Get Instant Help From 5000+ Experts For
question

Writing: Get your essay and assignment written from scratch by PhD expert

Rewriting: Paraphrase or rewrite your friend's essay with similar meaning at reduced cost

Editing:Proofread your work by experts and improve grade at Lowest cost

And Improve Your Grades
myassignmenthelp.com
loader
Phone no. Missing!

Enter phone no. to receive critical updates and urgent messages !

Attach file

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!
Free Quote
wave
Developing an Incident Response Plan for PII Breaches

Creating Key Policy Components

Begin development of an incident response plan (IRP) specific to a breach of PII. Compose the key policy components of an incident response plan in a list to be used as a basis for the next step.


Start at the key policy component list from the last step and add post-incident requirement already identified to itemize the actions it will take to accomplish these goals. Keep in mind the level of effort required and time involved to accomplish each element of the IRP.


You now have all the information necessary to create a comprehensive IRP. To get your mind set in the right direction, imagine that a breach affecting PII has occurred. It is the organization's worst cyber incident. What do you do? How does the organization respond? What steps need to be taken to meet all the requirements you have identified in the Breach Management Strategy?


This step is to create a list or an outline; the use of a spreadsheet is recommended to facilitate subsequent steps in the project. The primary column is all of the actions or tasks that need to be completed in the IRP. As part of this first list, identify what department is responsible for what action by considering the functional areas of a financial institution.


You will build upon this list in the next step by adding the element of time to your spreadsheet documentation.


As a result of your Breach Management Strategy, are there specific timelines required by the regulatory compliance you referenced? If so, that should be your starting point for creating the IRP timeline. These are referred to as project "milestones." Look at the list you created in the previous step and put those milestones in a required response time sequence.


When building the timeline, pay attention to elements that depend on previous elements—things that must be completed before a following action can be started. In project management, these are referred to as "critical path" items.


This section of creating the IRP must have all critical path items covered within regulatory milestones. It is not mandatory to assign perfect values to the actual time it takes to accomplish each action item. It is mandatory to show the milestone dates.


As an example, one reporting requirement for a financial institution suffering a PII breach is likely to be to notify all affected customers within 72 hours of the breach. That means you will have a customer notification milestone at three days in the IRP.


After you have added the milestone dates to your spreadsheet documentation, you will plan for implementation of the incident response plan in the next step.


This is the step where you tie together the requirements (milestones), the timeline (critical path), and which department will be responsible for what elements in the plan (accountability). Ensure all of the rows and columns in the spreadsheet are in alignment to accomplish the goal of minimizing the impact of the PII breach. It is the final step in creating the IRP. This spreadsheet will be included in your final IRP.


Now, it is time for the final step, in which you will explain the results of all your hard work on the IRP to senior leadership.


The resulting IRP should be a total of 10 to 12 pages that present an actionable plan to fully address a breach of the organization's PII. It should include a final paragraph on your thoughts about how the recommendations are likely to be received.


This final step is to bring all the work together. Use what has been created in the previous steps as detail to support your completed plan on incident response. Synthesize the material and include all CIO (instructor) feedback received.


Include in your comprehensive IRP the review and findings from a policy approach to maintain or exceed compliance with all regulatory demands. In addition, demonstrate your adherence to the best possible outcome for victims of a PII breach.


Remember, confidence in and approval of the approach is mandatory. It has already been determined that a breach of the organization's PII is a serious matter. The CEO and the rest of the executives are depending on your expertise to address the situation quickly and effectively. This IRP is that plan of action.


Submit the complete report to the CIO for approval and delivery to the senior leadership team.

support
close