CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more... 

The program is currently available to consultants, influencers or executive level contributors.

infosec

The Need For A Security Incident Response Team

Security Incident Response Team

The incidences of modern cyber-attacks are growing, along with their sophistication. Every single weakness, whether technological or human, is being constantly exploited, and the interconnectedness of computers means that a break-in, theft or infection on one system has far-reaching consequences with customers, suppliers and the general public.

Network Security

Network security is an industry created out of necessity. Company decision-makers must recognize that the sheer variety of attack vectors is something that requires constant vigilance, and that not only preparedness, but post-attack response strategies, too, are a critical part of doing business.

security-breach

MetricStream is a global organization that focuses on Governance, Risk, and Compliance (GRC) for modern and digital enterprises. Their recent white paper, entitled The Important Role Of A Cyber Security Incident Response Program, and authored by Vibhav Agarwal and Dr. Michael Redmond, presents a comprehensive assessment of the damage that hackers can cause, the value of deploying a Security Incident Response Team, along with some fascinating case studies and a wealth of highly actionable preventative steps.

Here is an excerpt:

We live and do business in a whole new world; one marked by increasing cyber attacks, and all new rules. Beyond the increase in frequency of attacks, we also face an increase in the types of organizations that have become targets. Today, it goes beyond banks and government-related institutions, to include healthcare providers, retailers, and essentially any entity that owns or has access to the assets and information of its consumers.

Organizations require more focused awareness to bolster their security policies and practices as the foundational structure of an overall risk-management strategy. Furthermore, organizations need to ensure compliance with new laws and regulations that govern how they protect information assets.

It’s also critical that organizations buy into the fact that network and systems administrators alone cannot protect corporate systems and information assets – it must be an organizational team effort. A Cyber Security Incident Response Team (CSIRT) is a must in today’s world.

In April 2012, a server hack was responsible for a HIPAA violation by the Utah Department of Health, where over 780,000 people were compromised in the server attack at the authentication level, permitting hackers to hijack Social Security Numbers and personal health records. It was determined that a vulnerable server was not properly configured as per normal procedure, allowing hackers to gain access into the computer network. Added to that, in January and February 2012, nearly 1.5 million individuals were affected by hackers who successfully infiltrated and gained access to the payment processing system of Global Payments Inc. On December 14, 2014, it was reported that the Dutch government suffered a website outage due to a cyber attack. Allegedly, hackers crippled the Dutch government’s main websites for most of the day, rendering back-up plans and contingencies largely ineffective. All of this goes to show the serious loopholes in our current infrastructure and back-up plans.

While organizations cannot always prevent a breach, a quick response to a security event can go a long way when it comes to minimizing the financial damage and most importantly, protecting the business and its reputation. In order to reduce the costs associated with increased call center activity, customer education and awareness programs, brand repair campaigns, legal and compliance fines, and expenses associated with any customer settlements, organizations should adopt a proactive approach with timely stakeholder communication.”

Pandora’s Box

Of greatest significance in the paper is the recognition that attacks have incalculable costs. Data breaches and thefts unleash a Pandora’s box of additional problems. One compelling case study describes a data break-in to a state Revenue agency that resulted eventually in the filing of hundreds of fraudulent tax returns. It is precisely because no organization can know everything that must be known, that an alliance with governance, planning and response organizations is essential. To review the entire paper, visit Metricstream

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
The Lighter Side Of The Cloud - Transformation
The Lighter Side Of The Cloud - The Apple Watch
The Lighter Side Of The Cloud - Music To The Ears
The Lighter Side Of The Cloud - The Cloud Conclusion
The Lighter Side Of The Cloud: Passing By
DATA SOVEREIGNTY

Data Sovereignty: the ONLY truly safe path to avoid Privacy Shield turmoil

DATA SOVEREIGNTY India is following Russia and others in imposing data sovereignty restrictions that specify that data must remain in ...
Quantum Computing opens new front in Cloud!

Quantum Computing opens new front in Cloud!

Quantum Computing As the amount of data in the world is rapidly increasing, so is the time required for machines to ...
How artificial intelligence and analytics helps in crime prevention

How artificial intelligence and analytics helps in crime prevention

How Artificial Intelligence Helps Crime Prevention According to a study released by FBI, there is an annual increase of 4.1% ...
GDPR Compliance

A Quick and Dirty Guide to GDPR Compliance

GDPR Compliance Set a reminder: On May 25, 2018, the new General Data Protection Regulation directive from the European Union ...
How to Transform Your Operating Model for the Cloud

How to Transform Your Operating Model for the Cloud

Transform Your Operating Model It can be tough for established organizations to embrace change, so when they start working with ...
The Forecast for Industry 4.0: A Combination of Fog and Clouds Resulting in Limitless Opportunities for IIoT Innovation

The Forecast for Industry 4.0: A Combination of Fog and Clouds Resulting in Limitless Opportunities for IIoT Innovation

Limitless Opportunities for IIoT Innovation Manufacturing has transcended its material nature and emerged in a new form that is partially ...
Malware Will Cripple Cloud And IoT Infrastructure If Not Contained

Malware Will Cripple Cloud And IoT Infrastructure If Not Contained

The Malware Cloud Concern This year we’ve had two cyber attacks in which malware was used to cripple government computer ...

CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more... Stand out as an expert in your field.

The program is currently available to consultants, influencers or executive level contributors.