Wednesday, 1 November 2017

Security Incident Response Plan - Part 1

Background:

Cyber-crimes and the annual costs incurred by business are on the rise year over year. In 2017, the average cost of a data breach alone in North America is $1.3 million for enterprises and $117,000 for small and medium-sized businesses (SMBs), according to a report from Kaspersky Lab.

So what can an organization do to reduce their risk? The most common response is to recommend technology overkill, and mostly that is address with a balance of intelligent security tools, governance practices and focused training of team members.

In this article, I will explain about most important and vital plan to keep in-place that will help organizations and security incident response teams (SIRT) to be well prepared and organized for handling security incidents in an effective way.

Security Incident Response Plan:

Mostly referred as SIRP is a plan developed, reviewed and implemented by Security In-charge to handle security incidents.

SIRP plan on high-level should include:
1.       Security Incident Response Plan Policy
2.       Security Incident Response Plan Testing Procedure

It is commonly known that a well-defined, published and acknowledged policy will be hard for employee to deny wrong doing when you have signed papers showing review of existing policies.

So let's take a start from Policy.

Security Incident Response Plan


Following section is not uniform and may differ organization to organization based on their own format of Policy drafting.
  • Executive Statement
  • Purpose
  • Scope
  • Cancellation or Expiration
  • Roles & Responsibilities

SIRP policy should include but not limited to:
  • Service or Product description
  • Contact Information (contact information for dedicated team members to be available during business / non-business hours should an incident occur and escalation be required)
  • Triage
  • Identified Mitigations & Testing
  • Mitigation & Remediation Timelines

SIRP Policy must also provide reference to below documents;
  • Security Incident Response Plan & Testing Procedure
  • Security Incident Identification & Severity


Conclusion:

In this article we understood importance of security incident handling and how to start with policy document. I will soon publish part 2 in series of SIRP articles that will give insight about preparing SIRP Testing Procedure which will be the actual plan for preparing security teams and carrying out SIRP test.

By at
Labels: , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Comparing Oracle Database Appliance X8-2 Model Family

September 2019 Oracle announced Oracle Database Appliance X8-2 (Small, Medium and HA). ODA X8-2 comes with more computing resources com...