8669821655?profile=original

At CISO Platform 100 and Decision Summit 2018 , we had a panel discussion on the topic How to measure your breach response readiness, including industry stalwarts like

 

 

Panelists: 
  1. A Shiju Rawther (TransUnion CIBIL Ltd)
  2. Maya R Nair ( Idea Cellular Limited )
  3. Jayant Gupta ( Hindustan Petroleum Corporation Limited )
  4. Vijay Kumar Verma ( Reliance Jio )
  5. Debojit Maitra ( Aditya birla Retail Ltd )
  6. Venkata Satish Guttula ( Rediff.com India Ltd )
  7. Sayyad Salim (Bajaj Finance Ltd.) [moderator]
 
  

 
 

Key Learning: "How to Measure Your Breach Response Readiness" 
  
 
  
  1. Frameworks/Models for measuring breach response readiness: NIST Cybersecurity framework was discussed in brief with its 5 major components as below.
     
    1. Identification to manage cyber security risks through developing an organizational understanding in terms of asset identification, like data, switches, firewalls, user ids and their access.
    2. Protection of critical assets to ensure delivery of critical infrastructure and services through implementing proper safeguards.
    3. Detection and continuous monitoring in order to identify threats
    4. Response activities, processes and procedures to take actions against cybersecurity incidents and minimize the time duration between incident and its recovery
    5. Recovery planning and procedures  with improvements through incorporating lessons learned into future activities. Proper communication between internal and external parties is also a key aspect of recovery against breaches.

  2. Assessing organization's breach response readiness

    1. Assessing through impact of breach response in financial terms and availability of services
    2. Criticality of assets that an organization possess needs to be taken into consideration:
      • Confidentiality of assets holding critical data
      • Cruciality of assets available for service so as to prevent financial losses
    3. After identifying criticality of assets, matrix of financial losses may prove to be helpful for the organization
    4. Proper forensics needs to be in place for as many systems those have been affected and compromised

  3. Risks faced under Cyber Insurance

    1. Cyber insurance can be helpful, where organization doesn't have to worry about 100% financial losses in  case of ransomware.
    2. Though Early days in India, underwriting of terms & policies becomes a critical issue to be re-looked in cyber insurance
    3. Estimated premiums need to be audited through well defined processes in place supported with a proper legal, forensics, sedimentary team in an organization

  Would you like to share your key learning ? Sign Up and write a blog ! It's free
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform