Page 20 - index
P. 20
Implementing Technology
Consistent patching, penetration exercises and vulnerability management is part of a well-run IT
department. IT departments should also vet new technologies for any risks that they may introduce
to the current organizational environment. Common industry practices should be used at all levels,
such as encryption during data movement and at rest.
Cloud computing introduces additional security risks because of the greater dependency on third
parties, increased reliance on independent assurance processes, and use of the internet as the
primary conduit to the organization’s data. If a company uses a cloud solution, they should
thoroughly assess the risks associated with public and private clouds.
Incident Response
Depending on the data that an organization holds, it may be subject to attacks hundreds of times a
day. If a breach happens, a well-executed incident response plan can mean the difference between
additional data loss or finding the source.
Companies should have an incident response team with pre-established policies and procedures
that are compliant with the breach notification laws of each state where business is done or
sensitive data stored. The team should be made up of people from different functional areas so that
every group that may be affected by a breach has first-hand knowledge of what’s going on.
Incident response procedures should have step by step guidance for declaring, reporting, and
containing a breach. Additional forensic information may also need to be included, depending on
applicable laws. Law enforcement personnel should not be contacted until the organization’s legal
counsel has authorized its involvement. If malicious intent is suspected, however, this may be the
best course of action. Law enforcement personnel can help internal teams determine the scope of
the breach and if a similar breach has been experienced at other businesses. After affected assets
have been removed from the system, a full forensic audit of the company’s records and any
recordings of the events that led to the breach should be conducted. Employee communication is
critical during a breach - the more knowledge employees have about what happened, the more
likely they are to comply with existing controls, and may recommend new controls that should be in
place.
CyberSecurity & ERM
The Department of Homeland Security’s Cyber Risk Management Primer for CEOs describes key
cyber risk management concepts:
1) Incorporate cyber risks into existing risk management and governance processes.
2) Begin cyber risk management discussions with your leadership team.
3) Implement industry standards and best practices. Don’t rely on compliance.
4) Evaluate and manage specific cyber risks.
5) Provide oversight and review.
6) Develop and test incident response plans and procedures.
7) Coordinate cyber incident response planning across the enterprise.
20 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
