BREACH MGTCYBERSECURITY

Prevention, Detection, and Recovery from Cyberattacks

2 Mins read

The second blog post in the series of Prevention, Detection, and Recovery from Cyberattacks.

The global survey conducted by Ponemon Institute and sponsored by IBM Security surveyed 3400 IT and IT security practitioners about their organizations’ approach to becoming resilient to security threats.

The fifth annual Cyber Resilient Organization Report noted that the vast majority of organizations surveyed (74%) are still reporting that their plans are either ad-hoc, applied inconsistently, or that they have no plans at all. Additionally, more than half (52%) of those with security response plans said they have never reviewed or have no set time period for reviewing or testing those plans

With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that surveyed businesses may be relying on outdated response plans which do not reflect the current threat and business landscape.

We have noted below relevant points (checklist) that will assist your organization to perform a quick review of the incident response plans.

Can you please post how your organization performs the periodic reviews of incident response plans? What do you feel is the best approach?

Review if plans are comprehensive

The comprehensive plan needs to address the six stages listed below:

PreparationIdentificationContainmentEradicationRecoveryLessons Learned

The listed below are a few question auditors can ask to conclude if the plans are comprehensive:

  • Team – Is the team ready to handle any kind of threat, have they trained adequately, and do they perform simulation exercises like Tabletop simulation or war games?
  • Identification – Is the process in place to detect and identify the type and criticality of an incident, analyze the impact and associated risks?
  • Containment – Is the process in place to contain and limit the damage, mitigate the risk, resolve the attack, and resume business?
  • Eradication – Does the organization have a problem resolution team or third-party support to identify and eradicate the root cause?
  • Recovery and lesson learned – Does the organization have a process in place to analyze and modify the plan post-attack to prevent future ones?
  • Communication – Communication is the key when an attack is underway, so ensure that you establish a good communication flow as part of your response plan?

Standards

Auditing and reviews allow an organization to validate its  compliance effectiveness with the incident management standards they have set for themselves and to measure the risk appetite. Below are some standards for your ready reference:

StandardsIncident Management Control Reference
NIST Cybersecurity FrameworkPR.IP-9, PR.IP-10, DE.AE-4, DE.AE-5, DE.DP-4, RS.RP-1, RS.CO-1, RS.CO-2, RS.CO-3, RS.CO-4, RS.CO-5, RS.AN-1, RS.AN-2, RS.AN-3, RS.AN-4, RS.MI-1, RS.MI-2, RS.MI-3, RS.IM-1, RS.IM-2, RC.RP-1, RC.IM-1, RC.IM-2, RC.CO-1, RC.CO-2, RC.CO-3
FIPS PublicationsAll current FIPS Publications especially FIPS 140-2
NIST 800-53 (rev4)IR-1 to IR-8
NIST 800 SeriesNIST SP 800-61, NIST SP 800-86
HIPAA / HITECHHIPAA 164.308(a)(6)
NERC CIP (v5)CIP-008-5
ISO 27000: 2013Section A.16.1.1, A.16.1.2, A.16.1.3, A.16.1.4, A.16.1.5, A16.1.6
COBIT 5DSS02
CIS Critical Controls (v6.1)CIS Control 19
PCI DSSSection 12.10.2, 12.10.3, 12.10.4, 12.10.5, and 12.10.6 
Related posts
CYBERSECURITY

Prevention, Detection and Recovery from Cyberattacks

2 Mins read
This is a sixth blog post in the series of Prevention, Detection, and Recovery from Cyberattacks. The global survey conducted by Ponemon…
BREACH MGTCYBERSECURITY

Prevention, Detection and Recovery from Cyberattacks

3 Mins read
During the team discussion about next-gen tools and techniques for prevention, detection, and recovery from cyberattacks, we started looking at some of…
CYBERSECURITY

Artificial Intelligence Governance Part I

3 Mins read
In Part I of the article we will discuss the challenges facing AI Governance. It’s not a surprise that every new cyber…
 

Leave a Reply

Your email address will not be published. Required fields are marked *