With the unexpected exposure of sensitive data — whether from a malware attack or simple human error— containment becomes the primary objective for the security team. And while security works to quell the chaos of a potential breach, more questions arise. Chief among them: Is this a security incident, a privacy incident, or both?

The Evolution of an Incident

The detection and discovery of an incident is merely the first step in incident management. As an investigation ensues and security works to contain the intrusion, critical information surfaces that allows for an incident to be accurately categorized based on the type of event and what data was exposed. And if the disclosure of personal data is confirmed, an incident that may have begun as a security incident has now evolved to include dimensions of privacy. Now, the link between security and privacy is crucial in order to resolve the incident.

The Link Between Security & Privacy

Collaboration between security and privacy in managing incident response has become essential. Operationalizing the privacy incident response process facilitates this collaboration and helps CISOs strategically identify risk across the organization. In addition, a seamless connection between these two teams improves “response capabilities” and “accuracy and productivity” for security, two critical components Gartner identified as top trends for Security and Risk.

Speed to Incident Resolution: Run a
Risk Assessment

To speed incident resolution and mitigate the risks of regulatory fines and penalties for non-compliance, a determination must be made if an incident is a data breach requiring notification to individuals, regulatory bodies, and/or business clients. To make this determination an organization must conduct a privacy risk assessment. This incident risk assessment must not only consider state, federal, and international breach notification laws but also take into account the sensitivity of the exposed data and overall severity of the incident. Automating this risk assessment provides:

  • Efficiency & consistency
  • Saved time to notification decision
  • Saved time to incident resolution

Want to share this?

Transform your privacy program today

Schedule a Demo