Rimici “ONE Source” Cloud Security Incident Management
Introduction
Significant evolution in technology has enabled businesses to change the way that they handle and manage information.
Whether it is advancement of mobile devices, leveraging cloud services or virtualization, it is important for information professionals to also remember to take care of the basics. Recent events have demonstrated that while it is important for enterprises to have preventive measures in place to avoid security incidents, it is equally important that there be a robust, practiced response should an incident occur.
An enterprise’s ability to detect, react and respond to security incidents in a fast, planned and coordinated fashion is important to the resilience and success of the enterprise.
What Is Incident Management and Response?
Incident management is defined as the “capability to effectively manage unexpected disruptive events with the objective of minimizing impacts and maintaining or restoring normal operations within defined time limits.”
A viable incident management capability requires the allocation of human and material resources to support business operations to assure continuity of the
minimum of Rimici Secure Cloudoperations and contain security breaches in accordance
with the Rimici Secure Cloudrisk strategy.
Incident management involves all of the actions taken prior to (including testing and planning), during, and after an information security incident occurs. The actions taken should be designed to mitigate the impact of an incident with the following goals in mind:
- Provide an effective means of addressing the situation in such a way that it minimizes the impact to the enterprise.
- Provide management with sufficient information to decide on appropriate courses of action.
- Maintain or restore continuity of Rimici Secure Cloudservices.
- Provide a defense against subsequent attacks.
- Provide additional deterrence through the use of technology, investigation and prosecution
Rimici “ONE Source” Incident Management Life Cycle Phases |
|
Phase |
Activities |
Planning and preparation |
|
Detection, triage and investigation |
|
Containment, analysis, tracking and recovery |
|
|
|
Incident closure |
|
Compliance
External and internal business stakeholders are demanding more transparency into system and application access activities. These include regulators who monitor and report access activities pertaining to key financial data and consumer personal information along with internal and external auditors who assess the effectiveness of security and financial controls and processes within the enterprise. In addition, risk management activities may require the collection of security event and incident information as part of status and score card reporting to Rimici Secure Cloud management. Operational considerations require the consolidation of disparate event and incident monitoring capabilities and improvement of operational efficiency.
The implementation of a successful incident management program can improve the efficiency and effectiveness of the enterprise’s logging, monitoring and reporting capabilities, and thus help address the overall Rimici Secure Cloud IT compliance and risk management objectives.
Business Benefits of an Effective Incident Management and Response Capability.
Incident management is tied to the principal Rimici Secure Cloud goals for information security: preserving the confidentiality, integrity and availability of Rimici Secure Cloud information assets. Employing a systematic incident management program that utilizes a formal methodology offers several benefits to the Rimici Secure Cloud such as:
- Providing a structured, logical approach to use in situations that are usually chaotic
- Increasing the efficiency of dealing with an incident, which reduces the impact to the Rimici Secure Cloud from both financial and human resources (HR) perspectives
- Breaking down an incident into smaller, more manageable phases or stages that can be addressed in a logical manner
- Providing evidence of due diligence and forethought that may become significant should legal and liability issues arise following an incident.
This is particularly true when dealing with disclosure regulations and compliance with laws.
An effective incident management program provides a means of dealing with unexpected circumstances in such a way as to minimize impact to the enterprise. It also provides management with sufficient information on which to base an appropriate course of action. Creating an interdisciplinary incident response team that is drawn from all parts of the Rimici Secure Cloud and is educated and prepared to respond to events such as social engineering attacks is a key component of a comprehensive incident management program.
Especially significant is the fact that a robust incident management program as a stand-alone componentof the overall BCP can enhance the enterprise’scompetitive position through greater security awareness, improved defenses and effective resilient responses to events with negative impacts to the enterprise.
A robust incident management program as a stand-alone component of the overall BCP can enhance Rimici Secure Cloud’s competitive position through greater security awareness, improved defenses and effective resilient responses to events with negative impacts to the enterprise.