In the previous steps of the NIST Cybersecurity Framework: identify, protect and detect, we covered how to identify cybersecurity risks, map your environment, reveal vulnerabilities, take protection measures and identify incidents. But that of course doesn't get you there, as that's when you get to the point where you need to take action. In the NIST Cybersecurity Framework, we call this ‘respond’.
WHAT DOES RESPOND MEAN?
When an alarm goes off, it is important that you have all kinds of processes and procedures in place to respond quickly. What does your incident management process look like? Is your support prepared for all the calls and rings? Do you have the right people working in the right places to deal with this? You need answers to all these kinds of questions. In addition, forensic investigation and finding the right insights to resolve the incident is crucial.
Within the ‘respond’ phase, you want to make sure you can respond properly if an incident occurs. To do this, it is crucial that you take a number of significant steps:
1. Scenarios: think carefully about what possible information security scenarios could occur in your Cloud environment, e.g. natural disasters, ransomware, active hackers and so on. Mapping this out will help you prepare for them.
2. Processes: in addition, it is important to record how you deal with these different scenarios. So: who is ready to take action, by when, what is needed for this and how is an alert handled?
3. Helpdesk/crisis management: oftentimes, during a security incident, you are overwhelmed with all kinds of questions, calls and notifications. It is important to structure and coordinate this so that your people can focus on resolving the incident.
4. Correct information: it is crucial to make sure you know how to filter the right information out of all the information you receive. This will allow you to act and react appropriately to prevent the damage from the security incident.
SECURITY SPECIALISTS
Fundaments works together with experienced security specialists to unburden you in this stage of the framework. These specialists are 100% focused on their core service - security response. The security specialists can help with all facets of security, such as a SIEM/SOC solution, forensics, analytics, 24/7 incident response and much more.
Want to know more about this? Then contact us by calling 088 4 227 227 or email info@fundaments.nl.
