Communicating and Documenting Security Incidents
Course info
Course info
Description
72 hours is all the time you have to report a security breach under the GDPR laws. However, we document and communicate security incidents every day, whether we realize it or not. Due to the growing emphasis on information security from regulations such as the GDPR, HIPPA and state laws in the US and around the world, the volume of communication and documentation necessary for security incidents is going to keep growing. In this course, Communicating and Documenting Security Incidents, you will learn a number of techniques to make your communication more effective. First, you will learn about various types of documenting, ranging from typical support case tickets, all the way through to official reports you might need to send to data protection regulators. Next, you will discover how to tailor your communication to achieve the best results. Finally, you will explore real-world examples to determine how effective the incident communication was in these cases. When you are finished with this course, you will have learned the skills and knowledge of how to effectively communicate and document security incidents.
About the author
Richard has worked for over 20 years in various technology management roles working in card payments and regulated financial sectors. He spent several years deploying niche payment card solutions in Europe and more recently as CIO, serving the US mortgage sector. Richard specializes in IT Risk and Information Security management.
More from the author
Section Introduction Transcripts
Course Overview
Hi, I'm Richard Harpur, and welcome to this Pluralsight course, Communicating and Documenting Security Incidents. Seventy-two hours. That is all the time you have to report a data breach under GDPR laws, HIPAA requirements, and all 50 U. S. states have similar obligations. We communicate and document information security incidents every day, whether we realize it or not. In this course, you're going to learn what we mean when we say communicating and documenting security incidents. You will see various types of documentation ranging from typical support case tickets all the way through to official reports you might need to make to data protection regulators and even see the official data breach report from the ISO in the UK. That's the UK's data protection regulator. You will also learn what you need to consider when you're communicating security incidents. You're going to learn the traffic light protocol, which is now universally used in documenting security information. I will share with you some key techniques that will make your communication more effective. Wrapping up this course, we'll pick two very public data breaches and look at how well they were communicated. All of these skills will help you to become more effective in your role, whether you're starting off as a security analyst, leading a SOC team or responsible for the secure operations of an IT system. And best of all, you don't need to have completed any other courses to join me on this one. I'm delighted you're going to join me in this course, so let's get started!