Introduction
The purpose of this plan is to communicate what steps and procedures would be taken if PSTW Bank customers’ personal information was leaked to the public. PSTW Bank has established this plan to address the immediate requirements for a technological crisis. This plan includes potential crises, key contacts of the crisis management team, the operations center, key audiences, media awareness, and post crisis planning and evaluation. There are also two documents, one document will address the press and one document will address the public. Customers expect their information to be safe and secure once it enters PSTW’s databases, and PSTW is dedicated to keeping it that way. With identity theft on the rise, people are very cautious with who they give their information to. Sony’s PlayStation Network was recently hacked which lead to the leak of millions of customers’ personal account information, credit card numbers, etc. Companies now have to increase their security to make sure the same thing does not happen to them.
Potential Crises
There are a number of potential technological crises that can occur. The first potential crisis is a hacker that hacks into the databases that store personal information of PSTW’s customers. This information includes full names and addresses, social security numbers, etc. This is all information that would allow identity theft to occur. Not only can the information be hacked, but the hacker can also release the information to the public. This would greatly increase the potential for identity theft to occur, since the public has the information. If these crises occurred, customers would no longer trust PSTW with their information and would do business with other companies. In turn, this would lead to a financial crisis within PSTW. PSTW has not previously faced any crises but must prepare for the worst.
Contacts
The single most effective way of dealing with a crisis situation, or a critical incident of a leak in the system is to utilize the Emergency Response Management Team (ERM) and assign them to their position throughout this time the system has a break in the secured system. The ERM is an organized group created to assist the planning for and responding to emergencies of the PSTW bank.
The members are trained in the implementation crisis management plan. These members will be the direct contact and have designated rolls within the organization. Members that are contacted in the sequence of order are as follows: Cynthia Thomas, Tammera Shinar, and Sharon Travis. These are the key people who are designated to specific roles in the PSTW network. Cynthia will be responsible implementing the chain of command by notifying the FBI as well as the FDIC about the infiltration of the PSTW’s secured system. All entities will be contacted to take control of their current department to disseminate all available information. The notification starts with the chief information officer, and ends with all the emergency response leaders. The sequence of events will not be aborted until all information is secured and virtually untouchable to any further unauthorized users. Full cooperation is expected from all of the crisis management team to help. Once all information is accounted for Cynthia will contact all the ERM to help restore the accounts affected by the infiltration. At that point Tammera will need to promote some damage control along with James and Sharon to report the positive outcomes reflected by the appropriate use of the CMT and its effectiveness to help abort any further damage from occurring.

Operations Center
PSTW’s network operation center is location on the third floor at our Corporate headquarter in Downtown Cleveland, Ohio. The operational center is equipped with fifteen highly skillful employees, all facing a video wall, which typically shows details of highly significant alarms, ongoing incidents and general network performance. In addition there is a wall used for showing a news or weather TV channel, so the technicians can be aware of current events which may have an impact on the systems. The technicians are responsible for monitoring the network for certain conditions that may require special attention to avoid impact on the network's performance. They monitor power failures, customers’ personal information, employees’ personal information and other performance issues that may affect the network. The operational center employees’ analysis problems, perform troubleshooting, communicate with site technicians and other, and track problems 24/7. The Operational Center Manager alerts the CIO, the CIO would alert upper management and upper management would alert branch managers when the system has been breech.
PSTW uses a "Virtual EOC". Virtual EOC is a concept wherein command center participants can share information, make decisions, and deploy resources without the requirement to be physically present in the command center. Typically using web-enabled software, a Virtual Command Center allows participants to work from their normal workstation, from home, or from the field. Emergency plans and reports are available from any location. In fact, all information can be maintained in a central database that is available to command center participants from anywhere in the world (DavisLogicInc, 2012).
After an emergency is declared, the Emergency Response Management Team initially meets in the Emergency Operations Control Center to be briefed on the emergency. The Emergency Response Management Team is responsible for creating the overall plan of action for each specific emergency. The implementation of the overall plan is managed and coordinated by the Emergency Coordinator. The Operational Center consists of several members:
 Cynthia Thomas, The Chief Information Officer
 Tammera Shinar, Manager
 Sharon Travis, Emergency Coordinator
 James People, Alternate Emergency Coordinator
 Martin Smiley, Off-site Emergency Coordinator
 Crystal Swiecicki and Angela Wesley are part of the Emergency Response Team Leaders.
Key Audiences
The key stakeholders of PSTW include our customers, victims, employees, our business, hackers, and LifeLock. If our database becomes compromised we have to react quickly to rectify the issue. Our customers will be looking for communication on the infiltration, what we are doing to fix the issue, what we are doing to protect their information in the future, and if they were the victim what assistance is available.
