Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

DOJ Issues Best Practices Guidance on Cyber Attacks


DOJ Issues Best Practices Guidance on Cyber AttacksLast month, the Department of Justice (DOJ) released guidance on the steps companies should take before, during, and after a cyber incident. Entitled “Best Practices for Victim Response and Reporting of Cyber Incidents”, the guidance reflects the experience of federal prosecutors and investigators, and incorporates insight from private sector entities that have managed cyber incidents. It also provides the DOJ’s positions on the legal permissibility of a number of monitoring techniques and the impermissibility of many forms of so-called “hacking back.”

Following is a summary of the DOJ’s guidance:

Prior to A Cyber Incident

The DOJ guidance is consistent with the NIST Cybersecurity Framework, and recommends that prior to any information security incident organizations conduct risk assessments to identify and prioritize critical assets, data and services. Risk assessments can help organizations shape incident response planning. The guidance also recommends that organizations:

  • Have an actionable incident response plan
  • Train relevant personnel on the plan, including through the use of regular exercises
  • Acquire, install, and test appropriate technology and services
  • Ensure that appropriate consent is obtained for network monitoring
  • Consult with outside counsel well acquainted with cyber incident response
  • Establish information-sharing relationships

During A Cyber Incident

The guidance recommends a number of basic steps to be taken during a cyber attack, as well as a warning not to use compromised systems to communicate, and to not “hack back” or intrude upon the suspect’s network. “Hacking back” may violate a number of laws, and since many intrusions are launched from compromised systems, “hacking back” can damage or impair another victim’s system.

Organizations should focus on executing their plan during an attack, according to the guidance issued, which includes assessing the nature and scope of the incident, preserving relevant forensic images and logs, minimizing continuing damage, maintaining detailed written records of key investigative findings and mitigation/response efforts, enabling additional logging to track ongoing attacks, and notifying relevant law enforcement agencies.

After A Cyber Incident

After a cyber incident occurs, the DOJ’s guidance suggests companies should remain vigilant, even more so in the event that the attempts to eliminate the intruder did not totally eliminate the attacker’s means of access. Once the organization has recovered, it should initiate measures to prevent similar attacks, including a post-incident cyber review of the organization’s response to assess the strengths and weaknesses of its performance and its plan.

Axis Insurance Services specializes in providing Cyber Liability insurance/Privacy & Network Security insurance and can not only help you secure the right type of policy for your organization but we can also assist you in assessing your risk and evaluating the measures you have in place to mitigate those risks. Cyber Liability coverage is crucial in today’s environment where data breaches are becoming increasingly more sophisticated and affecting small, medium-sized and large companies. Call us at (877) 787-5258 to discuss your specific exposures and how we can best insure against them.

Comments

comments

Blogged on: May 21, 2015 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions