{"title":"事件响应","authors":"Joakim Kävrestad","doi":"10.4135/9781483381503.n596","DOIUrl":null,"url":null,"abstract":"Are you prepared to manage a security incident? We all love the Sunday papers – until they report the latest high profile breach and we find ourselves answering that Monday morning question, \" how would we deal with this type of incident? \" Incidents are increasing in frequency which means businesses are spending more time and money on remediation – often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT, are difficult and time consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. They also exploit the siloed nature of traditional incident response, that does not necessarily understand the interdependencies in business systems and applications. The maturity of incident response varies considerably, but high performing businesses treat information security breaches as part of their Business Continuity planning. They confidently manage incidents in an efficient, low noise, repeatable manner. A mature approach not only minimizes the impact of a breach on a business and protects valuable data throughout, but also intelligently adapts to prevent further incidents. So how can you drive the maturity of your incident response? Not all incidents are equal To confidently answer the question about how you would respond to an incident, you have to establish a comprehensive, real-time view of network activity. This is the only way to quickly recognize that you are under attack – and dependent on the type of incident – you can then implement a clear plan for the right remedial action for your business. This means that you must be able to classify the incident. Context is important here, as not all incidents are of equal impact – which is why your incident response must be designed with your business goals and compliance requirements front and center. The right intelligence about the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption, returning to business as usual as quickly and smoothly as possible. Good incident response therefore starts with good risk insight and understanding of your information assets. But mature incident response does not necessarily mean spending more on technology. Most organizations that we talk to have all the technology they need in place, such as data loss prevention, perimeter defenses and log management. What they often ask us to help with is …","PeriodicalId":413594,"journal":{"name":"Privacy, Regulations, and Cybersecurity","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Incident Response\",\"authors\":\"Joakim Kävrestad\",\"doi\":\"10.4135/9781483381503.n596\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Are you prepared to manage a security incident? We all love the Sunday papers – until they report the latest high profile breach and we find ourselves answering that Monday morning question, \\\" how would we deal with this type of incident? \\\" Incidents are increasing in frequency which means businesses are spending more time and money on remediation – often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT, are difficult and time consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. They also exploit the siloed nature of traditional incident response, that does not necessarily understand the interdependencies in business systems and applications. The maturity of incident response varies considerably, but high performing businesses treat information security breaches as part of their Business Continuity planning. They confidently manage incidents in an efficient, low noise, repeatable manner. A mature approach not only minimizes the impact of a breach on a business and protects valuable data throughout, but also intelligently adapts to prevent further incidents. So how can you drive the maturity of your incident response? Not all incidents are equal To confidently answer the question about how you would respond to an incident, you have to establish a comprehensive, real-time view of network activity. This is the only way to quickly recognize that you are under attack – and dependent on the type of incident – you can then implement a clear plan for the right remedial action for your business. This means that you must be able to classify the incident. Context is important here, as not all incidents are of equal impact – which is why your incident response must be designed with your business goals and compliance requirements front and center. The right intelligence about the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption, returning to business as usual as quickly and smoothly as possible. Good incident response therefore starts with good risk insight and understanding of your information assets. But mature incident response does not necessarily mean spending more on technology. Most organizations that we talk to have all the technology they need in place, such as data loss prevention, perimeter defenses and log management. What they often ask us to help with is …\",\"PeriodicalId\":413594,\"journal\":{\"name\":\"Privacy, Regulations, and Cybersecurity\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Privacy, Regulations, and Cybersecurity\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4135/9781483381503.n596\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Privacy, Regulations, and Cybersecurity","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4135/9781483381503.n596","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Are you prepared to manage a security incident? We all love the Sunday papers – until they report the latest high profile breach and we find ourselves answering that Monday morning question, " how would we deal with this type of incident? " Incidents are increasing in frequency which means businesses are spending more time and money on remediation – often working in the eye of a corporate storm to resolve issues at the same time as trying to maintain business as usual. Complex threats such as APT, are difficult and time consuming to unpick and may require specialist knowledge and resources to comprehensively resolve. They also exploit the siloed nature of traditional incident response, that does not necessarily understand the interdependencies in business systems and applications. The maturity of incident response varies considerably, but high performing businesses treat information security breaches as part of their Business Continuity planning. They confidently manage incidents in an efficient, low noise, repeatable manner. A mature approach not only minimizes the impact of a breach on a business and protects valuable data throughout, but also intelligently adapts to prevent further incidents. So how can you drive the maturity of your incident response? Not all incidents are equal To confidently answer the question about how you would respond to an incident, you have to establish a comprehensive, real-time view of network activity. This is the only way to quickly recognize that you are under attack – and dependent on the type of incident – you can then implement a clear plan for the right remedial action for your business. This means that you must be able to classify the incident. Context is important here, as not all incidents are of equal impact – which is why your incident response must be designed with your business goals and compliance requirements front and center. The right intelligence about the impact of any incident will drive a proportionate response and focus resources to minimize damage and disruption, returning to business as usual as quickly and smoothly as possible. Good incident response therefore starts with good risk insight and understanding of your information assets. But mature incident response does not necessarily mean spending more on technology. Most organizations that we talk to have all the technology they need in place, such as data loss prevention, perimeter defenses and log management. What they often ask us to help with is …
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
