Dell SecureWorks – 10 Tips to Help You Minimize the Duration and Impact of a Security Breach.

The message from Dell SecureWorks re-enforces the message from other security resources, but the presentation available on BitPipe provides additional insight. The tips start and end with Incident Response.

1) Have a computer Security Incident Response plan in place before you need it.

The plan includes roles, responsibilities, and stakeholders; addresses compliance with key industry mandates; and addresses key attacks that may disrupt business.

2) Assess current Incident Response competencies.

Identify gaps and take pro-active steps to enhance capabilities.

3) Get full management and executive leadership buy-in on the Incident Response Plan.

Incident Response should reflect information security risk assessments and this should be an extension of the corporate risk assessment.

4) thru 9) Tips Representing Security Best Practices

The additional tips include cybersecurity best practices: (4) assess user privileges and accounts; (5) collect and analyze log data; (6) control traffic flows; (7) monitor network activity; (8) perform filtering for web and email; and (9) monitor DNS activity.

10) Apply threat intelligence to enhance Incident Response.

Attackers rarely limit their targets. This is an important step in raising preparedness.

Coordinated Response

Coordinated Response can help (1) develop an Incident Response Plan, (2) perform an incident response capabilities assessment, and (3) develop the risk assessment to support executive buy-in. Please contact us if we can be of help.

“CSO talked to industry experts at Black Hat about the ups and downs of Incident Response, and how to develop a plan that’s right for you.”

Steve Ragan, reporting from the Black Hat Conference, published this good article in CSO Online:

Understanding incident response: 5 tips to make IR work for you.

“Incident response is a plan that evolves over time to keep your organization best prepared against likely threats.” The article is worth reading. The reflections and quotes provide the real insight, but the five tips drive home the message.

Know your data.

Understand the types of data on your network, where it lives, and its value. Map all the ways this data can be accessed.

Document plans for various scenarios.

Not every incident is about a hacker. Plan for internal events, as well. Address incidents stemming from lost or stolen assets and malicious actors from within (including when an outsider compromises an insider’s access).

Establish a base of operations.

A command center of sorts, even a conference room, makes it easier to coordinate the incident response activity.

Nominate a single point of contact.

Make sure they have access to the right individuals. Know when to involve Public Relations and Legal. This is what Coordinated Response calls the extended response.

Update and maintain your plan.

Keep information current. Reflect changes to the network, to the data, to the workforce. This should be done at least yearly.

Related Articles

• Forrester – 7 Steps for building an effective incident response program.

Coordinated Response

Coordinated Response can help map your data and your value chain in to a meaningful risk/impact assessment model. We can help you develop or refresh your existing plan. We can help build out your plan for various scenarios. If you are interested, please contact us.