Data Breaches – CompTIA Security+ SY0-401: 2.5


Nobody likes their data to leave the network, but sometimes data breaches occur. In this video, you’ll learn how to secure and analyze the attack after a data breach has occurred.

<< Previous Video: First ResponderNext: Incident Damage and Loss Control >>


It said, that data is the most important asset in any organization. So obviously, we need to protect the data as well as we can. If that data is stolen then we have a bit of a problem. It’s certainly too late to recover if it goes outside of our organization. In those particular cases copies are made of the data. And in the case of credit card information those numbers are easily sold on the internet. That data obviously would no longer be confidential.

So now, we have to go into a recovery mode and determine, exactly, what data was indeed taken. You have to identify this, and in some case identify the maximum amount of data that could have possibly been stolen, that may be difficult to determine. But it’s important, especially, if we want to identify in the notify users that their data is now stolen. If data has been taken it may be very important to identify, exactly, who took this information. You may have to involve law enforcement, and they may be able to help with the identification process. Identifying this person may also allow you to stop any future breaches from occurring as well.

If you know you’ve been breached, then it’s time to go into recovery mode. So you want to look at every possible device that the bad guy could’ve touched, and you need to make sure that it is secure. So you want to change passwords and update firewall rules across your entire organization. Even if it doesn’t appear that a system has been breached, it’s still a good idea to make sure that all of your passwords have been changed. That way you could be assured that nobody has a list of passwords, or could possibly get in there with some old credentials. You also need to notify everyone who might be affected by this breach if there was data that contained private information from customers, or partners, or employees. You’ll need to make sure they’re aware that this information may have gotten out.

And in the case of modern HIPPA and PCI-DSS requirements you may be financially obligated to sign each one of those users up for credit monitoring at your expense. So it’s very important to understand, exactly, the scope of this data breach and make sure it’s a very accurate, so that you can then plan for what you need to do in the future.