Develop a simple yet methodical set of response steps

Do you have a solid plan in place for if and when you experience a security breach? Does that plan include important contact information, and have you and your co-workers walked through the plan together? This step-by-step guide will help you to set an action plan in place.

Published: 07 Mar 2007 0:00

Entire books can and have been written on incident response methodologies. I'll take the pain and agony out of all that information and condense it into a few bulleted response steps:

Introduction outlining the purpose and scope of the plan
A list of security incident response team members and full contact information mentioned above
A list of the types of incidents that will cause you to invoke the plan mentioned above
Technologies and operations in place to detect incidents
Specific steps for containing incidents
Procedures for investigating what happened. (Don't overlook the value of a formal cybercrime investigation if it appears to be serious enough; otherwise, you can end up overlooking things or ruining evidence.)
High-level steps for eliminating the threats and associated vulnerabilities (ideally one set of steps for each type of incident)
Specific steps for following up to ensure the threats and vulnerabilities are gone (such as virus scanning, port scanning, vulnerability testing and network analysis)
Procedures for communicating with external parties such as customers, business partners and the media (this may be one of the first things your organization is required to do!)
Requirements for retaining records related to security breaches

In the end, make sure your plan addresses these six major areas:

Who does what?
What must be done?
When must it be done?
Where must it be done?
How must it be done?
What's done when all is said and done?

Plan for a security breach, step by step

Introduction
Step 1: Define what "breach" means to your business
Step 2: Don't overlook critical network infrastructure systems
Step 3: Know who to contact and have that information available
Step 4: Develop a simple, methodical set of response steps
Step 5: Get input from others affected by a security breach
Step 6: Keep your momentum going

About the author: Kevin Beaver is an independent information security consultant, speaker and expert witness with Atlanta-based Principle Logic LLC. He has more than 19 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has authored/co-authored six books on information security including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well asThe Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He's also the creator of the Security On Wheels audiobook series. You can reach Kevin at kbeaver@principlelogic.com>.

How to deal with the lack of chatbot standards

A lack of standards around chatbot development has created a situation in which enterprises are building and rebuilding bots. But...

RPA journey: Schneider Electric's global plan taps Blue Prism, UiPath

Schneider Electric, a multinational energy management company, has embarked on a robotic process automation journey, establishing...

Blurring the lines between RPA platforms and APIs

RPA is quickly making itself known in the automation market, but the real game changer is utilizing the technology in an API-rich...

SearchSecurity

Carbon Black acquisition bolsters VMware's security play

VMWare announced an agreement to acquire endpoint security vendor Carbon Black in an effort to boost its cloud security offerings...

Securing IoT involves developers, manufacturers and end users alike

Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating ...

DARPA unveils first SSITH prototype to mitigate hardware flaws

DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block ...

SearchNetworking

What is data center networking, and how can you get started?

This feature explores the basics of data center networks, such as how to plan for data center consolidation, the effects of cloud...

Gartner Hype Cycle deems software-defined networking obsolete

A Gartner report on enterprise networking has declared the definition of SDN and its architectural approach as deceased. Cause of...

The top 5 capabilities your edge infrastructure should have

The network edge plays a vital role in the future of networking and digital transformation. Make sure your infrastructure has ...

SearchDataCenter

Iran says it's building an AI supercomputer, despite sanctions

In a tweet, Iran said it is building a new supercomputer. Other nations are doing the same because high performance computing ...

IBM Power chip instruction set now open source

IBM opened up its Power server Instruction Set Architecture allowing the open source community to develop more innovative ...

Big Switch updates its Cloud-First Networking portfolio

Big Switch Networks' new products and features aim to help solve issues such as lack of operational consistency, visibility and ...

SearchDataManagement

ArangoDB 3.5 update improves multi-model database platform

ArangoDB 3.5 accelerates its database platform with improved query performance and enhanced data security capabilities, as market...

GDPR, AI intensify privacy and data protection compliance demands

This guide covers the challenges data management teams face on data protection and privacy, particularly with the rise of GDPR ...

SnapLogic boosts its data integration technology with AI

SnapLogic's latest update for its Intelligent Integration Platform aims to make it easier for users to benefit from data ...

Read more on Hackers and cybercrime prevention

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.