Every organisation has experienced, or will experience, a cyber security incident; depending on how you define the term, most have multiple every day. Increasingly punitive data protection regulation, coupled with increasing public awareness and scrutiny of organisations’ public responses means that it’s more important than ever to respond effectively. However, many security teams still struggle to do so.
In this talk, I’ll cover the five key things that cyber security teams should do to prepare for an incident, which will improve the efficiency and effectiveness of their response. In turn, these will minimise the security, operational and financial risk to the wider organisation. I’ll go into detail on:
(1) Processes that security teams should document and keep updated, to ensure everyone knows the key actions and decisions to be taken in the event of an incident.
(2) How security teams can ensure they have skilled and experienced people, who can lead, coordinate and deliver the response to an incident.
(3) Key logs that should be in place to inform the investigation into an incident, to maximise the likelihood that security teams understand what happened, when, and how.
(4) Security technology that teams should have in place to deliver containment and eradication actions, which mitigate risk from the incident.
(5) Management and coordination technology needed by security teams during incidents, to ensure they can communicate and collaborate, delegate and track response actions, and manage delivery.
This talk is designed for anyone working in, or with an interest in, security operations. Attendees will come away with a clear understanding of the steps they can take to directly and rapidly improve their own organisation’s readiness for a cyber security incident.