Beazley, Navigant Release Information Security Incident Response Guide

PHILADELPHIA, April 22, 2014 (GLOBE NEWSWIRE) -- Today, Beazley, the pioneer in breach response insurance, and Navigant (NYSE:NCI), a leading provider of complex data management, data analysis and forensic investigative services, announced a joint Information Security Incident Response Guide to provide a roadmap for companies to prepare for and manage the aftermath of a data security breach. The guide, which will be available to Beazley Breach Response (BBR) policyholders, addresses the increasing need for effective risk management on the part of companies hoping to limit the damage caused by a data breach.

Both Beazley and Navigant have seen an uptick in clients' malware intrusions, social engineering attacks, unauthorized network access, lost or stolen devices and other data security breaches. The Information Security Incident Response Guide addresses these and other common information security incidents, while highlighting the varied components of an effective response by providing in-depth case studies and best practices for preparation, risk assessment, and incident documentation.

"When hit with a security attack most organizations are surprised. They are thrown into reactive crisis mode and don't know what to do.  A breach isn't always a disaster.  Mishandling it is," said Katherine Keefe, head of BBR Services, the dedicated business unit established by Beazley to help clients handle data breaches successfully. "We partnered with Navigant to put the Information Security Incident Response Guide into the hands of our policyholders to make them aware of security threats and to better prepare for them."

As the number of high-profile data breaches has risen, companies in every industry have found themselves scrambling to respond to an attack.  "Organizations today are facing a multitude of challenges related to consumer, employee and partner data protection," said Steve Visser, Managing Director in Navigant's Disputes & Investigations practice. "Our Information Security Incident Response Guide offers a roadmap to help clients address these challenges and effectively move forward."

Faced with a quickly-evolving breach, companies often neglect to document and collect evidence in real time, or may even damage or ruin forensics evidence, hampering the investigation and leaving them vulnerable to future attacks.  The guide provides recommendations for setting an accurate incident timeline and chain of custody to help prevent the omission or destruction of forensics evidence.

In addition to outlining potential data breach events, the guide provides important questions for company officials to ask and answer when investigating a breach. It also identifies common containment tasks, evidence sources, and preservation techniques.

Preparation is an important component as well. The guide contains examples of information security incident reports used to log cases and response contact lists used to store contact information of key partners. A summary of policies and programs recommended to implement company-wide focuses on equipping employees with data security training and knowledge.

"We not only help our customers investigate and respond to data breaches," said Keefe. "As this guide illustrates, we also strengthen their defenses because prevention is better than cure."