Prepare for the Inevitable With an Effective Security Incident Response Plan



Similar documents
Ensure Emerging Trends and Technologies Advance Your Marketing Strategy

Risk Intelligence: Applying KM to Information Risk Management

Agenda for Supply Chain Strategy and Enablers, 2012

Gartner's View on 'Bring Your Own' in Client Computing

Recognize the Importance of Digital Marketing

Gartner's Business Intelligence and Performance Management Framework

Cloud IaaS: Service-Level Agreements

Key Issues for Identity and Access Management, 2008

Gartner Research Methodologies. Technology-related insights for your critical business decisions

Dutch University's Successful Enterprise System Implementation Yields Valuable Lessons

Modify Your Storage Backup Plan to Improve Data Management and Reduce Cost

2010 Gartner FEI Technology Study: Planned Shared Services and Outsourcing to Increase

Responsible Vulnerability Disclosure: Guidance for Researchers, Vendors and End Users

Gamification Meets Analytics With Kaggle

The Six Triggers for Using Data Center Infrastructure Management Tools

Integrated Marketing Management Aligns Executional, Operational and Analytical Processes in a Closed-Loop Process

NAC Strategies for Supporting BYOD Environments

The Four New Ps of Marketing That CMOs and CIOs Should Consider

Knowledge Management and Enterprise Information Management Are Both Disciplines for Exploiting Information Assets

Business Intelligence Focus Shifts From Tactical to Strategic

Research Agenda and Key Issues for Converged Infrastructure, 2006

The Value of Integrating Configuration Management Databases With Enterprise Architecture Tools

Solution Path: Threats and Vulnerabilities

Best Practices for Confirming Software Inventories in Software Asset Management

The Five Competencies of MRM 'Re-' Defined

X.509 Certificate Management: Avoiding Downtime and Brand Damage

Managing IT Risks During Cost-Cutting Periods

The Current State of Agile Method Adoption

Key Issues for Data Management and Integration, 2006

Understanding Vulnerability Management Life Cycle Functions

Clients That Don't Segment Their Network Infrastructure Will Have Higher Costs and Increased Vendor Lock-in

Cost Optimization: Three Steps to Saving Money on Maintenance and Support for Network Security Products

2010 FEI Technology Study: CPM and BI Show Improvement From 2009

Real-Time Decisions Need Corporate Performance Management

Eight Criteria for Evaluating Software License Metrics

Data in the Cloud: The Changing Nature of Managing Data Delivery

Now Is the Time for Security at the Application Level

Deliver Process-Driven Business Intelligence With a Balanced BI Platform

Toolkit: Reduce Dependence on Desk-Side Support Technicians

Backup and Disaster Recovery Modernization Is No Longer a Luxury, but a Business Necessity

Emerging PC Life Cycle Configuration Management Vendors

How To Create A Cloud Computing System

The Next Generation of Functionality for Marketing Resource Management

IT Architecture Is Not Enterprise Architecture

Eight Critical Forces Shape Enterprise Data Center Strategies

Singapore Empowers Land Transport Planners With Data Warehouse

Organizations Must Employ Effective Data Security Strategies

Governance Is an Essential Building Block for Enterprise Information Management

Gartner Defines Enterprise Information Architecture

The Hype Around an Integrated Talent Management Suite Outpaces Customer Adoption

For cloud services to deliver their promised value, they must be underpinned by effective and efficient processes.

Establishing a Strategy for Database Security Is No Longer Optional

Tactical Guideline: Minimizing Risk in Hosting Relationships

The What, Why and When of Cloud Computing

What to Consider When Designing Next-Generation Data Centers

Q&A: The Many Aspects of Private Cloud Computing

Transactional HR self-service applications typically get implemented first because they typically automate manual, error-prone processes.

