Steps to take when there’s an active adversary

Steps to take when there’s an active adversary

CISOs know they must respond quickly and effectively to an incident, yet surveys point to continuing challenges to deliver on that goal. These steps will help you respond quickly, without letting a crisis turn into chaos.

Excerpt from: 12 steps to take when there’s an active adversary on your network

3. Bring in the business

CISOs should be looping in business during the triage process, security leaders say, a point that’s often overlooked during active responses. As part of this, security teams need to immediately identify what impacted components are critical for conducting business, who owns those components and who controls them.

As J. Wolfgang Goerlich, advisory CISO with Cisco Secure, says: “This is a business problem. But in a security breach, a very technical person will be thinking, ‘I have to remediate.’ However, one of the things that CISOs need to remember is that a breach is a business problem not a technical problem. So there should be a secondary process that’s running business continuity and disaster recovery so that the business can keep doing what it needs to be doing.”

12. Stay calm; tend to staff needs

Goerlich says he has seen teams “run themselves into the ground” by working long hours without breaks and even a day or more without sleep. Although that grueling schedule shows a level of dedication, it’s likely to lead to mistakes.

“People get into their zones and work well beyond the times that they should,” Goerlich says, noting that CISOs should plan for clear lines of communications, caps for work hours, staggered schedules, and post-event time off. He adds: “As much as possible, organizations should think out in advance how to handle the human elements.”

Read the full article: https://www.csoonline.com/article/3645690/12-steps-to-take-when-there-s-an-active-adversary-on-your-network.html


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

Posted by