Organizations that have not experienced any (or many) information security incidents may think they have a solid security incident preparedness plan in place to address attacks or other issues. However, if those plans do not include policies and procedures designed to specifically address a variety of different types of incidents, they are probably inadequate at best.
When you are evaluating the adequacy of an existing response plan or are formulating a new plan for your business, start by identifying what you actually want and need your response plan to do for your organization. What types of attacks could potentially impact the company’s network or systems?
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) provided the following list of common vulnerabilities or attack vectors:
Website or Web-Based Applications
Website attacks, DNS attacks, or attacks aimed at web-based applications are outside of some companies’ radar screens when it comes to network security, but they shouldn’t be.
Your plan should address how your response team will handle Distributed Denial of Service (DDoS) or DDoS Diversion attacks, including coordinating efforts with your internet service provider (ISP) to block the source of the attacks.
Malware infections can also occur from unsafe links or attachments in emails sent to users on your network. Your response plan should include procedures for handling malware infections quickly before they can spread or progress, including scanning the rest of your network for any sign that other parts of your infrastructure have been compromised.
External or Removable Media
Attacks can also occur when someone inside your network perimeter inserts an infected CD, flash drive, or other removable device into a network-connected computer.
Although you may have a company policy stating that outside devices cannot be connected to networked computers, incidents may still occur. Be sure your response plan addresses how to handle such incidents.
An “attrition” attack refers to brute-force methods to harm or completely destroy your organization’s systems or networks.
Your incident response plan should address backing up critical systems and data, and periodically testing and documenting systems disaster recovery and business continuity procedures.
Improper or Unauthorized Use of Systems
Information security incidents can also occur when an otherwise-authorized user improperly accesses or uses company systems.
Be sure your information security plans and programs include procedures designed to detect and investigate all unauthorized systems access attempts, and steps on how to handle such incidents.
Equipment Theft or Loss
Finally, your organization may be at risk of the loss or theft of laptop computers, smartphones, or other company hardware.
Your policies, procedures and response plan should contemplate the loss or theft of equipment, and include notification requirements, remote wiping, and outline next steps when a loss or theft is reported.
Tailor Response Plans to the Risks Your Organization Faces
Depending on your industry, the size and nature of your business, and your information security infrastructure, you may be at risk of some or all of the above attacks, or you may face risk from areas that aren’t listed in this blog post.
To be effective at protecting your company, both your customers and your own data, your information security response plan should be customized to address each specific potential risk.
For help reviewing your existing response plan, implementing a new response plan, or for a variety of other security and compliance engagements, contact Intrinium today. Intrinium also offers managed IT services, cloud solutions (including disaster recovery and business continuity services.