One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8353314 |
| Date de publication | 2023-07-07 10:00:00 (vue: 2023-07-07 10:06:39) |
| Titre | Qu'est-ce qu'un plan de réponse aux incidents (IRP) et quelle est l'efficacité de votre posture de réponse aux incidents? What is an incident response plan (IRP) and how effective is your incident response posture? |
| Texte | As everyone looks about, sirens begin to sound, creating a sense of urgency; they only have a split second to determine what to do next. The announcer repeats himself over the loudspeaker in short bursts... This is not a drill; report to your individual formations and proceed to the allocated zone by following the numbers on your squad leader\'s red cap. I take a breather and contemplate whether this is an evacuation. What underlying danger is entering our daily activities? 1…2….3…. Let\'s get this party started!
When I come to… I find that the blue and red lights only exist in the security operations center. Intruders are attempting to infiltrate our defenses in real time; therefore, we are on high alert. The time has come to rely on incident response plans, disaster recovery procedures, and business continuity plans. We serve as security posture guardians and incident response strategy executors as organizational security leaders. It is vital to respond to and mitigate cyber incidents, as well as to reduce security, financial, legal, and organizational risks in an efficient and effective manner.
Stakeholder community
CISOs, as security leaders, must develop incident response teams to combat cybercrime, data theft, and service failures, which jeopardize daily operations and prevent consumers from receiving world-class service. To maintain operations pace, alert the on-the-ground, first-line-of-defense engagement teams, and stimulate real-time decision-making, Incident Response Plan (IRP) protocols must include end-to-end, diverse communication channels.
Stakeholder Types
What does an incident response plan (IRP) do?
That\'s an excellent question. The incident response plan gives a structure or guideline to follow to reduce, mitigate, and recover from a data breach or attack. Such attacks have the potential to cause chaos by impacting customers, stealing sensitive data or intellectual property, and damaging brand value. The important steps of the incident response process, according to the National Institute of Standards and Technology (NIST), are preparation, detection and analysis, containment, eradication, and recovery, and post-incident activity that focuses on a continual learning and improvement cycle.
Lifecycle of Incident Response
Many company leaders confront a bottleneck when it comes to assigning a severity rating that determines the impact of the incident and establishes the framework for resolution strategies and external messaging. For some firms, being able to inspect the damage and appropriately assign a priority level and impact rating can be stressful and terrifying.
Rating events can help prioritize limited resources. The incident\'s business impact is calculated by combining the functional effect on the organization\'s systems and the impact on the organization\'s information. The recoverability of the situation dictates the possible answers that the team may take while dealing with the issue. A high functional impact occurrence with a low recovery effort is suited for fast team action.
The heart beat
Companies should follow industry standards that have been tried and tested by fire departments to improve overall incident response effectiveness. This includes:
Current contact lists, on-cal |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | are services 1…2… 3… abilities able about accelerate accompanying according action activities activity actors actual alert all allocated alternative always analysis announcer answers appropriately are area aspect assess assessment assets assign assigning attack attacks attempting avoid away backups based beat been begin being best better bleeding blue bottleneck brand breach breather bursts business businesses calculated call can cap capabilities cause cauterize center channels chaos cisos class cloud collection combat combining come comes communication community companies company competencies compliance comprehensive conferencing confront consumers contact containment contemplate continual continuity coverage create creating credential crisis crpa current customers cyber cybercrime cybersecurity cycle daily damage damaging danger data dealing decision defenders defense defenses deliver departments despite detection determine determines develop diagrams dictates disaster distribution diverse documentation does drill; ecosystem effect effective effectiveness efficiency efficient effort elevate emails emerging emphasis emphasize employ encourages end enemies engagement enlist entering environments eradication escalation essential established establishes evacuation evaluating evaluations event events everyone excellent executors exercises exist expands expertly exploitation external failures fast financial find fire firms first fits focuses follow following formations framework from functional future get gives governance ground guardians guideline halt has have heart help high himself how human impact impacting implement important improve improvement improving inaccessible incident incidents include includes: increase increases individual industry infiltrate information infrastructure inspect institute intellectual intruders inventory investment irp issue jeopardize known landscape leader leaders learning legal let level lifecycle lights like limited line link lists looks loudspeaker low maintain making manage managed management manner many may messaging method mitigate model monitoring moving mtdr much must national needs network next nist not numbers occurrence one only operation operations order organization organizational over overall pace party pathways phone plan planning plans plans/runbooks points portfolio possible post posture potential practices preparation prevent prey prioritize priority procedures proceed process processes property protocols provide question rating ready real realized receiving recognition recover recoverability recovery red reduce rely repeats report resiliency resolution resources respond response return risk risks same scenario schedules/rotations seamless second security seek sense sensitive serve service severity short should since sirens situation size sizzling slack smes solution some sound split squad stakeholder standards started stealing steps stimulate straddle strategies strategy stress stressful strong structure study such suited surface surgeon systems tabletop take takeaways team teams technical technologies technology terrifying tested that theft therefore these third threat time time; tmw to… tools transparent tried types underlying urgency; use using value vectors verified versus vital vulnerability way weak weakest well what when whether which widespread workshop world wound your zone |
| Tags | Data Breach Vulnerability Threat Cloud |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.