Building a Personal Data Focused Incident Response Plan to Address Breach Notification presented at BSidesLuxembourg 2018

by Thomas Fischer,

Summary : The era of the data breach is upon us. In a traditional incident response investigation, the focus is often on attribution and how it was done, with an aim of quickly containing. Change needs to occur and organisations need to be able to quickly identify and understand what personal data is affected. Using the SANS six primary phases of incident response as a base, this talk will explore practical steps to rebuild the incident response plan with a personal data focus. By using and understanding Information Asset registries, data mappings and data protection impact assessments, the preparation phase can be enhanced to support personal data protection coverage in the IR plan. The goal to engage ideas and thoughts on how to improve the identification phase where detection and determination need to quickly identifies an event and subsequent incident where a potential personal data breach is occurring.