[Posted on Behalf of Dinesh Kumar Aggarwal Founder | CISO | Architect | Cyber Security Practitioner | Information Security Blogger & Speaker]
Security Incident Response and and corona virus!
There are a lot of parallels between the lessons learned by the health agencies from the recent virus outbreak in China and how cyber security world should respond in case of an incident or security threat. On the surface the virus spread is worlds apart from cyber security, however the ways to contain and overcome the spread are not too dissimilar. Some of the common themes are below :
1. Admit/Know there is a problem.
To be able to identify new outbreaks and threats in real time is half the battle won. So to have the knowledge, resources and intelligence to identity problems is of utmost importance.
2. Share information
Sharing information with others at a local as well global level goes a long way to contain the spread and to protect others being infected.
3. Have a plan
Always assume there is a going to be an incident and have remediation plans. A plan in place can dramatically limit damage, improve recovery time and help safeguard assets. A six months to an yearly review of the plan is equally as important to address change in circumstances and situations.
During an incident, you are already under stress and having access to an expert team makes all the difference between your ability to get impacted, responding well to the incident and how well you recover from that incident. Always have a signed contract with an expert incident response team with committed SLA to respond.
4. Contain the source
Always look to contain and if possible eliminate the source of the threat. Isolation of the source of the spread can reduce the threat landscape and its overall impact.
5. Learn lessons
Always collect every possible attack details from discovery, possible cause(s), its impact, and actions taken. These can be valuable in replaying and assessing the response, impact and help in future readiness.
Comments