Incident response – the art and science of responding to computer and network security breaches – is an often overlooked component of business continuity. For whatever reasons, the procedures associated with handling network intrusions and insider shenanigans are often put aside until the you-know-what hits the fan. In the relatively small number of enterprises I come across that do have a viable incident response plan, it’s often not properly integrated with the business continuity function.
When performing my security assessments, I’ve seen some interesting gaps in information risk management programs. One of the most common gaps is the assumption that a business continuity plan that deals with the physical side of IT is sufficient. It’s simply not true. You’ve got to be prepared to address security incidents across the board from your network infrastructure to your servers, databases, applications and mobile devices – really any system or device that can lead to an information security incident.
Security incidents show up in the headlines and breach statistics databases such as the Chronology of Data Breaches (www.privacyrights.org) on a seemingly daily basis. Imagine if you simply spent a bit of time up front putting together some incident response procedures so you can respond to issues that arise in a professional and methodical manner? Interestingly that’s all it takes. I’d venture to guess many of the businesses who’ve been on the receiving end of these breaches wish they had put a better flight plan in place beforehand.
At their core, security incidents are made up of three components:
- A stimulus (i.e. an external hacker or malicious insider)
- An outcome (i.e. a vulnerability being exploited)
- A consequence (i.e. the exposure of sensitive business data) Some of the significant issues are:
- Phishing attacks and related malware outbreaks that create network infections
- Weak passwords that lead to unauthorized access
- Lost or stolen laptops and smartphones without encryption or passwords
All of these incidents can be carried out by an external attacker or rogue insider with very few resources required of them. Keeping incident response out of the business continuity loop can compound these problems ten-fold. In other words, if you don’t consider incident response as part of your overall business continuity program, and an incident occurs, then you’ll no doubt get hit with some unexpected incident response and investigation costs.
The priority is to make sure you’ve fully documented your environment and you’re keeping all the proper systems on your radar for incident monitoring. Next, do what you can to ensure your business has a reasonable set of incident response procedures so that the what, when, where, why and how of security incidents are properly covered.
These things can happen on your own LAN or they can happen in the cloud. Think long term about how you’re going to respond. Gain control of incident response and make sure you’re doing it well. As the saying goes “good enough” hardly ever is.
Recommend0 recommendationsPublished in IT Availability & Security
Leave A Comment
You must be logged in to post a comment.