CYBERSECURITY FIELD GUIDE #2.0
How to Survive an
Criminals. Nation States. Ransomware. Malicious Insiders. Malware. Phishing. Just because there are a lot of moving parts to cybersecurity doesn’t mean you can’t be prepared to respond to a data breach.
Expect the Unexpected
Criminals. Nation States. Ransomware. Malicious Insiders. Malware. Phishing. The list goes on (and on and on).
But just because there are a lot of moving parts to cybersecurity doesn’t mean you can’t be prepared to respond to a data breach or other security incident.
If you’ve done your job correctly, you’ll never ask “now what?” when such an incident occurs, because you’ll already have a cybersecurity incident response plan in place that defines exactly what you need to do.
The Topics and Summaries
The CSIRP should establish an appropriate and effective process for different types of breaches. While minor breaches can be left to the discretion of the CSIRP manager, others may require a collaboration of the entire CSIRP team.
- Assess. Collect. Analyze. Investigate. Remediate.
- Cybersecurity vs Physical Security.
CSIRP creation is resembles creating a continuity or disaster recovery plan, however the CSIRP focuses more on specific risks. The first step is to adopt an industry-standard IR framework, such as NIST 800-61, to set the foundation for your plan and dramatically reduce “trial and error” that inevitably comes with “do-it-yourself” approaches. Here are some best practices.
- Detection and analysis
- Containment, eradication and recovery
- Post-incident follow-up
According to the Optiv “State of the CISO” report, 36 percent of CISOs said they do not practice their IR plans at least once per year. Given the complexity of responding to a cyber incident, this is not enough. Your employees may have been given all the manuals, documentation and information they will need in the event of an incident; however, there is no substitute for actual practice. Testing your team with real-world simulations is the best way to know if your plan is accomplishing everything you need it to.
- How often to practice and update
- What form should testing take? Technical simulations? Tabletop exercises?
- Take it a step further with forensics
This is where the rubber hits the road. You must make it clear who is accountable for detecting incidents and who is responsible for escalating and resolving incidents. A CSIRP is never final: it must continually evolve to properly support your changing environment and attack surface.
Yes you can survive an attack. An effective Cybersecurity Incident Response Plan (CSIRP) will guide your organization’s management of a potential data breach in a way that supports rapid – yet still thoughtful – actions. You can maintain confidence, even in trying times, that operations can be restored to normal. Let’s crack open the hood on your CSIRP. And remember it’s only part of your larger security program and one that must be continually assessed. The result is much less overwhelming in times of chaos.
Optiv Field Guide Library
Designed with you in mind – with easily searchable content – these field guides will become a “go-to” reference for all your cybersecurity strategies and tactics. Each one is topic-specific and based on years of “been-there-done-that” research. Like what? From change management to getting ahead of ransomware to surviving an attack, implementing SASE or Zero Trust, it’s all here – with more to come!
CYBERSECURITY FIELD GUIDE #1
CYBERSECURITY FIELD GUIDE #2
CYBERSECURITY FIELD GUIDE #3
CYBERSECURITY FIELD GUIDE #3.5
CYBERSECURITY FIELD GUIDE #4
CYBERSECURITY FIELD GUIDE #5
CYBERSECURITY FIELD GUIDE #6