Easing the Pain After a Security Breakdown

With each major public data breach our attention focuses on how to prevent these incidents. A good example is the recent security breach at LinkedIn, in which millions of passwords were stolen. Industry experts and the media immediately started to dissect what LinkedIn had done wrong or what methods or tools should have been used to prevent the incident. Unfortunately, at some point every organization will be faced with a security breach. This raises the question -- are security professionals focusing on prevention at the expense of damage control preparation?

Incident response management can be described as the oft-neglected flipside of the security coin. When done right, like in the case of LinkedIn, incident response management becomes another weapon in an organization's prevention arsenal -- in this case prevention is focused on limiting material or reputational damages caused by data breaches. LinkedIn's response was swift, offered sufficient information about the scope of the breach, as well as measures that it had been taken to minimize the impact on its user community. Thus, the company's valuation did not suffer as illustrated by its steadily climbing stock price.

So what are the basic requirements and planning involved in developing a pro-active incident response plan?