///////////////////////////////////////////////////////////////////////////////////////////
FINAL WORD
Incident
response: a six-
step guide
Tim Bandos, Senior Director
of Cybersecurity at Digital Guardian,
discusses how good incident response
always starts with answering six
key questions.
I
ncident response is defined as the process by which an
organisation handles a data breach or cyberattack. The goal
of incident response is to efficiently manage an incident so
that the damage is limited and recovery time and costs are kept
to a minimum. Having an incident response plan in place is more
important than ever at present as 2017 was the worst year in history
for data breaches discovered Risk Based Security and 2018 is only
likely to be worse. Furthermore, GDPR is coming closer, elevating the
potential monetary costs of a data breach to bankruptcy levels.
A well thought-out incident response plan should act as a guide for
the incident response team in the event of a cyber incident. The plan
will consider the definition of an incident, who within the company
must respond to it and when they need to act. Below, you can find
the six fundamental questions that should inform your incident
response plan. These questions will help the incident response team
to establish key facts and begin the remediation process:
Who?
If you can understand the mindset of the person attacking you, you
stand a better chance of defending yourself next time. A good place
www.intelligentcio.com
“
THE GOAL
OF INCIDENT
RESPONSE IS
TO EFFICIENTLY
MANAGE AN
INCIDENT SO THAT
THE DAMAGE IS
LIMITED AND
RECOVERY TIME
AND COSTS
ARE KEPT TO A
MINIMUM.
INTELLIGENTCIO
103