Sam Havron,
MetaWhen a privacy incident occurs, our incident management process kicks in to quickly identify the root cause, mitigate the issue, and conduct a post-mortem review. While a post-mortem ensures the same incident doesn't reoccur, we want to take a more proactive approach and prevent similar incidents and enhance our privacy posture. This however could face challenges resulting from a lack of visibility and insufficient metrics. Incident owners may not be aware of similar incidents that require joint analysis, leading to missed systemic root causes. Furthermore, measurements to determine the frequency of similar incidents could be lacking to assess the effectiveness of our prevention efforts. To address these challenges, we've developed a program along with tooling to identify, analyze, and remediate systemic privacy incidents. In this talk, we'll cover our approach to tackling these clusters, including:
- Automated Cluster Identification: Using heuristic and LLM-based methods to automatically identify clusters
- Analysis and Remediation: Analyzing prioritized systemic clusters and holding teams accountable for remediation
- Regression Alerting: Implementing alerting systems to detect regressions and prevent similar incidents from happening again
Join us as we share our experiences and insights on tackling systemic privacy incident clusters and improving incident management processes.
Authors: Sam Havron,
Meta (Speaker); David Huang,
Meta (Not Speaking)https://www.usenix.org/conference/pepr25/presentation/havron
