What does responding to data spill involve?
The following actions provide a “basic”‘ framework for responding to a security incident. • Assess Determine whether a data spill has actually occurred, the sensitivity of the information potentially compromised, and the number of users, systems and applications involved. • Contain Identify all information hardware and software systems and applications affected, and execute approved procedures to ensure that the data spilled does not propagate further. • Eradicate When authorized execute approved sanitization procedures using approved utilities to permanently remove the data spilled from contaminated information systems, applications, and media. • Recovery Use a clean backup media, as-built documentation and approved procedures to recover and restore all affected information systems and applications to an accredited, secure configuration.
