DOJ Publishes Cyberincident Response Best Practices Document
The Cybersecurity Unit of the Department of Justice (DOJ) has published a “best practices” document to assist organizations in developing a response plan for cyberincidents. The document, titled Best Practices for Victim Response and Reporting of Cyber Incidents, focuses on steps organizations should take before, during and after a cyberincident and emphasizes the need for organizations to have a response plan in place. According to the DOJ, the document was written with smaller organizations in mind; however, its contents are generally applicable, and larger organizations are also likely to benefit from its recommendations.
The document contains a series of items organizations should consider in drafting a cyberincident response plan and while responding to a cyberincident. Before an attack occurs, the document recommends that organizations create and implement an incident response plan. Such a plan should identify and protect the organization’s most important cyber assets, adopt risk management practices and include the necessary procedures, personnel and equipment to respond to an incident. Organizations should also develop relationships with law enforcement, outside counsel and other parties that may be required to assist during an incident. While a cyberincident is in progress, organizations should assess the scope and nature of the incident, take steps to minimize damage from the attack, collect and preserve data related to the incident and notify appropriate personnel and outside parties. Finally, after an incident, organizations should continue to monitor their systems to ensure any intrusion has been stopped and conduct a review of the organization’s incident response plan to identify any deficiencies in the plan’s planning and execution.