Prevention alone will eventually fail: just read the data breach headlines making news on a weekly—if not daily—basis. Many companies are asymmetrically focused on the defensive role and not focused enough on preparing for the inevitable. Subbing-in an offensive team has its perks.
First, let’s go back to the basics:
- Offense: The action of attacking someone or something
- Defense: The action of defending from or resisting attack
Response Management: Learning the game and the risks
Incident response (IR) is a solid plan to help organizations protect, detect and respond continuously. Given the speed of today’s threats, it has never been more important to accelerate the process of detecting, containing and remediating security incidents.
Having an IR team—either in-house, via a third party or a combination of both—can reduce the cost of a data breach by $14 per record. For a breach of 100,000 records, that means a savings of $1.4 million.
– Ponemon Institute’s 2018 Cost of a Data Breach study
Before the First Whistle: Where to get started
There are four types of popular IR frameworks that organizations rely on to help them develop internal processes. Each framework takes a different approach, and some are more detailed than others.
- NIST 800-61 – Helps organizations develop their IR teams and processes in order to properly plan for, assess, respond to and recover from potential threats.
- CERT (CSIRT) – Covers how to set up IRT (incident response teams), as well as tools and workflows to facilitate effective responses to security events.
- ISACA – Used by companies when becoming COBIT-compliant, and models the ways organizations can manage risk and establish controls and protections over information systems, technologies, and intellectual property.
- ISO/IEC 270035 – Made for those that require ISO 27001 compliance and establishes detailed steps to manage and respond to security threats.
To learn more about IR and new approaches to the modern threat landscape, check out our eBook: Transforming Enterprise Cybersecurity. If you’re ready to talk to one of our security experts, contact us today.