Incident Management
As discussed in Chapter 3, the threat landscape is diverse when it comes to social media. A well-thought-out incident response program is necessary to manage this changing landscape. An incident, as it relates to the company’s information assets, can take one of two forms:
Electronic
Physical
Electronic incidents range from an attacker or user accessing the network for unauthorized/malicious purposes, to a virus outbreak, to a suspected Trojan or malware infection, to the posting of disparaging comments and lies. Physical incidents include theft or loss of a device such as a laptop, mobile device, PDA/smartphone, portable storage device, or other digital apparatus that may contain company information.
With your complete toolset in place for managing and monitoring social media activity, you can now track and report on the problems. The most important preparation work, outside of a robust education regimen, is maintaining good security controls that will prevent incidents. Prior to an incident, you should have identified potential scenarios that could create an incident and responsibilities for responding to different types of incidents. IT Security, Marketing, and Legal should coordinate their efforts to ensure an appropriate legal and customer-centric response. Legal is especially important because they can make sure your response is in adherence to any regulations that affect your company.
When you suspect a loss of data or brand attack is being launched against your company, your tools and alerting mechanisms should allow you to respond quickly. If you have Google Alerts set up as a manual check, you would receive an e-mail about a potential attack if you have the right keyword searches in place. Incident management includes a number of basic steps that are usually taken. In Table 13-3, we have detailed the minimal number of steps and how our fictional company JAG could respond to a potential incident, after putting some of the right processes in place. JAG’s marketing manager inadvertently posted a list of customer names and addresses on the company website as an attached PDF to a blog post, when the attachment should have been a product overview sheet. Incorrect files are sent out pretty frequently, as is the case with this JAG post.
