Which of the following MUST be available to facilitate a robust data breach management response?

Which of the following MUST be available to facilitate a robust data breach management response?
A . Lessons learned from prior data breach responses
B . Best practices to obfuscate data for processing and storage
C . An inventory of previously impacted individuals
D . An inventory of affected individuals and systems

View Answer

Answer: D

Explanation:

Reference: https://securityscorecard.com/blog/the-ultimate-data-breach-response-plan

To facilitate a robust data breach management response, an organization must have an inventory of affected individuals and systems, as this will help to identify the scope, impact and severity of the breach, and to take appropriate actions to contain, mitigate and notify the breach. An inventory of affected individuals and systems should include the following information:

The number and categories of data subjects whose personal data have been compromised. The types and volumes of personal data that have been exposed, altered or deleted

The sources and locations of the personal data, such as databases, servers, devices or third parties. The potential or actual consequences of the breach for the data subjects, such as identity theft, fraud, discrimination or physical harm

The systems and processes that have been compromised or affected by the breach, such as networks, applications, devices or security controls

The vulnerabilities or risks that have been exploited or introduced by the breach, such as malware, phishing, ransomware or human error

An inventory of affected individuals and systems will help the organization to assess the risk level of the breach, and to determine the appropriate response strategy and actions, such as: Isolating or shutting down the affected systems or processes

Restoring or recovering the personal data from backups or other sources

Erasing or encrypting the personal data on the compromised devices or media

Analyzing the root cause and impact of the breach

Reporting the breach to the relevant authorities and stakeholders Notifying the data subjects of their rights and remedies

Implementing corrective and preventive measures to avoid future breaches

Reference: Data Breach Preparation and Response in Accordance With GDPR – ISACA, section 4: “The controller should document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken.”

Cybersecurity Incident Response Exercise Guidance – ISACA, section 3: “The IRT should identify all assets involved in an incident (e.g., hardware, software) and determine what information was compromised (e.g., PII).”

Guide to Securing Personal Data in Electronic Medium, section 3.5: “Organisations should maintain an inventory of personal data in their possession or under their control.”