Page 39 - index
P. 39
plethora of data already residing on your network to help swiftly detect and respond to
attacks. Don’t rely on the media or the FBI – as others have – to tell you that you’ve
been breached!
2. Not having the right staff. Unfortunately, being an expert in security does not
necessarily mean that you’re an expert in incident response. Organizations need skilled
incident responders to turn all of the data mentioned above into actionable intelligence.
Additionally, having incident response team members who are intimately familiar with
your particular network environment and risk tolerance level often yields more relevant,
accurate information faster.
It is also important to have dedicated incident responders who are not also responsible
for myriad other IT functions. According to a study by the Ponemon Institute, 45 percent
of surveyed enterprises who stated they had a “fully functional” CSIRT said they had no
staff solely dedicated to the CSIRT function. This needs to change if we want to turn the
tides against our attackers and make large-scale breaches less of a regular occurrence.
Lastly, think beyond technical responders. For an incident response plan to truly be
effective, it also needs to include additional departments such as Legal, HR and Public
Relations, who should ideally all play a role in helping to plan for and respond to attacks.
Bring these departments into the fold up front – do not wait until a breach occurs and
have them scrambling to figure out the appropriate response.
3. Lacking the appropriate budget. In some cases, budgets are truly tight and there’s not
enough to go around. In many cases, however, the budget is there and it’s just not
allocated appropriately.
Obtaining a sizable budget for incident response requires the ability to prove its value to
the organization. Incident responders need to be able to translate technical needs into
business relevance when addressing upper management. The management team also
needs to be kept in the loop when it comes to incident response procedures and
efficacy.
According to the Ponemon Institute report cited earlier, 50 percent of respondents said
that less than 10 percent of their security budget goes to incident response. Additionally,
50 percent of respondents said that they did not use any meaningful operational metrics
to measure the effectiveness of incident response activities.
The survey also found that executives above the IT management level were not
frequently briefed on what was going on within IT security. There’s a correlation to be
drawn from these figures. If management has no idea what is going on with your incident
response team, and you don’t have the data to inform them, then there’s little hope of
them increasing your budget.
39 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
