9.2 – Respond to Cybersecurity Breaches
Purpose & Context
Career Development Professionals (CDPs) report suspicious events or unusual activity when using organizational IT systems to a designated authority to determine if the incident is indicative of a security breach. A breach of security of safeguards involving personal information might result in potential harm to individuals whose personal information might have been accessed.All security breaches of personal information must be reported in compliance with data breach regulations. Affected individuals must be informed of situation as soon as possible, informed of what steps are being taken to reduce the risk of harm, and given guidance on actions required to mitigate possible further harm.
Effective Performance
Competent career development professionals must be able to:
- P1. Recognize possible security incident, for example:
- Unusual login times
- Unexpected restarts
- Configuration changes with no previous approval
- Unexpected user account lockouts
- Passwords changes
- Repeated system or application crashes
- Abnormal behaviours during browsing
- P2. Report suspected security breach to designated authority as per organizational policies and procedures
- P3. Assess likelihood of risk of harm of affected individuals
- P4. Document observed incidents:
- Date
- Circumstances
- Type of information at risk
Knowledge & Understanding
Competent career development professionals must know and understand:
- K1. Legislation and regulations, e.g. Personal Information Protection and Electronic Documents Act (PIPEDA)
- K2. Organizational policies and procedures relevant to security incidents
Contextual Variables
Competent career development professionals must be able to perform this competency in the following range of contexts:
There may be additional provincial/territorial reporting requirements depending on the CDP’s geographic location.
Glossary & Key References
Terms
Industry-specific terms contained in the standard defined here, where applicable.
Information Sources and Resources for Consideration
How to detect data breaches before it is too late. Accessed February 20, 2020. CCSI. https://www.ccsinet.com/blog/how-to-detect-data-breaches-before-its-too-late/
Context Rating Scales
Criticality
Q: What is the consequence of a professional being unable to perform this skill according to the standard?
Frequency
Q: How frequent and under what conditions is this skill performed?
Level of Difficulty
Q: Under routine circumstances, how would you rate the level of difficulty in performing this skill?
Time Required to Gain Proficiency
Q: What is the average length of time or number of repeated events that are minimally necessary for an individual to become proficient in performing the skill to the standard?
A career development professional must complete required organizational training and refresher training to ensure comprehensive understanding of security policies and procedures as soon as possible upon onboarding. CDPs must take all measure to support a security culture within the organization.
Autonomy
Practitioners typically perform this competency without supervision, and as part of a team.
Automation
It is unlikely that this competency will automate.