A day in the life of an IT manager can sometimes be made up of mindless updates, upgrades, and help desk calls. There are endless hours of boredom with a few minutes of clarifying crisis. The manager deals with a daily tedium of vulnerability assessments and anti-virus and anti-malware updates that must be run across multiple clients. And then there’s the complexities of employees bringing their personal devices to work (bring your own device, or BYOD). [Reference the white paper below for more on current security trends.] But that’s as exciting as it gets until, Wham! In the midst of this predictable daily routine there is an attack.

Routine vs. the unpredictable

How do you balance the two? The normal business routine is well-rehearsed, and most IT professionals manage this fairly well. It’s the moments of crisis that define us. This is where a wide array of type and quality of responses exists.

In many cases, organizations are unprepared because they lack a rigorous incident response (IR) process. IR processes that support crises management share the following characteristics:

  1. They are well-defined. IR processes should be tested and coordinated with the non-IT parts of company. Some corporate groups (HR, legal, PR, marketing, etc.) are aware of their potential involvement, but individual responsibilities must be well-defined.
  2. They are robust. This can be accomplished through a relationship with a security services advisor. Outsourcing response in a managed security services (MSS) environment can provide incident notification and workflow management. Incidents can be resolved quickly without as much data loss. Procedures and individual responsibilities are known, and and non-IT departments (e.g., legal, PR, HR, and compliance) are brought into the loop quickly. Employees are educated and brand reputation damage is significantly reduced.
The cost of poor IR processes

Poor IR processes can result in loss of sales, customer confidence, and reputation. When compliance regulations are breached, fines often result. Substantial fines, legal fees, and onerous audits can persist for several years. In some cases, a poor IR process may result in an overly-diligent response. When the scope of the breech is being assessed, responses may need to more tempered relative to regulatory and legal guidance. Consider involving a trusted advisor who can guide you piece by piece to having a coordinated plan in place for when the inevitable happens.

Where are you in the continuum we’ve described? Are you praying a crisis doesn’t hit, or have you started making plans for when it inevitably does?

This blog is co-authored by Christina Richmond, Program Director, Infrastructure Security Services, IDC

 

For more information on security trends, read the IDC Whitepaper, sponsored by AT&T:

Content Preview

Given today's ever-evolving threat landscape of increasingly sophisticated and difficult-to-detect advanced persistent threats (APTs), denial of service (DoS), and distributed denial of service (DDoS) attacks, the enterprise faces a severe challenge in defending the entire environment, from the perimeter to the endpoint, completely alone. At the same time, IT organizations are pressured by board-level oversight to improve the administrative efficacy of security.