Incident Response

Privacy, Regulations, and Cybersecurity Pub Date : 2018-12-09 DOI:10.4135/9781483381503.n596

Joakim Kävrestad

{"title":"Incident Response","authors":"Joakim Kävrestad","doi":"10.4135/9781483381503.n596","DOIUrl":null,"url":null,"abstract":"Are you prepared to manage a security incident? We all love the Sunday papers – until they report the latest high profile breach and we find ourselves answering that Monday morning question, \" how would we deal with this type of incident? \" Incidents are increasing in frequency which means businesses are spending more time and money on remediation – often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT, are difficult and time consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. They also exploit the siloed nature of traditional incident response, that does not necessarily understand the interdependencies in business systems and applications. The maturity of incident response varies considerably, but high performing businesses treat information security breaches as part of their Business Continuity planning. They confidently manage incidents in an efficient, low noise, repeatable manner. A mature approach not only minimizes the impact of a breach on a business and protects valuable data throughout, but also intelligently adapts to prevent further incidents. So how can you drive the maturity of your incident response? Not all incidents are equal To confidently answer the question about how you would respond to an incident, you have to establish a comprehensive, real-time view of network activity. This is the only way to quickly recognize that you are under attack – and dependent on the type of incident – you can then implement a clear plan for the right remedial action for your business. This means that you must be able to classify the incident. Context is important here, as not all incidents are of equal impact – which is why your incident response must be designed with your business goals and compliance requirements front and center. The right intelligence about the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption, returning to business as usual as quickly and smoothly as possible. Good incident response therefore starts with good risk insight and understanding of your information assets. But mature incident response does not necessarily mean spending more on technology. Most organizations that we talk to have all the technology they need in place, such as data loss prevention, perimeter defenses and log management. What they often ask us to help with is …","PeriodicalId":413594,"journal":{"name":"Privacy, Regulations, and Cybersecurity","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Privacy, Regulations, and Cybersecurity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4135/9781483381503.n596","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

Are you prepared to manage a security incident? We all love the Sunday papers – until they report the latest high profile breach and we find ourselves answering that Monday morning question, " how would we deal with this type of incident? " Incidents are increasing in frequency which means businesses are spending more time and money on remediation – often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT, are difficult and time consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. They also exploit the siloed nature of traditional incident response, that does not necessarily understand the interdependencies in business systems and applications. The maturity of incident response varies considerably, but high performing businesses treat information security breaches as part of their Business Continuity planning. They confidently manage incidents in an efficient, low noise, repeatable manner. A mature approach not only minimizes the impact of a breach on a business and protects valuable data throughout, but also intelligently adapts to prevent further incidents. So how can you drive the maturity of your incident response? Not all incidents are equal To confidently answer the question about how you would respond to an incident, you have to establish a comprehensive, real-time view of network activity. This is the only way to quickly recognize that you are under attack – and dependent on the type of incident – you can then implement a clear plan for the right remedial action for your business. This means that you must be able to classify the incident. Context is important here, as not all incidents are of equal impact – which is why your incident response must be designed with your business goals and compliance requirements front and center. The right intelligence about the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption, returning to business as usual as quickly and smoothly as possible. Good incident response therefore starts with good risk insight and understanding of your information assets. But mature incident response does not necessarily mean spending more on technology. Most organizations that we talk to have all the technology they need in place, such as data loss prevention, perimeter defenses and log management. What they often ask us to help with is …

查看原文本刊更多论文

事件响应

你准备好处理安全事故了吗?我们都喜欢周日的报纸——直到他们报道了最新的引人注目的数据泄露事件，我们才发现自己在回答周一早上的问题:“我们将如何处理这类事件?”事件发生的频率越来越高，这意味着企业在修复上花费了更多的时间和金钱——通常是在企业风暴的中心解决问题，同时试图维持正常的业务。复杂的威胁，如APT，难以破解且耗时，可能需要专业知识和资源才能全面解决。它们还利用了传统事件响应的孤立性，这并不一定理解业务系统和应用程序中的相互依赖关系。事件响应的成熟度差异很大，但高绩效的企业将信息安全漏洞视为其业务连续性计划的一部分。他们自信地以高效、低噪音、可重复的方式处理事件。成熟的方法不仅可以最大限度地减少违规对业务的影响，并始终保护有价值的数据，而且还可以智能地适应以防止进一步的事件。那么，您如何推动事件响应的成熟度呢?要自信地回答你将如何应对事件的问题，你必须建立一个全面的、实时的网络活动视图。这是快速识别您受到攻击的唯一方法-并且取决于事件的类型-然后您可以为您的业务实施正确的补救行动的明确计划。这意味着你必须能够对事件进行分类。上下文在这里很重要，因为并非所有事件都具有相同的影响——这就是为什么您的事件响应必须以您的业务目标和遵从性需求为中心进行设计的原因。关于任何事件影响的正确情报将推动适当的反应，并集中资源以尽量减少损害和中断，尽可能快速平稳地恢复正常业务。因此，良好的事件响应始于良好的风险洞察力和对信息资产的理解。但成熟的事件响应并不一定意味着在技术上投入更多。与我们交谈的大多数组织都拥有所需的所有技术，例如数据丢失预防、外围防御和日志管理。他们经常要求我们帮忙的是……

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Privacy, Regulations, and Cybersecurity

自引率

0.00%

发文量