Discussion on Procedures for testing, enforcing, and investigating breaches of policy.

When the data breach takes place, no matter whether it happens through malicious attack or negligent of employees or even because of any third party, the response always have to be prompt and comprehensive. However, the response is something, which is made when the incident of the breach has happened, but it is vital for companies to stay proactive so that they can detect breaches as early as possible. For this purpose, there should be certain procedures to be followed. There should be a procedure of risk assessment, which always looks for some unforeseen security risks, which can happen in the future. A risk assessment procedure will always keep the company ahead of those, who are looking to breach policy. Moreover, it would allow identifying certain possible threats and vulnerabilities in the system, which can lead to a breach of policy. There should be a plan to mitigate risks by launching a proper investigation. There should be testing on a regular basis to check overall security parameters, which would help to determine the strength of the security system and its capability to detect and investigate any breach happening at any point in time. It is also advised to have a designated team to handle breaches of policy, which should have a close eye on this matter on a constant basis. This is how overall testing, enforcing, and investigation of breaches of policy can be made sure (Sun, 2018)

2. Data breach notification laws.

Security breach notification laws and the data breach notification laws, they both are exactly the same thing. In these laws, they require different individuals or even the entities that are affected by the data breach to notify all of the customers along with different other parties about the breach and then taking up some of the particular steps and that remedy the situation that is completely based on the state legislature. There should be a particular or specific time to report the notifiable breach to the ICO without even causing any delay but this should not be later than the 72 hours after one becomes aware of it completely. (Newhouse, 2017)

3. The process for an incident response to a ransomware event.

As soon as the ransomware is found in the system, it is completely important to contain the different systems as soon as it is possible. Ransomware at times encrypts all of the local files at first place and then moves all the files to shared folders. There is a complete process for an incident response to the ransomware event consists of different following steps:

·         Shutting down the system completely.

·         Turning off the port of the system at a switch.

·         Use all of the network access control for isolating the system.

·         Implementation of the quarantine feature for the solution of EDR.

4. The laws and regulations will often define sensitive or protected data and the reporting requirements in the case of a data breach. Failure to follow the prescribed process can often result in fines or other penalties. From the Christian worldview, which one should be considered first: protecting privacy or complying with the laws and regulations?

There are different kind of the laws and the regulations that may often define out the sensitive along with the protected data and all kind of requirements related to reporting in the case for the data breaching. From the worldview of Christian, the thing that is important and needs to be considered first is the compliance with all of the laws and regulations. When rules and regulation will be followed that are being set in a perfect way then the other things will be done automatically that is the protecting up the privacy in a right manner. Obviously it is very important to cope up with all the privacy issues and to deal with them accordingly so that nothing goes out of the hand. This is also an important thing as to keep all the data safe but on the other hand the thing that is most important is to make sure the rules and regulations that have been made or set are being followed first in a right and honest way and then automatically privacy of the data along with its protection will be followed. These are the small things that needs to be done and if they are being done in a nice and proper way then nothing goes wrong at all.

References of Procedures for testing, enforcing, and investigating breaches of policy:

Newhouse, W. K. (2017). National initiative for cybersecurity education (NICE) cybersecurity workforce framework. . 181.

Sun, N. Z. (2018). Data-driven cybersecurity incident prediction: A survey. IEEE Communications Surveys & Tutorial. 1744-1772.