BEA Customers Should Seek Contractual Protections Before Acquisition by Oracle

CDOs Should Use IT Governance and Risk Compliance Management to Advance Compliance

2009 FEI Technology Study: CPM and BI Pose Challenges and Opportunities

Gartner Clarifies the Definition of the Term 'Enterprise Architecture'

The EA process and an ITG process should be closely linked, and both efforts should leverage the work and results of the other.

How to Integrate Social Media Into Your Marketing Communications Strategy

IT asset management (ITAM) will proliferate in midsize and large companies.

IAM can utilize SIEM event data to drive user and role life cycle management and automate remediation of exception conditions.

Gartner Updates Its Definition of IT Infrastructure Utility

Successful EA Change Management Requires Five Key Elements

Choosing a Replacement for Incumbent One-Time Password Tokens

Essilor Increases Business-to-Business and Businessto-Consumer

Government 2.0 is both citizen-driven and employee-centric, and is both transformational and evolutionary.

Case Study: Innovation Squared: The Department for Work and Pensions Turns Innovation Into a Game

Private Cloud Computing: An Essential Overview

Key Issues for Business Intelligence and Performance Management Initiatives, 2008

Security and Identity Management Auditing Converge

Research. Mastering Master Data Management

Transcription:

G00236455 Prepare for the Inevitable With an Effective Security Incident Response Plan Published: 19 July 2012 Analyst(s): Rob McMillan A serious security incident is a question of "when," not "if," for most enterprises. This reality makes developing effective response plans a critical concern for any chief information security officer. Analysis Why You Need to Prepare Eventually, your security will fail. Maybe not today, maybe not tomorrow, but it will fail. The question is not whether security incidents will occur, but rather when they will occur. This troubling reality makes effective incident response that is, reducing the risk of incidents and mitigating the damage they cause a critical concern for security professionals. Incident preparedness is part of the standard of due care. This is encapsulated in some regulated industries globally (for example, financial services). It is also recommended in standards such as ISO/IEC 27002 and others. The real cost of these incidents can be huge well into the tens or hundreds of millions of dollars in extreme cases. The expectation is, therefore, set in regulation and legal precedent that a response to minimize the impact is required. Gartner predicts that, through 2016, 75% of chief information security officers (CISOs) who experience publicly disclosed security breaches and lack documented, tested response plans will be fired. Incident response is unquestionably one of the core security processes that any CISO must define, develop, implement and prioritize to protect the enterprise and to demonstrate security's value to the business. Action: CISOs should adopt and implement Gartner's guidelines for effective incident response, as outlined in this research.

"Predicts 2012: Sophisticated Attacks, Complex IT Environments and Increased Risks Demand New Approaches to Infrastructure Protection" This discusses why it is important to prepare adequately for security incidents. "The Security Processes You Must Get Right" This provides context for the incident response process and outlines characteristics that would be expected in a mature process. "Crisis/Incident Management Defined, 2012" This provides guidance on how to recognize incidents and crises, and the key elements to their management. The Decisions You Must Make Advance preparation is crucial to effective incident response, but it is also extremely difficult, especially in complex, distributed enterprises. Adequate preparation means that you have already determined what your most critical assets are, that you are able to detect that an incident has occurred or is occurring, that you have a procedure in place to resolve the incident and manage the consequences, and that the people involved know what their role will be. Once your organization is under attack, either by an external party or from somebody within, it is too late to consider these elements. You will inevitably be forced to make decisions on the fly and, consequently, carry a higher risk of making counterproductive decisions. Action: Prepare now for an incident that may occur in the future. Decide on your priorities, have the right procedures documented and available, and ensure that the participants know what roles they will be required to fill. "Six Decisions You Must Make to Prepare for a Security Incident" This identifies the key decision factors that CISOs must take into account when developing enterprise-specific incident response plans. "Toolkit: Security Incident Response Preparation" This offers a user-customizable framework for establishing incident response priorities and developing appropriate response plans. "How to Write a Security Incident Response Procedure Document" This lays out best practices for this challenging and crucial task. Page 2 of 5 Gartner, Inc. G00236455

