Home // ICSEA 2021, The Sixteenth International Conference on Software Engineering Advances // View article

Proposed Incident Response Methodology for Data Leakage

Authors:
Alex Rabello
Junior Goulart
Marcelo Karam
Marcos Pitanga
Reinaldo Gomes Baldoino Filho
Ronaldo Ricioni

Keywords: Keywords-Data Leakage; Information Security; Incidents; LGPD.

Abstract:
Most Brazilian companies disregard the national privacy law (LGPD) by not ensuring data governance and well-managed security controls with technical and organizational measures to prevent data leakage. Brazilian LGPD specifies that organizations must report to the national authority (ANPD) and the data subject if any security incident occurs that could cause relevant risk to the data subject. However, this privacy law lacks information on how to respond effectively to data leakage by embracing preventive measures against data breaches. The appropriate approach to handling data leakage is to invest in trained personnel, cutting-edge technology, and processes, enabling a proper incident response methodology. Organizations will be more willing to comply with the privacy law by administering a more approachable and straightforward path for security and privacy best practices. The development of this methodology is based on the international standard (ISO 27035) and some recommendations from the NIST 800-61 publication. The adaptation of these standards provides a more detailed checklist for determining when to perform incident reporting and transparency to the Brazilian authority (ANPD) and data subjects. Other points discussed are related to properly building the security incident response team, using security automation tools and playbook resources to ensure the application of best practices by handling data leakage processes.

Pages: 50 to 54

Copyright: Copyright (c) IARIA, 2021

Publication date: October 3, 2021

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-894-5

Location: Barcelona, Spain

Dates: from October 3, 2021 to October 7, 2021