By Andrew Ciccone | Published | No Comments
Odds favor your organization’s assets will be hacked. Bet on it. Develop an effective plan to mitigate the impact of loss from a security breach.
Don’t delay, get started by evaluating your organization’s security polices. Identify personnel that have access to sensitive data, then expand your assessment externally to vendors and networks that potentially pose a security risk to your assets. The primary objective of an incident-response (IR) plan is to manage a cybersecurity event or breach in a way that limits damage, increases the confidence of external stakeholders, and reduces recovery time and costs.
Any good defensible breach response plan has thoroughly assessed and identified levels of potential risk and the nature of the assets (reputational, intellectual, public records, etc.). No plan is perfect, it must be reviewed continually to ensure security authorization and access protocols are adhered.
An effective IR plan is based on a framework designed:
Develop an (IR) Plan from the Inside – Out
Operate under the assumption that your network(s) will be compromised – develop policies to minimize the damage.
SOURCE
Radack, S.M. (September 27, 2012). Revised Guide Helps Organizations Handle Security-Related Incidents. National Institute of Standards and Technology.
Andrew Ciccone is director of Hudson Valley Public Relations. His firm specializes in content marketing. He holds a BS in Marketing from Syracuse University and a MA in Corporate Communications from Baruch College.