Skip to main content

Featured

Preparing for the Worst with an Incidence Response Plan

Every organization must have an incidence response (IR) plan that will handle preparation, identifying the start of an incident, recovering from it, restoring normal operations and support sound security policies.

With any cybersecurity incident, security teams will face uncertainties and chaotic activities. In such a high-pressure environment the risk of not following proper incidence response procedures becomes high and limiting the damage becomes elusive.  It is essential that CISOs must institute a through incidence response plan that enables clear thinking and taking pre-planned steps that will define the loss and prevent business impacts from occurring.

What makes up a sound IR plan? There are several steps when putting together an actionable IR plan, at the high-level preparation, detection, investigation, containment, eradication, recovery, and monitoring are critical fundamentals in a program.


NIST 800-61 Incidence Response Life Cycle
Getting Prepared CISOs should always pre…

CISO Complexity: A Role More Daunting Than Ever


The role of the CISO is more complex than ever. One major factor contributing to this CISO complexity is the growing number of regulatory compliance requirements with which organizations must comply. There are also industry-specific standards muddying the water. Financial services, for example, are heavily regulated in the U.S. and the European Union (EU). These regulations are rapidly changing, and it is very difficult for CISOs to keep up with all mandates.

CISOs are often confronted with organizational business units that simply accept risk instead of attempting to mitigate it with regulatory and security compliance. It is difficult to justify this problem to regulators who often see it as a black-or-white issue — either you’re in compliance or you are not. CISOs have a tough time addressing this gap in the ever-changing regulatory environment.

Getting Executives on the Same Page

The heightened awareness of executives and boards of directors also contributes to CISO complexity. Through collaboration with other organizations, these executives are becoming more sensitive to the importance of security. They have seen other organizations suffer data breaches and heard of the masses losses, and they want to know that their own critical data is protected.


The seemingly insurmountable threat landscape adds even more complexity. Cybercriminals are becoming more sophisticated, and everything from state-sponsored attacks to organized criminal campaigns is occurring around the clock. Advanced defensive solutions can be helpful but may also be difficult to operate, adding yet another layer of difficulty.

Zooming In on the Big Picture

Complexity is not necessarily a bad thing, but understanding what causes it goes a long way toward dealing with it. CISOs must understand what creates complexity in their organizations. They should, for example, remove any tools that do not add value and delegate tasks to direct reports whenever possible.

Organizational complexity creates big obstacles that make it difficult to get things done. Executives and board directors often lack a realistic understanding of how information security and the related challenges actually affect their businesses. I’ve noticed that many leaders simply revert to past personal experiences to address security issues from a big picture perspective, yet they fail to understand or consider the consequences of that, especially as it relates to employees. It could result, for example, in inadequate processes and ambiguous role definitions.

What Drives CISO Complexity?

Security leaders must identify pockets of individual strength and weakness in their departments to effectively deal with these challenges. It is important to properly delegate work to individuals who can deal with delicate situations and also train others to develop the required skills. This enables the CISO’s staff to create and use networks within organizations to build relationships. A team effort is required to overcome poor processes, manage complexity and bridge organizations silos.

Organizations have varying degrees of complexity due to both internal and external factors. To top it all off, security staff members view complexity differently than executives. Those stakeholders must recognize how their staff deals with complexity and develop an understanding of what drives it.

Comments