Develop incident response plan

Develop:

incident record
incident response plan

Example:

Data Breach Report Template

Incident ID: Auto-generated
Date and Time of Discovery
Affected Drupal Modules: List modules that are compromised.
Data Types Exposed: E.g., Student grades, faculty information.
Immediate Actions Taken: Steps taken to contain the breach.
Involved Parties: Names and roles of people involved in the response.

DDoS Attack Report Template

Incident ID: Auto-generated
Date and Time of Onset
Affected URLs: Specify which parts of the Drupal site were targeted.
Traffic Patterns: Describe the abnormal traffic patterns observed.
Mitigation Steps: Actions taken to mitigate the attack.
External Support: If third-party DDoS protection services were engaged.

Drupal Website Compromise Checklist

Isolate Affected Servers: Disconnect compromised servers from the network.
Scan for Malware: Use tools like Drupalgeddon to scan for known vulnerabilities.
Check User Roles: Verify if any unauthorized admin accounts were created.
Review Logs: Check Drupal and server logs for suspicious activity.
Update and Patch: Apply security patches to Drupal core and modules.

Data Breach Response Checklist

Identify Affected Data: Determine what types of data were exposed.
Notify CISO: Immediate notification for high-level oversight.
Engage Legal Counsel: To assess data breach notification requirements.
Inform Affected Parties: Notify students, faculty, and staff as required by law.
Document Actions: Maintain a record of all actions taken during the response.

Be aware of your local legal requirements:

Australia:

Edited Jul 10, 2024 by Janna