Privacy and security incidents that expose sensitive customer data happen all the time, and when they do, you have to act quickly and strategically. The right technology for managing your incident response process is crucial to protecting your customers and your organization against breach risks.
The market is replete with an “ecosystem” of products and services for security and incident management. The question is knowing which ones best serve your needs and at which part of the incident response cycle. Some of the solutions out there include:
- Governance, risk, and compliance platforms (GRC) that provide content management, tracking, workflow management, reporting and relational data models.
- Security information and event management solutions (SIEM) or managed security service providers (MSSP). These offer a holistic view of IT security, with centralized storage to detect, log, analyze, and correlate security threats and trends.
- IT ticketing systems, which allow IT teams to notify multiple stakeholders in the remediation process, track and document the investigation of the event, and assign roles for remediation.
- Industry-agnostic data loss prevention (DLP) solutions, and industry-specific technology solutions like firewalls and intrusion prevention systems. These provide hardware and software that detects, identifies, monitors, and controls sensitive data leaving a network.
Taking incident response management to the next level
Together, these systems provide excellent incident detection, tracking, and analysis. For organizations subject to breach notification laws—which is just about every company that holds personal information—incident response management software needs cover the next phase of the cycle: assessment and notification.
For example, how do you do you know if the incident is a notifiable breach? What might be considered a breach in one jurisdiction is “only” an incident in another. The timing and content of notifications are very specific and also vary by jurisdiction. Even though the majority of incidents don’t rise to the level of a notifiable breach, the risks of under- or over-reporting incidents are all too real—damaged brand or reputation, regulatory penalties, and possible harm to your patients, customers, or members.
As you understand the need for proper breach guidance, it becomes clear that GRC platforms, SIEM solutions, and other systems only address part of the incident response process. You need a tool that complements the incident management ecosystem and is designed to “close the loop” on incident response. This means taking the information gathered in these other systems and providing guidance to determine if an incident is a breach, whether it is notifiable, which regulatory bodies must be notified, and by what date.
Fortune 150 company gets efficient, up-to-date breach guidance: A case study
A top financial institution with lines of business in banking, healthcare, and insurance services faced similar challenges. Its internal system for responding to privacy and security incidents was inefficient and did not enable compliance.
Among other requirements, the company needed a solution that would offer breach guidance based on an accurate interpretation of the latest state, federal and international regulations – including the GDPR. The tool had to also provide a platform for consistently and accurately risk assessing incidents while having the agility to meet the company’s unique needs—such as single sign-on for faster reporting of incidents.
“HP-IAPP Privacy Innovation Awards celebrate advancement, vision and originality. The IAPP is proud to recognize RADAR for their commitment to innovation and to the privacy industry.” — Trevor Hughes, CIPP, President and CEO of the IAPP
The company evaluated RADAR and three other solutions: a prominent GRC platform, the organization’s internal systems, and another independent software provider. After a process of elimination, only RADAR and the other software remained. The security team ran scenarios through both systems and discovered that RADAR provided the in-depth regulatory guidance it required, including support for deciding if an incident was a reportable breach. It also provided a more efficient method for risk assessing incidents than its old system – literally helping them make a breach/no breach determination in a fraction of the time it would have previously taken them. This is a critical capability given the 72 hour notification timeframes required under regulations like the GDPR, and New York State Department of Financial Services Cybersecurity Regulation.
With RADAR, the financial institution has the industry’s most complete solution for incident reporting, risk assessing, providing notification, and managing response in compliance with the latest global data breach notification laws.