Task: Analyze Security OR Data Protection Breach
Having identified a security or data protection breach, it then needs to be analyzed, categorized, and prioritized, and possible impact have to be evaluated. Collecting accurate information is necessary for decision making, defining mitigation plan, and carrying out the plan.
Relationships
RolesPrimary Performer: Additional Performers:
Outputs
    Main Description

    Once a security breach or data protection has been identified, the next step is to analyze and evaluate the potential impact the security or data protection breach may have. The Engagement Manager should ensure that the assessment of each security breach is performed by all Service Engagement stakeholders, so that a detailed view of the overall impact on the Service Engagement is available and subsequently documented. As much as possible, the assessment should be based on tangible facts and a valuation of identified intangible facts (like reputation damage for Client and/or Capgemini).

    The evaluation is needed to assign relative importance to each identified security or data protection breach, and is used in determining when appropriate management attention is required. Having defined the impact, a mitigation plan must be defined. Analysis of the security or data protection breaches should lead to improvement and corrective actions focused on the reduction of the impact as well as volume of the security or data protection breaches. The actions may include isolating affected systems to contain the issue and recovering business services, as well as post incident activites for root cause analysis and lessons learnt.

    The local Security Manager and higher management of Capgemini must always be informed directly when a security breach occurs. In certain cases, Capgemini may need to support the client in a data breach investigation.
    More Information
    Guidelines

    Copyright © 2022 Capgemini. All Rights Reserved.