How to Build a Security Incident Response Plan

As the pandemic forced people to work remotely, organisations are increasingly becoming vulnerable to data breaches.

“COVID19 has accelerated technological adoption but at the same time it has exposed cyber vulnerabilities as well. Even as organisations have undertaken digitisation, it has opened up a lot of vulnerabilities. It has exposed the unpreparedness of the organisations across the globe.

In my opinion, it is very important to have a security incident response plan, irrespective of the size of the organisation you deal with. Today, everyone is going for digitalisation which is again exposing them to the bad world of the internet,” said Bibhu Krishna, Head- IT & Infra,, in W.Media’s digital event ‘South Asia Cybersecurity- The Weakest Link!’, in a panel discussion titled ‘Preparing your cybersecurity team to help them deal better with breaches.’ The panel was moderated by Neeraj Bhople, Head- Technology & Engineering, DFB Mahindra Finance. The panelists included Subrahmanya Gupta Boda, Head- IT & Digital Brigade Group, Piyush Gupta, Associate Director- Cyber Security, MobiKwik, and Dilip Panjwani, CISO & IT Controller, L&T Infotech.

He further explained that it is important to understand the goal of the IR plan and the security incident plan. The goal has to be very clear with the plan, whether it is a homegrown plan or there is a fixed framework plan. The goal is to have minimal damage, to protect the data and to help organisations to recover fast from any damage that they come across. Any IR plan will have these three goals primarily in the plan.

It is important for organisations to know their data and what it is that they want to protect because, unless and until you don’t know what is to be protected, you will not know how to protect it. Firstly, it is important for the organisation to know what is to be protected. Second, there should be an incident response team.

The policy which is made should not be difficult, it should be easy going. “We have synced with all the responsible people who should be included in the plan. We have taken them into consideration, we have ensured that the policy has gone through them at least once. It is important to make everyone realise the importance of their respective responsibility they are carrying in the plan. One important thing that we religiously follow is testing out the plan at least annually, which is very important because at times people just make a plan and forget about it,” he said.

How to contact in a situation of an incident, the contact numbers are updated. These are very small things but hold a very critical role when you actually execute the plan.

India reported 1.16 million cyber security cases in 2020, a threefold increase when compared to 2019, as per government data presented in parliament. Approximately, 3000 cybersecurity-related issues were reported every day during the year. Encryption of the data which is important for the organisation is important.

We have done multi-factor authentication, ensuring that there are strong passwords and MFA’s is important. Upgrading the devices and having a strict BYOD policy is extremely important. Now there are no physical boundaries due to COVID due to which a lot of people are working from home, some might be using their own devices. “Having a strict BYOD policy, at least for the EDR and HDR or endpoint protection and a licensed VPN, these basic checks will help in the long run,” added Krishna.

He further pointed out that another major aspect would be the logging and monitoring. It is important to ensure that there is a resource who is keeping a check on the logging and monitoring. It is important to catch the incident before it happens.

If the organisation is able to do that, they are secure. It is important to identify and categorise the logs as critical, high, medium, low and at least the critical ones are acted upon and mitigated.

One of the important aspects of an incident management plan is also training as it is also very important to have a trained resource. People say that information security is a culture but the responsibility lies on everyone. Any resilient organisation today will have cybersecurity aware resources. Hence, role based training is very important.

It is not possible to teach a software development life cycle or coding guidelines to the operation team. It is not possible to have the same tailor made guidelines for everyone, it has to be customised depending upon the different roles. Especially for people who are a part of critical decision making, critical responsibilities and roles, they should have special training.

Publish on W.Media
Author Info - W.Media
Share This Article
Other Popular Posts