Más contenido relacionado La actualidad más candente (12) Similar a BCS ITNow 201603 - Cyber Response (20) Más de Gareth Niblett (16) BCS ITNow 201603 - Cyber Response1. We should not use the expectation of
compromise to avoid taking the
necessary steps to defend against attacks,
as to fail to do so may make the frequency
and severity higher than acceptable or
survivable.
As well as trying to prevent and protect,
we must prepare – so that we are able to
respond and recover.
As much as we think we can envisage
the sorts of ills that may befall us, it is
better to have an organisational structure
and support arrangements that can cope
with a variety of impacts, so that from
whatever direction disaster strikes there
is a means of response covering physical,
personnel, process and technology.
Incident response plans, forensic
readiness plans, contingency plans,
disaster recovery plans, business
continuity plans, civil contingency plans,
and all other such good stuff are of no use
without ensuring that they are reviewed
and tested with all the parties who
would contribute to enacting them when
required.
As well as having regularly tested
and revised plans available, also having
contracts and arrangements in place
for forensic response, communications,
recovery sites, backup equipment and
data, helps provide the means of response
and recovery in a timely and more cost
effective manner.
Throughout, good communications with
INFORMATION SECURITY
all key stakeholders is paramount.
Breach notification requirements, and
swingeing regulatory fines, makes it even
more prudent to both build defences, to
prevent and detect attack, and prepare to
respond to breaches – only then can we
manage the impact and recover.
Although organisations and individuals understand the need to build
and maintain defences against evolving and persistent attacks, we
should also prepare for the inevitable. The odds have always been
stacked against the defenders, and attackers continue to grow, says
Gareth Niblett, Chair, BCS Information Security Specialist Group.
Information Security Specialist
Group (ISSG):
www.bcs-issg.org.uk
Information Risk Management and
Assurance Specialist Group:
www.bcs.org/groups/irma
BCS Security Community of
Expertise (SCoE):
www.bcs.org/securitycommunity
FURTHER INFORMATION
doi:10.1093/itnow/bww008©2016TheBritishComputerSocietyImage:Thinkstock
CYBER
RESPONSE
March 2016 ITNOW 21