Involving “Legal” in Incident Response: The Three Pillars

As cybersecurity has become one of the defining issues of our era, it has intertwined with legal concerns to the point that the two can no longer be completely separated. Where it was once possible for security and legal teams to have minimal interaction, current laws, regulations, and the growing severity of cyberattacks necessitate regular collaboration between these groups.

The problem is, responding to a single security incident might require involvement from both the legal and cybersecurity incident response teams, but these groups often use different tools, gather different data, and are concerned with completely different aspects of the incident. This makes communication—let alone collaboration—especially difficult; these are teams that speak different languages and think in different terms.

At D3, we’ve designed our Incident Response Platform to support deep collaboration between Legal and Security, and we think a solution like ours can go a long way toward bridging the gap we see in so many organizations. That’s why we’ve published a briefing titled Legal Collaboration in Cybersecurity Incident Response. In this paper, we set out a strategy you can use to align your incident response and legal interests, including key points of collaboration—such as involving Legal when developing your incident response program—and how to record and manage the right information so that Legal always has what they need. We discuss each issue from both the general security perspective and the legal team’s perspective, so no matter which group you’re part of, you’ll gain some new understanding about the other side.

We also describe some key features that your incident response platform should have in order to support legal collaboration, and how we utilize them in D3’s solution. These features include legal endorsement, data breach notification, and information access controls.

A significant cybersecurity incident now often means dealing with state data breach laws, industry regulations, class action lawsuits, and maybe even pursuing legal action against attackers. So any organization dealing with cyberattacks should be considering how legal collaboration fits into their incident response program.

Read the briefing here and get all the details you need to start building a meaningful relationship between your security and legal teams.

Social Icon
Walker Banerd

Walker is D3 Security's Director of Content Marketing. He leads the writing of D3's blog, as well as white papers, industry briefings, and other thought leadership. Walker's expertise is translating technical concepts into easily understandable content, with a focus on software, cybersecurity, and compliance solutions.