and customer experience.
And come May 2018, the EU General Data Protection Regulation (GDPR) will take effect, with fines that could reach 4% of global annual revenue for an entire conglomerate.
Many organizations are implementing systems to meet the needs of governance, risk management, and information security. But the standard set of applications does not meet the most immediate and critical need in incident response: expert assessment to determine whether an incident involving sensitive, regulated data is a data breach and thus requires notification under constantly changing breach notification laws.
RADAR and The Incident Response Lifecycle
Until recently, most organizations were managing incident response with manual processes or a patchwork of homegrown and point solutions. Now, more and more organizations are investing in technology to help manage incident response, often within the context of larger business processes such as governance, risk management, and information security.
Incident management involves multiple parts of the organization and multiple applications. The figure below shows a complete incident management lifecycle, including incident response.
Each of these systems are vital to the work of the information security team, and information from them feeds into long term governance and risk management process as well as real-time assessment of incident risks and notification requirements.