Justice Department Releases Guidance on Best Practices for Cyber Incident Preparedness
Time 2 Minute Read
Categories: Cybersecurity, Security Breach

Last week, the Cybersecurity Unit of the U.S. Department of Justice (the “Justice Department”) released a guidance document, entitled Best Practices for Victim Response and Reporting of Cyber Incidents (“Guidance”), discussing best practices for cyber incident response preparedness based on lessons learned by federal prosecutors while handling cyber investigations and prosecutions. The Guidance is intended to assist organizations with preparing to respond to a cyber incident, and emphasizes that that the best time to plan a cyber response strategy is before an incident occurs. The Justice Department drafted the Guidance with smaller, less-experienced organizations in mind, but also believes that larger organizations may benefit from its summary of best practices.

To help develop a cyber incident response strategy, the Justice Department recommends that organizations take the following precautions:

  • Identify the organization’s mission critical data and assets (i.e., the “crown jewels”);
  • Develop an actionable, up-to-date incident response plan before an intrusion occurs;
  • Have appropriate authorization in place to permit lawful network monitoring;
  • Ensure the organization has legal counsel available that is familiar with technology and cyber incident management;
  • Ensure the organization’s policies, such as human resources and personnel policies, align with its cyber incident response plan;
  • Engage with federal law enforcement agencies before an incident occurs; and
  • Establish relationships with cyber information sharing organizations, such as Information Sharing and Analysis Centers.

In addition, the Guidance recommends best practices for preparing an actionable cyber incident response plan that contains procedures and guidance for responding to a cyber incident. The Justice Department recommends that an organization’s response plan be vetted and, at minimum, contain the following steps as part of the incident response process:

Step 1: Make an initial assessment of the nature and scope of the incident.

Step 2: Implement measures to minimize ongoing damage from the incident.

Step 3: Record and collect information and evidence associated with the incident.

Step 4: Provide internal and external notifications regarding the incident.

After recovering from a cyber attack or intrusion, the Justice Department recommends that a breached organization conduct a post-incident review of its response to the incident and assess the strengths and weaknesses of its performance and incident response plan.

Tags: Department of Justice, Hacker
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Plaintiffs Allege Violation of Bulk Data Transfer Rule in Class Actions

On September 2, 2025, two class actions were filed in federal district court alleging that defendants digital advertising platforms Xandr, Inc. and Index Exchange, Inc. violated the Electronic Communications Privacy Act by unlawfully intercepting wire communications for the purpose of violating the Department of Justice’s Bulk Data Transfer Rule.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
DOJ Issues Guidance, FAQs and Implementation Policy on Bulk Transfers of Sensitive U.S. Personal and Government Data

On April 11, 2025, the U.S. Department of Justice issued a compliance guide, FAQs and an Implementation and Enforcement Policy to assist organizations to comply with the DOJ’s final rule implementing Executive Order 14117 (Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern). The guidance comes just days after certain of the final rule’s provisions became effective on April 8, 2025.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 1 Minute Read
DOJ Final Rule on Bulk Transfer of Sensitive U.S. Personal and Government Data to Countries and Persons of Concern Goes Into Effect

On April 8, 2025, the Department of Justice’s Final Rule restricting the bulk transfer of sensitive U.S. personal and government data to certain countries and persons of concern went into effect.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 5 Minute Read
CISA Publishes Security Requirements Pursuant to EO 14117 for DOJ Rulemaking on Restricted Data Transactions

On January 8, 2025, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published finalized Security Requirements for Restricted Transactions as designated by the Department of Justice in the DOJ’s final rulemaking, each pursuant to Executive Order 14117 (Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern). The Requirements and DOJ rule will go into effect on April 8, 2025.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page