BASIC ABUSE REMEDIATION PROCESS

Identifying the abuse is the first step toward solving it. Identifying the abuse early help minimize the damage and better chance of resolving it quickly. Following information will help to identify the abuse

Timing is very important and once the issue is identified the data owner must quickly assemble the core team and begin looking into the scope of the abuse. The core team should consist of senior executives, security team, server administrators and legal counsel.

Isolate the affected data or area. This will help to prevent full access and to protect against additional vulnerabilities. Quarantine the corrupted servers, devices and systems so they can be examined and made functional again.

Core team shall start to assess the damage and begin securing the access. They will evaluate the extent of the damage and keep a record of the findings. This will provide a baseline from which to measure the effectiveness of the remediation efforts once they have been completed. Next, the team will need to establish a hierarchy of need by focusing on the more critical areas initially and then moving onto less essential areas until completing the process.

The core team will identify each of the audiences that need to receive information about the abuse. Decisions about the manner in which the messages are delivered and the timing for each also need to be made. Messaging should be tailored to each audience and there needs to be a balance between transparency and over-sharing. Additionally, communications should include the steps taken to repair the abuse and the new policies created to protect against repeat occurrences.

Much like the remediation process, the messaging should start internally and then move externally. This is a great time to establish a chain of communication for the company. Transparency should be maintained and timely status updates designed to build and maintain trust. Offer complimentary services or extension can be considered depending on the abuse.