the implications of being a “material” incident if it was only out for one hour? On the surface, this isn’t “extended” or “unrecoverable,” but what does the root analysis show? What caused the one-hour core outage? Is it likely to happen again? Are there any trickle-down effects from this? • An incident involving a bomb threat/robbery. Where did the bomb threat/robbery occur? Was it one-time at one branch or a simultaneous attack on your data centers? What are the chances that the malicious actor gained access to bank systems or data as part of this event? Obviously, none of these scenarios is something you want to have happen. Anytime something goes wrong, that’s a problem. The question is: Is it serious enough to consider a “notification incident?” When in Doubt, Report It If we pay attention to reporting a “notification incident” over the compliance aspect, we can focus on the fact that the agencies are using this information as an “early alert” of emerging threats in the industry. Something that may not seem like a big deal to you could be one piece of an obvious large-scale attack when looking across the industry. If several banks report the same incident, the regulators can act more quickly and help with the response process. Keeping open lines of communication with your federal regulator is beneficial for both you and them, so if you ever have a question about whether to report an incident, go ahead and report it. Notification Incident Decision Tree Due to the nature of “notification incidents,” I cannot give you a silver COMPUTER-SECURITY Notification Incident Decision Tree bullet solution to answer the “is it or is it not” question. Each incident will need to be analyzed to determine if it qualifies. That said, I can give you a tool to help guide you through the thought process. Follow the decision tree chart to help you figure out if your situation would be best classified as a “notification incident.” To take your incident response practices to the next level, check out Tandem Incident Management. This product has been designed to help you create your incident response plan and put it into action with the incident tracking component. To see how Tandem can help you, visit our website at Tandem.App/IncidentManagement-Software. As a millennial, Alyssa Pugh grew up with technology at her fingertips. She has more than 10 years of professional technical and information security experience. She earned a B.A. in Technical Communications and has achieved the CISM and Security+ certifications. Alyssa currently serves as the GRC Content Manager for Tandem, an information security and compliance application. Alyssa has presented multiple conference sessions on topics including risk assessments, business continuity, third-party oversight, and cybersecurity. September • October 2022 17
RkJQdWJsaXNoZXIy ODQxMjUw