The best way to communicate to our customers is through a letter and email with a phone number to call for further information. Within this letter we would provide information and protective steps offering free credit reports for a year and credit monitoring for the victims. We would also offer 6 months of LifeLock with an offer to purchase at a discounted price within 180 days of the letter.
The company website would also have protective measures that PSTW is taking and also for the customer. This would also be a great way to let the customers know of the business partnership with LifeLock, who will protect the customer’s information and also prove to the customer that PSTW is looking out for them and their business.
TV and Radio would not be the best way to communication to the stakeholders, but within six (6) months PSTW would run ads on how they have recovered from the infiltration and how business is booming because of the partnership. This would also be a great way to let the customers and hackers know that PSTW is a “Say NO to Identity Theft”.
Media Awareness
Should PSTW Bank of America experience an information leakage crisis the organizations leader will contact Tammera Shinar whom is the designated spokesperson for PSTW. Tammera will contact a media representative to set up a media press conference within the first two hours of receipt of verified facts and details associated with the information that has been leaked. Every effort will be made to avoid misrepresentation, misunderstanding or confusion that may result from the use of media. The media press conference will be used to educate the public on the following concerns:
• What type of information has been leaked
• Who is affected (i.e. cities, branch locations)
• What we are doing to resolve the crisis
• What resources we have in place to address the issue
• How we will prevent similar incidents from occurring in the future
James People will be the designee in the facilitation and the flow of information. James will work alongside Tammera to ensure ongoing communication with reporters, news stations, and through radio feed. Once the media press conference had been conducted, the crisis team will monitor all sources of news coverage and immediately address any errors or misrepresentation that might be made.
Media inquiries will be handled through our crisis communication team at our media center. We will assign communicators to handle incoming calls and maintain a log to record all calls and interviews that are requested by the media. The crisis communication team will respond to all requests within a 2 hour time frame. PSTW will also address the public through web response. PSTW’s web programmer will update their website with a link that has posted FAQ’s regarding the information that has been leaked. Additionally, it will provide a list of contacts for the public and the media to address their concerns or questions.
Members of the crisis communication team with work closely with media representatives to help facilitate and control the information that is being released in the media.
Members of the crisis communication team:
• Tammera Shinar, Spokesperson for PSTW Bank of America
P: 1-866-123-4567 tshinar@pstw.com
• Cynthia Thomas, Manager of Command Center
P: 1-866-123-4568 cthomas@pstw.com
• James People, Associate Director of News and Public Information
P: 1-866-123-4569 jpeople@pstw.com
• Sharon Travis, News Writer and Editor
P: 1-866-123-4566 stravis@pstw.com

Post-Crisis Planning and Evaluation
The ERM will secure all documents and electronic data related to the incident. They will be filed systematically and stored in a central location. All duplicates should be destroyed to avoid leakage and inconsistency at a later in time. PSTW bank will be provided with a written report with in twenty- four hours. A review of the risk analysis with ERM will be necessary to explore new avenues in crisis prevention with immediate implementation. This report will be shared with all the ERM staff so the stakeholders can be reassured it was a one-time occurrence.
Tammera will handle the press and identify what happened and the measures taken to abort any further leaks and the success of such a quick response. A thorough operational debrief is necessary for crisis managers and incident victims. Damage control of the stakeholders and employees must set precedence on our quick response (Coakley, 2011). This facilitates proper analysis of the incident and a review of quality in the crisis management; this identifies PSTW fostering good crisis planning. Debriefing should be well-documented, and lessons learned should feed into a review of crisis response planning (Coakley, 2011).
James will work with the PSTW bank by making the appropriate provisions for the extension of gratitude. This must include all team members who helped resolve the incident. Security threats will always be there but by moving forward with new strategies we can provide security of our system and regain the trust of the stakeholders.

Document 1: Internal Company Memorandum
In order for our company to maintain its legitimacy with our investors, employees and customers, it is necessary that we, as a family institution protect all parties from fraud and identity theft. We can accomplish this through a combined effort of vigilance and determination. As a team we are strong. The following actions are effective immediately.
A. Safeguard procedures. All personnel will employ the following procedures to ensure the proper handling of Privacy Act information.
(1) Full social security numbers (SSN) shall not be included as part of any printed personnel reports, correspondence, or local forms, etc., unless specifically required. The only authorized SSN derivative that may be used is the last four digits.
(2) All personnel will adhere to the "no disclosure without consent of the record subject" rule of the Privacy Act and ensure that any "non-consensual" disclosure complies with the specific exception criteria set forth in the Privacy Act system of records notice governing records collection. Further, personnel will also ensure that all personnel requesting access to Privacy Act data have demonstrated a valid "official need to know in order to conduct agency business" before such information is shared.
