OCD Tech can test your security posture and provide you with the information needed to make appropriate decisions to mitigate risk and decrease exposure to these threats. In this article you will find CISA’s guide to crisis response.
Disruptions to an organization’s operations may occur regularly and can scale from so small that the impact is essentially negligible to so large that they could prevent an organization from achieving its mission. Events whose management may require significant resource investment include natural disasters, loss of a primary data center, a cyber attack that disrupts critical organizational infrastructure, or any event that affects the organization’s ability to deliver critical services. The goal of incident management is to mitigate the impact of a disruptive event.
CRISIS RESPONSE.
Limit Damage and Quicken Restoration of Normal Operations: Plan, prepare, and conduct drills for cyber-attacks and incidents as you would a fire or robbery. Make your reaction to cyber incidents or system outages an extension of your other business contingency plans. This involves having incident management, response plans and procedures, trained staff, assigned roles and responsibilities, and incident communications plans.
Responding to and recovering from a cyber attack:
- Lead development of an incident response and disaster recovery plan outlining roles and responsibilities. Test it often. Incident response plans and disaster recovery plans are crucial to information security, but they are separate plans. Incident response mainly focuses on information asset protection, while disaster recovery plans focus on business continuity. Once you develop a plan, test the plan using realistic simulations, where roles and responsibilities are assigned to the people who manage cyber incident responses. This ensures that your plan is effective and that you have the appropriate people involved in the plan. Disaster recovery plans minimize recovery time by efficiently recovering critical systems.
- Leverage business impact assessments to prioritize resources and identify which systems must be recovered first. Business impact analysis helps identify and prioritize critical systems, information, and assets. This information determines contingency requirements and priorities for critical information and services. It also allows planning for disruption impacts and identifies allowable outage times. This enables personnel to develop and prioritize recovery strategies that can be used.
- Learn who to call for help (e.g., outside partners, vendors, government/industry responders, technical advisors and law enforcement). As part of your incident response, disaster recovery, and business continuity planning efforts, identify and document partners you will call on to help. Consider building these relationships in advance and understand what is required to obtain support. You should also file a report with local law enforcement, so they have an official record of the incident.
- Leverage containment measures to limit the impact of cyber incidents when they occur. Communicate and execute your incident response plan, such as isolating a network segment of infected workstations or taking down production servers that were impacted, to rerouting traffic to unaffected infrastructure. Test systems to ensure they are operational and configured securely after the incident is resolved. Communicate the damage done and the improvements applied to recovery planning and action to build trust and a culture of growth and resilience.
- Lead development of internal reporting structure to detect, communicate, and contain attacks. Effective communication plans focus on issues unique to security breaches. A standard reporting procedure will reduce confusion and conflicting information between leadership, the workforce, and stakeholders. Communication should be continuous, since most data breaches occur over a long period of time and not instantly.
Source: https://www.cisa.gov/sites/default/files/c3vp/crr_resources_guides/CRR_Resource_Guide-IM.pdf
