Information Security and Privacy Breach Response Toolkit

An information security incident and privacy breach response policy and procedure provide a well-defined, organized approach for handling any potential threat to computers and data, as well as taking appropriate action when the source of the intrusion or incident at a third party is traced back to the organization. They also provide the steps to take in the event that protected health information (PHI) as defined by HIPAA, as well as all other types of personal information, is inappropriately accessed.

Price: $375.00

An information security incident and privacy breach response policy and procedure provide a well-defined, organized approach for handling any potential threat to computers and data, as well as taking appropriate action when the source of the intrusion or incident at a third party is traced back to the organization. They also provide the steps to take in the event that protected health information (PHI) as defined by HIPAA, as well as all other types of personal information, is inappropriately accessed.  The policy and procedure identifies and describes the roles and responsibilities of the Incident and Breach Response Team, which is responsible for following the procedures.

Policies and Procedures

These information security incident and breach response policies and procedures are fully customizable.

They support the following regulations and standards:

  • HIPAA § § 164.308 Administrative safeguards. (a)(6)(i) Standard: Security incident procedures
  • HITECH ARRA SEC. 13402. NOTIFICATION IN THE CASE OF BREACH.
  • NIST SP 800-66 Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) 4.6. Security Incident Procedures
  • ISO/IEC 27002: 2005 Section 13 Information security incident management
  • ISO/IEC 27001: 2005 Section A.13 Information security incident management
  • The following sections of the February 2014 NIST Framework for Improving Critical Infrastructure Cybersecurity:
    • PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed
    • DE.AE-5: Incident alert thresholds are established
    • RS.AN-2: The impact of the incident is understood
    • RS.AN-4: Incidents are categorized consistent with response plans Mitigation (RS.MI): Activities are performed to prevent expansion of an event, mitigate its effects, and eradicate the incident.
    • RS.MI-1: Incidents are contained
    • RS.MI-2: Incidents are mitigated
    • RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks
  • COBIT 5 APO12.06
  • COBIT 5 DSS04.03
  • ISA 62443-2-1:2009 4.2.3.10
  • ISA 62443-2-1:2009 4.3.2.5.3, 4.3.4.5.1
  • ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.7, 4.3.4.5.8, 4.3.4.5.10
  • ISA 62443-3-3:2013 SR 5.1, SR 5.2, SR 5.4
  • ISO/IEC 27001:2013 A.12.2.1, A.16.1.5
  • ISO/IEC 27001:2013 A.12.6.1
  • ISO/IEC 27001:2013 A.16.1.1, A.17.1.1, A.17.1.2
  • ISO/IEC 27001:2013 A.16.1.4
  • ISO/IEC 27001:2013 A.16.1.5
  • ISO/IEC 27001:2013 A.16.1.6
  • NIST SP 800-53 Rev. 4 CA-7, RA-3, RA-5
  • NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-5, IR-8

Flowcharts

This set of seven information security incident and breach response flow charts can be used by any type of organization in any industry.

  • Most small- to midsize organizations can use the flowcharts as their actual procedures
  • Larger organizations can use the flow charts to support their policies and procedures
  • The flowcharts can also be used for response team training activities

Reviews

There are no reviews yet, would you like to submit yours?

Be the first to review “Information Security and Privacy Breach Response Toolkit”

*

TOP