In cybersecurity, there is no simple and universal solution. What works for one organisation may not work for another. Each organisation is different in its missions, objectives, resources, infrastructure, information, etc.
The ability to react quickly and appropriately requires anticipation.
We will focus on the modus operandi of cyber security incident management.
It is not enough to have it in mind; you must also be able to refer to it if necessary.
In Digital Crisis Response, we propose a modus operandi in case of a cyber security incident. It is not set in stone.
Each organisation can review it and has a basis that it can add to. They can also update it regularly.
Identifying “vital organs” and potential threats
This is an important step, as it conditions both your reactivity.
You can carry out an initial analysis after having identified, categorised and qualified the weak points and potential threats.
But make sure that you have taken all the elements into account, you should share this analysis within your organisation.
Therefore, it is important to actively involve the management of your company as well as all the key managers of your organisation (Human Resources, production …).
We have designed Digital Crisis Response to facilitate this involvement of the various stakeholders through simulations that you can animate via a virtual crisis room over limited periods of time.
Rather than delivering a point of view, you bring to life what seems abstract.
Moreover, you can update this analysis with each simulation.
Create a response team
The human factor is wrongly considered the weakest link in cybersecurity.
The people in your organisation represent a real potential to detect, inform and assist you in managing a cyber security incident.
A modus operandi in the event of a cyber security incident is nothing without different skills to assume different responsibilities that will allow an effective response.
There are a few fundamentals:
- It must be possible to assign roles and responsibilities to people with the right skills.
- These individuals must become familiar with their roles and responsibilities.
Digital Crisis Response incorporates good practice in roles and responsibilities.
You always have the possibility to reinforce the composition of your intervention team by adding new internal or external skills.
Equipping yourself to detect and manage a cyber security incident
All members of your organisation also offer the best potential to help you detect and identify an incident.
Digital Crisis Response takes advantage of this human firewall by providing the means to report something abnormal in a message, a phone call, the operation of a computer, a smartphone or a corporate tablet.
In addition, it offers a function dedicated to the management of real incidents between the members of your response cell via a virtual crisis room.
You share the same information, monitor actions in real time and benefit from a modus operandi in the event of a cyber security incident.
You also have the possibility to have constant access to useful documentation for the management of your incidents, a list of specific contacts, useful documents.
Among the appropriate tools to manage a cyber security incident, Digital Crisis Response has a stand-alone system to handle an incident even if the company network is damaged.
Getting tough and learning lessons
Since there is no one-size-fits-all solution to cybersecurity.
You need to draw on practice and experience to get the most out of your modus operandi of cyber security incident management.
The more familiar your staff and response team are with the incident, the more you will develop your defence and responsiveness.
That’s what Digital Crisis Response is all about.
Because when it comes to cybersecurity, it is also important to learn from every simulated or real incident in order to improve what already exists.
Digital Crisis Response ingests this good practice by enabling a post-incident assessment to be carried out.
If you liked this article, feel free to share it with us and send us your comments.
Websites: ANSSI – cybermalveillance
Responding to a cyber attack: 10 recommendations – Police Nationale (FR) 2015
Cyber Security Incident Management Guide – Cyber Security Coalition – 2017
Anticipate and minimize the impact of a cyber risk on your company – French Insurance Federation – 2017