top of page
Writer's pictureDavid Mahoney

Incident Response in 4,3,2,1...

In the modern world, it has become more and more difficult to prevent cyber breaches. With so many threats in cyberspace, companies struggle to keep up with new ways hackers can infiltrate their systems and steal data. The best a company can do is detect an attack as soon as possible, contain the threat before it spreads further into your system, and prepare for any potential fallout from the event.


#Incidentresponse is a structured process used to identify and manage cybersecurity incidents. The Nation Institute of Standards and Technology (#NIST), a U.S. government agency of the Department of Commerce, has a guide on this topic. Special Publication 800-61, "Computer Security Incident Handling Guide." Although highly informative, it is not light reading for the average business owner or individual; seventy-nine pages of highly detailed recommendations and explanations to arrive at a simple conclusion. We need to detect when something bad happens, and people need to know exactly what to do when that time arises.


For those out there trying to figure out how to build an incident response team or policy, we want to provide some quick-start questions that can accelerate your journey.


  1. What technology do you have that you would consider critical to your business?

  2. Why is it critical / How critical is it?

  3. How will you know if it were to be compromised or targeted?

  4. If you determine how to detect specific incidents, what exact steps need to be taken?

Seventy-nine pages condensed into 4 simple questions. You have just created your first incident response plan with a small amount of typing and the additional risk of carpal tunnel. Create more plans like this regarding specific types of events or specific to a data group like e-mail or file servers. As the process continues, patterns and common tasks will appear. The patterns and commonalities will evolve into a master incident response policy document with various sub-documents or playbooks using the details generated by the four questions above.


Viola! Incident response policy, plan, and playbooks completed. These documents are meant to be "living. They should change and adapt over time as technology, business, and people change. A key part of the incident response policy is maintenance and management structures to evaluate and test incident response continuously."


I am certain there is a purest out there reading this, likely suffering a cardiac event. It really is this simple. Cybersecurity needs to become part of our daily lives. We need to stop perpetuating the artificial dogma that security is too complex for the average person. It's simply not true. Our mission is to bring cybersecurity to as many people as possible to remove that perception and empower people with a security-first mindset.


The essential ingredient to an effective incident response plan is a clear understanding of potential threats. You can't understand the threats until you assess what you have and what could happen if the information were damaged, stolen, or made public. Only then can you start developing the necessary detection mechanisms and procedures that will allow you to respond quickly and effectively when these attacks occur.


We encourage all our readers to try the four-question method above and see what the results are. If you write down your four answers and steps but still feel concerned, schedule a consultation, and we'd be happy to talk through the situation. Don't let the jargon and stigma overcomplicate cybersecurity. You have an alternative. Grab the NIST Special Publication 800-61 and read a few pages on how to decide what CSIRT to build and why. Confused yet?


 

As always, get in touch with us on our social platforms or website and schedule a consultation. We'll make cybersecurity work for you and leave the fear, uncertainty, and doubt at the door.

Comments


bottom of page