Think about cyber security in terms of reducing risk and legal headaches rather than in terms of return on investment. Plans to reduce risk and mitigate hazards should be included in future plans and budgets.
Include in your plan a notification procedure aligned with the regulations your organization is subject to. It should recognize the unique nature and risk presented by cyber events and provide a predictable and sustained clarity around roles and responsibilities of various stakeholders during thresholds of escalation. In addition, following an incident (or incident drill), management should complete a form to assess the responses of personnel during the incident.
Effective response measures focus on minimizing damages and responding effectively in case of a spill. Unfortunately, simply reacting when an incident occurs may be too late to prevent devastating consequences.
Tertiary prevention refers to activities aimed at preventing those who have already engaged in criminal activity from future reoffending. Planning for managing public perception associated with an incident may be as important as dealing with the emergency itself. Of course, it is always crucial to stay aware of the risks and practice test runs so that you are fully prepared for the inevitable incident.
Attackers can use various methods to steal, alter, or destroy data or information systems that are stored on or associated with your organization’s infrastructures, computer networks, or personal computer devices. Identify the corrective and/or preventative actions required to prevent a recurrence of the event and develop an agreed time frame for the corrective actions to be implemented. You must also evaluate your organization’s response and recovery time following an event to help prevent future breaches. After steps have been taken to resolve a data breach, you will need to review the cause of the breach and evaluate if existing protection and prevention measures and processes are sufficient to prevent similar breaches from occurring in the future, and (where applicable) put a stop to those practices which led to the data breach.
Your organization will have to be evaluated based on its response to a breach, including what necessary prevention measures are in place. In a prevention and mitigation portfolio, some measures would reach for the highest payoff of completely preventing attacks. However, there are other measures, known as corrective measures, that address the root cause and that have the greatest potential to prevent accident, incident recurrence.
Even the best incident response team cannot effectively address an incident without the predetermined guidelines of an action plan to prevent the accident or incident from happening again and for improving your overall management of risk.
By performing incident investigation, management can get to the bottom of exactly how and why it occurred, with the primary objective of using the information learned to prevent a similar incident from occurring again at some point in the future. Licensing officers can help you determine the factors that led to the unfortunate incident as well as the necessary response required. Equally important, if an incident does occur, is properly implementing the plan and assessing the response after the incident to determine whether any changes to the procedures are necessary.
Want to check how your Cyber Incident Response Plan Processes are performing? You don’t know what you don’t know. Find out with our Cyber Incident Response Plan Self Assessment Toolkit: