Ask the Expert - Shane Hasert, CISSP, CISA, CRISC, CTPRP, CTPRA, Sr Risk Analyst CyberGRX

Join our conversation and ask a question. To get us started, here is our starter question - 

What are 3 specific recommendations to have a successful incident response or flaw remediation program?

Answers will be posted on Wednesday, March 20, 2019 by Shane himself. 

Comments

  • 1)    What are 3 specific recommendations to have a successful incident response or flaw remediation program?

     

    Incident Response programs are critical to business resiliency, they are the preparation, identification, containment, eradication, recovery and documentations of a security incident.  While there are various frameworks and tactics with relation to incident response, three specific recommendations include:

    a.     Prepare – Within the current threat landscaper, the question isn’t ‘if’ you will get attacked or breached but ‘when’.  Being prepared is the first step to appropriate management of a security situation.  

    b.    Recovery – If you perform back-ups, whether they are full, incremental, mirrored or differential, have you verified and validated that you can recover to a past point in time?

    c.     Testing – Practicing, in a safe environment, on how to manage and recover from an incident or flaw remediation will assist your team on managing the stress and limited timelines associated with a real incident.

    In todays heightened regulatory environment, third-parties are often asked to, ‘provide results of DR/BC testing,’ and what we have found is that if an organization is able to refine or streamline a recovery process, meet a recovery point or recovery time objective (RPO/RTO), or reduce cost while meeting recovery expectations, the exercise can be considered ‘successful.’


Sign In or Register to comment.