Data Breach Investigation and Incident Response (FAQs)
A data breach investigation is a process undertaken by cyber security forensic specialists such as Gridware to determine the immediate extent of a ‘hack’, which includes but is not limited to the loss of confidential data to an unauthorised individual or the compromise of a critical set of infrastructure or web applications by a malicious party. The data breach investigation will also determine the impact and consequence of the breach to calculate the financial, reputation or business loss involved.
Containment is a process involving limiting and preventing any further damage from occurring as a result of a security incident. The first step should focus on limiting damage as soon as possible – this can be done through network segmentation of infected workstations, taking down production servers or routing all traffic to redundancy/failover servers. Long-term containment should focus on rebuilding clean systems and removing the source of compromise if identified.
The costs of a data breach investigation will vary from organisation to organisation, and is heavily dependent on the amount of resources required to conduct the forensic analysis. The average consulting days for a data breach investigation in Australia will range between 3 – 20 FTE consulting days.
We do provide templates, checklists and sample policies and procedures for download, including sample incident response plans. You just need to contact us.