The Actions You Must Take The enforced transparency produced by an information leak requires an effective response capability that encompasses the entire impact of the incident, not just the impact on IT. You must develop the right expertise to lead the response to a security incident and, ultimately, survive it. For many enterprises, this takes the form of a computer security incident response team (CSIRT). It is equally important to exercise the response to an incident so that, when an actual incident occurs, the people who have roles to play will be adequately prepared for what they must do. This extends beyond the members of the CSIRT an effective response to a serious incident often requires the active participation of senior management. Finally, it is obviously preferable to avoid an incident if at all possible. Security threat intelligence services, for example, can be extremely useful even essential in identifying current and emerging security threats, and can help the enterprise minimize its exposure to potentially serious security incidents. Actions: Develop the in-house capability you need to lead the response to an incident. Run incident response exercises so that the people who will take part in the response understand their roles and will be equipped to make the right decisions at the right time. Consider using a third-party threat intelligence capability to gain as much warning as possible about emerging threats before they become the source of your next security incident. "Seven Steps to Creating an Effective Computer Security Incident Response Team" This presents a phased approach to developing and maintaining an incident response team that will identify, contain, escalate, investigate and remediate incidents in a timely and efficient manner. "Prepare Now for Tomorrow's Information Leaks" This provides insight into the issues that the CSIRT must consider when responding to an incident. "Toolkit: Sample Job Description for a CSIRT Manager" This offers a user-customizable template for selecting the leader of this team. "Toolkit: Security Incident Planning Scenarios" This presents simple mechanisms for testing specific incident types and ensuring security readiness. "How to Select a Security Threat Intelligence Service" Gartner, Inc. G00236455 Page 3 of 5

This discusses ways enterprises can identify their threat intelligence needs and determine what type of provider can deliver the high-quality, actionable threat information that is appropriate to their specific needs. All this research which will be supplemented by updates and other documents in the coming months is designed to guide CISOs as they set up the people, processes and technology necessary to prepare effectively and efficiently for a serious security incident. This is not a simple task, but it is an essential one for the enterprise and the CISO. Recommended Reading Some documents may not be available as part of your current Gartner subscription. "Predicts 2012: Sophisticated Attacks, Complex IT Environments and Increased Risks Demand New Approaches to Infrastructure Protection" "The Security Processes You Must Get Right" "Crisis/Incident Management Defined, 2012" "Six Decisions You Must Make to Prepare for a Security Incident" "Toolkit: Security Incident Response Preparation" "How to Write a Security Incident Response Procedure Document" "Seven Steps to Creating an Effective Computer Security Incident Response Team" "Prepare Now for Tomorrow's Information Leaks" "Toolkit: Sample Job Description for a CSIRT Manager" "Toolkit: Security Incident Planning Scenarios" "How to Select a Security Threat Intelligence Service" Page 4 of 5 Gartner, Inc. G00236455

Regional Headquarters Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 European Headquarters Tamesis The Glanty Egham Surrey, TW20 9AW UNITED KINGDOM +44 1784 431611 Japan Headquarters Gartner Japan Ltd. Atago Green Hills MORI Tower 5F 2-5-1 Atago, Minato-ku Tokyo 105-6205 JAPAN + 81 3 6430 1800 Latin America Headquarters Gartner do Brazil Av. das Nações Unidas, 12551 9 andar World Trade Center 04578-903 São Paulo SP BRAZIL +55 11 3443 1509 Asia/Pacific Headquarters Gartner Australasia Pty. Ltd. Level 9, 141 Walker Street North Sydney New South Wales 2060 AUSTRALIA +61 2 9459 4600 2012 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website, http://www.gartner.com/technology/about/ ombudsman/omb_guide2.jsp. Gartner, Inc. G00236455 Page 5 of 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information