What does cyber incident response (CIR) management do?
CIR management can help your organisation mitigate the risk of information security incidents and minimise losses. A proper incident response framework will allow you to prevent unauthorised access to data stores, identify attack vectors and breaches, prevent and isolate malware, remediate threats, control your risk and exposure during an incident, and minimise operational losses.
The common challenges facing incident response
According to the 2017 SANS Incident Response Survey, the challenges facing CIR management include:
- A lack of resources;
- Staffing and skills shortages;
- Budgetary shortages for tools and technology;
- Detecting sophisticated attackers and removing their traces; and
- A lack of comprehensive automated tools available to investigate new technologies, such as bring your own device (BYOD), Internet of Things (IoT) and the use of Cloud-based IT.
It’s a legal requirement
Under the EU’s General Data Protection Regulation (GDPR), organisations will need to implement an effective incident response plan to contain any damage in the event of a data breach, and to prevent future incidents from occurring.
Incident response planning is mandated as part of all major cyber security regimes. The international information security standard, ISO 27001, and business continuity standard, ISO 22301, require organisations to develop CIR management plans. CIR is also a requirement of the Payment Card Industry Data Security Standard (PCI DSS), which stipulates that CIR management should be tested at least annually.
Benefits of CIR management
A CIR management plan can benefit your organisation by:
- Reducing overall organisational and cyber risk;
- Improving cyber resilience;
- Lowering cyber insurance premiums;
- Providing assurance to prospective clients, investors and the board of directors;
- Minimising disruption to the business; and
- Reducing incident impact and response times.
The plan will be tailored to your organisation’s needs and business requirements, with expert advice and support from a leading CREST-certified consultancy. Additional services, such as penetration testing, can also be provided.
How IT Governance can help you with your CIR management
IT Governance is a world leader in the field of international management standards, IT governance, cyber security, CIR management, risk management and compliance.
Our new Incident Response Management Foundation Training Course will teach you how to effectively manage and respond to a disruptive incident and take appropriate steps to limit the damage to network availability and information security.
We also offer a Cyber Incident Response Management consultancy service, which will help your organisation’s technical staff to identify and categorise network incidents by determining the gravity of an incident; containing (if required), reporting and analysing it; taking corrective action; recovering systems and resuming operations; and developing a framework for continual improvement.