An article in TechTarget discussed the benefits of a simplified cybersecurity incident management plan, focusing on organizational pre-planning and management versus response when it comes to an incident.
The article uses a three-pronged model – protect, prepare and detect – to cover off the different elements of a cybersecurity incident plan. To protect, a company must look at factors including:
- risk assessments and identification of critical information assets;
- internal and external threat awareness and updating defenses based on current threats and risk scenarios;
- monitoring 100% of internet traffic as it enters and leaves the organization;
- use of email gateways to filter, analyze, drop or quarantine malicious or spam email; and others.
According to the article, preparation should be done on known vulnerabilities so that an organization can react quickly and effectively against unexpected threats. Preparation can include the following strategies:
- Create baselines of internal network traffic and behavior, then monitor for unusual or unwanted protocols or remote access.
- Monitor network traffic for deviation from baselines.
- Implement security awareness training and a backup program.
- Develop cybersecurity policies and procedures and an incident reporting policy and associated guidelines.
- Create an incident response capability as part of a broader incident management strategy.
In terms of detection, the article recommends that companies examine and understand their organizational network configuration, monitoring for deviations and “creating and operating a security operations center as the focus point for network monitoring, including user reports, threat intelligence, and inputs from firewalls, intrusion detection/prevention systems, NetFlow, and other proactive and reactive detection systems”.
Source:
