Filetype Power Point PPTX | Posted on 02 Sep 2022 | 4 years ago
Authentication
digital resources
336x Filetype PPTX File size 2.63 MB Source: www.first.org
From Cyber Incident Response
to Cyber Resilience
Dr. JR Reagan
Incident Response
Changing landscape
Impact
Low likelihood / High Critical Risk
Severity • Corporate Crisis with
reputational damage to the
Cyber attack brand
High Major technology failure Crisis •
Requires an executive level
response and plans with pre-
Key supplier failure considered actions
Health pandemic Terrorist attack
• Require the business to step
Staff discontent Non-routine in and coordinate the
Medium response
incident
Severe weather • Needs a defined structure to
manage and resolve
Low-level risk High Likelihood / Low
Severity
Minor fraud Site utility failure
Low Routine • Addressed through Standard
Minor technology failure incident Operating Procedures
Fire alarm
Low Medium High Likelihood
Incident Response
Typical response plan types
t Crisis/Incident Management
c Scenario specific response plans
a Plan
p
m
i
h • Plans for specific risks of a much larger scale, with a greater impact
g
i
H Crisis • How we transition from than scenarios detailed in the business continuity plans
Business-as-usual to major
incident
• Required protocols and
structures
• Provides the overall
‘command and control’ Business Continuity Plans Technical response plans
structure to execute recovery
Non- plans in a controlled and
routine / coordinated manner
• Plans for recovering business • Plans for recovering key
major • Used to make sure the right processes in the event of systems / operations in line
people are involved to make disruption caused by general with recovery objectives (e.g.
incident decisions unavailability scenarios IT DR)
t
c
a Standard Operating Procedures
p Routine
m
i
w incident
o • Well used response actions in place to deal with BAU disruptions (e.g. fire alarms, site utility failure)
L
Incident Response Lifecycle
Continuous action
Cyber Incident Response Lifecycle
Capabilities and stakeholder confidence
HIGH
LOW
S
I
MONITORING S SHORT-TERM INTERMEDIATE LONG-TERM
I
Ongoing R Hours – Days - Weeks Weeks – Months Months – Years
C CONSUMER CONFIDENCE REGULATORY CONFIDENCE
At the most strategic level, recovering from a cyber incident involves an important balance between
recovering or enhancing capabilities and restoring confidence among a broad spectrum of stakeholders.
Capabilities
• Business and operational capabilities need to be restored in the case of disruptive or destructive attacks, which usually takes hours or days,
but can extend for weeks or even months in severe cases.
• Cyber risk capabilities need to be enhanced to secure the environment, provide better visibility into ongoing threats, and reduce the impact
of future attacks. Important progress can be made in the short term, but significant improvement usually takes months or years to achieve.
Confidence
• Customers are most immediately concerned with direct personal damage from loss of data, but may develop longer-term brand aversion
• Employees can be overwhelmed by negative publicity and increased chaos in both their work and personal lives
• Business partners are concerned about the immediate threat of cross contamination and the longer-term integrity of business transactions
• Regulators are concerned about consumer protection, existential threats to the business, and the broader soundness of the industry
• Capital markets and shareholders are highly attuned to potential impacts to revenue and earnings in the near term and the viability of the
brand over a longer time horizon. They pay a lot of attention to the attitudes of other stakeholders, especially customers and regulators.
no reviews yet
Please Login to review.
