Dell SecureWorks – 10 Tips to Help You Minimize the Duration and Impact of a Security Breach.
The message from Dell SecureWorks re-enforces the message from other security resources, but the presentation available on BitPipe provides additional insight. The tips start and end with Incident Response.
The plan includes roles, responsibilities, and stakeholders; addresses compliance with key industry mandates; and addresses key attacks that may disrupt business.
Identify gaps and take pro-active steps to enhance capabilities.
Incident Response should reflect information security risk assessments and this should be an extension of the corporate risk assessment.
The additional tips include cybersecurity best practices: (4) assess user privileges and accounts; (5) collect and analyze log data; (6) control traffic flows; (7) monitor network activity; (8) perform filtering for web and email; and (9) monitor DNS activity.
Attackers rarely limit their targets. This is an important step in raising preparedness.
Coordinated Response can help (1) develop an Incident Response Plan, (2) perform an incident response capabilities assessment, and (3) develop the risk assessment to support executive buy-in. Please contact us if we can be of help.
Steve Ragan, reporting from the Black Hat Conference, published this good article in CSO Online:
Understanding incident response: 5 tips to make IR work for you.
“Incident response is a plan that evolves over time to keep your organization best prepared against likely threats.” The article is worth reading. The reflections and quotes provide the real insight, but the five tips drive home the message.
Understand the types of data on your network, where it lives, and its value. Map all the ways this data can be accessed.
Not every incident is about a hacker. Plan for internal events, as well. Address incidents stemming from lost or stolen assets and malicious actors from within (including when an outsider compromises an insider’s access).
A command center of sorts, even a conference room, makes it easier to coordinate the incident response activity.
Make sure they have access to the right individuals. Know when to involve Public Relations and Legal. This is what Coordinated Response calls the extended response.
Keep information current. Reflect changes to the network, to the data, to the workforce. This should be done at least yearly.
Coordinated Response can help map your data and your value chain in to a meaningful risk/impact assessment model. We can help you develop or refresh your existing plan. We can help build out your plan for various scenarios. If you are interested, please contact us.