​Preparation for a Data Breach

Recent U.S. Justice Department guidance can provide a basis for an audit program to review the organization's cybersecurity readiness.

Comments Views

In April 2015, the U.S. Department of Justice (DOJ) published guidanc​​e on cybersecurity preparedness and incident response entitled Best Practices for Victim Response and Reporting of Cyber Incidents (PDF). The guidance provides expectations for organizations in preparing for and following up on a data breach. Information gathered by the organization that has the breach can assist external a​gencies such as the DOJ or U.S. Federal Bureau of Investigation in performing external investigations.​

The guidance was drafted by the Cybersecurity Unit of the DOJ Criminal Division's Computer Crime and Intellectual Property Section. It reflects lessons learned by federal prosecutors and incorporates input from the private sector. The guidance's overall focus includes:

  • Identifying the criticality of data assets and associated levels of protection.
  • Creating an actionable plan for handling intrusions.
  • Implementing appropriate cybersecurity technologies and services.
  • Using appropriate authorizations to permit network monitoring. 
  • Ensuring internal and external legal counsel are familiar with cyber activities.
  • Aligning policies with incident-response plans.
  • Engaging law enforcement.
  • Establishing relationships with cyber information-sharing organizations.

​Organizations that have created preparedness and incident-response plans may want to incorporate the DOJ's guidance in their plans. Internal auditors can assist their organization by performing an independen​t evaluation of its current plans based on this guidance.​ Click ​here​ (PDF) to view an audit program that describes major topics detailed in the guidance and potential audit tests that internal auditors can include in their reviews.​

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.



Comment on this article

comments powered by Disqus
  • Galvanize-September-2020-Premium-1
  • FSE-September-2020-Premium-2
  • Auditboard-September-2020-Premium-3