Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BCS ITNow 201603 - Cyber Response

27 views

Published on

Although organisations and individuals understand the need to build and maintain defences against evolving and persistent attacks, we should also prepare for the inevitable. The odds have always been stacked against the defenders, and attackers continue to grow, says Gareth Niblett, Chair, BCS Information Security Specialist Group.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

BCS ITNow 201603 - Cyber Response

  1. 1. We should not use the expectation of compromise to avoid taking the necessary steps to defend against attacks, as to fail to do so may make the frequency and severity higher than acceptable or survivable. As well as trying to prevent and protect, we must prepare – so that we are able to respond and recover. As much as we think we can envisage the sorts of ills that may befall us, it is better to have an organisational structure and support arrangements that can cope with a variety of impacts, so that from whatever direction disaster strikes there is a means of response covering physical, personnel, process and technology. Incident response plans, forensic readiness plans, contingency plans, disaster recovery plans, business continuity plans, civil contingency plans, and all other such good stuff are of no use without ensuring that they are reviewed and tested with all the parties who would contribute to enacting them when required. As well as having regularly tested and revised plans available, also having contracts and arrangements in place for forensic response, communications, recovery sites, backup equipment and data, helps provide the means of response and recovery in a timely and more cost effective manner. Throughout, good communications with INFORMATION SECURITY all key stakeholders is paramount. Breach notification requirements, and swingeing regulatory fines, makes it even more prudent to both build defences, to prevent and detect attack, and prepare to respond to breaches – only then can we manage the impact and recover. Although organisations and individuals understand the need to build and maintain defences against evolving and persistent attacks, we should also prepare for the inevitable. The odds have always been stacked against the defenders, and attackers continue to grow, says Gareth Niblett, Chair, BCS Information Security Specialist Group. Information Security Specialist Group (ISSG): www.bcs-issg.org.uk Information Risk Management and Assurance Specialist Group: www.bcs.org/groups/irma BCS Security Community of Expertise (SCoE): www.bcs.org/securitycommunity FURTHER INFORMATION doi:10.1093/itnow/bww008©2016TheBritishComputerSocietyImage:Thinkstock CYBER RESPONSE March 2016 ITNOW 21

×