The Top 5 Ways to Address Your Incident Management and Response Program

In the past few years, there has been an alarming increase in the number of security breaches and the number of records compromised. 2014 was named the year of security breaches in retail and financial institutions. 2015 has been referred to as the year of healthcare breaches. This phenomenon is accredited to a shift in the overall cybersecurity threat landscape, from sophisticated advanced persistent threats (APTs) exploiting systems and application vulnerabilities, to a ramp up in Phishing and social engineering attacks especially targeted to compromise user credentials. According to recent breach reports, bad actors are cashing-in by exploiting weak security controls.

This shift in the cybersecurity threat landscape has brought multiple challenges to security experts who are struggling to prioritize, remediate, and manage security related issues. These issues add complexity when dealing with security breaches due to a lack of capabilities in responding to incidents.

The following are the Top 5 ways to strengthen your Incident Management Program:

  1. Develop a comprehensive and practical Incident Response (IR) plan
    Developing an IR plan should be priority on your security program. When developing the IR plan, it is important to use a framework and/or standard that can help achieve your organization’s strategic goals. Remember, one size does not fit all. The NIST SP-800-61 Computer Security Incident Handling Guide is a publication that will help in establishing computer security incident response capabilities and handling incidents efficiently and effectively.
  1. Train the Incident Response Team (Responders)
    The worst time to develop an IR plan is during an actual crisis. Training the IR staff on their role, responsibilities, and expectations should be an important part of your IR plan. Remember, practice makes perfect.
  1. Test your Incident Response plan periodically
    A key for the success of the IR plan is to conduct periodic testing that includes preparation, detection and analysis, containment, eradication, and recovery. Periodic testing will help strengthen the incident handling activities, and enhancing the overall response capabilities. A strong IR plan should include a detailed testing plan.
  1. Consider an Emergency Incident Response services provider
    An emergency response service (ERS) provider will provide support before and during an incident. As part of the service offerings, an ERS can help you with developing, reviewing, and testing your IR plan. ERS providers offer pre-negotiated rates on an annual retainer basis. Having an expert on call in the event of a security incident is a smart move; the last thing you want is to be looking for a vendor and going through legal contracts in the middle of a crisis.
  1. Review and update cybersecurity insurance policy
    Last, but certainly not least, have a Cybersecurity Insurance policy. Having a cybersecurity insurance policy, and reviewing it at least annually, will help you ensure your organization has the adequate coverage in the event of a security breach. Most cybersecurity insurance policies offer response, recovery, customer notification, and credit monitoring services. Be smart and be prepared.

Note: The Obama Administration recently released Presidential Policy Directive-41 (PPD-41) on United States Cyber Incident Coordination. This directive establishes a unified federal government response to potential cyber incidents.


The Advantages of Performing Cybersecurity Risk Assessments


The Top 10 Components for Developing a Strong Information Security Program