Seven Key Components to Start Your Incident Response Plan

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
Next Seven Key Components to Start Your Incident Response Plan-5 Next

Keep an eye on threats

There is good reason there has been an explosion in data feeds and services that provide or share threat information. Such threat information includes a variety of indicators, malware binaries, tools and techniques, and actor data. While it may seem like searching for a needle in a haystack, and it often is, there are many compelling reasons to aggregate threat data — for example, to follow known sources or actors, to scan internal logs to recognize the presence of a threat before any of your security tools can, to implement protection strategies with prior threat knowledge, to corroborate internal discoveries with the work of the community in confirming threats, and much more. Today, we are caught up in buzzwords like "security analytics" and "sandboxing." Focus first on proven methods to collect and correlate feeds in order to maintain a pulse on the threats out there.

Today, organizations are overwhelmed with the volume, variety and complexity of cyber attacks. They are equally overwhelmed with the variety and complexity of cyber security solutions, particularly the overlapping capabilities offered by vendors with a "me too" attitude. This is flagrantly evident with "incident response tools;" every vendor wants to be their customer's incident response solution.

The cybersecurity incident response cannot be a simple extension or an after-thought. It's a discipline that organizations have tried to hone in on since the first malware was discovered, and it requires a thoughtful, evolutionary and comprehensive approach commensurate with the changing cyber threat landscape. Any tool that purports to be an incident response tool must seamlessly integrate with an organization's incident response strategy, the core of which includes an incident response policy, plan, procedures and service levels. Collectively, this is called the incident response program.

Regardless of the size of an enterprise or its industry, organizations must create and implement an incident response program to effectively and confidently respond to the current and emerging cyber threats. More often than not, companies make simple mistakes in developing and implementing these programs largely because they are focused on the day-to-day, versus a comprehensive strategy to combat persistent cyber threats. Ken Silva, president of cyber strategy at ManTech Cyber Solutions, offers seven key elements required to establish a robust, evolutionary and durable incident response program that delivers results.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.