The Sedona Conference®, a nonprofit research and educational think tank dedicated to the advanced study of law, particularly in information governance, has released its Incident Response Guide , open for public comment through June 19, 2018. Drafted by Working Group on Data Security and Privacy Liability (WG11), the guide is meant to serve as a practical resource for practitioners dealing with the legal, technical, and policy issues related to data-related incidents – from distributed denial-of-service to ransomware attacks.
To assist organizations in developing their Incident Response Plan (IRP), the guide is composed in the following sections:
The guide’s appendices offer a model IRP as well as model notification letters to consumers and various State Attorneys General. While guidance such as the NIST Cybersecurity Framework serves as a roadmap for organizations to implement cyber risk management practices, the Sedona guide guide provides specific operational considerations and even addresses certain legal nuances when responding to an incident – for example, providing criteria to weigh escalation triggers and assess the impact and scope of a data breach.
In this…
