Executive Summary
This document is an updated deliverable reporting contributions made under Task 3 in work package (WP) 6 of project CyberSEAS. The document encompasses the following content:
- Data breach management frameworks are briefly reviewed in the report where the recommendations and instructions provided by national authorities in different countries including Finland, Germany, Greece and Italy are provided. According to the instructions, management procedure of a data breach incident can be divided into a few major steps such as preparation, detection, containment, recovery and post-incident review. The report briefly reviews the main measures and activities during the steps.
- Recent data breach incidents in different European countries are reviewed. The focus is on incidents in the energy supply chain. In case we’d find no major incidents in the domain that are applicable, incidents in other main infrastructures or other major incidents are reviewed. The aim of the review is to extract best and worst practices as well as to explain the lessons learned from the incidents
- Comparing the data gathered from the incidents and the relevant lessons learned during the studies, a list of recommendations about how to manage data breach incidents is provided.
- A Common model for data breach management is provided by combining existing frameworks into 5 discrete steps describing actions required to prepare, and to react to a data breach event. These steps are in order: preparation, detection, response, recovery, and review. Finally, a practical example of these steps are described by a demonstration done in the Finnish pilot, in which a data breach incident is simulated.
This report is the revised version of the deliverable in Task 6.3. The first version of the deliverable is the foundation of this report.
