How to Manage Cyber-Attacks Needs to be Planned for
CIOs and CSOs start the management process before the cyber-attack occurs
How to Manage Cyber-Attacks Needs to be Planned for - Cyber-attacks are now an everyday event and it is only a matter of time before your company faces one if it has not already. Cyber criminals are ubiquitous and attacks will continue despite our resolute attempts to stop them - even organizations with the best defenses in place are not immune. CIOs and CSOs need to accept these risks as fact and be prepared to respond quickly and effectively.
Managing cyber breaches starts before the breach occurs
- Perform a security data audit: know where sensitive data resides and come up with a data protection strategy. These measures can save hours of critical time that would have to be done in the heat of the moment after a cyber-attack. The audit should include personally identifying information (PII) such as credit-card data, any intellectual property, classified materials and any data under regulatory or compliance control.
- Document results and keep them up to date: to make sure that the company is always ready, know sensitive data locations, keep systems patched and up-to-date, conduct ongoing vulnerability testing, and continually test and refine the process with regular 'fire drills'.
Monitor and Report Breach Quickly
- Conduct endpoint security analytics: leveraging data from all servers and end-user devices, endpoint security analytics can give complete visibility of endpoint activities across the network, in order to detect anomalous behavior, risks areas, and security threats before damage can spread.
- Automate the security processes: Integrating network-enabled cyber forensics tools with systems to quickly reveal and validate suspect or mutating software on any endpoint on the network. The security tool should be able to work quickly across platforms, as speed is essential to finding and collecting actionable volatile data.
Understand the exposure quickly once a breach occurs
- Determine the extent of exposure: Once a problem has been identified, the next step would be to scope the threat to understand the extent of the breach and its long term exposure issues. The biggest threats should be dealt with first, followed by determining whether any PII /or intellectual property have been compromised.
Contain the exposure and understand what it is doing
- Block the breach: As soon as possible block the breach even if it mean turning off the applications to prevent further damage
- Understand the capability of the malware or attack: Typically a forensics team that can handle malware with reverse-engineering capabilities will be brought in, as the main goal is to determine how to eradicate malware off the network.
- Collect data for post event analysis: The company should collect relevant data with network-enabled tools, collect and preserve volatile data as potential evidence, capture the crucial malware and artefacts, determine whether it is polymorphic or metamorphic, discover hash values and registry values and recommend remediation steps.
Implement a solution to eliminate the breach and prevent future occurrences
- Implement long term solution: Once the malware has been identified, as well as which and how much sensitive data has been breached, it is time to remediate. The incident response team can begin remediating systems by deleting all malicious or unauthorized code. At this time, they should also conduct a post-attack sensitive-data audit of the affected machines to ensure data resides only where it safely belongs in your network.
- Adjust monitoring protocols: Continuous monitoring of the network's activities will be instrumental in determining whether or not the remediation steps taken were sufficient to successfully return systems to their original, optimal state.
Post event reporting and communication
- Post Mortem Analysis: The post-mortem report will be vital to all concerned with business reputation, viability, and operations and should be as clear and non-technical as possible. It could include a list of lessons learned from the incident, including what the organization intended or planned to do, what went wrong, and what can be improved upon.
- Activate Incident Communication Plan: To survive an incident such as a business interruption, security breach, or a product recall, organizations need more than a successful communication strategy - they need an incident communication plan. (see https://www.e-janco.com/incident-communication-plan-policy.html )
Janco in its monthly interviews of CIOs found that one in five organizations has experienced some type of fraud associated with their systems.
Security Manual Template purchase options
Security Manual Template - Standard Edition
- Business and IT Impact Questionnaire
- Threat and Vulnerability Assessment Toolkit
- Security Management Checklist
- Full Detail Policies for
- Blog and Personal Website Policy
- Internet, Email, Social Networking, Mobile Device, and Electronic Communication Policy
- Mobile Device Policy
- Physical and Virtual File Server Policy
- Sensitive Information Policy
- Travel and Off-Site Meeting Policy
- Job Descriptions for the Chief Compliance Officer, Chief Security Officer, Data Protection Officer, Manager Security and Workstations, Manager WFH Support, Security Architect, and Systems Administrator.
- Work From Home (WFH) operational rules
- HIPAA Audit Program
- GDPR Compliance Checklist to meet EU Requirements
- CCPA - California Consumer Privacy Act requirements definition
- Consumer Bill of Rights
- Sarbanes Oxley Section 404 Checklist
- Security Audit Program- fully editable -- Comes in MS EXCEL and PDF formats -- Meets GDPR, ISO 28000, 27001, 27002, Sarbanes-Oxley, PCI-DSS, HIPAA FIPS 199, and NIS SP 800-53 requirements -- Over 400 unique tasks divided into 11 areas of audit focus which are the divided into 38 separate task groupings
- Electronic forms that can be Emailed, completed via a computer or tablet, and stored electronically including: Blog Policy Compliance, BYOD Access and Use, Company Asset Employee Control Log, Email - Employee Acknowledgment, Employee Termination Checklist, FIPS 199 Assessment Electronic Form, Internet Access Request, Internet Use Approval, Internet & Electronic Communication - Employee Acknowledgment, Mobile Device Access and Use Agreement, Employee Security Acknowledgment Release, Preliminary Security Audit Checklist, Risk Assessment, Security Access Application, Security Audit Report, Security Violation Reporting, Sensitive Information Policy Compliance Agreement, Server Registration, and Threat and Vulnerability Assessment
- eReader version of the Security Manual Template
Security Manual Template - Premium Edition
- Security Team Job Descriptions MS Word Format
- Chief Compliance Officer (CCO); Chief Security Officer (CSO); VP Strategy and Architecture; Data Protection Officer (DPO); Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Facilities and Equipment; Manager Network and Computing Services; Manager Network Services; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems; Identity Management Protection Analyst, Information Security Analyst, Network Security Analyst; System Administrator - Linux, System Administrator - Unix; and System Administrator - Windows
Security Manual Template - Gold Edition
- IT Job Descriptions MS Word Format - Updated to meet all mandated security requirements
- 312 Job Descriptions from the Internet and IT Job Descriptions HandiGuide in MS Word Format including all of the job descriptions in the Premium Edition. Each job description is at least 2 pages long and some of the more senior positions are up to 8 pages in length.