(3) All personnel are required to password-protect Privacy Act data maintained on network shared drives.
(4) In no case is it ever permissible to post Privacy Act data to publicly accessible web sites.
(5) Data files containing Privacy Act data requiring movement from one system to another through or across the company network shall be encrypted, password protected and transported using secure file transfer protocol (FTP) or virtual private network (VPN).
(6) Privacy Act data will not be stored on a removable storage device, thumb drive, floppy, cd-rom, dvd or laptop unless encrypted and password protected.
(7) Privacy Act data will not be maintained on personal computers/devices.
(8) Documents containing Privacy Act information will be marked “For Official Use Only” and shredded when no longer required.
(9) All personnel who handle Privacy Act data must complete Privacy Act training prior to gaining access to Privacy Act records.
A. Transporting Privacy Act Material
(1) All personnel tasked with transporting records containing Privacy Act data will transport data in a manner that prevents disclosure of the contents.
(2) A cover sheet stating "For Official Use Only" must be used on all documents containing Privacy Act data. Remember, we are here to serve each other and support not only the institution, but we have a responsibility to protect all of our families from outside threats. Document # 2
If a breach of security happened at PSTW the CEO of our organization would address the local media outlets as while as national outlets like HLN and CNN. There will also be letters send to our customers and clients explaining the situation and corrective actions. The CEO would conduct a televised press conference as followed.
“As you all know PSTW is one of the most reliable and trustworthy organizations in the country. However, the same cannot be said of all of our citizens here or aboard. With that being said, I am here to announce to everyone that there has been a breach in our security systems and our customers are at risk. We have taken extreme and corrective measures to insure that this violation will never happen again. Immediately after discovering the infringement, PSTW assembled an Emergency Response Management Team to investigate this rupture in our security systems. We have technical experts tracking the hackers working alongside the local authorities in Cleveland and the FBI. We also contacted the major credit rating agencies (Equifax, TransUnion, and Experian) so that they can notify PSTW or law enforcement of any and all activities, at our expense. We made a promise to protect our customers and clients and we will keep that promise by bringing the individuals responsible to justice. For the customers that are impacted by this situation we advise them to take preventative actions as well because this will help reduce the possibility of criminals using their information.
Furthermore, all PSTW accounts, web usage, and other transactions have been temporarily suspended until counteractive measures are complete per our company protocol. We truly apologize for any convenience. Company is taken every step to ensure our customer information is secured. If you have any concerns you may contact, Emergency Command Center P: 1-866-123-4568. We are here to answer questions or address any concern you may have 24/7. Sincerely Yours,
PSTW Bank
Conclusion
Rapid technological changes, the rapid growth of the Internet and electronic commerce, and the development of more sophisticated methods of collecting, analyzing, and using personal information have made Identify leak an issue and concerns. Hackers are using sophisticated technology to breach secured system to obtain personal information. Our company is the gate keeper of sensitive personal information about customers and employees. Therefore it is our duty and responsibility to safeguard our customers and employees personal information at all cost. PTSW have a sound security plan in place to help us in the event that our system is breach. PTSW have develop mechanisms that protect information security and data integrity, and to enforce company privacy policies. In the event of a breach we have an Emergency Response Team that will identified the problems and resolve it quickly, to ensure our customers and employees privacy and security will not be compromise.

References
Coakley, M. (2011). Attorney General, Retrieved February 9, 2012 from Website:http://www.mass.gov/ago/consumer-resources/consumer-information/scams-and- identity-theft/security-breaches.html
Crews, C.W., & Oberwetter, B. (2006). Preventing identity theft and data security breaches. Retrieved February 11, 2012 from Website: http://cei.org/pdf/5316.pdf
Davis Logic Inc. (2012). Virtual Emergency Operations Centers. Retrieve February 4, 2012 from Website: http://www.davislogic.com/command.htm#Virtual.
Locklock (2012) Retrieve, February 9, 2012 from Website: http://www.lifelock.com/.
Peoples, J. (2012). Completed Document 1. MBA student at Keller Graduate School of Management.
Shine, T. (2012). Completed Media Awareness. MBA student at Keller Graduate School of Management.
Smiley, M. (2012). Completed Document # 2. MBA student at Keller Graduate School of Management.
Swiecicki, C. (2012). Completed introduction and potential crises. MBA student at Keller Graduate School of Management.
Thomas, C. (2012).Completed contacts and post-crisis planning and evaluation. MSN student at Chamberlain College of Nursing.
Travis, S. (2012). Completed operational center and conclusion. MBA student at Keller Graduate School of Management
Wesley, A. (2012). Completed key audience. MBA student at Keller Graduate School of Management.