There is No "One Size Fits All" Solution to Cyber Security Incident Response

There is No "One Size Fits All" Solution to Cyber Security Incident Response

Cyber security incident response on shaky ground.

When speaking of “an ounce of prevention” is worth more than “a pound of cure” it is unlikely that you will find many who disagree with the sentiment and the IT world seems to have taken this concept as its personal mantra. New technologies and system updates are available almost daily for security software, hardware, protocols, and devices as every major manufacturer perpetuates its never ending arms race with cyber criminals. I am confident that every IT director around could explain his IT cyber security system in detail off the top of his head; this is admirable, laudable, and wise.

The thing is that even though pound for pound prevention is worth far more than cure it does not mean that cure is worthless. Indeed, it would seem foolish to purchase only one or the other, something like having regular fire drills while never bothering to purchase fire extinguishers.

However; this is precisely the case for many companies when it comes to their “Incident Response” protocols. They have outlined all of the potential cyber security threats in infinite detail right up to the point where someone breaks into their system.

I doubt it is very shocking to consider that it is only a matter of time before your company experiences an IT security breach. According to the Forrester, an analyst firm, this is exactly the case, “It’s not a question of if—but when…”

The types of cyber security risks out there vary widely, as do the companies that are at risk. As such, the types of cyber security threats that you need to protect against may require a very specific set of responses in order to be effective. Other factors like the size and visibility of your enterprise will further necessitate a customized security and compliance management process to address security breaches; Microsoft would undoubtedly respond differently than a small independent insurance salesman.

The point is that there is no “one size fits all” solution to Incident Response. The only constant is to make sure that your incident response policy does exactly that, RESPOND.

Do some research on what other companies like yours are doing with security and compliance management and decide on your best options. Implement them and ensure that the right people are trained in incident response, a big part of which is incident reporting. I am not suggesting that this be done in lieu of defending against cyber security threats, but in addition to your access certification defenses.

An accurate directory system that contains current contact information for all security and compliance management responders is also a critical component of any incident response procedure. Being able to effectively reach key individuals during an incident is imperative, and this should be tested on a regular basis to see if you can truly pull everyone together at various times of the day/night/weekend.

Whatever specific formula for incident response is right for your company, remember to implement well and evaluate regularly to make sure your security and compliance management process is up to date. This program is your opportunity to fight back when cybercriminals slip through your defenses so don’t be shy and remember to “Attack, attack, always attack”. It worked fairly well for Frederick the Great, no reason it shouldn’t work for you.

“Watch Ryan Ward, Chief Innovation Officer at Avatier, describe how to return identity and access management to the business user with Avatier’s Identity Access Management software.

BP_identity-management Get a Free Copy of the Top 10 Identity Management Best Practices Workbook

Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.

Request the Workbook

Written by Ryan Ward

Ryan Ward is CISO at Avatier, responsible for security initiatives as well as strategic direction of IAM and security products. A sixteen-year veteran of the security industry, Ward comes to Avatier after five years with MillerCoors where he served as Enterprise Security Manager of the brewing company and USA Information Security Officer for the public company SABMiller. In those positions Ward was responsible for all Information Security initiatives for MillerCoors. Prior to MillerCoors, he served as Senior Information Security Leader at Perot Systems while supporting the Wolters Kluwer account. He previously held the position of Vice President of Information Systems for Allscripts.

Ryan is also a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP).