Intelligent CIO Europe Issue 4 - Page 103

/////////////////////////////////////////////////////////////////////////////////////////// FINAL WORD Incident response: a six- step guide Tim Bandos, Senior Director of Cybersecurity at Digital Guardian, discusses how good incident response always starts with answering six key questions. I ncident response is defined as the process by which an organisation handles a data breach or cyberattack. The goal of incident response is to efficiently manage an incident so that the damage is limited and recovery time and costs are kept to a minimum. Having an incident response plan in place is more important than ever at present as 2017 was the worst year in history for data breaches discovered Risk Based Security and 2018 is only likely to be worse. Furthermore, GDPR is coming closer, elevating the potential monetary costs of a data breach to bankruptcy levels. A well thought-out incident response plan should act as a guide for the incident response team in the event of a cyber incident. The plan will consider the definition of an incident, who within the company must respond to it and when they need to act. Below, you can find the six fundamental questions that should inform your incident response plan. These questions will help the incident response team to establish key facts and begin the remediation process: Who? If you can understand the mindset of the person attacking you, you stand a better chance of defending yourself next time. A good place “ THE GOAL OF INCIDENT RESPONSE IS TO EFFICIENTLY MANAGE AN INCIDENT SO THAT THE DAMAGE IS LIMITED AND RECOVERY TIME AND COSTS ARE KEPT TO A MINIMUM. INTELLIGENTCIO 103