The True Meaning of Cyber Incident Response

Henry Jiang

INTRODUCTION

As reported cybersecurity incidents increase year after year, many enterprises are shifting their cybersecurity operations from a perimeter-centric model to a more risk-centric model that looks at threats beyond just server-side breaches. In this ever-changing cybersecurity landscape, incident response has become a crucial component of organisation’s cybersecurity programme. Yet when discussing the subject of incident response, many firms find themselves not familiar with common practices in dealing with all aspects of incident response, from the governance level all the way down, to develop a tangible workflow that encompasses people, progress and technologies.

In this chapter, we examine the true meaning of incident response, which is based on common frameworks and published standards, as well as real-world examples to assist organisations to develop and to enhance their own incident response capabilities.

DEFINING CYBERSECURITY INCIDENTS

“Have we ever been breached?”

Many organisations, including the ones that have yet established a robust cybersecurity programme, often face that simple but direct question from shareholders, boards of directors, the exec

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: