Cybersecurity Field Guide #2:
How to Survive
an Attack
Yes you can survive an attack. An effective Cybersecurity Incident Response Plan (CSIRP) will guide your organization’s management of a potential data breach in a way that supports rapid – yet still thoughtful – actions. You can maintain confidence, even in trying times, that operations can be restored to normal. Let’s crack open the hood on your CSIRP. And remember it’s only part of your larger security program and one that must be continually assessed. The result is much less overwhelming in times of chaos.
Like this guide? Here’s a link to view other guides.
Take a Look Inside
Develop. Test. Adapt. Refine. Your CSIRP needs proactive and reactive perspectives. Explore recommendations you can actually use to help you build confidence in your response plan and better recover from an attack. Check out these pages.
Expect the Unexpected
Criminals. Nation States. Ransomware. Malicious Insiders. Malware. Phishing. The list goes on (and on and on).
But just because there are a lot of moving parts to cybersecurity doesn’t mean you can’t be prepared to respond to a data breach or other security incident.
If you’ve done your job correctly, you’ll never ask “now what?” when such an incident occurs, because you’ll already have a cybersecurity incident response plan in place that defines exactly what you need to do.
The Topics and Summaries
The CSIRP should establish an appropriate and effective process for different types of breaches. While minor breaches can be left to the discretion of the CSIRP manager, others may require a collaboration of the entire CSIRP team.
- Assess. Collect. Analyze. Investigate. Remediate.
- Cybersecurity vs Physical Security.
CSIRP creation is resembles creating a continuity or disaster recovery plan, however the CSIRP focuses more on specific risks. The first step is to adopt an industry-standard IR framework, such as NIST 800-61, to set the foundation for your plan and dramatically reduce “trial and error” that inevitably comes with “do-it-yourself” approaches. Here are some best practices.
- Preparation
- Detection and analysis
- Containment, eradication and recovery
- Post-incident follow-up
According to the Optiv “State of the CISO” report, 36 percent of CISOs said they do not practice their IR plans at least once per year. Given the complexity of responding to a cyber incident, this is not enough. Your employees may have been given all the manuals, documentation and information they will need in the event of an incident; however, there is no substitute for actual practice. Testing your team with real-world simulations is the best way to know if your plan is accomplishing everything you need it to.
- How often to practice and update
- What form should testing take? Technical simulations? Tabletop exercises?
- Take it a step further with forensics
This is where the rubber hits the road. You must make it clear who is accountable for detecting incidents and who is responsible for escalating and resolving incidents. A CSIRP is never final: it must continually evolve to properly support your changing environment and attack surface.
Field Guide Library
CYBERSECURITY FIELD GUIDE #1
What to Do When Everything Changes
COVID-19 meant an accelerated digital transformation (change, change and more change). But it won’t be the only thing that rattles your environment. Our first guide will help you navigate cybersecurity complexities in a world where innovation never stops, and small and large threats arise daily.
CYBERSECURITY FIELD GUIDE #2
How to Survive an Attack
Looking to create an effective, comprehensive response to cyber attacks? Well, this is the Field Guide for you. It looks at how – from assembling your cross-functional team to tabletop exercises and war games – to mitigation if the unthinkable happens.
CYBERSECURITY FIELD GUIDE #3
Get SASE to Accelerate Your Digital Transformation
Let's clear up SASE confusion. Optiv's third Cybersecurity Field Guide will help you better understand SASE, the promise of its future, its benefits and hurdles and includes a list of providers.
CYBERSECURITY FIELD GUIDE #3.5
How to Effectively Implement and Operationalize SASE
This guide offers advice on how to prepare, plan, design, implement, operate and optimize your custom SASE plan.
June 08, 2020
This guide helps navigate cybersecurity’s complexities in a world where innovations and threats arise seemingly daily.
Download
November 04, 2020
SASE isn’t a new technology – it’s a vision for converging existing networking and security capabilities in a cloud-delivered service. Of course,...
Download
November 18, 2020
This guide offers advice on how to prepare, plan, design, implement, operate and optimize your custom SASE plan.
Download
Join Our Email List
We take your privacy seriously and promise never to share your email with anyone.
