The Essential Elements of a Comprehensive Cyber security Plan

Cyber Prep & Communication: Swift Defenses

Today you only need to google “Cyberspace security challenges” to learn about the daily threats of hackers. These threats could be identity theft, criminal hackers, cyber espionage, or even the threat of insiders, whether it’s spiteful, mischievous, or unintentional. The bottom line is that everyone is at risk. An organization must be prepared to protect vital information within cyberspace with a Cyber Security Plan. Components of a Cyber security plan have elements to prevent breaches from happening and how to respond to such incidents quickly and mitigate impacts. A cybersecurity plan should have these elements in order to be effective; Basics of Security, Communicate with the organization/stakeholders, Framework, Threat Intelligence, Regulatory Factors and liability, Risk assessment, and Incident response planning.

Part of the planning process is avoiding problems from the start. Achieving this goal, or improving your odds of never having a disastrous breach, is to ensure basic security systems are running, including being current with security policies that are fully enforced. This would be in the form of; firewalls, intrusion detection systems, security incident and event managers, automated security monitoring and alerts systems, spam filters, access controls, strong passwords, encryption of sensitive data, and security software for smart devices, i.e., phones, watches, etc.

Communicating with the organization/stakeholders helps everyone to be ready at a moment’s notice in case of an attack. Predetermined roles should be established, which eliminates the guesswork. This allows the incident to be assessed and addressed. Because when it comes to data loss, minutes count. Employees should have the training to recognize tactics and attempts of an attack when it occurs. Examples of attacks are; social engineering and installing malicious software for data intrusion.

Framework & Intel: Cyber Resilience

Framework is an important element within cybersecurity risk management. It provides direction across the board, including technologies and organizational processes. With Framework, you will have a plan for dealing with a cybersecurity incident and avoid any guesswork about what to do. The Framework SOP (Standard operating procedure) should cover all organizational processes. This includes elements outside of the organization, i.e., vendors and smart devices.

Threat intelligence and being informed can make you more secure and able to respond more efficiently to attacks. Ultimately an organization must be able to identify signs of attack techniques and indicators as reference points. Threat intel uses these indicators and insights into known and emerging threats to an organization. Having this knowledge can help with split-second decisions the moment a cyber incident occurs. Vulnerabilities like sharing passwords, unpatched software and operating systems, infrastructure configurations, and operations provide a context to the threat. Recognizing this will provide the threat intelligence needed to appropriately respond when an attack or incident occurs.

Regulatory factors and liability to a breach need to be addressed as well, depending on your organization. Do you risk fines or other penalties if data is exposed? Having a detailed audit log that shows what happened before, during, and after a breach will be helpful in the case of a data breach. This could help indicate if security negligence was to blame for the breach.

Risk Assessment & Readiness: Proactive Defense

Risk Assessment refers to having a model of threats based on the risk identified, the likelihood of it occurring, and the damage it could do to your organization. Actions taken should involve identified personnel and prioritize threats/attacks, and what steps are taken to remedy them are known by all within the organization. Security managers need to think like a hacker and determine what is of most value and focus resources to protect such valuable data.

Incident response planning includes the latest improvements, training, and preparation. This ensures all know how to act and what to do once a threat is detected. However, sometimes with all prevention efforts, a breach can happen. Cybersecurity threats are constantly evolving. That’s why an organization must be proactive with improvement, training, and preparation. Every process and plan should be tested regularly and kept up to date. Outdated response plans will be ineffective. If your response plan and Framework are in place, all personnel and risk management programs will be able to act when the day comes of a breach/attack.

References:

1. Anderson, R. (2008). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley.
2. National Institute of Standards and Technology (NIST). (2018). NIST Cybersecurity Framework. Retrieved from https://www.nist.gov/cyberframework
3. Simic, M., & Vasic, N. (2019). Cybersecurity Incident Response: A Comprehensive Guide to Best Practices, Tools, and Techniques. Apress.
4. Rouse, M. (2017). Threat intelligence. TechTarget. Retrieved from https://searchsecurity.techtarget.com/definition/threat-intelligence
5. European Union Agency for Cybersecurity (ENISA). (2019). Guidelines for SMEs on the security of personal data processing. Retrieved from https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-terminology-guidelines/csirt-terminology-guidelines/csirt-terminology-guidelines-2018
6. United States Computer Emergency Readiness Team (US-CERT). (2018). Incident Handling. Retrieved from https://us-cert.cisa.gov/bsi/articles/knowledge/cybersecurity-incident-handling-guide
7. Computer Security Incident Response Team (CSIRT) Services Framework. (2015). FIRST. Retrieved from https://www.first.org/education/csirt_services_framework.pdf
8. Kizza, J. M. (2015). Computer Network Security and Cyber Ethics. McFarland.
9. Blyth, A. (2019). Information Security Incident Management: A Methodology to Manage and Resolve Security Incidents. Apress.
10. Schwartau, W. (1991). Information warfare: Chaos on the electronic superhighway. CyberPress.