Breach Notification , Incident & Breach Response , Security Operations
Steps to Take Before Reporting Breaches to Authorities
Ankur Kushalka of Atos on the Need for Clearly Defined Investigation ProcessOrganizations need to have a clearly defined process in place to investigate security incidents before they report them to law enforcement authorities, says Ankur Kushalka of Atos, a European IT firm.
See Also: Are You APT-Ready? The Role of Breach and Attack Simulation
"Before engaging with law enforcement agencies, it is important for firms to device an [investigation] process. Once you are attacked, there are ways in which the security team [can] analyze the nature of the attacks - were you targeted or were you just impacted?" Kushalka says.
"There are instances where CISOs want to report to LEAs, but organizations are reluctant for various reasons," he says. Therefore, before reporting breaches to the authorities, "CISOs have to get a buy-in from the management, all stakeholders and engage with the internal legal team," he says. "Once the process is in place, it easier to report incidents to police."
In this video interview at Information Security Media Group's the recent Fraud and Breach Prevention Summit in Mumbai, Kushalka discusses:
- Why having an internal investigation team is important;
- Why protecting only the crown jewels doesn't help;
- Why checks need to be put in place for end users.
Kushalka has about 20 years of experience in IT and information security. He is the general manager and practice head for information security practice at Atos Global IT Solutions and Services. Kushalka has global exposure in diversified IT and security domains that include IT infrastructure management; IT security and compliance; IT project and program management; business continuity and enterprise risk management; transition, transformation and service delivery management; center of excellence for security practice; and competency management.