Seven Key Components to Start Your Incident Response Plan

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next Seven Key Components to Start Your Incident Response Plan-5 Next

Keep an eye on threats

There is good reason there has been an explosion in data feeds and services that provide or share threat information. Such threat information includes a variety of indicators, malware binaries, tools and techniques, and actor data. While it may seem like searching for a needle in a haystack, and it often is, there are many compelling reasons to aggregate threat data — for example, to follow known sources or actors, to scan internal logs to recognize the presence of a threat before any of your security tools can, to implement protection strategies with prior threat knowledge, to corroborate internal discoveries with the work of the community in confirming threats, and much more. Today, we are caught up in buzzwords like "security analytics" and "sandboxing." Focus first on proven methods to collect and correlate feeds in order to maintain a pulse on the threats out there.

Today, organizations are overwhelmed with the volume, variety and complexity of cyber attacks. They are equally overwhelmed with the variety and complexity of cyber security solutions, particularly the overlapping capabilities offered by vendors with a "me too" attitude. This is flagrantly evident with "incident response tools;" every vendor wants to be their customer's incident response solution.

The cybersecurity incident response cannot be a simple extension or an after-thought. It's a discipline that organizations have tried to hone in on since the first malware was discovered, and it requires a thoughtful, evolutionary and comprehensive approach commensurate with the changing cyber threat landscape. Any tool that purports to be an incident response tool must seamlessly integrate with an organization's incident response strategy, the core of which includes an incident response policy, plan, procedures and service levels. Collectively, this is called the incident response program.

Regardless of the size of an enterprise or its industry, organizations must create and implement an incident response program to effectively and confidently respond to the current and emerging cyber threats. More often than not, companies make simple mistakes in developing and implementing these programs largely because they are focused on the day-to-day, versus a comprehensive strategy to combat persistent cyber threats. Ken Silva, president of cyber strategy at ManTech Cyber Solutions, offers seven key elements required to establish a robust, evolutionary and durable incident response program that delivers results.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.