After the UBS trial this list has been put together by Dark Reading [dot] com. This is an effective list for dealing with a security breach.
1. Start Now: Ask employees who are working on remediation to keep notes about what issues they’re dealing with as they go through the process. And then start the official postmortem study as soon as the system is back up and running.
2. Who To Include: When working on the study, cast a wide net. Make sure you talk to business managers and IT people who were there the day of the attack, the IT people who worked on bringing the system back up, the human resources people and the company’s legal team.
3. Allow For Anonymity: Accept anonymous input, but be sure to keep track of what department the person works in so the input can be weighed appropriately.
4. Avoid Blame: Don’t start a witch hunt. It’s human nature to look to blame someone, but be aware of that danger and keep questions, and the ultimate write-up, as objective as possible. Concentrate on ways to improve.
5. Look For Answers: Encourage people to submit solutions along with each problem.
6. Create A Checklist: Go through all the interviews and the resulting study and identify the problems and the proposed solutions. Make a checklist of what needs to be done.
7. Focus In: While lots of people may have ideas for different solutions, take the time to go through them, and select the best one to go with. Don’t finalize the report with potential fixes. Solidify a plan.
8. The Sooner The Better: Once you have identified problems and solutions, get cracking. If it’s a matter of a missing patch, get it fixed immediately. If it’s a matter of a missing policy, that will take more time to implement, but get the process started.
9. Legal Document: Remember that the postmortem is like any business document, and could end up being examined by company outsiders during any legal action.
10. Track The Progress: Make sure someone is keeping track of the progress being made to resolve each and every problem found.
[tags]UBS Breach, Insider Threat, Postmortem, Security Breach[/tags]