In April 2015, the U.S. Department of Justice (DOJ) published guidance on cybersecurity preparedness and incident response entitled
Best Practices for Victim Response and Reporting of Cyber Incidents (PDF). The guidance provides expectations for organizations in preparing for and following up on a data breach. Information gathered by the organization that has the breach can assist external agencies such as the DOJ or U.S. Federal Bureau of Investigation in performing external investigations.
The guidance was drafted by the Cybersecurity Unit of the DOJ Criminal Division's Computer Crime and Intellectual Property Section. It reflects lessons learned by federal prosecutors and incorporates input from the private sector. The guidance's overall focus includes:
- Identifying the criticality of data assets and associated levels of protection.
- Creating an actionable plan for handling intrusions.
- Implementing appropriate cybersecurity technologies and services.
- Using appropriate authorizations to permit network monitoring.
- Ensuring internal and external legal counsel are familiar with cyber activities.
- Aligning policies with incident-response plans.
- Engaging law enforcement.
- Establishing relationships with cyber information-sharing organizations.
Organizations that have created preparedness and incident-response plans may want to incorporate the DOJ's guidance in their plans. Internal auditors can assist their organization by performing an independent evaluation of its current plans based on this guidance. Click here (PDF) to view an audit program that describes major topics detailed in the guidance and potential audit tests that internal auditors can include in their reviews.