GDPR Process - Data Breach Detection

Data Breach Detection

GDPR compliance prefigures a process where data management, once established, is constantly monitored to identify signs of violations, i.e., data breaches.

To this end, your organization must setup a well-suited monitoring environment and tools through which such incidents can be quickly detected and notified to security operators and data protection officer (if any).

This activity includes the identification, collection, storage and correlation of events capable to highlight data breaches and allow security operators to investigate them to accurately characterize their actual impact.

Data Breach Detection - How To

Add Data Breach Detection for each Data Audit

In the edit page of the data audit, just click on the add (+) icon for the field "data breach detection". Then, you can insert all details about the data breach detection technique. In this case, data breach detection is handled by Attack Prophecy, an advanced software by Pluribus One for the detection of attacks against web services.

Please note that in general, for each data breach detection technique, you should specify:

  • How breach detection is possible: how unexpected data breaches can be detected. This phase usually requires sophisticated systems such as Attack Prophecy, capable to detect unexpected behavior of your applications and users.
  • Residual risk (of missing data breaches): a residual risk for the data breach detection, that is, an evaluation of the residual risk of missing data breaches given the detection technique that has been put in place. This should be the output of a detailed risk analysis that evaluates likelihood and impact of undetected data breaches for the considered data audit (in this case, identity documents), given the adopted detection technnique.

Add Data Breach detection Data Breach Detection