8 Steps to Better Security by Crawley Kim;

Author:Crawley, Kim; [Crawley, Kim]
Language: eng
Format: epub
Publisher: John Wiley & Sons, Incorporated
Published: 2021-08-13T00:00:00+00:00

Respond

When anomalies and events happen that may indicate cyber incidents, if we have established the first three functions of the NIST Cybersecurity Framework, we'll be able to notice them clearly and quickly. This leads to the fourth function, Respond, which is their equivalent to the identification or analysis phase in the generic incident response cycle. The response function has six tasks.

At this point, we have made sure that if something suspicious happens in our networks, we can see it. Now we have to do something about it. How your organization responds to a possible cyberattack can make all the difference to your cyber resilience, public reputation, and corporate bottom line. A fast, thorough, and effective response can make a huge difference when it comes to how much harm cyber attackers can do to your precious data assets and systems. Like some forms of cancer, if you catch it quickly, you may even be able to get rid of it completely. The most destructive cyberattacks are the ones that are given plenty of time to do as much damage as they possibly can. You have to make sure your organization is able to fight back ferociously and quickly.

To respond to cyber incidents effectively, the first task is to plan your incident response. Your organization should delegate a CSIRT. Then, you should sit down with your CSIRT and develop plans for addressing a variety of different types of cyber incidents. What should you do if you discover a data breach or malware that affects multiple clients, servers, and networking devices in your network? What if there are indications of an advanced persistent threat in your network? What if multiple devices in your network are hit with distributed denial-of-service (DDoS) attacks simultaneously? Your CISO and other cybersecurity specialists should have a good idea of the different types of cyber threats your network may face. Make sure your organization designs many specific incident response procedures, and make sure you all understand what each of you is supposed to do in each situation. Think of it like doing a fire drill. These incident response procedures may be conducted during and after a cyberattack, depending on the specifics of the situation.

This task is largely the responsibility of your CISO, your legal team, and your public relations team. Depending on the nature of the incident, you may need to contact law enforcement to initiate a thorough criminal investigation. Determine whether the incident has affected your supply chain, your customers, or other stakeholders. If so, how has the incident affected them, or how may it affect them in the near future? Take all of that information and, with the help of legal and public relations specialists, determine how you should be communicating with them about the incident. Also consider your regulatory compliance responsibilities. For example, some data privacy regulations mandate that data breaches are publicly reported within a certain timeframe or else your organization could face expensive fines.

Once a cyber incident has happened, it's time to figure out why and to determine the effectiveness of your response.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.