Information Security Incident and Data Breach Management A Step-by-Step Approach

In today's digital landscape, safeguarding sensitive information is paramount. This book offers a comprehensive roadmap for managing and mitigating the impact of security incidents and data breaches. This essential guide goes beyond the basics, providing expert insights and strategies to help organizations of all sizes navigate the complexities of cybersecurity.

With seven in-depth chapters and 10 appendices, this book covers everything from defining information security incidents and data breaches to understanding key privacy regulations such as GDPR and LGPD. You'll learn a practical, step-by-step approach to incident response, including how to assess and improve your organization's security posture.

The book contains a well-tested and practical information security incident and breach management approach to manage information security incidents and data privacy breaches in four phases: Security and Breach Obligations and Requirements Comprehension; Security and Privacy Framework Assurance; Security Incident and Data Breach Response Management; and Security and Breach Response Process Evaluation. Knowing how to handle such security and breach issues will avoid compliance and sanctions to organizations of all types and protect the company’s reputation and brand name.

What You Will Learn

• Identify and manage information security incidents and data breaches more effectively
• Understand the importance of incident response in avoiding compliance issues, sanctions, and reputational damage
• Review case studies and examples that illustrate best practices and common pitfalls in incident response and data breach management
• Benefit from a well-tested approach that goes beyond the NIST 800-61 standard, aligning with the international information security standard ISO 27001:2022

Who This Book Is For

Cybersecurity leaders, executives, consultants, and entry-level professionals responsible for executing the incident response plan when something goes wrong, including: ISO 27001 implementation and transition project managers; ISO 27001 auditors and inspectors; auditors (IT, internal, external, etc.); IT managers and development staff; senior executives, CISOs and corporate security managers; administration, HR managers and staff; compliance and data protection officers; cybersecurity professionals; IT development, auditing, and security university students; and anyone else interested in information security issues

Chapter 1. Information Security and Breach Obligations and Definitions.- Chapter 2. Summarizing ISO 27K and Major Privacy Regulations.- Chapter 3: Information Security and Data Breach Response Framework.- Chapter 4. Managing Information Security Incidents.- Chapter 5. Investigating Cyber Crimes.- Chapter 6. Managing Data Breaches.- Chapter 7. Improving Security Incident and Data Breach Responses.- Appendix 1: Threat Intelligence Policy.- Appendix 2: IT Logging Policy.- Appendix 3: Minimum IT Security and Privacy Controls.- Appendix 4: Staff Education and Training Policy.- Appendix 5: IT and Digital Skills Checklist.- Appendix 6: Glossary of IT Concepts and Terms.- Appendix 7: Privacy Awareness, Communication and Training Plan.- Appendix 8: Information Security Incident Reporting Policy.- Appendix 9: Information Security Incident Reporting Form.- Appendix 10: Data Breach Reporting Form.

John Kyriazoglou is currently Editor-in-Chief of "The IIC Internal Controls e-Magazine” and represents Western Europe on the Advisory Board of the Institute for Internal Controls. He is also consulting on data privacy and IT security Issues (GDPR, e-Privacy, etc.) to a large number of private and public clients and has published several books on these issues.

John is a business thinker, consultant, and an author. He is a graduate of the University of Toronto, a Certified Internal Controls Auditor (CICA), and a management consultant with more than 40 years of global experience on data management, IT auditing, IT security, IT project management, and data privacy issues. He has written many books (more than 60) on data privacy protection, business management controls, IT, corporate wellness, duty of care, etc.

John has worked in Canada, England, Switzerland, Luxembourg, Greece, Saudi Arabia, and other countries for over 40 years, as a senior IT manager, managing director, IT auditor, and consultant or a variety of clients and projects, in both the private and the public sectors.