Computer Science and Information Technology Vol. 2(6), pp. 268 - 280
DOI: 10.13189/csit.2014.020602
Reprint (PDF) (1128Kb)

Incident Response Planning for Data Protection

Muhammad Adeel Javaid ^*
Member Vendor Advisory Council, CompTIA

ABSTRACT

The aim of this paper is to provide an advisory service to organizations in the context of facilitating the development of their CSIR capabilities. A great deal of work has been published regarding the basis of network security policies and the process of setting up CSIRs. This paper examines the implications of European privacy law – specifically the Directive on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (95/46/EC) – for CSIRTs handling information relating to incidents. In particular it examines when and how it is appropriate for a CSIRT to use information itself, and the circumstances in which it may be appropriate to disclose it to others.

KEYWORDS
CSIR, CSIR Capabilities, Incident Response, Data Security

Cite This Paper in IEEE or APA Citation Styles
(a). IEEE Format:
[1] Muhammad Adeel Javaid , "Incident Response Planning for Data Protection," Computer Science and Information Technology, Vol. 2, No. 6, pp. 268 - 280, 2014. DOI: 10.13189/csit.2014.020602.

(b). APA Format:
Muhammad Adeel Javaid (2014). Incident Response Planning for Data Protection. Computer Science and Information Technology, 2(6), 268 - 280. DOI: 10.13189/csit.2014.020602.